1403 CCIE Routing

Routing and Switching Written Qualification Exam (350-001)
Table of Contents
Cisco Device Operation .................................................................................................................................................. 7
Commands..................................................................................................................................................................... 7
Infrastructure.................................................................................................................................................................. 7
Configuration Register................................................................................................................................................ 7
Configuration Register................................................................................................................................................ 8
Software Configuration Bit Meanings......................................................................................................................... 8
Bunch of Bits (some of the more interesting Configuration Register Bits, and what they do) .................................. 9
More Bits .................................................................................................................................................................. 10
Seeing and Changing Configuration Register Settings............................................................................................ 11
Boot Command ........................................................................................................................................................ 11
My simplistic description of the boot sequence........................................................................................................ 11
Operations.................................................................................................................................................................... 11
Password recovery................................................................................................................................................... 11
Copying and Backing up Configuration Files ........................................................................................................... 11
Configuring a new router .......................................................................................................................................... 12
Security & Passwords .............................................................................................................................................. 12
General Networking Theory.......................................................................................................................................... 13
OSI Models .................................................................................................................................................................. 13
MAC Addressing ...................................................................................................................................................... 13
General Routing Concepts........................................................................................................................................... 14
Standards..................................................................................................................................................................... 15
Ethernet Cable Specifications .................................................................................................................................. 15
Protocol Mechanics...................................................................................................................................................... 16
Transmission Control Protocol (TCP) ...................................................................................................................... 16
Fragmentation & MTU .............................................................................................................................................. 17
Bridging and LAN Switching ........................................................................................................................................ 17
Transparent Bridging (TB) ........................................................................................................................................... 17
Translational Bridging............................................................................................................................................... 18
Integrated Routing and Bridging (IRB) ..................................................................................................................... 18
Bridge ACL & Filtering.............................................................................................................................................. 18
Multiple-Instance Spanning Tree Protocol (MISTP)................................................................................................. 19
Source-Route Bridging (SRB)...................................................................................................................................... 19
Data Link Switching (DLSw) and DLSw+ ................................................................................................................. 20
Source-Route Transparent Bridging (SRT) and Source-Route Translational Bridging (SR/TLB) .......................... 20
LAN Switching.............................................................................................................................................................. 21
Switching Technique Types ..................................................................................................................................... 21

Command-Line Interface (CLI)................................................................................................................................. 21
Trunking.................................................................................................................................................................... 22
Virtual LAN (VLAN) .................................................................................................................................................. 23
VLAN Trunk Protocol (VTP) ..................................................................................................................................... 23
Spanning-Tree Protocol (STP) ................................................................................................................................. 23
Root Bridges and Switches ...................................................................................................................................... 24
Bridge Protocol Data Units (BPDUs)........................................................................................................................ 24
How STP Works ....................................................................................................................................................... 24
STP Timers .............................................................................................................................................................. 24
Ports in an STP domain will progress through the following states: ........................................................................ 24
Notes about STP Port States: .................................................................................................................................. 25
STP Enhancements: ................................................................................................................................................ 25
DISL.......................................................................................................................................................................... 26
Fast Ether Channel (FEC)........................................................................................................................................ 26
Cisco Discovery Protocol (CDP) .............................................................................................................................. 26
CGMP....................................................................................................................................................................... 26
Security ........................................................................................................................................................................ 26
802.1X ...................................................................................................................................................................... 27
Multi-Layer Switching (MLS) ........................................................................................................................................ 27
Multi-Layer Switching (MLS) ........................................................................................................................................ 28
Internet Protocol (IP) ..................................................................................................................................................... 28
IP Addressing............................................................................................................................................................... 28
Subnetting ................................................................................................................................................................ 28
Subnetting Tricks...................................................................................................................................................... 29
Route Summarization............................................................................................................................................... 29
Services & Applications ............................................................................................................................................... 30
DNS .......................................................................................................................................................................... 30
ARP & RARP............................................................................................................................................................ 30
BOOTP & DHCP ...................................................................................................................................................... 30
ICMP......................................................................................................................................................................... 31
NAT .......................................................................................................................................................................... 31
HSRP & VRRP ......................................................................................................................................................... 31
Telnet........................................................................................................................................................................ 32
FTP & TFTP ............................................................................................................................................................. 32
SNMP ....................................................................................................................................................................... 32
Access Control Lists (ACL) .......................................................................................................................................... 32
Access list types are designated by the list Numbers:............................................................................................. 33

Internet Protocol Version 6 (IPv6)................................................................................................................................ 33
IP Routing....................................................................................................................................................................... 34
Routing Protocol Concepts .......................................................................................................................................... 34
Distance-Vector Routing Protocols .......................................................................................................................... 34
Link State Routing Protocols .................................................................................................................................... 34
Hybrid Routing Protocols.......................................................................................................................................... 34
Distribution Lists ....................................................................................................................................................... 35
Routing Loops .......................................................................................................................................................... 35
Administrative Distance............................................................................................................................................ 36
Open Shortest Path First (OSPF) ................................................................................................................................ 36
Area 0 ....................................................................................................................................................................... 37
OSPF Area Types: ................................................................................................................................................... 37
Stub and Totally Stubby Area Similarities: ............................................................................................................... 37
Stub and Totally Stubby Area Differences: .............................................................................................................. 38
Router Types: ........................................................................................................................................................... 38
Traffic Types:............................................................................................................................................................ 38
NMBA Networks ....................................................................................................................................................... 38
LSA Types:............................................................................................................................................................... 39
Routing Authentication ............................................................................................................................................. 39
Border Gateway Protocol (BGP).................................................................................................................................. 39
Synchronization/Full Mesh ....................................................................................................................................... 40
Next-Hop-Self Command ......................................................................................................................................... 40
BGP Path Selection.................................................................................................................................................. 40
Scalability Problems (and Solutions) with IBGP....................................................................................................... 41
Configuring Neighbors & Networks .......................................................................................................................... 41
Route Dampening .................................................................................................................................................... 41
Enhanced Interior Gateway Routing Protocol (EIGRP)............................................................................................... 42
Tables:...................................................................................................................................................................... 42
Choosing routes: ...................................................................................................................................................... 43
Intermediate System-to-Intermediate System (IS-IS).................................................................................................. 43
Access-Control & Filtering ........................................................................................................................................... 44
Distribution Lists ....................................................................................................................................................... 44
Route-Maps .............................................................................................................................................................. 44
Policy Routing .......................................................................................................................................................... 45
Redistribution ........................................................................................................................................................... 45
Route-Tagging.......................................................................................................................................................... 45
Dial-on-Demand Routing (DDR) .................................................................................................................................. 45

DDR has two important applications: ....................................................................................................................... 45
Encapsulation Methods for DDR:............................................................................................................................. 45
Dial Backup .............................................................................................................................................................. 45
Interior Gateway Routing Protocol (IGRP) ............................................................................................................... 46
Router Information Protocol (RIP) Version 1 and 2 ................................................................................................. 46
QoS ................................................................................................................................................................................. 46
Fancy Queuing............................................................................................................................................................. 46
Weighted Fair Queuing (WFQ) ................................................................................................................................ 46
Priority Queuing........................................................................................................................................................ 47
Custom Queuing ...................................................................................................................................................... 47
Packet over SONET/SDH (PoS) and IP Precedence.................................................................................................. 47
Class of Service (CoS)................................................................................................................................................. 47
Random Early Detection (RED) and Weighted RED (WRED) .................................................................................... 48
Weighted Round-Robin (WRR)/Queue Scheduling..................................................................................................... 48
Weighted Round-Robin (WRR)/Queue Scheduling..................................................................................................... 49
Shaping vs. Policing / Committed Access Rate (CAR)................................................................................................ 49
Committed Access Rate (CAR)................................................................................................................................ 49
Network-Based Application Recognition (NBAR) ........................................................................................................ 50
Configuring NBAR .................................................................................................................................................... 50
802.1x....................................................................................................................................................................... 51
Differentiated Services Code Point (DSCP) ................................................................................................................ 51
WAN ................................................................................................................................................................................ 51
Integrated Services Digital Network (ISDN)................................................................................................................. 51
ISDN Specifics ......................................................................................................................................................... 52
Channels .................................................................................................................................................................. 53
Flavors of ISDN ........................................................................................................................................................ 53
Point-to-Point Protocol (PPP)................................................................................................................................... 53
OSPF and ISDN ....................................................................................................................................................... 53
Frame Relay ................................................................................................................................................................ 53
Types of Circuits....................................................................................................................................................... 54
Data Link Connection Identifier (DLCI) .................................................................................................................... 54
Local Management Interface (LMI) .......................................................................................................................... 54
Encapsulation........................................................................................................................................................... 54
Frame-Relay Traffic Shaping (FRTS) ...................................................................................................................... 54
Frame-Relay Compression ...................................................................................................................................... 55
Frame-Relay Mapping.............................................................................................................................................. 55
Split Horizon and Frame Relay Interfaces ............................................................................................................... 55

Speed Elements........................................................................................................................................................... 55
Asynchronous Transfer Mode (ATM)........................................................................................................................... 55
ATM is comprised of four major layers:.................................................................................................................... 56
ATM Adaptation Layer (AAL) ................................................................................................................................... 56
IISP and PNNI .......................................................................................................................................................... 56
NSAP Format ATM Addresses ................................................................................................................................ 57
Service-Specific Connection-Oriented Protocol (SSCOP)....................................................................................... 57
RFC 1483 & RFC 2684 – Multiprotocol Encapsulation over AAL5 .......................................................................... 57
ATM Mapping ........................................................................................................................................................... 57
Physical Layer.............................................................................................................................................................. 58
Serial Interface Abbreviations .................................................................................................................................. 58
Is Your Interface a DTE or a DCE?.......................................................................................................................... 58
RS-232 ..................................................................................................................................................................... 58
V.35 Interface ........................................................................................................................................................... 59
Troubleshooting Serial Links .................................................................................................................................... 59
Show Controllers Command .................................................................................................................................... 61
Serial Line Conditions .............................................................................................................................................. 62
Debug Commands ................................................................................................................................................... 62
Increasing Output Drops .......................................................................................................................................... 63
Increasing Input Drops ............................................................................................................................................. 63
Excessive Aborts...................................................................................................................................................... 64
Clocking Problems ................................................................................................................................................... 64
Increasing Interface Resets on a Serial Link............................................................................................................ 65
Increasing Carrier Transitions Count on Serial Link ................................................................................................ 65
CRC and Framing Errors.......................................................................................................................................... 66
SONET / SDH .......................................................................................................................................................... 66
T1 Encoding ............................................................................................................................................................. 66
Leased Line Protocols.............................................................................................................................................. 67
HDLC........................................................................................................................................................................ 67
PPP .......................................................................................................................................................................... 67
Packet over SONET (PoS)....................................................................................................................................... 67
DPT / SRP ................................................................................................................................................................ 67
LAN ................................................................................................................................................................................. 68
Ethernet/FE/GE............................................................................................................................................................ 68
Ethernet/Fast Ethernet/Gigabit Ethernet .................................................................................................................. 68
Fast EtherChannel (FEC)......................................................................................................................................... 68
Carrier Sense Multiple Access Collision Detect (CSMA/CD)................................................................................... 68

Wireless/802.11 ........................................................................................................................................................... 69
Deployment issues for wireless include: .................................................................................................................. 69
Wireless Security...................................................................................................................................................... 69
Important wireless networking terms:....................................................................................................................... 70
Radio Frequency (RF) Terms:.................................................................................................................................. 70
Cisco Deployments .................................................................................................................................................. 70
Multiservice .................................................................................................................................................................... 71
Voice/Video .................................................................................................................................................................. 71
Coder-decoders (Codecs)............................................................................................................................................ 71
Signaling System 7 (SS7) ............................................................................................................................................ 71
Signaling System 7 (SS7) ............................................................................................................................................ 72
Real-Time Transport Protocol (RTP) ........................................................................................................................... 72
Real-Time Transport Control Protocol (RTCP)............................................................................................................ 72
Session Initiation Protocol (SIP) .................................................................................................................................. 72
Multiprotocol Label Switching (MPLS) ......................................................................................................................... 72
Definitions follow for the MPLS terms: ..................................................................................................................... 73
MPLS Operations ..................................................................................................................................................... 73
How the LFIB is Propagated .................................................................................................................................... 74
Quality of Service and Traffic Engineering............................................................................................................... 74
IP Multicast..................................................................................................................................................................... 74
Addressing ................................................................................................................................................................... 75
Translate Multicast Addresses into Ethernet MAC addresses................................................................................. 76
Internet Group Management Protocol (IGMP) and Cisco Group Management Protocol (CGMP).............................. 77
IGMP ........................................................................................................................................................................ 77
CGMP....................................................................................................................................................................... 78
IGMP Snooping ........................................................................................................................................................ 78
Multicast Distribution Trees.......................................................................................................................................... 79
Protocol Independent Multicast (PIM).......................................................................................................................... 79
PIM-Spare Mode Mechanics........................................................................................................................................ 80
PIM-SM Joining & Pruning ....................................................................................................................................... 80
IP Multicast Routing Table (mroute)......................................................................................................................... 80
Distribution Trees......................................................................................................................................................... 80
Rendezvous Points ...................................................................................................................................................... 80
Bootstrap Router (BSR) ........................................................................................................................................... 81
Cisco Device Operation

Commands
Cisco routers are configured and maintained primarily through the issuing of IOS commands. If you have reached the
point of preparing for the CCIE Written exam, I must assume that you have spent considerable time configuring Cisco
routers and switches. You should, however, make sure you have a complete understanding of how the different
technologies are configured, and thorough knowledge of the show and debug commands that are used to troubleshoot
them.
A note on debug commands: you should know that debug commands can seriously stress the resources of a router,
and they should be used carefully and as conservatively as possible when working in a production environment.
Infrastructure
The infrastructure of a Cisco router includes the main board, memory, CPU, Flash and interfaces. You should
understand what each of these devices does, and how they interact. The most commonly misunderstood are:
RAM (Random Access Memory) – In all but a few low-end routers like 2500’s, the RAM holds the running version of
the IOS and the current running configuration. This is also where the routing tables, caches, and queues are stored.
Remember that when the router is powered-off, everything in RAM is lost.
ROM (Read-Only Memory) – Holds some basic router commands and usually a limited version of Cisco IOS
(Internetwork Operating System). It also houses the power-on diagnostics and the bootstrap program. The ROM is
read-only and cannot be changed.
NVRAM (Non-Volatile Random Access Memory) – This is where the router’s saved configuration file is stored. This
information will not be lost if the router is powered down.
Flash memory – Home for the router’s IOS image and microcode. Prior to installing any IOS, ensure that you have
enough flash to support the proposed image. Depending on the version and feature set of the IOS, the image can be
of various sizes. Newer versions with more powerful features will often require additional flash. Remember that files
deleted from flash can remain in place, marked for deletion, until the “squeeze” command is issued.
Configuration Register
Early Cisco routers had a set of hardware switches that controlled certain aspects of the router’s performance, such as
the boot sequence. This was phased out some time ago, but there is now a software equivalent, the sixteen-bit
Software Configuration Register, which is written into nonvolatile memory.
Common reasons for modifying the register include:
Recovering a lost password
Changing the router boot configuration to allow Flash or ROM boot
Loading an image into Flash memory
Enabling or disabling the console break key
Here are some of the common Configuration Register values:
0x2102 – The most common value, which establishes booting to flash and NVRAM
0x2142 – The value used most commonly to recover passwords
0x2100 – Boots using the bootstrap found in ROM
Software Configuration Bit Meanings
* Please note that a boot system global command in the router’s NVRAM configuration will override the
default net-boot filename.
Bunch of Bits (some of the more interesting Configuration Register Bits,

and what they do)
Bits 0,1,2 and 3 are known collectively as the boot field, and determine where the router will load its IOS image from.
If the boot field value is 0x0, you will need to boot the operating system manually by entering the “b” command
at the bootstrap prompt.
If the boot field value is 0x1 (the factory default), the router will boot using the default ROM software.
If the boot field has any other value, the router uses the resulting number to form a default boot filename for
network booting, which is created as part of the automatic configuration process. To form the boot filename, the
server starts with the word “cisco”, attaches the octal equivalent of the boot field number, then a dash, and finally
the processor-type name. The following table lists the default boot filenames for boot field values between 0x2
and 0xf on an IGS router.
Default Boot Filenames
Bit 3 Bit 2 Bit 1 Bit 0 Hex Value Net-boot

Filename
0 0 1 0 0x2 cisco2-igs
1 0 0 0 0x8 cisco10-igs
1 0 0 1 0x9 cisco11-igs
1 0 1 0 0xa cisco12-igs
1 0 1 1 0xb cisco13-igs
1 1 0 0 0xc cisco14-igs
1 1 0 1 0xd cisco15-igs
1 1 1 0 0xe cisco16-igs
1 1 1 1 0xf cisco17-igs
It’s important to remember that the boot sequence, baring the involvement of “boot system” commands in the
configuration, is Flash, Network, ROM.
More Bits
Bit 4 enables "Fast Boot", which is only supported on a dual RSP chassis. This allows the "slave" RSP to reload
without going through an IOS load sequence; just reload the config file and go. The documentation says it will
accomplish a fast boot in approximately 30 sec.
Bit 6 determines whether the router should load its startup config from NVRAM (1) or not (0). This is the key bit
used for recovering a lost password. If it is turned on, the startup configuration (usually in NVRAM) is ignored.
This will allow you to log in without using a password and display the startup configuration passwords.
Bit 7 allows Cisco boot messages to be suppressed when IOS is licensed to another manufacturer.
Bit 8 controls the console Break key. Setting bit 8 on (the factory default) causes the processor to ignore the
console Break key. Clearing bit 8 causes the processor to interpret the break as a command, which forces the
system into the bootstrap monitor, halting normal operation. Remember that a break can be issued anytime
during the first 60 seconds of booting to go to ROM mode, regardless of the configuration settings.
Bit 10 controls the host portion of the IP broadcast address. Setting bit 10 causes the processor to use all zeros;
clearing bit 10 (the factory default) causes the processor to use all ones. Bits 10 and 14 interact to control the
network and subnet portions of the broadcast address. This table shows how these settings are configured.
Bit 14 Bit 10 Address

(<net><host>)
Off Off <ones><ones>
Off On <zeros><zeros>
On On <net><zeros>
On Off <net><ones>
Bits 11 and 12 determine the baud rate of the console port. The default setting is 9600 (00). The most common
reason for changing the speed is to increase the speed at which you can transfer a new IOS version through the
console port connection. Here are the possible combinations of these two bits, and the speeds they represent:
Bit 12 Bit 11 Baud Rate
0 0 9600
0 1 4800
1 0 1200
1 1 2400
Bit 13 determines the router’s response to a boot load failure. If the bit is turned on (1), it causes the server to
load IOS from ROM after five unsuccessful attempts to load a boot file from the network. If the bit is set to “0”
(factory default), the router will continue trying to load a boot file from the network indefinitely. The important
thing to remember is that if the bit is (0) and no IOS is found the router will hang. If the bit is (1), and no IOS is
found, the router will boot from ROM.
Bit 14 controls the network and subnet portions of the broadcast address and allows subnet or directed
broadcasts. It should be seen as being related to the function of bit 10.
Bit 15 in a hardware configuration register causes NVRAM configuration files to be ignored. This is not true of
virtual configuration registers.
Seeing and Changing Configuration Register Settings

To display the current configuration register value and the value that will be used next time the router is loaded (if the
two values are different) use the “show version” enable command.
The “config-register” global command is used to modify configuration register settings while the operating system is
running. Remember that configuration register changes only take effect when the router is rebooted.
Boot Command
You can alter the boot sequence by using the “boot” global configuration command. Here are several possible
configurations:
Boot from a specific Flash image (using the boot system flash filename command).
Boot from an undefined network server by sending broadcast TFTP requests (using the boot system filename
command).
Boot from a specific network server by sending a direct TFTP request to a specific IP address (using the boot
system filename address command).
My simplistic description of the boot sequence

The main thing to remember is that with standard configuration register settings (last four bits are between 0x2 and
0xF), and if there are “boot system” commands present in the startup, the boot sequence will not attempt to boot from
the network using the default image name. If there aren’t any “boot system” commands, it will attempt a network boot:
With “boot system” commands in the configuration - Flash, ROM
Without “boot system” commands in the configuration - Flash, Network, ROM
Operations
Password recovery
For every family of Cisco routers and switches, there is a procedure for hacking out the password when it is lost. To
develop a basic understanding of how this is done you should review the procedures for several devices, including the
2600 and 3700 routers, and the Cat3550 switches. These are explained in detail on the Cisco website at
http://www.cisco.com/warp/public/474/index.shtml. If you have physical access to this equipment, I would recommend
following the procedures several times to get familiar with the process.
Copying and Backing up Configuration Files

You can and should understand (and practice) backing up the running configurations on your routers. This can be
done to Flash as the startup configuration, or even better, to an off-router TFTP server.
Configuring a new router

There are several ways to prepare a new router for production, including:
Connecting to the console port of the router with a rolled cable, and
running the Setup dialog that appears when the router first boots up.
Connecting to the console port with a rolled cable, bypassing the
Setup dialog, and manually typing the configuration commands.
Connecting to the console port with a rolled cable, defining a minimum
configuration, and using TFTP to download an existing predefined
configuration file.
Use BOOTP with SLARP/RARP to download an existing configuration
file.
Security & Passwords

Below are the different types of router passwords:
Privileged Mode / Enable Password – There are two types of
passwords that allow you to move from user mode to privileged mode.
They are the enable password and the enable secret password.
Enable – this is an unencrypted password used to allow the
movement into privileged mode. From privileged mode, you
could move into global configuration mode. To configure an
enable password you would type:
Router(config)# enable password cisco
• Secret - this is an encrypted password used to allow the
movement into privileged mode. From privileged mode, you
could move into global configuration mode. If you configure
a secret password and do a “show running-configuration”,
you will not be able to see your password as it will be in an
encrypted form. To configure a secret password you would
type:
Router(config)# enable secret cisco
Although you can have both passwords configured, the enable
secret overrides the enable password.
Console Password – to protect the console from unauthorized
access, you would configure a console password. To configure a
console password you would type:
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password cisco
The login commands enable password checking on the line. Without
the login command, the password can be configured but you are not
prompted to enter the password.
Vty Password – inbound telnet lines to the router/switch are called vty
lines (virtual TTY lines). To protect these lines from unauthorized
network access, you would configure a vty password. By default, there
are 5 of these lines (zero through four). To configure a vty password, on all 5 lines, you would type:
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco
General Networking Theory

OSI Models
Most people who attempt the CCIE Written have either gone through the CCNA and CCNP exams, or already have a
solid background in networking. In either case, I’m sure you have a solid grasp on the OSI model; but it’s on the
blueprint and therefore deserves at least a quick review.
The OSI model is a common tool for conceptualizing how network traffic is handled. For the CCIE track, the bulk of
your focus will be on the three lower levels. Just a reminder, you can use the old mnemonic “All People Seem To
Need Data Processing” as a way to help remember the sequence. The seven layers of the OSI model are:
Application –Provides services directly to applications.
Presentation –Provides a variety of coding and conversion functions that ensure information sent from the
application layer of one system will be readable by the application layer of another.
Session –Establishes, manages, maintains, and terminates communication sessions between applications.
Transport – Segments and reassembles data into data streams, and provides for both reliable and unreliable
end-to-end data transmission.
Network – Applies logical addressing to provide routing and related functions to allow multiple data links to be
combined into an internetwork. Network layer protocols include routing and routed protocols (make sure you
know the difference between these).
Data Link – The data link layer provides for reliable transmission of data across physical media. The Data link
layer is commonly subdivided into two sub-layers, known as the Media Access Control (MAC) Layer and the
Logical Link Control (LLC) layer.
LLC – The LLC sub-layer manages communications between devices over a single link of a network.
It provides error control, flow control, framing, and MAC sub-layer addressing.
MAC –The MAC layer manages addressing and access to the physical layer.
Physical – The electrical, mechanical, procedural, and functional specifications for activating, maintaining, and
deactivating the physical link between communicating network systems.
Note: Remember that routing is handled at Layer-3 of the OSI model, while bridging is handled at Layer-2 of the OSI
model.
MAC Addressing
Media Access Control (MAC) is the lower of the two sub-layers of the Data Link Layer defined in the OSI model, which
provides access to the shared media. MAC addresses are the standard, unique address that every networked device
must have; it is the true burned-in physical address of the Network Interface Card (NIC) in a host, server, router
interface or other device on a network. They are 6 bytes (48 bits) long and are controlled by the IEEE. They can be
broken down into two sub-fields:
The first three bytes (24 bits) are called the Organization Unique Identifier (OUI) field and are issued in series to
manufacturers.
The second part of the MAC address, the last three bytes (24 bits), is a unique identifier burned into the device
by the manufacturer from the series issued to it.
General Routing Concepts

Link-State – Link state routing protocols use a complex algorithm to calculate the best route. Each router
calculates its own routing table. Examples of Link-State routing protocols are OSPF and NLSP.
Distance Vector – Routing protocols that use hop counts to select the best path. Examples are RIP and IGRP.
Distance vector routing protocols are best for small networks.
Switching vs. Routing – switching works at OSI Layer 2 (data-link) by keeping track of L2 addresses and
sending out frames to only the ports where the destination MAC address has been seen. Routing, on the other
hand, uses OSI Layer 3 (Network) addresses to determine the interface that the packet will exit the router.
Autonomous Systems (ASs) - A group of routers sharing a single routing policy; run under a single technical
administration; and commonly, with a single Interior Gateway Protocol (IGP). Each AS has a unique identifying
number between 1 and 65,535 (64,512 through 65,535 are set aside for private use) usually assigned by an
outside authority.
Convergence – The process of bringing the routing tables on all the routers in the network to a consistent state.
Load Balancing – Load balancing allows the transmission of packets to a specific destination over two or more
paths.
Metrics – All routing protocols use metrics to calculate the best path. Some protocols use simple metrics, such
as RIP, which uses hop count. Others, such as EIGRP, use more meaningful information.
Passive-Interface – Prevents interfaces from sending routing updates. They will, however, continue to listen for
updates. This command is applied in the router configuration, and specifies a physical interface.
Redistribution - The process of sharing routes learned from different sources (usually routing protocols). For
instance, you might redistribute the routes learned through OSPF to a RIP domain, in which case you might
have problems with VLSM; or you might redistribute routes learned through static entries into EIGRP.
Redistribution is just the sharing of information learned from different sources, and it must be manually
configured.
Route Flapping – The frequent changing of preferred routes as an interface or router goes into and out of
operation (error condition). This process can create problems in a network, especially in complex OSPF
networks, as this information will cause the routers to constantly recalculate their OSPF database and flood the
network with LSAs (Link State Advertisements).
Static Routing –Static routes can point to a specific host, a network, a subnet, or a super-net. You can also
have floating static routes: routes that have an Administrative Distance (AD) set higher than the dynamic routing
protocol in use.
Split-Horizon - Split-horizon is used by Distance Vector routing protocols to block information about routes from
being advertised to the same interface from which the information originated. This can be a problem with
nonbroadcast networks (such as Frame Relay and SMDS), where spokes on a hub-and-spoke environment will
have trouble learning about each other. For these situations, you may choose to disable split-horizon.
Routing Loops - Routing loops occur when the routing tables of some or all of the routers in a given domain
route a packet back and forth without ever reaching its final destination. Routing loops often occur during route
redistribution, especially in networks with multiple redistribution points.
Tunneling – Tunneling is the transmission of one network’s data inside packets of another network. Usually, this
is done when you send a private network’s data over a public network. The private network’s data is
encapsulated inside the public network’s packets, transmitted over the public network, and unencapsulated.
Standards
There are several organizations that have taken responsibility for developing and documenting network standards,
including:
The Institute of Electrical and Electronics Engineers (IEEE) – A professional organization that develops
communications and network standards. For example, details of all the 802.x protocols can be found on their
excellent website at www.ieee.org.
The Internet Engineering Task Force (IETF) – An international community of network designers, operators,
vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of
the Internet. You will find a list of the current and developing Requests for Comment (RFCs) on their website at
http://www.ietf.org/home.html
Ethernet Cable Specifications

Some facts to note about Ethernet cabling are:
10Base-T
• Runs at 10Mb/sec
• Maximum cable length is 100 meters, or about 300 feet.
• Uses Unshielded Twisted Pair (UTP) cable
Uses CSMA/CD standard
Can run on cabling as low as Category 3
100Base-T (Fast Ethernet)
Runs at 100Mb/sec
Requires UTP Category 5
Uses a RJ-45 connector, just like 10Base-T
Uses only two pairs of the 4-pair UTP cabling
100Base-FX
Same as 100Base-T but runs over Fiber optic cabling
Operates on two strands of multimode or single mode fiber cabling
Does not have the same 100 meter distance limitation as UTP cabling
1000Base-T (Gig-Ethernet)
Based on the 802.3ab standard for GE over copper Category 5 UTP cabling. Although, Category 5e or
Category 6 cabling is highly recommended.
Different from 10 & 100base-T as it uses 4 pairs of a UTP cable (8 Very similar to 10Base-T and
100Base-T as it uses CSMA/CD, offer half and full duplex, RJ45 connectors, and maximum cable
length is still 100 meters.
Very similar to 10Base-T and 100Base-T as it uses CSMA/CD, offer half and full duplex, RJ45
connectors, and maximum cable length is still 100 meters.
Protocol Mechanics
Transmission Control Protocol (TCP)
TCP is a connection-oriented Layer-4 (transport layer) protocol designed to provide reliable end-to-end transmission of
data in an IP environment. It groups bytes into sequenced segments, and then passes them to IP for delivery.
These sequenced bytes have forward acknowledgment numbers that indicate to the destination host what next byte it
should see. Bytes not acknowledged to the source host within a specified time period are retransmitted, which allows
devices to deal with lost, delayed, duplicate, or misread packets.
TCP hosts establish a connection-oriented session with one another through a "three-way handshake" mechanism,
which synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. Each
host first randomly chooses a sequence number to use in tracking bytes within the stream it is sending and receiving.
Then, the three-way handshake proceeds in the following manner:
1. The initiating host (Host-A) initiates a connection by sending a packet with the initial sequence number ("X")
and SYN bit (or flag) set to make a connection request of the destination host (Host-B).
2. Host-B receives the SYN bit, records the sequence number of "X", and replies by acknowledging the SYN
(with an ACK = X + 1).
3. Host-B includes its own initial sequence number ("Y"). As an example: An ACK of "20" means that Host-b has
received bytes 0 through 19, and expects byte 20 next. This technique is called forward acknowledgment.
4. Host-A then acknowledges all bytes Host-B sent, with a forward acknowledgment indicating the next byte Host
A expects to receive (ACK = Y + 1).
5. Data transfer can now begin.
You will find an excellent clarification of this process at:

http://www.inetdaemon.com/tutorials/internet/tcp/connections.html
There is an acknowledgment process associated with TCP. Here is a sample sequence to show how this works:
1. The sender (Host-A) has a sequence of ten bytes ready to send (numbered 1 to 10) to a recipient (Host-B)
who has a defined window size of five.
2. Host-A will place a window around the first five bytes and transmit them together, then wait for an
acknowledgment.
3. Host-B will respond with an "ACK = 6", indicating that it has received bytes 1 to 5, and is expecting byte 6 next.
4. Host-A then moves the sliding window five bytes to the right and transmits bytes 6 to 10.
5. Host-B will respond with an "ACK = 11", indicating that it is expecting sequenced byte 11 next. In this packet,
the receiver might indicate that its window size is 0 (because, for example, its internal buffers are full). Host-A
won't send any more bytes until Host-B sends a subsequent packet with a window size greater than 0.
TCP also has a mechanism called "slow start" that is designed to expand and contract the window size based on flow
control needs, starting with small window sizes and increasing over time as the link proves to be reliable. When TCP
sees that packets have been dropped (ACKS are not received for packets sent), it tries to determine the rate at which
it can send traffic through the network without dropping packets. Once data starts to flow again, it slowly begins the
process again. This may create oscillating window sizes if the main problem has not been resolved, so the window
size is slowly expanded after each successful ACK is received.
Fragmentation & MTU

Although the maximum size of an IP packet is usually 64k, most technologies enforce a smaller maximum
transmission unit. For instance, the MTU of Ethernet is 1514 Bytes. Because of the different MTU’s along the path that
a packet travels, the packet may be fragmented into smaller packets. When the multiple smaller packets arrive at their
destination, they must be reassembled into the original data.
In the IP packet header, there are flags that specify “don’t fragment” or “more fragments”. RFC 791 specifies the
mechanics of IP Fragmentation.
For an excellent explanation of how Fragmentation, Reassembly and MTU works, see this Cisco whitepaper:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Bridging and LAN Switching

Transparent Bridging (TB)
Found predominantly in Ethernet environments, the operation of a Transparent Bridge is transparent to the network
end-devices concerned; the hosts are completely unaware that they are not local to one another when they
communicate.
A TB learns the network's topology by reading the source address of incoming frames from all attached networks, and
caches that information in a forwarding table. TB’s never change the make-up of a frame. The fully intact frame is
either forwarded or filtered based on its destination MAC address. If the destination MAC address has not previously
been seen (and, thus, is not in the CAM table) then the frame is flooded out all ports on the switch/bridge.
The three functions of a bridge/switch are:
Learn the MAC addresses of all Ethernet devices and their ports
Send incoming frames to their destination port, based on previously learned frames
Drop incoming frames whose destination is the same as the sort port
The name of the table that Cisco switches store the learned MAC addresses & there ports in is the CAM table. CAM
stands for Content Addressable Memory.
Routers can be configured to bridge, just as a switch or bridge can. To transparently bridge packets on an IOS router,
you would do:
Router(config)# bridge 1 protocol ieee
Router(config-if)# bridge group 1
One of the problems, inherent with this type of layer-2 technology, is loops. The Spanning Tree Protocol (STP), based
on the Spanning Tree Algorithm (STA), provides the bridge-to-bridge communication necessary to have the desired
redundancy, while not causing bridges to fail.
Bridge Protocol Data Units (BPDUs) are passed between the bridges at fixed intervals, usually every one to four
seconds. If a bridge fails, or a topology change occurs, the lack of BPDUs will be detected and the STA calculation will
be re-run. Since topology decisions are made locally as the BPDUs are exchanged between neighboring bridges,
there is no central control on the network topology. The tools for fine-tuning an STP domain include adjusting the
bridge priority, port priority and path cost parameters.
There are two major disadvantages to TB:
The forwarding tables must be cleared each time STP reconfigures, which can trigger a broadcast storm as the
tables are being reconstructed.
The volume of broadcasts can overwhelm low-speed serial interfaces when the network is flooded with unknown
frames.
Cisco supports Transparent Bridging over DDR (Dial-on-Demand Routing) and Frame Relay networks.
Translational Bridging
A translational bridge is a bridge that can forward frames between different types of network technologies. For
instance, a translational bridge would send frames between an Ethernet network and a Token-Ring network or
between a FDDI Network and an Ethernet Network.
Integrated Routing and Bridging (IRB)

With IRB, a packet can be routed between routed interfaces and bridged between bridged interfaces. A Bridge Virtual
Interface (BVI) is created to represent the bridge group it corresponds to. The number of the bridge group is also the
number of the BVI. The BVI interface has networking features, like an IP address and subnet mask.
When you turn on routing for a protocol on the BVI, packets from routed networks but destined for hosts on the bridged
network are sent to the BVI. From the BVI, this traffic is sent to the bridged network. On the other hand, any traffic
destined for routed networks from a bridged network is sent to the BVI and then sent to the routed networks.
When configuring IRB, you must configure which protocols will be routed and which protocols will be bridged.
Bridge ACL & Filtering

To filter bridged packets, it is done in one of the following ways:
By MAC address with this command:
Router(config)# bridge {bridge-group} address {mac-address} {forward | discard} [interface]
By Vendor code with this command:
Router(config)# access-list {number} {permit | deny} {address} {mask}
Then, you would apply it to an interface with this command:
Router(config-if)# bridge-group {bridge-group} input-address-list {access-list number}
OR
Router(config-if)# bridge-group {bridge-group} output-address-list {access-list number}
Or by Protocol type with this command:
Router(config)# access-list {number} {permit | deny} {type-code} {wild-mask}
Then, you would apply it to an interface with this command:
Router(config-if)# bridge-group {bridge-group} input-type-list {access-list number}
OR
Router(config-if)# bridge-group {bridge-group} output-type-list {access-list number}
Multiple-Instance Spanning Tree Protocol (MISTP)

MISTP is a Cisco-proprietary spanning-tree mode on Cisco switches. MISTP allows a switch to running a separate
Spanning-Tree instance (process) for different groups of ports on the switch. Thus, with MISTP, not every port on the
bridge is under the same spanning-tree process. With MISTP, you can scale your bridged network much larger.
Source-Route Bridging (SRB)

Developed by IBM for its Token Ring environment, and further enhanced by the IEEE, SRB provides a means by
which multiple rings can be connected together through bridges. SRB’s use the routing information field (RIF) in the
MAC header to determine which Token Ring network segments the frame must transit. The source station inserts the
RIF into the MAC header immediately following the source address field in every frame destined for a remote host,
giving this style of bridging its name. The destination station reverses the routing field to reach the originating station.
There are two flavors of SRB - IBM and IEEE. The primary difference between them being that IBM allows only seven
bridges, while IEEE allows 13. Newer IBM bridge software programs, combined with new LAN adapters, support 13
hops.
A RIF is included only in those frames destined for other rings. The first single bit of the first byte of the source MAC
address will tell the processing device if there is a RIF present. The presence of the routing information indicator (RII)
bit indicates it is a RIF frame: If the RII value is 0, the RIF is absent; if the value is 1, there is a RIF present.
The RIF is made up of two fields:
Routing Control field – Provides information about the RIF, including the length and direction. There is always
one, and only one RC per RIF.
Route Descriptors - Made up of alternating sequences of ring and bridge numbers. A single RIF will contain
one or more routing descriptor fields.
Cisco’s source-route bridging implementation provides three types of explorer packets to collect RIF information:
Directed frame - A data frame that already contains the defined path across the network.
All-routes explorer packets (also known as all-rings explorer packets) - All route explorers go through the
whole network looking for Source-Route Bridges; all SRB’s they encounter forward the frame to every port,
except the one on which it was learned. This is how RIF’s are developed.
Spanning explorer packets (also known as single-route, or limited-route explorer packets) - Explorer
packets pass through a predetermined path constructed by a spanning tree algorithm in the bridges. A station
should receive only one single route explorer from the network. SR/TLB uses this to define an Ethernet domain
to the SRB domain.
I have created a document specifically about reading RIFs, which you can obtain free at www.laganiere.net.
Data Link Switching (DLSw) and DLSw+

DLSw was developed as an advanced tool for transporting Systems Network Architecture (SNA) and other non-
routable protocols over campus or wide-area networks. DLSw+ is Cisco’s version of DLSw, which offers more options
and greater functionality than RSRB and has many enhancements over non-Cisco DLSw implementations, including:
Dynamic peers, peers on demand, backup peers and the ability to load balance connections.
DLSw+ also provides a mechanism for dynamically searching a network for SNA or NetBIOS resources, and includes
caching algorithms that help to minimize broadcast traffic. It can work with Token Ring, Ethernet, FDDI and Serial
interfaces, but not ATM.
The methods of encapsulation methods for DLSw+ are similar to RSRB, with one addition:
Direct Encapsulation – This method uses HDLC (High-Level Data Link Control) and is the simplest type of
remote peering. It adds little overhead, but lacks reliability. The two routers must be directly attached to each
other, with no intermediate hops, through HDLC- encapsulated serial, FDDI, Ethernet or Token Ring interfaces.
Direct Encapsulation is fast-switched.
Fast-Sequenced Transport (FST) – This method encapsulates SRB packets within IP packets. The primary
advantage is that FST allows the link to traverse multiple hops. The IP encapsulation adds more overhead, but
does not provide the reliability of TCP. FST is fast-switched.
Transport Control Protocol (TCP) – This is the most commonly used encapsulation type, and the only
encapsulation method supported by RFC 1795. The primary advantage being that TCP encapsulation provides
for the reliable delivery of packets. TCP has greater overhead, both in actual bandwidth and router processor
cycles, than either direct or FST encapsulation methods. TCP is process-switched.
DLSw Lite (also known as LLC2 or Frame Relay encapsulation) - This method supports many DLSw+
features, but requires less overhead (16 bytes in a normal DLSw header, against 4 bytes in LLC2). It is currently
supported over Frame Relay. DLSw Lite is process-switched.
SRB is an end-to-end protocol, which puts significant load on slow WAN links, especially while waiting for the return of
acknowledgements and keepalives. DLSw+ terminates the LLC2 connection at the local switch so that traffic does not
need to traverse the link. Moving this traffic off the WAN link conserves bandwidth, and allows the local switch to
provide acknowledgement so that timeout issues are avoided.
When providing connectivity between Token Ring and Ethernet, DLSw+ handles the problems of bit ordering, MTU
sizes, and MAC address translation differences. Other limitations of SRB and RSRB include the hop count, and the
lack of flow control and prioritization. DLSw+ has greater scalability, as the RIF terminates locally in the virtual ring,
allowing a maximum of seven SRB hops on each side of the WAN cloud. This comes at the cost of end-to-end RIF
visibility, since each side of the WAN cloud builds its own RIF. Virtual ring numbers need not be the same on the two
end routers.
DLSw+ uses Switch-to-Switch Protocol (SSP) to communicate between routers (called data-link switches) at the data
link layer. This provides the mechanism to establish DLSw+ peer connections, locate resources, forward data, handle
flow control, and perform error recovery. SSP uses TCP as the preferred reliable transport among data link switches.
McGraw-Hill’s “Configuring Cisco Routers for Bridging, DLSw+, & Desktop Protocols” by Tan Nam-Kee is an
excellent resource for learning more about DLSw+, and bridging in general.
Source-Route Transparent Bridging (SRT) and Source-Route

Translational Bridging (SR/TLB)
SRT bridges can create a one spanning-tree between source-route nodes and transparent bridging nodes. It does this
by using a Routing Information Indicator (RII) to determine which nodes are SRB and which are TB. Here is how the
SRT bridge determines this:
If the node is a SRB node, the RII = 0. This means that a RIF is being used.
If the node is a TB node, the RII = 1. This means that a RIF is not being used.
What SR/TLB provides is the ability to create a single spanning-tree and perform source-route bridging between
translational bridged networks. That means that you have a Token Ring and an Ethernet network and are performing
bridging between them. As you know, there are many differences between how an Ethernet network and Token Ring
network functions. Some of these differences are: Bits of MAC addresses are reversed, MTU sizes are different, Token
Ring uses a RIF, different spanning-tree algorithms, etc.
LAN Switching
Layer-2 switches are sometimes called micro-segmentation devices because you can think of them as bridges with
dozens of ports, sometimes having as few as one host per collision domain. Because switches facilitated the move
away from shared media for end-devices, they had the affect of increasing available bandwidth without increasing
complexity. They have the following features:
Each port on a switch is a separate collision domain.
Each port can be assigned a VLAN (Virtual Local Area Network) membership, which creates controllable
broadcast domains.
While switch ports are more expensive than shared media, they are generally much cheaper than Router ports.
Switching Technique Types

Store-and-forward – Receives the complete frame before forwarding. Copies the entire frame into the buffer
and then checks for CRC errors. Higher latency than other techniques. This technique is used on Cat5000s.
Cut-through – Checks the destination address as soon as the header is received and immediately forwards it
out, lowering the latency level.
Fast switching - The default switching type. It can be configured manually through use of the “ip route-cache”
command. The first packet is copied into packet memory, while the destination network or host information is
stored in the fast-switching cache.
Process Switching - This technique doesn’t use route caching, so it runs slow; however, slow usually means
SAFE. To enable, use the command “no protocol route-cache”.
Optimum Switching – From its name you can understand what it is – high performance! This is the default on
7500’s.
Command-Line Interface (CLI)

One of the nicest things about working on Cisco routers is the transparency of IOS. Because a similar command set
has been developed for each family of routers, the knowledge gained from working on one router is applicable to
others.
This nicety does not carryover into the world of Cisco switches. Because there are several families of switches that
were acquired from disparate places, the Command Line Interface (CLI) differs significantly between the families of
switches.
Menu Configurable - Found primarily on older low-end switches, there are several different menu based
systems, such as those found on the 1900 or 3900 series switches. These are meant to be intuitive, but have
their own configuration problems awaiting the uninitiated, not the least of which is figuring out what keys the
menu expects you to use to select between options.
IOS-Like - Another common CLI is the IOS-like version found on many Access-layer switches, like the 2950 and
3550 series. Those who have worked on Cisco routers in the past will find that the command nomenclature is
familiar and, other than a few new commands, the same rules generally apply.
Set-based - The most common CLI is that which was brought into the Cisco family with the acquisition of
Crescendo Communications in 1993. It is found on the Catalyst 4000/5000/6000 series of switches, and is often
called XDI, CatOS, or the Set-based CLI. This is what you will find on most of the Core and Distribution layer
switches, and most new products use this CLI. XDI is based on the Unix csh or c-shell prompt, and the reason it
is commonly called the Set-based CLI is that “Set” is one of the three primary commands used. Most commands
start with one of the following keywords:
Set – Implements configuration changes
Show – Verifies and provides information on the configuration
Clear – Removes configuration elements
In a separate document intended for people studying for the Cisco Switching exam, I put together a list of which
models use what interface, and a sample configuration for each type. I think this document is also useful for CCIE
Written exam candidates who want to review the basics of switch configuration. This document can be found at
www.laganiere.net.
Trunking
Trunks transport the packets of multiple VLANs over a single network link using either IEEE 802.1Q or Cisco’s
proprietary Inter-Switch Link (ISL). IEEE has become common in Cisco networks because it gives you the flexibility to
include other vendor’s equipment, and because of the reduced overhead when compared to ISL, which is
encapsulated with a 26-byte header that transports VLAN IDs between switches and routers.
Note that not all Cisco switches support all encapsulation methods; for instance the Cat2948G and Cat4000 series
switches support only 802.1Q encapsulation. In order to determine whether a switch supports trunking, and what
trunking encapsulations are supported, look to the hardware documentation or use the "show port capabilities"
command.
Trunks are configured for a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and
another network device, such as a router or second switch. Notice that I specifically excluded 10Mb Ethernet ports,
which cannot be used for trunking. For trunking to be enabled on EtherChannel bundles, the speed and duplex
settings must be configured the same on all links. For trunking to be auto-negotiated on Fast Ethernet and Gigabit
Ethernet ports, the ports must be in the same VTP domain.
To help understand how trunks negotiate, this chart tells where they will form, based on the settings of the ports:
Trunk Negotiation
Ports On Off Auto Desirable Non-Negotiate
On Yes No Yes Yes Yes
Off No No No No No
Auto Yes No No Yes No
Desirable Yes No Yes Yes Yes
Non-Negotiate Yes No No Yes Yes

Virtual LAN (VLAN)

A VLAN is an extended logical network that is configured independent of the
physical network layout. Each port on a switch can be defined to join
whatever VLAN suits the Network Architect’s plans.
VLAN Trunk Protocol (VTP)

VTP is a layer-2 messaging protocol that centralizes the management of
VLANs on a network-wide basis, simplifying the management of large
switched networks with many VLANs.
Switches defined as part of a VTP domain can be configured to operate in
any of three VTP modes:
Server – Advertise VLAN configuration to other switches in the same
VTP domain and synchronize with other server switches in the domain.
You can create, modify, and delete VLANs, as well as modify VLAN
configuration parameters such as VTP version and VTP pruning for the
entire domain. This is the default mode for a switch.
Client – Advertise VLAN configuration to other switches in the same
VTP domain and synchronize their VLAN configuration with other
switches based on advertisements received over trunk links; however,
they are unable to create, change, or delete VLAN configurations.
Transparent – Does not advertise its VLAN configuration and does
not synchronize its VLAN configuration with other switches. If the
switch is running VTP version 2, it does forward VTP advertisements,
while still not acting on them.
Switches can only belong to one VTP domain, but if you have more than one
group of switches, and each group has a different set of VLANs that it has to
recognize, you could use a separate domain for each group of switches.
There is a second version of VTP that has features not supported in version
one, including Token Ring LAN Switching and VLANs, unrecognized Type
Length Value, Version Dependent Transparent Mode and Consistency
Checks. Please note that all switches in the VTP domain must run the same
VTP version. In general, don’t enable VTP version 2 in the VTP domain
unless you are ready to migrate all the switches to that version. However, if
the network is Token Ring, you will need VTP version 2.
Spanning-Tree Protocol (STP)

Spanning-Tree Protocol (STP) is a Layer 2 link management protocol
designed to run on bridges and switches to provide path redundancy and
prevent undesirable loops from forming in the network. It uses the Spanning
Tree Algorithm (STA) to calculate the best loop-free path through a switched
network.
Root Bridges and Switches

The key to STP is the election of a root bridge, which becomes the focal point in the network. All other decisions in the
network, such as which ports are blocked and which ports are put in forwarding mode, are made from the perspective
of this root bridge.
When implemented in a switched network, the root bridge is usually referred to as the "root switch." Depending on the
type of spanning-tree enabled, each VLAN may have its own root bridge/switch. In this case, the root for the different
VLANs may all reside in a single switch, or it can reside in varying switches, depending on the estimates of the
Network Architect.
You should remember that selection of the root switch for a particular VLAN is extremely important. You can allow the
network to decide the root based on arbitrary criteria, or you can define it yourself.
Bridge Protocol Data Units (BPDUs)

All switches exchange information to use in the selection of the root switch, as well as for subsequent configuration of
the network. This information is carried in Bridge Protocol Data Units (BPDU).
The primary functions of BPDUs are to:
Propagate bridge IDs in order for the selection of the root switch.
Find loops in the network.
Provide notification of network topology changes.
Remove loops by placing redundant switch ports in a backup state.
How STP Works

When the switches first come up, they start the root switch selection process with each switch transmitting BPDU to its
directly connected switch neighbors on a per-VLAN basis.
As the BPDUs go through the network, each switch compares the BPDU it sent out to the ones it has received from its
neighbors. From this comparison, the switches determine the root switch. The switch with the lowest priority in the
network wins this election process. (Remember, there may be one root switch identified per VLAN, depending on the
type of STP selected.)
STP Timers
Hello timer - How often the switch broadcasts Hello messages to other switches.
Forward delay timer - Amount of time a port will remain in the listening and learning states before going into the
forwarding state.
Maximum age timer – How long protocol information received on a port is stored by the switch.
Ports in an STP domain will progress through the following states:

Blocking – Listens for BPDUs from other bridges, but does not forward them or any traffic.
Listening – An interim state while moving from blocking to learning. Listens for frames and detects available
paths to the root bridge, but will not collect host MAC addresses for its address table.
Learning – Examines the data frames for source MAC addresses to populate its address table, but no user data
is passed.
Forwarding – Once the learning state is complete, the port will begin its normal function of gathering MAC
addresses and passing user data.
Disabled – Either there has been an equipment failure, a security issue or the port has been disabled by the
Network Administrator.
Notes about STP Port States:

A port in blocking state does not participate in frame forwarding. The switch always goes into blocking state
immediately following switch initialization.
When a port changes from the listening state to the learning state, it is preparing to participate in frame
forwarding.
Port in the forwarding state actually forwards frames (User data, BPDUs, etc.).
STP Enhancements:
There are three major enhancements available for Spanning Tree, as it is applied on Cisco devices:
PortFast - By default, all ports on a switch are assumed to have the potential to have bridges or switches
attached to them. Since each of these ports must be included in the STP calculations, they must go through the
four different states whenever the STP algorithm runs (when a change occurs to the network). Enabling
PortFast on the user access ports is basically a commitment between the Network Architect and the switch,
agreeing that the specific port does not have a switch or bridge connected, and therefore this port can be placed
directly into the Forwarding state; this allows the port to avoid being unavailable for 50 seconds while it cycles
through the different bridge states, simplifies the STP recalculation and reduces the time to convergence.
UplinkFast - Convergence time on STP is 50 seconds. Part of this is the need to determine alternative paths
when a link between switches is broken. This is unacceptable on networks where real-time or bandwidth-
intensive applications are deployed (basically any network). If the UplinkFast feature is enabled (it is not by
default) AND there is at least one alternative path whose port is in a blocking state AND the failure occurs on the
root port of the actual switch, not an indirect link; then UplinkFast will allow switchover to the alternative link
without recalculating STP, usually within 2 to 4 seconds. This allows STP to skip the listening and learning
states before unblocking the alternative port.
BackboneFast - BackboneFast is used at the Distribution and Core layers, where multiple switches connect
together, and is only useful where multiple paths to the root bridge are available. This is a Cisco proprietary
feature that speeds recovery when there is a failure with an active link in the STP. Usually when an indirect link
fails, the switch must wait until the maximum aging time (max-age) has expired, before looking for an alternative
link. This delays convergence in the event of a failure by 20 seconds (the max-age value). When BackboneFast
is enabled on all switches, and an inferior BPDU arrives at the root port - indicating an indirect link failure - the
switch rolls over to a blocked port that has been previously calculated.
The primary difference between UplinkFast and BackboneFast is that BackboneFast can detect indirect link failures,
and is used at the Distribution and Core layers, while UplinkFast is aware of only directly connected links, and is used
primarily on Access layer switches. If UplinkFast is turned on for the root switch, it will automatically disable it. Since
BackboneFast is an enhancement strictly for Core and Distribution layer devices, and these are all Set-based
switches, there is no command to enable it for IOS based switches.
The Cisco Press book “Cisco LAN Switching” by Clark and Hamilton is an excellent resource for leaning about
switching.
DISL
Dynamic Inter-Switch Link Protocol is only used when you have two Cisco devices, connected together by a Fast
Ethernet link. DISL will ease the configuration burden because only one end of the ISL link needs to be configured.
Fast Ether Channel (FEC)

For information on Fast Ether Channel (FEC), see that section later in this Cramsession under the “LAN” Heading.
Cisco Discovery Protocol (CDP)

CDP is Cisco’s proprietary management protocol. With this protocol, you can obtain hardware and platform information
about the Cisco switches and routers on your network. As CDP works at Layer 2 (data-link) it is not dependant on
proper IP address configuration, routing protocols, or Layer 3 security settings.
CDP is enabled by default. CDP uses SNAP frames.
To disable CDP on the entire router, you would do:
Router(config)# no cdp run
To disable CDP on a particular interface, you would do:
Router(config-if)# no cdp enable
CGMP
You will find information on CGMP in the Multicast section of this Cramsession.
Security
VLAN Access-Lists (VACL)
A VACL is an access-list, on a switch, that can control traffic between switch ports. With a VACL you could filter traffic
between two hosts without that traffic ever going through a router.
VACL’s work like a route-map. You can filter either on MAC address or IP traffic. Assuming you are going to filter IP
traffic you would:
create an access-list that defines your traffic
create a vlan access-map that tells the switch what to do with that traffic (forward it or drop it)
apply it to the vlan (or list of vlans) that you want to filter your traffic in
IP Receive Access-list (RACL)

Receive access-lists are, currently, only available on Cisco 7500 and 12000 platforms.
These access-lists are used, primarily, as a security measure to make sure that traffic that is destined for the router is
given the highest priority and arrives at its destination. The important traffic that is destined for the router is usually
routing traffic (routing protocols). This filtering happens after the input access-list on the ingress interface.
Private VLANs
Private VLAN is a feature that is not available on all models of Cisco switches or routers. This feature allows for
devices on a switch to be isolated into their own Layer 2 networks while still having Layer 3 IP addresses on the same
subnets. This can be configured such that certain ports could be allowed to reach a default gateway, if desired.
There are three types of Private VLANs:
Community ports – can communicate within their community and with a promiscuous port.
Isolated ports – are completely isolated at Layer 2 from all other isolated ports (and all other ports on the switch).
Broadcasts from isolated ports are forwarded to all promiscuous ports.
Promiscuous ports – communicates with all other private vlan ports on the same switch
You cannot configure a Private VLAN using the numbers 1 or 1002-1005.
802.1X
The IEEE standard, 802.1X performs port-based authentication. What this means is that the switch can
actually request authentication of the user connected to the switch before providing connectivity to the network. Just
like a network access server (NAS) would do to a dial-up user, the switch requests the user’s credentials, relays those
to an authentication server, and verifies their validity before granting permission to access the network.
The device/user connected to the switch must use 802.1X client software for this authentication to work. This type of
client is included in the Windows XP operating system. Prior to successful authentication, the only traffic that can
communicate across the port on the switch is the Extensible Authentication Protocol (EAP) over LAN (or EAPOL). The
switch acts as an authentication proxy for the client as it is just passing the authentication credentials along to the
authentication server by encapsulating and unencapsulating the EAP packets. The switch uses the RADIUS protocol
to communicate with the authentication server by passing the EAP packets in RADIUS packets.
To configure the switch for this process to work, you must configure the following on the switch:
AAA
RADIUS
dot1x port-control auto (on each interface)
Multi-Layer Switching (MLS)

Multi-Layer Switching is also known as Layer-3 Switching. With MLS, instead of using the traditional routing software
and CPU to route packets, these packets are routed using a dedicated hardware chip. This chip is called an ASIC, or
Application Specific Integrated Circuit. Usually, the routing done by the ASIC is done at “wire-speed”, resulting is
significantly less latency than a traditional router.
Internet Protocol (IP)

IP Addressing
IP is the routed protocol of the Internet, and is the default protocol in most networks today. Addresses are 32 bits long,
with the most significant bits specifying the network, as determined by a subnet mask. This subnet is either derived
from the first few bits of the address, or specified directly; depending on if you are using classful (confirming to major
address boundaries) or classless (further subnetting classful addresses) addressing. IP addresses are written in
dotted-decimal format, with each set of eight bits separated by a period. The minimum and maximum packet headers
for IP are 20 and 24 bytes, respectively.
Though a long discussion on the nature of Subnet Masks is possible, for the purposes at hand, let us just discuss the
major classes - A, B, C, D, and E. Only the first three are available for commercial use; the others are special purpose
address ranges. The left-most (high-order) bits indicate the network class. Here are the basic facts about the different
classes of IP addresses:
IP Purpose High- Default Address Range

Address Order
Subnet Mask
Bit(s)
Class
A Few large 0 255.0.0.0 1.0.0.0 to 126.0.0.0

organizations
B Medium-size 10 255.255.0.0 128.1.0.0 to

organizations 191.254.0.0
C Relatively small 110 255.255.255.0 192.0.1.0 to

organizations 223.255.254.0
D Multicast groups 1110 N/A 224.0.0.0 to

(RFC 1112) 239.255.255.255
E Experimental 1111 N/A 240.0.0.0 to

254.255.255.255
Remember that the default Subnet Mask is just that, a default; it can be adjusted as necessary (depending on the
routing protocol) by the network designer.
Subnetting
IP addresses are made up of two pieces of information, the network that the host can be found on, and the unique
address of the host. The network segment is on the left, the host portion on the right, but where the delineation occurs
depends on the definition of the subnet mask. The subnet mask provides the ability to have an extended network
prefix by taking bits from the host portion of the address, and adding them to the network prefix. For example, a
classful Class C network prefix consists of the first 24 bits of the IP address (three octets); but the network prefix can
be extended into the fourth octet to provide more granularity to the configuration.
It is also common to designate the subnet mask in the /bits ("slash bits") format. This is simply the number of bits
dedicated to the network part of the IP address. In the two examples above, the /bits designations would be /27 and
/21.
Subnetting Tricks
I have found the following chart to be helpful for quick subnet mask calculations. If you take a few seconds at the
beginning of the test session and write this out from memory on a piece of scratch paper, it can be a useful timesaver
during any exam that requires subnetting and binary conversion.
Line 1 Bits 1 2 3 4 5 6 7 8
Line 2 Binaries 128 64 32 16 8 4 2 1
Line 3 Subnet 128 192 224 240 248 252 254 255
Line 4 Hosts 126 62 30 14 6 2 0 0
Line 5 Nets 2 4 8 16 32 64 128 256
How to create the chart:

Line #1 - Write the numbers one through eight from left-to-right. Besides being a handy column header, this
provides the number of bits in a subnet.
Line #2 - Starting with 1 and working from right-to-left, double each number. This gives you the column values
for hex-to-binary conversion.
Line #3 - Write out your subnets. You can derive these values by adding the number above to the number on
the left (example: 64+128=192).
Line #4 - The number of hosts per subnet can be derived by subtracting two from the values in row #2 (if the
value is <0, round up to 0).
Line #5 - Start with two in the left most column, and double each number going across. This will give you the
number of networks for each subnet.
Route Summarization
Route summarization condenses routing information by consolidating like routes, and collapsing multiple subnet routes
into a single network route. Where summarization is not applied, each router in a network must retain a route to every
subnet in the network. This means as the network grows, the routing table becomes larger and larger. Routers that
have had their routes summarized can reduce some sets of routes to a single advertisement, which reduces the load
on the router and simplifies the network design.
Some important reasons to take advantage of summarization:
The larger the routing table, the more memory is required because every entry takes up some of the available
memory.
The routing decision process may take longer to complete as the number of entries in the table are increased.
An added benefit of reducing the IP routing table size is that it requires less bandwidth and time to advertise the
network to remote locations, thereby increasing network performance.
Depending on the size of the network, the reduction in route propagation and routing information overhead can be
significant. Route summarization is of minor concern in production networks until their size gets considerable.
However, if summarization has not been taken into account during the initial design phase, it is very difficult to
implement later.
Some routing protocols, EIGRP for example, summarize automatically. Other routing protocols, such as OSPF, require
manual configuration to support route summarization.
Remember that when redistributing routes from a routing protocol that supports VLSM (such as EIGRP or OSPF) into
a routing protocol that does not (such as RIPv1 or IGRP) you might lose some routing information.
Some important requirements exist for summarization:
Multiple IP addresses must share the same high-order bits. Since the summarization takes place on the low-
order bits, the high-order bits must have commonality.
Routing tables and protocols must use classless addressing to make their routing decisions; in other words, they
are not restricted by the Class A, B and C designations to indicate the boundaries for networks.
Routing protocols must carry the prefix length (subnet mask) with the IP address.
Services & Applications

Below, are the most common IP services and applications with a summary of each.
DNS
Domain Name Service (DNS) resolves names to IP addresses. DNS uses TCP and UDP port 53. An example of DNS
would be someone entering a fully-qualified domain name (FQDN) like www.cisco.com into their web browser. That
device would then do a DNS lookup to a DNS server to resolve the name to an IP address.
ARP & RARP

Once a device has the IP address that it wants to communicate with, it must get the MAC address (Layer 2 address).
To get the MAC address, it uses Address Resolution Protocol (ARP). An ARP is a broadcast packet that does not pass
through routers. The ARP response is a unicast packet. The device that does the ARP keeps an ARP cache of the
most recently requested IP addresses with their corresponding MAC addresses.
RARP is Reverse Address Resolution Protocol. RARP allows a device to ask for its IP address. RARP is not used and
has been replaced with BOOTP or DHCP.
BOOTP & DHCP

BOOTP is a protocol where a device sends a request to learn its IP address. BOOTP uses UDP ports 67 and 68.
BOOTP has been replaced with DHCP. BOOTP requests are broadcasts and, thus, won’t pass through a router
without configuring the ip helper-address x.x.x.x command.
Dynamic Host Configuration Protocol (DHCP) is the current standard in use for a device to learn its IP address. When
you boot up a computer, usually, it does a DHCP request to request its IP address. The DHCP server responds and
the client obtains a lease on the IP address it is provided. Like BOOTP, DHCP uses UDP ports 67 & 68, uses
broadcast for the DHCP request, and the ip-helper command must also be configured to forward DHCP requests
across a router link.
ICMP
Internet Control Message Protocol (ICMP) works at Layer 3 (Network). ICMP
is used to communicate errors between hosts and routers. The most
commonly used form of the ICMP protocol is the ping application. Some
examples of common ICMP messages are echo, echo reply, destination
unreachable, redirect, and time exceeded.
NAT
Network Address Translation (NAT) converts network addresses. Usually,
NAT is used to convert from private (internal) IP addresses to public
(external) IP addresses. NAT can be used to reduce the need for Internet
addresses. There is some NAT terminology you should know:
Inside Local—This is the local IP address of the private host on your
network (i.e., your PC’s IP address).
Inside Global—This is the public, legal, registered IP address that the
outside network sees as the IP address of your local host.
Outside Local—This is the local IP address from the private network,
which your local host sees as the IP address of the remote host.
Outside Global—This is the public, legal, registered IP address of the
remote host (i.e., the IP address of the remote Web server that your
PC is connecting to).
There are also different types of NAT that you should be familiar with. They
are:
Static NAT – maps a single inside address to a single outside address.
Dynamic NAT – maps inside addresses to outside addresses, as
needed.
NAT Overload – maps a larger number of inside addresses to a
smaller number of outside addresses (the outside addresses are
overloaded as there is a smaller number of them than there are inside
addresses)
NAT Overlap – maps inside and outside addresses when they are
using conflicting IP addresses (overlapping networks).
HSRP & VRRP

Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol that
provides high available for routing services. For example, you could have a
virtual IP address configured as your default gateway. You would have two
routers that would respond to this virtual IP address. One of the routers
would be the primary and one would be the secondary.
The industry-standard version of HSRP is the Virtual Router Redundancy
Protocol (VRRP).
Telnet
Telnet is used to remotely configure router, switches, or servers. Any system that runs a telnet server can be
connected to with telnet. Once connected, you can perform commands on that system or network device. Telnet uses
TCP port 23.
FTP & TFTP

File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) both send and receive files over a network. FTP
uses TCP ports 20 and 21. TFTP users UDP port 69. FTP is more reliable and featured than TFTP. TFTP is commonly
used to send & receive router & switch configuration and IOS files.
SNMP
Simple Network Management Protocol (SNMP) is used for network management. Network devices (like routers,
switches, servers, PCs, or even laser printers) can have SNMP agents. You would have a network management
application that uses SNMP to communicate with these network devices. With SNMP, you could gather statistics and
be alerted of utilization, for example. SNMP uses UDP port 161.
Access Control Lists (ACL)

An Access List is an ordered set of statements that permit or deny the flow of packets through an interface. They are
used for security purposes, to provide QoS, or to define types of traffic for purposes of filtering, queuing or prioritizing.
They define the criteria on which decisions are made based on information contained inside the packets. Decisions
are based on the source and/or destination network/subnet/host address(es) of the packets.
The basic concept of the access list wildcard mask is that any “0” in the wildcard mask means the corresponding bit in
the address has to match, and any “1” in the wildcard mask means the value isn’t checked.
You can only append to an access list, you cannot add lines to the middle of it. To make changes, copy your access
list to notepad, and make your changes there; then from the Cisco router console type “no access-list” and the
number, then paste the updated access list into the configuration.
Things to know about ACLs:
The wildcard mask, which looks like a reversed subnet mask, defines which bits of the address are used for the
access list decision-making process.
Lists are processed top-down. In other words, the first matching rule preempts further processing.
Only one access list is allowed per port/per direction/per protocol.
Remember that there is an implicit deny at the end of all access lists (so the last configured line should always
be a permit statement).
If you apply an access number that does not exist, all traffic will be passed.
An Access Class limits VTY (telnet) access.
A Distribution List filters incoming or outgoing routing updates.
Access list types are designated by the list Numbers:

1-99 IP standard
100-199 Extended IP
200-299 Protocol type-code
300-399 DECNet
400-499 XNS standard
500-599 XNS extended
600-699 AppleTalk
700-799 48-bit Mac Address
800-899 IPX standard
900-999 IPX extended
1000-1099 IPX Sap
1100-1199 Extended 48-bit Mac

Address
1200-1299 IPX Summary Address
O’Reilly & Associates’ “Cisco IOS Access Lists” by Jeff Sedayao, and McGraw-Hill’s “Cisco Access Lists: Field
Guide” by Held and Hundley are excellent resources for this topic.
Internet Protocol Version 6 (IPv6)

IPv6 address types are distinguished by the value of the high-order octet of the addresses: a value of 0xFF (binary
11111111) identifies an address as a multicast address; 0x00 indicates loopback or unassigned addresses; any other
value identifies an address as a Unicast address. Anycast addresses are taken from the Unicast address space, and
are not syntactically distinguishable from Unicast addresses.
Ipv6 addresses can be written in a compressed format by using a double colon to summarize at least one octet of
continuous zeros.
Anycast can be understood best by comparing it with Unicast and Multicast. IP Unicast allows a source node to
transmit IP datagrams to a single destination node. The destination node is identified by a Unicast address. IP
multicast allows a source node to transmit IP datagrams to a group of destination nodes. A multicast group identifies
the destination nodes, and we use a multicast address to identify the multicast group.
IP Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination
nodes. IP datagram will reach the closest destination node in the set of destination nodes, based on routing measure
of distance. The source node does not need to care about how to pick the closest destination node, as the routing
system will figure it out (in other words, the source node has no control over the selection). The set of destination
nodes is identified by an Anycast address.
Valid Ipv6 Unicast or Anycast addresses:
1080:0:0:0:8:800:200C:417A
1080::8:800:200C:417A
Valid Ipv6 Multicast addresses:

FF01:0:0:0:0:0:0:101
FF01::101
Valid Ipv6 Lookback addresses
0:0:0:0:0:0:0:1
::1
IP Routing
Routing Protocol Concepts
Routing protocols provide dynamic network information to the routers that are part of the domain, and represent one of
the most important areas for a Network Engineer to master.
Distance-Vector Routing Protocols

Protocols that are designed to periodically pass the full contents of their routing tables to all of their immediate
neighbors (usually every 30 to 90 seconds). Each recipient then increments the values and updates its routing table to
send out in the next update. Once this information has made the rounds, each router will have built a routing table with
information about the "distances" to networked resources without learning anything specific about the other routers, or
about the network's actual topology.
The primary benefits of these protocols are how easy they are to configure and maintain. The problems associated
with them include slow convergence, routing loops, counting to infinity problems, and excessive bandwidth utilization
from the size and repetition of the updates.
The two common Distance Vector protocols are the Routing Information Protocol (RIP), and Cisco's proprietary
Interior Gateway Routing Protocol (IGRP), which uses bandwidth and delay.
Link State Routing Protocols

Link State Routing Protocols develop and maintain a full knowledge of the network's routers, as well as how they
connect to one another. This information is gathered through the exchange of link-state advertisements (LSAs)
between routers, which develop a topological database that is used by the Shortest Path Algorithm to compute
reachability to networked destinations. This process allows quick discovery of changes in the network topology.
The chief advantages of Link State protocols is that the transmission of LSAs takes less bandwidth than the full
updates provided by Distance Vector routing protocols; faster convergence, and greater scalability.
The concerns with Link-State protocols include flooding that is done during the initial discovery process, and that they
can be both memory and processor intensive.
Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are the primary
examples of Link State protocols.
Hybrid Routing Protocols

Hybrid Routing Protocols combine characteristics of both Distance Vector and Link State protocols. They converge
more rapidly than distance-vector protocols, while avoiding the processing overhead associated with link-state
updates. Also, they are event driven rather than using a timer to decide when to send updates; this conserves
bandwidth for the transmission of user data.
Cisco's proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) is the most common Hybridized routing
protocol (and the only one I’ve ever heard of). It was designed to combine the best aspects of distance-vector and
link-state routing protocols without incurring any of the performance limitations specific to either. Remember that one
of the major limitations to EIGRP is that it only runs on Cisco equipment.
Distribution Lists
Distribution lists are used to filter the contents of inbound or outbound distance vector routing protocol updates (RIP
and IGRP). Standard IP access lists are used to define a list against which the contents of the routing updates are
matched. Remember that the access list is applied to the contents of the update, not to the source or destination of
the routing update packets themselves.
The “distribute-list” command is entered at the global or router configuration levels, and there is an option to apply the
list to specific interfaces. For any given routing protocol, it is possible to define one interface-specific distribute-list per
interface, and one protocol-specific distribute-list for each process/autonomous-system pair.
Example:
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 permit 172.16.3.0 0.0.0.255
router rip
distribute-list 1 in ethernet 0
distribute-list 2 out
Routing Loops
Routing loops occur when the routing tables of some or all of the routers in a given domain route a packet back and
forth without ever reaching its final destination. Routing loops often occur during route redistribution, especially in
networks with multiple redistribution points.
There are several commonly used methods for preventing routing loops, including:
Holddowns – Routes are held for a specified period of time to prevent updates advertising networks that are
possibly down. The period of time varies between routing protocols, and is configurable. Holddown timers
should be set very carefully - if they are too short, they are ineffective; too long and convergence will be
delayed.
Triggered updates – Also known as flash updates, these are sent immediately when a router detects that a metric
has changed or a network is no longer available. This helps speed convergence. Instead of waiting for a
certain time interval to elapse to update the routing tables, the new information is sent as soon as it is learned.
Split horizon – If a router has received a route advertisement from another router, it will not re-advertise it back
out the interface from which it was learned.
Poison reverse – Once you learn of a route through an interface, advertise it as unreachable, back through that
same interface.
Administrative Distance
When a route is advertised by more than one routing protocol, the router must decide which protocol’s routes to use.
The predefined Administrative Distances of routing protocols allow the router to make that decision, more or less telling
the router the relative trustworthiness of the different protocols. Here is a list of the common ADs:
Directly Connected 0
Static 1
EBGP 20
EIGRP (Internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
EIGRP (External) 170
IBGP 200
BGP Local 200
Unknown 255
Open Shortest Path First (OSPF)

OSPF is an open standard Link State routing protocol that uses Dijkstra’s Shortest Path First (SPF) algorithm. Several
of OSPF’s advantages include fast convergence, classless routing, VLSM support, authentication support, support for
much larger inter-networks, the use of areas to minimize routing protocol traffic, and a hierarchical design.
All OSPF routers must have a unique router ID. The router ID is the highest IP address on any of its loopback
interfaces. If the router doesn’t have any loopback interfaces, then it chooses the highest IP address on any of its
enable interfaces. The interface doesn’t have to have OSPF enabled on it. Loopback interfaces are often used
because they are always active and there is usually more leeway in its address assignment.
OSPF contains five network types:
Point-to-point
Broadcast
Non-broadcast multi-access (NBMA)
Point-to-multipoint, and virtual-links.
OSPF routers keep track of three databases. They are:
Neighbor database
Topology table
Master routing table
Area 0
This is the core area for OSPF. One of the basic rules of OSPF is that all areas must connect to area 0 (just as all
roads lead to Rome). If there is an area that is not contiguous with area “0”, your only option is to use a virtual-link.
This will provide a tunnel through another area in order to make it appear that the area is directly connected to area 0.
Area Border Routers (ABRs) are responsible for maintaining the routing information between areas. Internal routers
receive all routes from the ABR except for those routes that are contained within the internal area.
Traffic destined for networks outside of the AS must traverse Area 0 to an Autonomous System Border Router (ASBR).
The ASBR is responsible for handling the routing between OSPF and another AS using another routing protocol such
as EIGRP.
OSPF Area Types:

Standard - Accepts internal, external and summary LSA’s.
Backbone (transit area) - In multi-area OSPF networks all other areas must connect directly to this area in order
to exchange route information. It must be labeled area “0”, and it accepts all LSA types. This behaves like a
normal Standard area, except it happen to reside in the middle of the network.
Stub - Refers to an area that does not accept Type-5 LSAs to learn of external ASs. If routers need to route to
networks outside the autonomous system, they must use a default route.
Not-so-stubby – Also know as NSSA. It is the same as a stub area, except it accepts LSA Type 7. This is useful
if you want to accept redistributed routes from another routing protocol. Once these redistributed routes leave
the NSSA they are converted to Type 5. Type 7 LSAs can only exist in an NSSA.
Totally Stubby – All LSAs except Type 1 and 2 are blocked. Intra-area routes and the default route are the only
routes passed within a totally stubby area. This is Cisco proprietary.
Stub and Totally Stubby Area Similarities:

There can only be a single ABR and single exit point from the area.
All routers within the stub area must be configured as stub routers. If not, they cannot form adjacencies with the
other stub routers.
A stub area cannot be used as a transit area for virtual links.
An ASBR cannot be internal to a stub area.
Inter-area routing is based on a default route.
Neither will accept Type-5 LSAs (autonomous system entries).

Typically used in a hub and spoke topology with the spokes being remote sites configured as stub or totally
stubby areas.
Stub and Totally Stubby Area Differences:

Totally stubby areas have smaller routing tables, since the only routes they accept are from area 0, which is the
default route.
Totally stubby will not accept Summary LSA’s (Type-3 and Type-4).
Totally stubby is Cisco proprietary, while Stub is an OSPF standard.
Router Types:
Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in the same area. They have identical
link-state databases and run single copies of the routing algorithm.
Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached to multiple areas. They
maintain separate link-state databases for each area. This may require the router to have more memory and
CPU power. These routers act as gateways for inter-area traffic. They must have at least one interface in the
backbone area, unless a virtual link is configured. These routers will often summarize routes from other areas
into the backbone area.
Autonomous System Boundary Router (LSA Type 5 or 7) – Routers that have at least one interface into an
external network, such as a non-OSPF network. These routers can redistribute non-OSPF network information
to and from an OSPF network. Redistribution into an NSSA area creates a special type of link-state
advertisement (LSA) known as type 7. This router will be running another routing protocol besides OSPF, such
as EIGRP, IGRP, RIP, IS-IS, etc.
Traffic Types:
Intra-area - Traffic passed between routers within a single area.
Inter-area - Traffic passed between routers in different areas.
External - Traffic passed between an OSPF router and a router in another autonomous system.
NMBA Networks
Designated Routers (DRs) and Backup Designated Routers (BDRs) are elected on Broadcast and Nonbroadcast Multi-
access networks such as Ethernet broadcast domains. You can control the selection of DRs through the use of the “IP
OSPF Priority” command; the highest priority wins, and a setting of “0” makes the router ineligible to become DR.
If a router joins the network with a priority somewhere between the existing DR and BDR, the network does not
recalculate until the DR fails, then the BDR becomes the DR, and the new router will become BDR.
LSA Types:
Router link entry - Type 1 LSA. Broadcasts only in a specific area. Contains all the default Link State
information. Generated by each router for each area to which it belongs. It describes the state of the router’s link
to the area. The link status and cost are two of the descriptors provided.
Network entry - Type 2 LSA. Multicast to all area routers in a multi-access network by the DR. They describe
the set of routers attached to a particular network and are flooded only within the area that contains the network.
Summary entry - Type 3 and 4 LSA’s. Type 3 LSA’s have route information for the internal networks and are
sent to the backbone routers. Type 4 LSA’s have information about the ASBRs. This information is broadcast by
the ABR, and it will reach all the backbone routers.
Autonomous system entry - This is a Type 5 or 7 LSA. It comes from the ASBR and has information relating to
the external networks. Type 7 LSA’s are only found in NSSA areas.
Routing Authentication
OSPF authentication is used to validate that the remote router that this router is about to exchange routes with is really
who it says it is. This is done with a shared password. Anyone with the shared password is allowed to exchange routes
on the network.
OSPF supports two types of authentication- plain text and MD5 encrypted. With MD5 encrypted authentication, the
password is encrypted as it goes across the network link.
The same authentication type must be used across an entire OSPF area.
Border Gateway Protocol (BGP)

BGP version 4 is a path vector routing protocol used to exchange routing information between Autonomous Systems,
and can be considered the routing protocol of the Internet. It carries information as a sequence of AS numbers, which
indicate the autonomous systems that must be used to get to a destination network.
Specific neighbor commands must be entered to create BGP neighbors because neighbors are defined in the
configuration, not by their physical location in the network. Even if two routers are physically connected, they are not
necessarily neighbors unless they form a TCP connection, which is configured by the Network Engineer.
When BGP talkers (routers) communicate for the first time, they exchange their entire routing tables. The protocol
maintains a table version number to track the current instance of the BGP routing table, and uses keepalives to make
sure their neighbors are up. BGP uses TCP (port 179) as its transport protocol to ensure reliable delivery.
There are both internal and external flavors of BGP (IBGP and EBGP) configurations.
Internal BGP (IBGP) - Used inside a specific BGP Autonomous System. Neighbors don’t need to be directly
connected, but they do need IP connectivity via an IP Internal Gateway Protocol (IGP), such as OSPF. The
administrative distance for iBGP is 200.
External BGP (EBGP) - Used between different BGP Autonomous Systems. Neighbors normally need direct
connectivity, however, Cisco provides the “ebgp-multihop” router configuration command to override this
behavior. The administrative distance for EBGP is 20.
Any time you make changes to the BGP configuration on a router, your BGP neighbor connection must be reset. Use
the Cisco IOS command "clear ip bgp *" to perform this task. Use the command "show ip bgp" command to view your
BGP table.
BGP’s effective use of Classless Inter-domain Routing (CIDR) has been a major factor in slowing the explosive growth
of the Internet routing table. CIDR doesn’t rely on classes of IP networks such as Class A, B, and C. In CIDR, a prefix
and a mask, such as 197.32.0.0/14, represent a network. This would normally be considered an illegal Class C
network, but CIDR handles it just fine. A network is called a super-net when the prefix boundary contains fewer bits
than the network’s natural mask.
Situations that may require BGP:

Extremely large networks
A network that is connected to more than one AS
Networks that are connected to two or more Internet Service Providers
When you’re preparing for, or taking the CCIE Lab exam
Synchronization/Full Mesh
IBGP must either maintain a full mesh within an AS, or use route reflectors to simulate the mesh. This is necessary
because BGP doesn’t advertise to internal BGP (IBGP) peer routes that were learned via other IBGP peers.
BGP routing information must be in sync with the IGP before advertising transit routes to other ASs. This can be turned
off using the Cisco IOS command “no sync”; but this isn’t recommended unless all the routers in your BGP AS are
running BGP and are fully meshed, or the AS in question isn’t a transit AS. The careless use of the “no sync”
command could cause non-BGP routers within an autonomous system to receive traffic for destinations that they don’t
have a route for. With synchronization enabled, BGP waits until the IGP has propagated routing information across
the autonomous system before advertising transit routes to other ASs.
Next-Hop-Self Command
In a non-meshed environment where you know that a path exists from the current router to a specific address, the
BGP router command “neighbor {ip-address | peer-group-name} next-hop-self” can be used to disable next-hop
processing. This will cause the current router to advertise itself as the next hop for the specified neighbor, simplifying
the network. Other BGP neighbors will then forward packets for that destination to the current router. This would not be
useful in a fully meshed environment, since it will result in unnecessary extra hops where there may be a more direct
path.
BGP Path Selection

BGP will select what it considers the one best path, which is then put into the BGP routing table and then propagated
to its neighbors. The criteria for selecting the path for a destination is:
If the path specifies a next hop that is not accessible, the update is dropped.
The path with the largest weight is preferred.
If the weights are the same, the path with the larger local preference is preferred.
If the local preference is the same, then prefer the path that originated on this router.
If no route originated on this router, then prefer the one with the shortest AS-path.
If they have the same AS_path, then prefer the path with the lowest origin path.
If the origin codes are the same, then prefer the path with the lowest MED.
If the MED is the same, then prefer an external path to an internal path.
If these are the same, then prefer a path through the closest IGP neighbor.
Lastly, prefer the path with the lowest IP address, as specified by the BGP router ID. If a loopback is
configured, this will be used as the router ID.
Scalability Problems (and Solutions) with IBGP

Autonomous systems consisting of hundreds of routers can create management problems for network administrators.
Remember that IBGP must be fully meshed unless you use one of the techniques listed below, which requires BGP
neighbor statements to and from every IBGP router in a given AS.
Peer Groups - Several BGP routers that share the same update policies can be grouped into a peer group to
simplify configuration and to make updating more efficient. The power of this function will be obvious the first
time you need to configure hundreds of routers and type the same commands over, and over, and over again.
The members of a peer group will inherit changes made to the peer group, simplifying updates.
Confederations - Confederations eliminate the need to fully mesh BGP communications in a given AS by
splitting a single AS into sub-AS’s and using EBGP between them. The sub-ASs will usually use private AS
numbers. In most BGP environments it is too cumbersome to have all the BGP routers peered to each other.
ASs external to the confederation group look like a single AS to the routers inside.
Route Reflectors - Route reflectors can also reduce the number of BGP peering statements by configuring
some of the IBGP routers as route reflectors. The route reflector clients only peer with the route reflectors, and
not each other. This setup can greatly reduce the number of BGP peering configurations required in an AS. You
can cluster BGP Route Reflectors to provide redundancy. This prevents the failure of a single router from
bringing down your IBGP domain.
Configuring Neighbors & Networks

Most BGP configuration is done with the neighbor command. For example, to add a new neighbor with BGP, you
would do:
Router(config)# router bgp {Your AS Number}
Router(config-router)# neighbor {their IP address} remote-as {their AS Number}
If the new neighbor has the same AS number as your router, then you are configuring IBGP, or internal BGP. If the neighbor you
are configuring has a different AS number than your router then you are configuring EBGP, or external BGP.
To advertise a network that your router has to offer, you would use the network statement. For example, say that your Ethernet
network is 10.1.1.0/24, you would configure the following to advertise it to other BGP routers:
Router(config)# router bgp {Your AS Number}
Router(config-router)# network 10.1.1.0 mask 255.255.255.0
Route Dampening
A network that has a router with flapping routes (routes that go up and down) can often cause problems, as the BGP
routers must continuously update their routing tables. Route dampening is used to control this route instability.
Dampening classifies routes as "well-behaved" or "ill-behaved" based on their past reliability and penalties are
assigned each time a route flaps. When a set penalty is reached, BGP suppresses the route until it is well behaved
and trusted again. There is no penalty limit at which a route is permanently barred from joining the domain. Route
dampening is not enabled by default.
The Cisco Press books “Internet Routing Architectures, 2nd edition” by Sam Halabi, “Routing TCP/IP, volume 2”
by Jeff Doyle and the “Cisco BGP-4 Command and Configuration Handbook” by William Parkhurst are excellent
resources for BGP.
Enhanced Interior Gateway Routing Protocol

(EIGRP)
EIGRP is a Cisco proprietary protocol that is considered a ‘hybrid’ because it
combines attributes of both Link State and Distance Vector routing protocols.
It was released as an enhancement to Cisco's other proprietary routing
protocol, IGRP. It also supports automatic route summarization, VLSM
addressing, multicast updates, non-periodic updates, unequal-cost load
balancing, and independent support for IPX and AppleTalk.
EIGRP has a number of added features to overcome the limitations of IGRP:
DUAL (Diffusing Update Algorithm) - Tracks all the routes
advertised by all neighbors. DUAL will use various metrics to select the
most efficient path. It selects routes to be inserted into the routing table
based on feasible successors.
Protocol Dependent Modules - These are individually responsible for
IP, IPX, and Appletalk. The IPX EIGRP module is responsible for
sending and receiving EIGRP packets that are encapsulated in IPX.
The Apple EIGRP module is responsible for AppleTalk packets. The IP
EIGRP module is responsible for IP packets. They route like strangers
in the night, except they don’t even exchange glances.
Neighbor Discovery/Recovery - Routers learn of the other routers on
their directly attached networks dynamically, by sending Hello Packets.
A router is assumed to be present by its neighbor through the hello
packets it sends.
Performs incremental updates instead of periodic updates; meaning
changes are only sent out when changes occur.
Does classless routing.
Results in more efficient summarization of networks.
Is efficient in the use of link bandwidth for routing updates.
Provides authentication.
EIGRP sends hello packets every 5 seconds on high bandwidth links, like
PPP and HDLC leased lines, Ethernet, TR, FDDI and Frame Relay point-to-
point and ATM. It sends hellos every 60 seconds on low bandwidth
multipoint links, like FR multipoint and ATM multipoint links.
An important point to remember with EIGRP is that very old routes are to be
expected in a healthy network. Since updates only occur when there is a
change, change is bad. Like fine wines, EIGRP routes should be seasoned
by time.
Tables:
Neighbor table – The current configuration of all the router’s
immediately adjacent neighbors.
Topology table - This table is maintained by the protocol dependent
modules and is used by DUAL. It has all the destination networks
advertised by the other neighbor routers.
Routing table - EIGRP chooses the best routes to a destination
network from the topology table and places these routes in the routing table. The routing table contains:
How the route was discovered
Destination network address and the subnet mask
Metric Distance: This is the cost of the metric from the router
Next hop address
Route age
Outbound interface
Choosing routes:
DUAL selects primary and backup routes based on the composite metric and guarantees that the selected routes are
loop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table as
feasible successors.
EIGRP uses the same composite metric as IGRP to determine the best path*. The default criteria used are:
Bandwidth - The smallest bandwidth cost between source and destination
Delay - Cumulative interface delay along the path
Reliability - Worst reliability between source and destination based on keepalives
Load - Utilization on a link between source and destination based on bits per second on its worst link
MTU - The smallest Maximum Transmission Unit
* Only Bandwidth and Delay are used by default
** To help you remember, think of “Bob Doesn’t Really Like Me” for Bandwidth, Delay, Reliability, Load and
MTU.
The command to disable EIGRP’s default summarization of addresses at network boundaries is “no auto-summary”.
The Cisco Press book “EIGRP Network Design Solutions” by Ivan Pepelnjak is an excellent resource for learning
EIGRP.
Intermediate System-to-Intermediate System (IS-IS)

IS-IS is “the other” Link State protocol that Cisco supports. While not as popular as OSPF, IS-IS can be found in the
backbone of several major ISPs because it was stable before the bugs were worked out for OSPF and because even
today it still scales better than OSPF.
To configure IS-IS you must create an IS-IS routing process and assign it to specific interfaces (rather than to
networks). Only one IS-IS routing process is allowed per router. It summarizes networks to reduce the size of the
routing tables, and is a classless protocol that supports VLSM.
IS-IS has many things in common with other Link State routing protocols, including OSPF.
Hierarchical segmenting of the routing domain into areas with one backbone and multiple non-backbone areas.
Inter-area traffic must traverse the backbone.
Routers within an IS-IS domain use a hello mechanism to discover neighbors and form adjacencies.
The information exchanged between adjacent routers concerns type and status of links or interfaces, not actual
routes.
Each router builds a Link State Database (LSDB), which in a stable environment will be identical between
routers in an area.
Even though TCP/IP networks can use IS-IS, it is really an OSI CNLP protocol. For this reason IS-IS packets are
carried directly over Layer 2 using CLNP addressing, requiring a CLNP addressing structure in order to support the
flow of IS-IS traffic. Normally one CLNP-based address is assigned to reach router in the domain. This address,
configured in the router configuration section, is software based like a loopback interface, which means it will not go
down as long as the router is running.
There are three types of IS-IS routers:
Level-1 routers - Similar to totally stubby areas in OSPF. A Level-1 router can only communicate with other
Level-1 routers in its area and Level-1 / Level-2 routers in its area.
Level-2 routers - Similar to backbone routers in OSPF. Level-2 routers only communicate with other Level-2
routers.
Level-1 / Level-2 routers - Similar to OSPF ABRs. A Level-1 / Level-2 router can communicate with Level-1
routers within its area and other Level-2 routers.
There are only two network types for IS-IS, point-to-point and broadcast. There is no equivalent of the 'ip ospf network'
command in IS-IS; the network type is entirely dependent on the interface type:
Frame Relay Configuration IS-IS Network Type
Physical Interface / frame relay map clns Broadcast
Physical Interface / frame interface-dlci Not supported
Point to Point Sub-Interface Point-to-point
Point to Multi Point Sub-Interface Not supported
Two important considerations with IS-IS are that:

IS-IS will not run over a hub and spoke NBMA - This means that you must have two IP subnets if you are
running a hub and spoke setup.
IP is not the transport protocol for IS-IS - This means that physical and multipoint interfaces must have layer
2 to CLNS mappings.
The Cisco Press book “IS-IS Network Design Solutions” by Abe Martey is an excellent resource to learn more about
the IS-IS protocol.
Access-Control & Filtering

Distribution Lists
Distribution-lists are used to filter inbound and outbound routing updates. Distribution-lists can be used with multiple
routing protocols. Usually, distribution lists are used by configuring an access-list defining what you want to permit or
deny, then use the distribute-list XXX {in | out} command under the routing protocol.
Route-Maps
A great method to filter & modify routing updates is to use a route-map. Route-maps are use match and set commands
to match what you are looking for and set some action to occur. An example of a route-map modifying routing updates
would be a certain IP route coming into BGP and that route having its metric modified.
Policy Routing
Besides modifying routing updates, route-maps can also be used with policy-based routing (known as PBR). PBR is a
sort-of manual routing method whereby you would match the destination of an IP packet and manually set its
destination. Thus, you are manually routing the packet, even when there is no route in the routing table.
Redistribution
The process of sharing routes learned from different sources (usually routing protocols). For instance, you might
redistribute the routes learned through OSPF to a RIP domain, in which case you might have problems with VLSM; or
you might redistribute routes learned through static entries into EIGRP. Redistribution is just the sharing of information
learned from different sources, and it must be manually configured.
Route-Tagging
You use route-maps to assign a tag to the route to identify it. With this tag, you can set some action, based on the tag.
For example, say that you use a route-map to tag all inbound routes from a certain router with the tag 30. Say that
later, you redistribute routes into another routing protocol. You could, then, match that tag of 30 and only redistribute
the routes with the 30 tag.
Dial-on-Demand Routing (DDR)

DDR has two important applications:
When there is a limited use WAN link that is configured to pay for usage.
When there is a critical WAN link and there must be a cost-effective redundant connection.
DDR spoofs routing tables to provide the image of full-time connectivity using Dialer interfaces and filters out
interesting packets for establishing, maintaining, and releasing switched connections. Interesting traffic is defined by
an access list.
Encapsulation Methods for DDR:

PPP – Recommended, as it supports multiple protocols and is used for synchronous, asynchronous, or ISDN
connections. It is also non-proprietary.
HDLC - Supported on synchronous serial lines and ISDN connections only, and supports multiple protocols, with
NO authentication.
SLIP - Works on asynchronous interfaces and is IP only, and has NO authentication.
Dial Backup
There are a number of ways to perform dial backup however, the two most common ways are:
Backup Interface
Dialer-Watch
With the backup interface method, you select an interface to monitor. On that interface, you use the backup interface
{interface} command to tell the router that if the monitored interface goes down, to initiate connection on the backup
interface. While the primary interface is up, the backup interface is placed in a standby mode.
With the dialer-watch method, a route is selected to be watched. If that route disappears from the routing table, the
backup interface is brought up. To configure dialer-watch, you must first make a dialer-watch list. This list tells the
router the route that you wish to monitor in the routing table. Next, on the backup interface, use the dialer-watch
command to reference the list. When the route disappears from the routing table, the interface with the dialer-watch
statement is activated.
The important thing is that, prior to activating either of these methods, you completely configure and test the DDR
dialup configuration. If the dialup is not properly configured, the dial backup will certainly not function.
Interior Gateway Routing Protocol (IGRP)

IGRP is the Cisco proprietary routing protocol that was replaced by EIGRP. IGRP is similar to EIGRP but with fewer
features. IGRP was developed by Cisco to overcome the limitations of RIPv1.
IGRP is not limited to a 15-hop network, like RIP. IGRP also supports multiple metrics but the primary metric is
bandwidth. IGRP can load-balance over unequal-cost links. IGRP supports split-horizon with poison reverse, triggered
updates, and holddown timers for loop-prevention & stability. IGRP is classful and does not support VLSM. IGRP
automatically summarizes at network boundaries.
Router Information Protocol (RIP) Version 1 and 2

Router Information Protocol (RIP) is a distance-vector routing protocol. It uses hop count as its metric. RIPv1 is
classful and does not support VLSM. RIPv2 provides the following enhancements: authentication, multicast routing
updates, and VLSM support. By default, RIP sends a copy of its routing table to its neighbors every 30 seconds. RIP
automatically summarizes at network boundaries. RIP can load balance across multiple paths if they are the same
cost. Both versions of RIP have an administrative distance of 120. RIPv2 uses the multicast address of 224.0.0.9 for
routing updates. Both versions use UDP port 520 to send routing updates.
QoS
Fancy Queuing
Fancy queuing is Cisco’s collective term for custom, priority, or weighted fair queuing. Often if you call the TAC
(Technical Assistance Center) for help on a problem, they will ask you to remove all the fancy queuing as a way to
make sure nothing critical is being blocked.
Weighted Fair Queuing (WFQ)

WFQ is designed to give low-volume traffic a higher priority than higher-volume traffic. For example, a time sensitive
SNA conversation would have a higher priority than a file transfer, where latencies are less of an issue. WFQ is
enabled by default on all Cisco router links with speeds of less than E1. Since WFQ is a default method, it doesn’t
normally require any special configuration. You can adjust WFQ through the “fair-queue <congestion threshold>”
command, which allows you to change the number of messages in a queue where there is high volume traffic moving.
The default is 64 messages and can be configured anywhere from 1 to 512.
Priority Queuing
Priority queuing uses four levels of queues, defined as; high, medium, normal, and low. The administrator defines
what traffic belongs in which queue. The decisions are usually made based on the protocol type or the source
interface; however, any protocols supported by Cisco are allowed, and the command line arguments include TCP and
UDP port designations.
The major thing to remember with priority queuing is that the “high” queue is serviced first; the “medium” queue will be
ignored until the its superior is finished. The same goes for the “normal” queue, it won’t see any bandwidth until both
the “high” and “medium” queues are empty, and so on.
Like access lists, the router reads the priority-list commands in order of appearance. When trying to classify a packet,
the system searches the rule list for a matching criterion. When a match is made, the packet is assigned to the
appropriate queue, and the search ends. Packets that do not match any of the rules are assigned to the default queue.
The default queue is “normal” by default, but it can be changed.
Custom Queuing
The primary advantage custom has over priority queuing is that it will never completely ignore any one queue. You can
define up to 16 queues, and while some pass more data than others, because they are addressed in a round-robin
fashion, none are ever completely ignored.
Associated with each output queue is a configurable byte count, which specifies how much data should be delivered
from the one queue before the system moves on to the next. When a particular queue is being processed, packets are
sent until the number of bytes sent exceeds the queue byte count for that queue, until the queue is empty, or until the
queue runs out of data. Once the appropriate number of bytes has been transmitted, the router moves on to the next
queue. If the byte count has been reached and a packet has not been completely sent, it will continue to be sent; the
packet will not be fragmented.
Like access lists, the router reads the queue-list commands in order of appearance. When trying to classify a packet,
the system searches the queue-list rules for a matching protocol or interface type. When a match is found, the packet
is assigned to the appropriate queue. Since the list is searched in the order it is specified, the first matching rule
terminates the search.
By default, each queue is allocated 1,500 bytes, although the queue size is configurable. In this way, it is possible to
allocate a percentage of the bandwidth to a specific protocol.
Packet over SONET/SDH (PoS) and IP Precedence

Cisco PoS has the IP layer riding directly above the SONET layer, eliminating the overhead usually required to run IP
over ATM and SONET, while still offering strong quality-of-service (QoS) guarantees.
PoS was designed to overcome some of the limitations of IP that restricted its direct use on very high-speed links, and
addressing some of the QoS issues inherent with IP. The three IP precedence bits in the IP header make it possible to
provide differentiated classes of services by utilizing Random Early Detection (RED) and Weighted RED (WRED). As
packets enter the network, the edge routers set their precedence, which is then used to determine the queuing of
packets through the network. This allows PoS to facilitate reliable deployment of voice, video, and other time-
dependent services on large, very high-speed (OC-3, OC-48 and OC-192 speed) provider networks.
Class of Service (CoS)

CoS is the managing of network traffic by grouping similar types of traffic (like e-mail, or streaming video or voice)
together and treating each type as a class with its own level of service priority.
CoS technologies do not guarantee a level of service in terms of bandwidth and delivery time; they offer a "best-effort."
On the other hand, CoS technology is simpler to manage than QoS, and provides more scalability as a network grows.
You can think of CoS as "coarsely-ground" traffic control, while QoS is "finely-ground" traffic control.
There are three main CoS technologies:

802.1p Layer 2 Tagging
Type of Service (ToS)
Differentiated Services (DiffServ)
Random Early Detection (RED) and Weighted RED (WRED)

Random Early Detection (RED) is a congestion-avoidance mechanism that uses the flow control features of TCP to
avoid congestion. It is typically found at the core of the network to control packet flow before congestion occurs by
manipulating the TCP sessions.
In order to understand how RED works, you need to understand Tail Drops and TCP Slow Start.
Tail Drop - Occurs when a transmit queue on an interface is filled and the router has more incoming packets
than it can handle. The router drops all packets until the queue is below the maximum level. The problem with
this is that all flows of traffic are dropped, including TCP and UDP. Since TCP is a reliable protocol, lost packets
will be retransmitted. UDP and other unreliable protocols will either not be retransmitted, or have to rely on
upper layer protocols for retransmission.
TCP Slow Start - Packets are sent only a few at a time so as to avoid retransmission. As packets are sent
successfully without retransmission, the router will gradually increase the rate it sends packets until it
experiences lost packets again.
RED works by randomly dropping packets, based on the number of packets that are in queue for an interface. When
the queue gets close to its maximum capacity, it speeds up the rate at which it drops packets to avoid the Tail Drop
condition.
Remember that RED drops some packets randomly, whereas Tail Drop just drops all the packets. RED will use TCP
Slow Start to throttling back traffic flows.
By avoiding Tail Drop letting go of all packets, and by slowing down some traffic flows, a router interface using RED
can typically keep its queues from reaching their maximum.
Weighted Random Early Detection (WRED) provides separate thresholds and weights for different IP precedences,
allowing different QoS levels for different traffic, meaning that during periods of congestion, standard traffic will be
dropped in favor of premium traffic. Using WRED optimizes the transmission rates of individual flows and prevents
congestion collapse and synchronization problems. WRED provides preferential treatment to voice traffic.
Weighted Round-Robin (WRR)/Queue Scheduling

WRR scheduling is used on the egress ports of a layer-3 switch to manage the queuing and sending of packets. WRR
sorts the packets into four queues, based on IP precedence. Devices that use WRR automatically create the four
queues with a default weight for each interface. The network administrator can then assign different weights to each of
the different queues; the higher the WRR weight, the higher the effective bandwidth for that particular queue. This
provides bandwidth to higher priority applications (using IP precedence), while still allowing access to lower priority
queues.
The four queues on any destination interface are configured to be part of the same service class. Bandwidth is not
explicitly reserved for these four queues. Each of them is assigned a different WRR-scheduling weight, which
determines the way they share the interface bandwidth.
Shaping vs. Policing / Committed Access Rate (CAR)

Cisco IOS QoS offers two kinds of traffic regulation mechanisms:
Policing - The rate-limiting features of committed access rate (CAR) and the Traffic Policing feature provide the
functionality for policing traffic. A policer typically drops traffic.
Shaping - The features of Generic Traffic Shaping (GTS), Class-Based Shaping, Distributed Traffic Shaping
(DTS), and Frame Relay Traffic Shaping (FRTS) provide the functionality for shaping traffic. A shaper typically
delays excess traffic using a buffer, or queuing mechanism, to hold packets and shape the flow when the data
rate of the source is higher than expected.
Both policing and shaping mechanisms use the traffic descriptor for a packet to ensure adherence and service.
Policers and shapers usually identify traffic descriptor violations in an identical manner; but as can be seen above, they
usually differ in how they respond to violations.
Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make it easy for
nodes inside the network to detect misbehaving flows (sometimes called policing the traffic of the flow).
Committed Access Rate (CAR)

CAR is used on interfaces to rate-limit traffic based on IP addresses or by protocol. The first step to using CAR is
setting your rate policy, which determines what is to be done with traffic that exceeds a set bandwidth threshold. For
example, you can configure an interface to drop all Telnet traffic that exceeds 64kbps.
The rate limit consists of 3 values: average rate (bits per second), normal burst size (bytes per second), and excess
burst size (bytes per second). Note that average rate is specified at bits per second, and the other two values are
bytes per second. If the bandwidth being utilized is below the average rate, it is said to conform to the rate policies.
Once the traffic exceeds this defined threshold, it is said to exceed the rate policy. Once traffic exceeds the average
rate, it is allowed to continue being sent only if the policy allows for a burst.
This is all dependent on the values you choose. Normal burst size is the amount of traffic that can be sent before it
gets to another exceeded value. Once traffic exceeds the normal burst value, it is subject to RED. RED only drops
some of the packets in order to get the traffic rate below the limit. If the traffic is not slowed enough by RED, and
exceeds the excess burst size, then all traffic is dropped or subject to whatever rate policy you decide.
To configure CAR, you first define the access-list necessary for the traffic you want to limit, then create a rate-limit and
apply it to an interface.
Network-Based Application Recognition (NBAR)

Network-Based Application Recognition (NBAR) classifies application-level protocols so that QoS policies can be
applied to the classified traffic. This intelligent classification includes a wide variety of applications; including web-
based and other difficult-to-classify protocols that utilize dynamic TCP/UDP port assignments. NBAR is also capable of
determining which protocols and applications are currently running on a network so that an appropriate QoS policy can
be instituted. It can also perform subport classification of HTTP traffic by HOST name in addition to classification by
MIME-type or URL. This enables users to classify HTTP traffic by web server names.
NBAR provides a special Protocol Discovery feature that determines which application protocols are traversing a
network at any given time. The Protocol Discovery feature captures key statistics associated with each protocol in a
network. These statistics can be used to define traffic classes and QoS policies for each traffic class.
NBAR can also classify static port protocols. Although Access Control Lists (ACLs) can also be used for this purpose,
NBAR is easier to configure and can provide classification statistics that are not available when using ACLs.
Once an application is recognized and classified by NBAR, a network can invoke services specific to that application.
In this way, NBAR ensures that network bandwidth is used efficiently by working with QoS features to provide:
Guaranteed bandwidth
Bandwidth limits
Traffic shaping
Packet coloring
NBAR introduces several new classification features:
Classification of applications that dynamically assign TCP/UDP port numbers.
NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet into the
TCP/UDP payload itself and classifies packets on content within the payload such as transaction identifier,
message type, or other similar data. This is called subport classification, an example of which would be
classification of HTTP by URL, HOST, or Multipurpose Internet Mail Extension (MIME) type.
NBAR can classify Citrix Independent Computing Architecture (ICA) traffic and perform support classification of
that traffic based on Citrix published applications.
NBAR is capable of classifying the following three types of protocols:
Non-UDP and non-TCP IP protocols
TCP and UDP protocols that use statically assigned port numbers
TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection
Configuring NBAR
Cisco Express Forwarding (CEF) must be enabled before NBAR can be configured. NBAR is configured by using the
following commands to configure traffic classes of policies that will be applied to those traffic classes, and the attaching
of policies to interfaces:
Class-map - Defines one or more traffic classes by specifying the criteria by which traffic is classified.
Policy-map - Define one or more QoS policies (such as shaping, policing, and so on) to apply to traffic defined
by a class map.
Service-policy - Attaches a policy map to an interface on the router.
802.1x
For information on 802.1x, please see that section under LAN Switching.
Differentiated Services Code Point (DSCP)

Differentiated Services (DiffServ) is a QoS model that allows intermediate systems to treat traffic according to relative
priorities based on what was called the Type of Services (ToS) field. This is done by reallocating bits of the IP packet
to increase the number of definable priority levels from 7 to 64.
The altered packet structure results in the DiffServ field taking over the Ipv4 ToS field, which is one entire byte (eight
bits) of an IP packet, the last two bits of which have been unused. The six most signification bits of the former ToS byte
now become the DiffServ field. IP precedence did use the three most significant bits; while DSCP, an extension of IP
precedence, uses the whole six bits to select the per-hop behavior for the packet at each network node. The last two
bits in the DiffServ field, which are not defined within the DiffServ field architecture, are now used as Early Congestion
Notification (ECN) bits.
Cisco uses queuing techniques to control the per-hop behavior using the IP precedence or DSCP values in the IP
header of the packet to define traffic as belonging to a particular service class. Packets are first prioritized by class,
then differentiated and prioritized by considering the drop percentage. It is important to note that DSCP does not
specify a precise definition of "low," "medium," and "high" drop percentages. Also remember that Diffserv is designed
to allow a finer granularity of priority setting for the applications and devices that can make use of it; it does not specify
interpretation (that is, the action to be taken) once the differentiation is made. This allows per-hop packet behavior
decisions to be based on traffic conditions and how packets are classified.
There are three ways you can use the DSCP field:
Classifier - Using a traffic descriptor (either an ACL or map-class definition) to categorize packets within a
specific group to make them available for QoS handling by the network based on service characteristic defined
by the DSCP value. This allows the partitioning of network traffic into multiple priority levels or classes of service.
Marker - Setting the DSCP field based on actual traffic conditions defined in a traffic profile.
Metering - Using Committed Access Rate, Class-Based Policing or DSCP-Compliant WRED to check
compliance to the defined traffic profile using either a shaper or dropper function.
WAN
Integrated Services Digital Network (ISDN)
ISDN is offered by regional telephone carriers to provide digital telephony and data-transport services over existing
telephone wires. When it was released, it represented an effort to standardize subscriber services, user/network
interfaces, and network and internetwork capabilities. ISDN can be used to provide a PVC (Permanent Virtual Circuit)
for data passing, or an on-demand circuit for backing up other WAN technologies, or for a cost-effective way of linking
remote sites that have limited requirements.
ISDN circuits will often require service profile identifiers (SPIDs), which are similar to telephone numbers in that they
are unique line identifiers provided by the LEC (Local Exchange Carrier). A common question people have is when is
an SPID required, and when is it not. Well, the simple answer is – when the carrier requires it… Since the type of
carrier switch or how the switch is configured determines the need for a SPID, you as an end-user will have no control
of this element of the configuration.
Encapsulation for ISDN can be PPP, HDLC or LAPD, with the default encapsulation method being HDLC. CHAP and
PAP authentication techniques are associated with PPP.
Many Cisco routers with built-in ISDN interfaces (such as the 2503) have an ST interface. In order to convert the U
interface circuit from the carrier to an ST interface circuit that the router can handle, an external Network Terminating
Unit (NT1) is required. There might be two of these units sitting between the BRI ports on the ISDN simulator and the
routers. These units usually do not need to be configured, but the ports must be accurate: U goes to the simulator, S/T
to the router.
ISDN Specifics
TE1 S/T NT1 U LT V ET
TE2 R TA
* Note: U is two wire, S/T is four wire. The NT1 provides this conversion.
If you have completed the CCNP path, the diagram above should look familiar. It shows the relationship between the
ISDN equipment, protocol standards and reference points, which are of course:
Reference
Equipment Points Protocol Standards
Terminal adapter (TA) – R - Defines the E - Specifies ISDN on existing
Converts RS-232, V.35, and hand-off from telephone technology.
other signals into BRI. non-ISDN
equipment and
the TA.
Terminal equipment (TE1|2): S – Defines the I - Specifies concepts,

TE1 - An interface that hand-off from terminology and services.
complies with the ISDN user- user terminals
network interface to an NT2.
recommendations, which
means it has an integrated TA.
TE2 – Complies with interface
recommendations other than
the ISDN, which means it
requires a TA to connect and
work with ISDN.
Network termination type 1 T – Defines the Q - Specifies switching and

(NT1) - Equipment that hand-off signaling.
connects the subscription 4 between the
wires to the 2 wire local loop. NT1 and NT2.
Network termination type 2 U - Define the

(NT2) – Equipment that hand-off
performs protocol functions of between the
the data link and network NT1 and line-
layers. termination
equipment in a
carrier
network.
Local Termination (LT) –

Portion of the local exchange
that terminates the local loop.
Exchange Termination (ET) –

Portion of the exchange that
communicates with the ISDN
components.
Channels
Data on an ISDN line is channelized, with the two types of channels being:
B(earer) channel: Used for transporting user data (voice or data).
D(ata) channel: Used for control/signaling information using LAPD. Q.931, the network layer protocol that
provides messages for ISDN call setup and tear down, runs over the D Channel. It uses Q.921, a derivative of
HDLC, as its data-link layer transport.
Flavors of ISDN
There are three types of ISDN circuit, only two of which are found in the United States:
BRI – 2B /1D (B=64kb / D = 16kb)
PRI – 23B / 1D (B=64kb / D = 64kb)
E1 (Europe) – 30B / 1D (B=64kb / D = 64kb)
Point-to-Point Protocol (PPP)

PPP is a standard encapsulation method for transporting multi-protocol datagrams over point-to-point links. PPP only
runs over the B Channels, where it provides:
A means of encapsulating multi-protocol datagrams
A Link Control Protocol (LCP) for establishing, configuring and testing the data-link connection
A set of Network Control Protocols (NCPs) for establishing and configuring network layer protocols
PPP provides two methods of authentication, PAP and CHAP. CHAP is preferred because PAP transmits passwords
in clear text over the network.
OSPF and ISDN

OSPF can keep an ISDN dial-up link active through the periodic passing of hello packets. Applying the “ip ospf
demand-circuit” interface command on either side of a BRI connection will cause OSPF adjacencies to be formed and
suppress the passing of hello packets.
Frame Relay
Frame Relay is a packet-switched WAN protocol that operates at the physical and data link layers of the OSI reference
model, providing for speeds of up to 45 Mbps. It uses HDLC, PPP, or ISDN/LAPD encapsulations and provides simple
error checking using a Frame Check Sequence (FCS) on each frame, which is similar to a CRC. It does not provide for
error correction, only error detection; the end devices would need to provide error correction.
The Backward Explicit Congestion Notification bit (BECN), Forward Explicit

Congestion Notification bit (FECN) and Discard Eligible bit (DE) provide
congestion notification.
Types of Circuits
Permanent Virtual Circuits (PVCs) are used for frequent and long
connection times. As the name implies, they are brought up to be
permanent connections, and are always available (except during an
outage).
Switched Virtual Circuits (SVCs) are for sporadic or infrequent traffic.
They are setup when needed, broken down when not.
Data Link Connection Identifier (DLCI)

DLCI's are assigned by the frame-relay circuit provider, and have local
significance only. They provide an identifier for the connection between the
router at your site and the big frame-relay switch at the provider.
Local Management Interface (LMI)

LMI provides the control protocol for PVC setup and management. There
are three types available: Cisco, ANSI and q.933a (default is Cisco). The
service provider will specify the LMI in use. LMI's control data keepalives
and verify the dataflow. The LMI type must be identical between the local
device (router) and the local frame-relay switch; it does not have to be
identical for the end devices (because the end points are probably running
on different provider switches).
Encapsulation
Choices are Cisco and IETF, with Cisco being the default. This designation
is made per DLCI, and the encapsulation type must be identical at both end
devices. Since the Cisco encapsulation type is proprietary, if another
manufacturer's devices are used at the frame-relay endpoints, then the IETF
encapsulation type will be required.
Frame-Relay Traffic Shaping (FRTS)

FRTS attempts to reduce congestion on frame-relay networks. To do this,
you would configure map-classes that define the sizes of frame-relay PVC’s.
In these classes, you would define parameters like CIR, BE, BC, queue-lists,
priority groups, and whether adaptive-shaping is on or off. Once classes are
defined, you would enable FRTS on the major interface and apply the map-
classes to the subinterfaces.
A common need for FRTS is when you have a hub and spoke configuration.
With a hub and spoke you might have a large circuit (like a T1) as the hub
circuit and multiple smaller circuits (like 56k circuits) at the remotes. When a
server at the host goes to send something large to one of the remote sites, it
can send more out the host than the remotes can receive. Anything leftover
is dropped inside the frame-relay cloud (discarded). This discarding causes traffic to have to be resent, slowness, and
network inefficiency. FRTS prevents this, one way, from happening by buffering the traffic at the host and only sending
as fast as the remote can receive it. Another way FRTS can prevent this is to send as fast as it can but to slow down
when the frame-relay switches tell the hub router that the remote circuit is overloaded. The frame switches would do
this by sending BECN frames. This mode is called “adaptive-shaping”.
Frame-Relay Compression
You can configure frame-relay payload compression on Cisco routers. This compresses the payload (the data being
sent) at each router before being sent over the frame-relay network. There are two types of compression you can use
to do this- Stacker and FRF.9.
Frame-Relay Mapping
You can statically map a L2 Frame-relay DLCI to an IP address with the frame-relay map command or the frame-relay
interface dlci command.
Another way to get an IP address to map to a DLCI is to use the dynamic method- inverse arp. Inverse ARP is enable,
by default.
Split Horizon and Frame Relay Interfaces

Split Horizon dictates that if a router has received a route advertisement from another router, it will not re-advertise it
back out the interface on which it was learned. The default conditions for Frame Relay interfaces are:
Physical interfaces – Split Horizon is disabled by default
Multipoint subinterfaces – Split Horizon is enabled by default
Point-to-point subinterfaces – Split Horizon is enabled by default
Speed Elements
Committed Information Rate (CIR) - The maximum transmission rate you've negotiated in your contract with
the provider to transfer information under normal circumstances. This is what you are defining as the peak level
of traffic you will send and be guaranteed service. Be careful when reviewing the contracts, as some vendors will
attempt to slip in a CIR of 0, meaning they will do their best to provide service, but they're not guaranteeing
anything.
Local Port Speed - The maximum speed at which your local interface can send information.
Committed Burst Rate - The maximum amount of data that a Frame Relay internetwork is committed to accept
and transmit at the CIR.
Excess Burst Rate - The maximum bits a Frame Relay node will attempt to transmit after the committed burst
rate is exceeded.
Asynchronous Transfer Mode (ATM)

Developed as a compromise between voice and data requirements, ATM is commonly found in large telecom networks
or built into networks that have a strong need for QoS (Quality of Service). Traffic is passed using cells of equal size,
always 53 bytes. The first 5 bytes of the cell contain header information, while the remainder (48 bytes) is used for
payload. The consistent size of the ATM cell makes it easy to control traffic, but since the header consumes almost
10% of the cell, there is quite a bit of overhead.
ATM is a connection-oriented service using Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs).
SVCs are similar to ISDN dial-on-demand such that paths are created on an “as needed” basis. PVCs are similar to
frame-relay because the circuits are always established and active. Both use Virtual Path Identifiers (VPI) and Virtual
Channel Identifiers (VCI) to identify circuits and can support point-to-point and point-to-multipoint connections.
Remember that one Virtual Path (VP) can contain several Virtual Channels (VC).
There are two different types of connections in the ATM network. There are network-to-network (NNI) connection
types and user-to-network (UNI) connection types. The NNI connection is used to form connections between ATM
switches. The UNI connection is used to connect end devices (such as workstations or servers) to an ATM switch.
The following are valid ATM header switch types:
UNI (User-to-Network Interface) header - Used on any interface between a user device, such as an ATM
router, and an ATM network.
NNI (Network-to-Network Interface) header - Used on any interface that connects two ATM switches.
STI (StrataCom Trunk Interface) header - A Cisco proprietary extension of the other header types, STI is used
between Cisco switching nodes to provide advanced network features for improving performance, efficiency, and
congestion control.
ATM is comprised of four major layers:

Higher layers – ATM signaling, addressing and routing.
AAL (ATM Adoption Layer) – Converts from higher level to ATM cells.
ATM – Defines ATM cell relaying and multiplexing.
Physical – Defines the physical network media and framing.
ATM Adaptation Layer (AAL)

The AAL translates between the larger Service Data Units (SDUs) of upper-layer processes and ATM cells. In other
words, it breaks down packets from upper-level protocols (such as Appletalk, IP and IPX) and breaks them into the 48-
byte segments that form the payload field of an ATM cell. There are several AAL standards:
AAL1 is appropriate for transporting telephone traffic and uncompressed video traffic.
AAL3/4 was designed for network service providers and is closely aligned with Switched Multimegabit Data
Service (SMDS).
AAL5 is the adaptation layer used to transfer most non-SMDS data, such as classical IP over ATM and local-
area network (LAN) emulation.
IISP and PNNI

There are two ATM routing protocols:
Interim Interswitch Signaling Protocol (IISP) - Provides a static routing solution that is not easily scalable and
without support for QoS.
Private Network-Node Interface (PNNI) - Provides a highly scalable routing solution with dynamically determined
routing paths and support for QoS requirements.
NSAP Format ATM Addresses

NSAP addresses are 20 bytes long and designed for use within private ATM networks, whereas public networks will
generally use E.164 addresses.
NSAP-format ATM addresses consist of three components:
Authority and format identifier (AFI) - Identifies the type and format of the IDI (see below).
Initial domain identifier (IDI) - Identifies the address allocation and administrative authority.
Domain specific part (DSP) - Contains actual routing information.
Service-Specific Connection-Oriented Protocol (SSCOP)

SSCOP resides in the service-specific convergence sub-layer (SSCS) of the ATM adaptation layer (AAL). It is a
transport protocol for ATM that provides guaranteed, in-sequence delivery of messages to the signaling protocols that
reside above it in the signaling protocol stack. It also performs flow control, error reporting to the management plane,
and a keep-alive function.
RFC 1483 & RFC 2684 – Multiprotocol Encapsulation over AAL5

RFC 1483 defines “Multiprotocol Encapsulation over ATM AAL5” using a LLC header. RFC 2684 has now replaced
RFC 1483.
These RFC’s define two methods of doing this. They are:
Using routed protocol data units (PDU) where each protocol is run over its own ATM virtual circuit (VC).
Using bridged protocol data units (PDU), where different protocols can be multiplexed onto the same ATM VC.
With both of these methods, the LLC header contains the protocol type of the packet that is being sent. One of these
methods is usually used to connect DSL lines to an ATM network.
ATM Mapping
Just as in Frame-Relay where you may the Layer 2 DLCI to the Layer 3 IP address, you must, somehow, perform the
same mapping with ATM.
There are several ways to create this mapping with ATM. They are:
Static mappings using ATM PVC’s
Dynamic mappings using ATM PVC’s
Or Mappings using ATM SVC’s
As previously mentioned, ATM identifies its Layer 2 circuits with VPI/VCI identifiers.
Physical Layer
Serial Interface Abbreviations
CSU Channel Service Unit
CTS Clear To Send [DCE --> DTE]
DCD Data Carrier Detected (Tone from a modem) [DCE --> DTE]
DCE Data Communications Equipment (modems, DSU, etc.)
DSR Data Set Ready [DCE --> DTE]
DSRS Data Signal Rate Selector [DCE --> DTE] (Not commonly used)
DSU Data Service Unit
DTE Data Terminal Equipment (computer, printer, etc.)
DTR Data Terminal Ready [DTE --> DCE]
FG Frame Ground (screen or chassis)
NC No Connection
RCk Receiver (external) Clock input
RI Ring Indicator (ringing tone detected)
RTS Ready To Send [DTE --> DCE]
RxD Received Data [DCE --> DTE]
SG Signal Ground
SCTS Secondary Clear To Send [DCE --> DTE]
SDCD Secondary Data Carrier Detected (Tone from a modem) [DCE -->DTE]
SRTS Secondary Ready To Send [DTE --> DCE]
SRxD Secondary Received Data [DCE --> DTE]
STxD Secondary Transmitted Data [DTE --> DTE]
TxD Transmitted Data [DTE --> DTE]
Is Your Interface a DTE or a DCE?

Generally a DTE provides a voltage on TD, RTS, & DTR, whereas a DCE provides voltage on RD, CTS, DSR, & CD.
You can use this to figure this out what you have in front of you by following these steps:
1. Measure the DC voltages between (DB25) pins 2 & 7 and between pins 3 & 7. Be sure the black lead is
connected to pin 7 (Signal Ground) and the red lead to whichever pin you are measuring.
2. If the voltage on pin 2 (TD) is more negative than -3 Volts, then it is a DTE, otherwise it should be near zero
volts.
3. If the voltage on pin 3 (RD) is more negative than -3 Volts, then it is a DCE.
4. If both pins 2 & 3 have a voltage of at least 3 volts, then either you are measuring incorrectly, or your device is
not a standard EIA-232 device.
RS-232
The RS-232 standard has been around for decades, providing an interface between DTE and DCE devices. It is
simple, universal, and well understood; however, it does have some considerable shortcomings. It has had various
designations, including RS-232C, RS-232D, V.24, V.28 and V.10; but essentially all these interfaces are interoperable.
RS-232 is used for asynchronous data transfer as well as synchronous links, such as SDLC, HDLC, X.25 and Frame
Relay.
The standards provided connectivity at up to 256kbps with line lengths of 15M (50 ft), however high speed ports and
high quality cable have allowed these boundaries to be overcome. The general rule of thumb is that the length of the
cable and the speed it supports depends on the quality of the cable.
The clock signals are only used for synchronous communications. The modem or DSU extracts the clock from the data
stream and provides a steady clock signal to the DTE. Note that the transmit and receive clock signals do not have to
be the same.
Some of the shortcomings of RS-232 include:
The interface uses a common ground between the DTE and DCE, which is fine as long as you are using a short
cable that connects DTE and DCE devices in the same room, but with longer links between devices, this may
not be true.
It is impossible to effectively screen noise for a signal on a single line. By screening the entire cable, you can
reduce the influence of outside noise, but internally generated noise continues to be a problem. As the baud rate
and line length increase, the effect of capacitance between the cables introduces crosstalk, until a point is
reached where the data itself is unreadable.
V.35 Interface
V.35 is a high-speed serial interface standard that is designed to support DTE and DCE connectivity over digital lines.
It was originally specified by CCITT as an interface for 48kbps line transmissions and has since been adopted for
higher speeds. It was discontinued by CCITT in 1988, and replaced by recommendations V.10 and V.11.
Recognizable by its 34-pin black plastic box-like plug (about 20mm by 70mm), often with gold plated contacts and
built-in hold down and mating screws, V.35 combines the bandwidth of several telephone circuits to provide the high-
speed interface between a DTE or DCE and a CSU/DSU. Cable distances can theoretically reach 4000 feet (1200 m)
at speeds up to 100 Kbps, depending on the equipment used and the quality of the cable. To achieve such high
speeds and great distances, V.35 combines both balanced and unbalanced voltage signals on the same interface.
The control signals in V.35 are common earth single wire interfaces, because these signal levels are mostly constant
or vary at low frequencies. The high frequency data and clock signals are carried by balanced lines (meaning that each
signal has its own ground).
Most 56kbps DSUs are supplied with both V.35 and RS-232 ports because RS-232 is perfectly adequate at speeds up
to 200kbps and generally provides a significant cost savings.
Troubleshooting Serial Links

One of the most important diagnostic tools for serial links is the “show interfaces serial” privileged exec command
which displays statistics and information about a serial interface. Presented below is a sample output, with some of
the more important data described below.
router#show interface s0
Line 01: Serial0 is up, line protocol is down
Line 02: Hardware is HD64570
Line 03: Internet address is 192.168.1.1/24
Line 04: MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Line 05: Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Line 06: Last input never, output 00:00:05, output hang never
Line 07: Last clearing of "show interface" counters never
Line 08: Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Line 09: Queueing strategy: weighted fair
Line 10: Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Line 11: Conversations 0/1/256 (active/max active/max total)

Line 12: Reserved Conversations 0/0 (allocated/max allocated)
Line 13: 5 minute input rate 0 bits/sec, 0 packets/sec
Line 14: 5 minute output rate 0 bits/sec, 0 packets/sec
Line 15: 0 packets input, 0 bytes, 0 no buffer
Line 16: Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
Line 17: 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
Line 18: 114 packets output, 3343 bytes, 0 underruns
Line 19: 0 output errors, 0 collisions, 39 interface resets
Line 20: 0 output buffer failures, 0 output buffers swapped out
Line 21: 74 carrier transitions
Line 22: DCD=up DSR=up DTR=up RTS=up CTS=up

router#
Line 1: This important line tells you if the physical interface and line protocols for the interface are active. The
physical interface can be up (Carrier Detect –CD- is present), down (CD not present), or administratively
disabled meaning someone has turned the interface off by issuing a “shut” command. The line protocol (layer-
2 process of the router) considers the interface to be up if keepalives are being received. The bottom of this
page has descriptions of the possible conditions for these two entries.
Line 4: Provides information regarding bandwidth, delay and reliability of the link.
Line 5: Shows the layer-2 encapsulation type (Frame-relay, HDLC, X.25, etc.).
Line 8: Shows the number of input drops.
Line 9: Shows the packet queue information (weighted fair queuing in this example).
Line 10: Shows the number of output drops.
Line 17: This line provides significant troubleshooting information, including the number of input, CRC, frame and abort
errors. Keep in mind that these counters are cumulative, so when working on a problem, run the show
interface serial command multiple times to see if the numbers are incrementing.
Line 19: Shows the number of interface resets.
Line 21: The number of carrier transitions indicates how many times the CD signal of a serial interface has changed
state. Usually this is either a problem with the interface, or a problem with the carrier.
Show Controllers Command

One of the most important diagnostic tools for serial links is the “show controllers” exec command that displays
statistics and information about a serial interface. Presented below is a sample output, with some of the more
important data described below. While there are variations on this command for other platforms, most access layer
switches will provide output similar to this:
Router#show controllers serial [Serial0]

HD unit 0, idb = 0xDC0BC, driver structure at 0xE1548
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 19200
cpb = 0x1, eda = 0x4940, cda = 0x4800
RX ring with 16 entries at 0x4014800
00 bd_ptr=0x4800 pak=0x0E45DC ds=0x401ECC8 status=80 pak_size=0
.
. [Section omitted]
.
16 bd_ptr=0x4940 pak=0x0E259C ds=0x4018108 status=80 pak_size=0
cpb = 0x1, eda = 0x5000, cda = 0x5000
TX ring with 1 entries at 0x4015000
00 bd_ptr=0x5000 pak=0x000000 ds=0x000000 status=80 pak_size=0
0 missed datagrams, 0 overruns
0 bad datagram encapsulations, 0 memory errors
0 transmitter underruns
0 residual bit errors
HD unit 1, idb = 0xE584C, driver structure at 0xEACD8 [Serial1]
buffer size 1524 HD unit 1, No cable, clockrate 19200
cpb = 0x2, eda = 0x3140, cda = 0x3000
RX ring with 16 entries at 0x4023000
00 bd_ptr=0x3000 pak=0x0EDD6C ds=0x402CE0C status=80 pak_size=0
.
. [Section omitted]
.
16 bd_ptr=0x3140 pak=0x0EBD2C ds=0x402624C status=80 pak_size=0
cpb = 0x2, eda = 0x3800, cda = 0x3800
TX ring with 1 entries at 0x4023800
0 missed datagrams, 0 overruns
0 bad datagram encapsulations, 0 memory errors

0 transmitter underruns
0 residual bit errors
From the output above you can see that S0 is connected via a V.35 cable, while S1 is does not have a cable
connected.
Serial Line Conditions

Serial 0 line is up, line protocol is up - The serial link is working fine, and Carrier Detect (CD) signal
keepalives from the remote site are being sent and received.
Serial 0 line is up, line protocol is up (looped) – The circuit is looped, which is usually only done while testing.
Serial 0 line is up, line protocol is down – The router is not detecting (keepalives). This could mean a
misconfiguration or hardware failure on one of the routers (local or remote); faulty cabling; or a problem with the
line or provider, such as timing or noise. In a lab environment, make sure the clock rate command has been
issued on the DCE side of the link.
Serial 0 line is down, line protocol is down - No cable or modem is connected.
Serial 0 is administratively down, line protocol is down - The interface has to have been disabled by the
administrator.
Debug Commands
There are a number of debug commands that are useful for diagnosing problems on serial links, including:
debug serial interface—Verifies whether HDLC keepalive packets are incrementing. If they are not, a possible
timing problem exists on the interface card or in the network.
debug x25 events—Detects X.25 events, such as the opening and closing of switched virtual circuits (SVCs).
The resulting cause and diagnostic information is included with the event report.
debug lapb—Outputs Link Access Procedure, Balanced (LAPB) or Level 2 X.25 information.
debug arp—Indicates whether the router is sending information about or learning about routers (with ARP
packets) on the other side of the WAN cloud. Use this command when some nodes on a TCP/IP network are
responding, but others are not.
debug frame-relay lmi—Obtains Local Management Interface (LMI) information useful for determining whether
a Frame Relay switch and a router are sending and receiving LMI packets.
debug frame-relay events—Determines whether exchanges are occurring between a router and a Frame Relay
switch.
debug ppp negotiation—Shows Point-to-Point Protocol (PPP) packets transmitted during PPP startup, where
PPP options are negotiated.
debug ppp packet—Shows PPP packets being sent and received. This command displays low-level packet
dumps.
debug ppp errors—Shows PPP errors (such as illegal or malformed frames) associated with PPP connection
negotiation and operation.
debug ppp chap—Shows PPP Challenge Handshake Authentication Protocol (CHAP) and Password
Authentication Protocol (PAP) packet exchanges.
debug serial packet—Shows Switched Multimegabit Data Service (SMDS) packets being sent and received.
This display also prints error messages to indicate why a packet was not sent or was received erroneously. For
SMDS, the command dumps the entire SMDS header and some payload data when an SMDS packet is
transmitted or received.
Increasing Output Drops

Output drops occur when the router is attempting to hand off a packet to a transmit buffer when there are none
available. By reviewing the output of repeated “show interfaces serial” privileged exec commands, you can
determine if the output drop count is incrementing. In most cases this would be a problem, but if the link is understood
to be oversubscribed, it might be preferable to drop packets if the protocol provides flow support and can retransmit,
indicating a problem.
There are several ways to address this problem:
Up the bandwidth. This is the quick-and-dirty, throw-money-at-the-situation answer, but it should be considered.
If you are dropping packets because there’s too much traffic, widen the road.
Reduce periodic broadcast traffic through the judicious use of access lists and other means.
Turn off fast switching for heavily used protocols on the impacted interfaces.
Increase the output hold queue size using the hold-queue out interface configuration command. This will
prevent packet drops, but should be done carefully and in small increments (for instance, 25 percent).
Implement priority queuing on slower serial links by configuring priority lists. Once of the primary features of
priority queuing is that lesser priority traffic will be dropped in favor of the more important. Again, this should be
done with great care.
Increasing Input Drops

If you review the output of repeated “show interfaces serial” privileged exec commands and determine the input drop
count is incrementing, this may be caused by any of several conditions: Simply oversubscribing the line, hardware
problems, or issues on your provider side, including framing errors, aborts and CRC errors.
A common cause of excessive input drops is when more packets are being received by the interface than can be
processed by the router, basically exceeding its capacity. This is typically seen when traffic is being routed between
higher speed LAN interfaces and serial interfaces. Backups can occur, forcing the router to start dropping packets
during periods of congestion. There are several ways to address this problem:
Once again, up the bandwidth. If you are dropping packets because there’s too much traffic, increase the size of
the pipe.
Use the “hold-queue number out” interface configuration command to increase the output queue size on the
interface that is dropping packets.
Reduce the input queue size from its default of 75 packets, using the “hold-queue number in” interface
configuration command. This forces input drops to become output drops, which is less impactful.
Particularly high levels of input drops (exceeding 1% of total interface traffic) can be symptoms of:
Faulty equipment on the providers network
Serial line noise
Clocking misconfiguration
Bad or incorrectly configured cable, or a cable that exceeds maximum length of the specifications
A defective or misconfigured CSU or DSU
A router that is defective or misconfigured
A data converter or other device being used between router and DSU that is causing problems
There are several ways to address these kinds of problems:
A serial analyzer can be used to isolate the source of the input errors, basically looking at the traffic before it hits
the router. If errors are detected, the problem is probably external to the router, there is a clock mismatch, or
there is a hardware problem on the external network. Be careful doing this, as Cisco recommends against the
use of data converters when connecting a router to a WAN or a serial network.
Use a combination of loopback configurations and ping tests to isolate the specific problem source.
Analyze the errors to look for patterns. Do errors occur at a consistent interval? Are they sporadic, and could that
be related to some periodic function, such as the sending of routing updates?
Also, cyclic redundancy check (CRC) errors, framing errors, or aborts above 1 percent of the total interface traffic can
indicate that there is a significant link problem that should be isolated and repaired immediately.
Excessive Aborts
Aborts indicate an illegal sequence of 1 bit (more than seven in a row). This condition can be created by any of the
following:
SCTE mode is not enabled on DSU.
Line clocking is improperly configured.
The serial cable is too long, or improperly shielded.
A “ones” density problem has occurred on the T1 link (incorrect framing or coding specification).
A packet terminated in mid-transmission (typical because an interface was reset, or a framing error occurred).
A hardware problem has occurred (possibly a result of a bad circuit, a bad CSU/DSU, or a bad sending interface
on the remote router).
The proper steps to resolve abort problems are:
Make sure all devices are configured to use a common line clock. If they are capable of it, set SCTE on both the
local and remote CSU/DSUs.
Make sure that the cable is properly shielded and within the recommended length.
Check the hardware at both ends of the link. Swap out any suspected faulty equipment, and ensure that all
connections are solidly seated.
Lower the data transmission rates, and monitor the situation to determine if the rate of aborts decrease.
Use local and remote loopback tests to determine where the aborts are happening.
Contact the provider and request they perform integrity tests on the line.
Clocking Problems
Clocking conflicts in serial connections can lead to degraded performance and even chronic loss of connection service.
In general, clocking problems in serial WAN interconnections can be attributed to one of the following causes:
Incorrect CSU or DSU configuration
Nonstandard cables that are too long or not properly unshielded
Noisy or poor patch panel connections
Several cables connected in a row
In the lab, the failure of the Network Engineer to apply the “clock rate” interface configuration command to the
DCE side of the link
To determine if you have a clocking problem, review the output from the “show interface serial” exec command on the
routers at both ends of the link. CRC, framing errors, and/or aborts are indications of a clocking problem. If the errors
are in the approximate range of 0.5 percent to 2.0 percent of traffic on the interface, clocking problems probably exist
somewhere in the WAN.
After you’ve determined that clocking conflicts are the most likely cause of input errors, use ping and loopback tests
(both local and remote) to determine if the problem is in the line, or one of the connections. Depending on these
results, and the output of the “show interfaces serial” exec commands on the various routers, you can usually
determine where the errors are accumulating:
If input errors are accumulating on both ends of the connection, clocking of the CSU is the most likely problem.
If only one end is experiencing input errors, there is probably a DSU clocking or cabling problem.
Aborts on one end suggest that the other end is sending bad information or that there is a line problem.
Increasing Interface Resets on a Serial Link

By reviewing the output of repeated “show interfaces serial” privileged exec commands you can determine if the
Interface reset count is incrementing. These errors indicate missed keepalive packets. This condition can be caused
by:
Congestion on the link (typically associated with output drops).
A bad line causing CD transitions.
Possible hardware problems at the CSU, DSU, or switch.
When interface resets are occurring, you should examine other fields of the “show interfaces serial” command output
to determine the source of the problem. Assuming that an increase in interface resets is being recorded, examine the
following fields:
If there is a high number of output drops, address this problem as described earlier in this document.
If carrier transitions or input errors are high while interface resets are being registered, the problem is likely to be
a bad link or a bad CSU or DSU. Swap out any suspected faulty equipment.
Increasing Carrier Transitions Count on Serial Link

By reviewing the output of repeated “show interfaces serial” privileged exec commands you can determine if the
Carrier transitions count is incrementing. This occurs whenever there is an interruption in the carrier signal (such as
an interface reset at the remote end of a link).
This condition can be created by any of the following:
Line interruptions from an external source, such as a break in the cabling, CSU/DSU alarms, or a lightning
striking somewhere along the network.
Equipment failure, such as a faulty switch, DSU, or router.
The proper steps to resolve abort problems is:
Use a breakout box or a serial analyzer to check hardware at both ends of the link.
Check the router.
Swap out any suspected faulty equipment.
CRC and Framing Errors

CRC and Framing errors occur when the CRC calculation does not pass
(indicating that data is corrupted), or when a packet does not end on an 8-bit
byte boundary for one of the following reasons:
The serial line is too noisy.
The serial cable is too long or improperly shielded.
Clocking is incorrectly configured.
A “ones” density problem has occurred on a T1 link (indicating
incorrect framing or coding specification).
To resolve CRC and Framing error problems:
Ensure that the line is clean enough for transmission requirements.
Make sure that the cable is properly shielded and within the
recommended length.
Double check that all devices are properly configured with common
line clocking, and that the local and remote CSU/DSU’s are configured
for the same framing and coding scheme as that used by the serial link
provider in-between (for example, ESF/B8ZS).
Contact the provider and request they perform integrity tests on the
line.
SONET / SDH
SONET stands for Synchronous Optical NETwork. SONET allows
datastreams of different formats to be combined onto a single high-speed
fiber optic synchronous data stream. SDH stands for Synchronous Digital
Hierarchy. SONET is the United States version of the International Version,
SDH.
SONET supports a variety of data rates. Some of the most common data
rates are:
OC-12 622Mbps
OC-48 2.488Gbps
OC-192 9.953Gpbs (or about 10Gbps)
These rates are the actual line speed. As with any protocol there is overhead
to using the protocol so throughput rates will vary.
T1 Encoding
There are two types of T1 encoding you should be familiar with. They are:
AMI – Alternate Mark Inversion. AMI is an older form of encoding
where 8kb of each 64kb channel is used to keep the two ends of the
T1 synchronized.
B8ZS – Bipolar 8-zero substitution. B8ZS is based on AMI. B8ZS
inserts two successive ones of the same voltage (called a bipolar
violation) to keep the two ends of the T1 synchronized.
Leased Line Protocols

HDLC
High Level Data Link Control (HDLC) is one of the more common Data-Link (OSI Layer 2) protocols. HDLC is the
default encapsulation protocol on all Cisco serial interfaces. HDLC is primarily used on leased lines (dedicated point-
to-point lines) but it can also be used on dialup links. The version of HDLC used on Cisco routers is proprietary.
PPP
Point to Point Protocol (PPP) encapsulation protocol is commonly used on dial-up links but can also be used on point-to-point
leased lines. PPP replaced SLIP as the primary dialup protocol in use today. PPP can assign IP addresses to the dialup clients,
perform Multi-link PPP if you have multiple connections, monitor link quality, detect errors, and compress data going over the
link.
PPP consists of three parts:
Encapsulation - using HDLC frames
Link Control Protocol (LCP) – used to connect, monitor, and disconnect circuits
Network Control Programs (NCP) – used to support multiple upper-layer protocols
To authenticate the remote system, PPP supports a variety of authentication protocols. They are:
Password Authentication Protocol (PAP) – sends username & password in clear-text
Challenge Handshake Authentication Protocol (CHAP) – encrypts passwords
Microsoft CHAP (MS-CHAP) – Microsoft’s version of CHAP
Packet over SONET (PoS)

Cisco PoS has the IP layer riding directly above the SONET layer, eliminating the overhead usually required to run IP
over ATM and SONET, while still offering strong quality-of-service (QoS) guarantees. PoS was designed to overcome
some of the limitations of IP that restricted its direct use on very high-speed links, and addressing some of the QoS
issues inherent with IP.
DPT / SRP
Dynamic Packet Transport (DPT) is a Cisco optical protocol. It uses dual, counter-rotating rings to send & receive data.
Spatial Reuse Protocol (SRP) is a MAC-layer protocol that is used with DPT. SRP uses destination-stripping for the most efficient
use of bandwidth possible. SRP also provides a high level of redundancy called Intelligent Protection Switching (IPS).
DPT/SRP uses fairness algorithms to ensure all stations connected to the ring get equal time/bandwidth.
DPT/SRP rings can work on underlying technologies like SONET and WDM (wave-division multiplexing).
LAN
Ethernet/FE/GE
There are two types of Ethernet, which are very similar but with a few significant differences:
802.3 – Has a two-byte length field (instead of a protocol type field). The protocol information is held in two
fields: DSAP (Destination Service Access Protocol) and SSAP (Source Service Access Protocol). 802.3 runs at
10Mbs, 100Mbs, or 1,000Mbs and supports all of layer one, and part of layer two of the OSI model.
Ethernet II - Has a two-byte protocol type field that indicates the protocol of the data that is being sent (instead
of a length field). Ethernet II runs at 10Mbs and supports layers one and two of the OSI model.
Ethernet/Fast Ethernet/Gigabit Ethernet

Legacy Ethernet runs at 10Mbps, and can still be found at the Access layer of some older installations that have a
significant investment in legacy technology, or where the communications requirements are very low. Most print
servers, such as Intel NetPorts and HP JetDirects, are 10Mbps devices.
Fast Ethernet (100Mbps) has largely replaced legacy Ethernet at all three layers of the hierarchical model (Core,
Distribution, Access layers) to become the most common LAN technology. Most Fast Ethernet equipment is capable of
using out-of-bank Fast Link Pulse (FLP) bursts to auto-negotiate the fastest physical layer technology that can be used
by both communicating devices. This provides a parallel detection function for half- and full-duplex 1BaseT, half- and
full-duplex 100BaseTX, and 100BaseT4 physical layers.
Gig Ethernet is more expensive and will normally be found either at the Core or Distribution layers, although as per-
port costs come down and the technology becomes cheaper, you can expect to see it more commonly at the access
layer. Uplinks between phone closets and the computer room will often be Gigabit links over fiber; the higher speed
allowing the consolidation of access device data streams, and the fiber overcoming distance limitations.
The most significant limitation of Ethernet is collisions. These become more prevalent as utilization increases. This
can reach levels where higher-layer applications are affected, or time sensitive protocols time-out.
The most common problems with Ethernet installations include reconciling configuration elements, like speed, duplex
and encapsulation settings.
Fast EtherChannel (FEC)

FEC is a Cisco proprietary method for aggregating the bandwidth of up to four Fast Ethernet channels (or two Gigabit
Ethernet channels) on a switch and having them appear to be one logical connection. The requirements are that all the
ports be in the same VLAN; have the same speed and duplex settings; and, if the switch is not a Cat6000, that
contiguous ports be used. Besides increasing the bandwidth available between devices, this also adds a level of
protection, because if one of the links within the EtherChannel were to go down, the traffic would continue to pass at
the reduced rate without interruption.
The Port Aggregation Protocol (PAgP) allows automatic creation of EtherChannels by exchanging packets between
eligible Ethernet ports (those in auto and desirable modes; ports in on or off mode do not exchange PAgP packets).
The protocol learns the capabilities of port groups dynamically, and then groups the ports into an EtherChannel.
Carrier Sense Multiple Access Collision Detect (CSMA/CD)

Defined by the IEEE 802.3, CSMA/CD listens on the Ethernet segment before transmitting; if a collision occurs, the
station that detects it sends out a jam signal to alert all other machines to stop trying to send. After the signal stops,
the machines wait for a random period of time before attempting transmission again.
Wireless/802.11
Although the first wireless networks appeared over two decades ago, adoption has been slow because:
The original wireless data rates were inadequate (way too slow).
Proprietary solutions dominated the marketplace, providing little interoperability among devices.
Wireless solutions were very expensive.
In 1999, the IEEE ratified the 802.11b standard with data rates up to 11 Mbps, and interest in Wireless LANs (WLANs)
exploded. Vendor interoperability is ensured by the Wireless Ethernet Compatibility Alliance (WECA), an independent
international nonprofit association that identifies compliant products from more than 140 companies spanning
component manufacturers, equipment vendors, and service providers under its "Wi-Fi" Brand.
As with any new technology, wireless is continually evolving. Multiple standards that offer advancements in speed,
bandwidth and security either exist, or are being developed to compete for dominance in the high-bandwidth WLAN
market. These include:
802.11b – This is the most widely deployed wireless standard, and can be found in both corporate and home
wireless markets, with wireless "hot spots" popping up in hotels, airports, convention centers, and coffee shops
worldwide. It operates in the 2.4 GHz unlicensed radio band and delivers a maximum data rate of 11 Mbps.
802.11a -- Operates in the unlicensed portion of the 5 GHz radio band, making 802.11a immune to interference
from devices that operate in the 2.4 GHz band, such as microwave ovens, cordless phones, and Bluetooth (a
short-range, low-speed, point-to-point, personal-area-network wireless standard). 802.11a has a top data rate of
54 Mbps, nearly five times the bandwidth of 802.11b. It is the first of the higher-speed wireless standards to hit
the market, but has a major drawback in that it does not provide interoperability with existing 802.11b equipment.
802.11g -- A late entry, this standard boasts a top data rate of 54 Mbps, but operates in the same unlicensed
portion of the 2.4-GHz spectrum as 802.11b, making it backward compatible with 802.11b devices. This new
standard is limited to the same three channels and crowded 2.4-GHz band as 802.11b, creating possible
scalability and interference issues.
Deployment issues for wireless include:

Interference sources: If an environment has a lot of interference sources in the 2.4-GHz frequency band, such as
Bluetooth devices or non-802.11b wireless phones, then 802.11a (5 GHz) may be the better choice.
Need for channels: 802.11b offers only three nonoverlapping frequency channels; 802.11a offers eight for more
flexibility in structuring coverage areas.
Installed base: The more 802.11b clients that are installed, the greater the need to have access points that
support 802.11b.
Types of applications: 802.11b is better for transaction-intensive applications; 802.11a is better for data-hungry
applications.
Cost: 802.11a systems could cost 20 to 30 percent more than current 802.11b products and may have a higher
deployment cost because of the different RF characteristics of the 5-GHz frequency.
Wireless Security
Acknowledging the inherent security deficiencies of WLANs, the 802.11 committee adopted an encryption protocol, the
Wired Equivalent Privacy (WEP). WEP does not provide authentication, access control, or data integrity checking; just
encryption.
Important wireless networking terms:

Access Point (AP) - A wireless LAN transceiver that acts as a center point of an all-wireless network or as a
connection point between wireless and wired networks.
Antenna - A device for transmitting or receiving a radio frequency (RF). Antennas are designed for specific and
relatively tightly defined frequencies, and are quite varied in design. An antenna designed for 2.4-GHz 802.11b
devices will not work with 2.5-GHz devices.
Beamwidth - The angle of signal coverage provided by an antenna. Beamwidth typically decreases as antenna
gain increases.
Broadband - In general, a RF system is deemed "broadband" if it has a constant data rate at or in excess of 1.5
Mbps. Its corresponding opposite is "narrowband."
Fresnel Effect - A phenomenon related to line of sight whereby an object that does not obstruct the visual line of
sight obstructs the line of transmission for radio frequencies.
Microcell - A bounded physical space in which numerous wireless devices can communicate. Because it is
possible to have overlapping cells as well as isolated cells, the boundaries of the cell are established by some
rule or convention.
Multipath - The echoes created as a radio signal bounces off of physical objects.
Roaming - Movement of a wireless node between two microcells. Roaming usually occurs in infrastructure
networks built around multiple access points.
Spread Spectrum - A radio transmission technology that "spreads" the user information over a much wider
bandwidth than otherwise required in order to gain benefits such as improved interference tolerance and
unlicensed operation.
Wireless Access Protocol - A language used for writing Web pages that uses far less overhead, making it
more preferable for wireless access to the Internet by personal digital assistants (PDAs) and Web-enabled
cellular phones.
Radio Frequency (RF) Terms:

Hz - The international unit for measuring frequency is hertz (Hz), which is equivalent to the older unit of cycles
per second.
MHz - one million hertz.
GHz - one billion hertz.
Just to understand how these relate, standard U.S. electrical power frequency is 60 Hz, the AM broadcast radio
frequency band is 0.55-1.6 MHz, the FM broadcast radio frequency band is 88-108 MHz, microwave ovens typically
operate at 2.45 GHz and wireless home phones typically run at 900MHz or 2.4 GHz.
Cisco Deployments
Currently the most flexible Cisco wireless access point is the Aironet 1200 Series which provides compatibility for all
the currently established and emerging wireless LAN standards. It has a dual-band design with eight 5 GHz channels,
and three 2.4 GHz channels, enabling a mix of client devices. Software and hardware are field upgradeable.
Multiservice
Voice/Video
Voice and Video can be digitized and passed though a normal IP network as long as sufficient bandwidth is available,
and the appropriate QoS issues are addressed. These technologies require more coverage than can be provided in a
short exam study guide; but for the purposes of this exam, and because you will probably face them in your career,
you should develop an appreciation of Cisco’s Architecture for Voice, Video and Integrated Data (AVVID). AVVID
technologies enable advanced voice and data services to be delivered reliably over a Cisco router and switch network.
An excellent place to begin this research is at:
http://www.cisco.com/en/US/netsol/ns340/ns19/ns24/networking_solutions_packages_list.html
Coder-decoders (Codecs)
Codecs use pulse code modulation to turn analog signals into digital bit streams, and conversely, transform digital bit
streams back into analog signals. This function is required by Voice-over-IP (VoIP) gateways to turn human speech
into digital data for transport, and back to analog sound to present it to the destination.
Common codecs specifications include:
G.711 – The format used for digital voice delivery in the telecom world, this standard describes the 64 Kbps
PCM voice encoding technique.
G.726 – Describes ADPCM coding at 40, 32, 24 and 16 Kbps and can be used to communicate between packet
voice and other systems, provided the PBX or public phone system has ADPCM capability defined.
G.729 – Describes CELP compressions that allow voice to be encoded in 8 Kbps streams. This standard is
further defined in two variations (G.729/G.729a). These provide standard voice-encoding algorithms that turn
the actual audio signal to digital data. These particular algorithms are significant in the VoIP arena because of
the low-bandwidth requirement (8 Kbps), while providing speech quality comparable to a 32 Kbps ADPCM link.
G.731.1 – Describes a compression technique used to compress speech or the audio portion of a multimedia
presentation, and is part of the H.324 family of standards. There are two bit rates associated with this coder -
5.3 and 6.3. The higher bit rate is based on MP-MLQ and provides a higher quality, while the lower rate is
based on CELP and provides good quality.
Signaling System 7 (SS7)

The international standard telephony network common channel signaling protocol that allows communication between
the Public Switch Telephone Network (PSTN) and local phone switches. It defines the protocols and procedures that
allow the PSTN to exchange information for call setup, routing, and control. Examples of telecom signaling would
include many sounds we’re all familiar with, such as off-hook notification, dial tone, ringing, number dialing, busy
signals and congestion (fast-busy). It also provides for out-of-band signaling and is responsible for routing, link status,
and connection control. Local phone number portability, 1-800 calling, in-network phone mail and portable phone
roaming all are defined by SS7. These standards are used by both wireline (landline) and wireless telephony devices.
Because SS7 uses Common Channel Signaling (CCS) signaling, it allows Telecommunication providers to offer value-
added services, such as call waiting and caller ID.
Real-Time Transport Protocol (RTP)

Provides support for applications with real-time requirements, such as Video- or Voice-over-IP networks. This session-
layer protocol uses UDP as its primary transport-layer protocol to minimize delay, and because retransmissions are not
just unnecessary, but undesirable. This is easy to see if, with VoIP, a small amount of lost traffic would be
unnoticeable; traffic played-back out of order would be very difficult to understand.
RTP enhances the operation of connectionless UDP by providing sequence numbering, time-stamping and a payload-
type field that identifies the application or process that the data is being transported for.
Real-Time Transport Control Protocol (RTCP)

Built on top of RTP, RTCP adds additional functionality for identification of the RTP source, limiting control traffic,
secondary transports for small amounts of information, and statistics about the RTP stream.
Session Initiation Protocol (SIP)

SIP is the IETF's standard ASCII-based, application-layer control protocol for multimedia conferencing over IP. It
establishes, maintains, and terminates calls between, and is designed to provide signaling and session management
for, a packet telephony network.
Multiprotocol Label Switching (MPLS)

In a normal routed environment, frames pass in a hop-by-hop manner based on layer-3 addressing in the header to
determine the path to the destination. Routing protocols have very little interest in the layer-2 characteristics of the
network, particularly in regard to quality of service (QoS), traffic-management and loading.
Multiprotocol Label Switching (MPLS) fuses the intelligence of routing with the performance of switching, and provides
significant benefits to networks with a pure IP architecture, as well as those with IP and ATM or a mix of other Layer 2
technologies.
MPLS enables devices to specify paths through the network based upon QoS and bandwidth requirements of the
applications, taking into account layer-2 attributes. The non-proprietary MPLS protocol developed by IETF is loosely
based on Cisco's proprietary tag-switching protocol. Although the two protocols have much in common, they are
different enough to prevent tag-switching devices from interacting directly with MPLS devices. MPLS will likely
supercede tag switching.
MPLS technology is key to scalable virtual private networks (VPNs) and end-to-end quality of service (QoS), enabling
efficient utilization of existing networks to meet future growth and rapid fault correction of link and node failure. The
technology also helps deliver highly scalable, differentiated end-to-end IP services with simpler configuration,
management, and provisioning for both Internet providers and subscribers.
Definitions follow for the MPLS terms:

Label—A header created by an edge label switch router (edge LSR) and used by label switch routers (LSR) to
forward packets. The header format varies based upon the network media type. For example, in an ATM
network, the label is placed in the VPI/VCI fields of each ATM cell header. In a LAN environment, the header is a
"shim" located between the Layer 2 and Layer 3 headers.
Label forwarding information base—A table created by a label switch-capable device (LSR) that indicates
where and how to forward frames with specific label values.
Label switch router (LSR)—A device such as a switch or a router that forwards labeled entities based upon the
label value.
Edge label switch router (edge LSR)—The device that initially adds or ultimately removes the label from the
packet.
Label switched— An LSR making a forwarding decision based upon the presence of a label in the frame/cell.
Label-switched path (LSP)—The path defined by the labels through LSRs between end points.
Label virtual circuit (LVC)—An LSP through an ATM system.
Label switch controller (LSC)—An LSR that communicates with an ATM switch to provide and provision label
information within the switch.
Label distribution protocol (LDP)—A set of messages defined to distribute label information among LSRs.
XmplsATM—The virtual interface between an ATM switch and an LSC.
MPLS Operations
Frames enter the MPLS domain through an Edge label switch router (edge LSR), a device that initially adds or
ultimately removes the label from the packet. This router serves as the gatekeeper to and from the MPLS domain. A
Label that has been created by the Edge LSR is added to the frame header, which is subsequently used by label
switch routers (LSR) to forward packets through the domain. This header indicates what path the frame should travel
to reach its destination. This header format varies based upon the network media type. For example, in an ATM
network, the label is placed in the VPI/VCI fields of each ATM cell header. In a LAN environment, the header is a
"shim" located between the Layer 2 and Layer 3 headers.
Non-edge LSRs look at the frame, determine that there is a label embedded between Layers 2 and 3, and then treat
the frame according to the configuration in its Label forwarding information base (LFIB), a table created by the LSR
describing where and how to forward frames with specific label values. The label in the frame is just an index to a
larger record in the LFIB, which consists of an incoming label and one or more subentries (including outgoing label,
outgoing interface, and outgoing link-level information). If the incoming label finds a match then, for each component in
the entry, the switch replaces the label in the packet with the outgoing label, replaces the link-level information (such
as the MAC address) in the packet with the outgoing link-level information, and forwards the packet over the outgoing
interface.
Each of the subsequent LSRs handles the frame in a similar manner until the frame reaches the egress Edge LSR,
which then strips off all label information and passes a standard frame to the next hop.
Picture a series of LSRs (edge and core) interconnects, forming a physical path between two points. Because the
frame could be directed through the network based on contents of the LFIB and did not need to perform usual routing
operation, the frame was handled more quickly.
Remember that label information can be carried in a packet in a variety of ways:
As a small, shim label header inserted between the Layer 2 and network layer headers
As part of the Layer 2 header, if the Layer 2 header provides adequate semantics (such as ATM)
As part of the network layer header (such as using the Flow Label field in IPv6 with appropriately modified
semantics)
This means MPLS can be implemented over any media type, including point-to-point links, multiaccess links, and
ATM. Use of these types of control component(s) specific to a particular network layer protocol enable the use of label
switching with different network layer protocols. The label-forwarding component is independent of the network layer
protocol.
How the LFIB is Propagated

LSRs distribute labels using a label distribution protocol (LDP). A label binding associates a destination subnet to a
locally significant label. (Labels are locally significant because they are replaced at each hop.) Whenever an LSR
discovers a neighbor LSR, the two establish a TCP connection to transfer label bindings. LDP exchanges subnet/label
bindings using one of two methods on with both LSRs must agree:
Downstream Unsolicited Distribution - Disperses labels if a downstream LSR needs to establish a new
binding with its neighboring upstream LSR. For example, an edge LSR may enable a new interface with another
subnet. The LSR then announces to the upstream router a binding to reach this network.
Downstream-On-Demand Distribution - A downstream LSR sends a binding upstream only if the upstream
LSR requests it. For each route in its route table, the LSR identifies the next hop for that route. It then issues a
request (via LDP) to the next hop for a label binding for that route. When the next hop receives the request, it
allocates a label, creates an entry in its LFIB with the incoming label set to the allocated label, and then returns
the binding between the (incoming) label and the route to the LSR that sent the original request. When the LSR
receives the binding information, the LSR creates an entry in its LFIB and sets the outgoing label in the entry to
the value received from the next hop.
Quality of Service and Traffic Engineering

Two important mechanisms are incorporated into MPLS to provide a range of QoS to packets passing through the
domain:
Classification of packets into different classes
Handling of packets via appropriate QoS characteristics (such as bandwidth and loss)
MPLS marks packets as belonging to a particular class during an initial classification using information carried in the
network higher-layer headers. A label corresponding to the resultant class is then applied to the packet. Labeled
packets could be handled efficiently by LSRs in their path without needing to be reclassified.
The Cisco Press book “MPLS and VPN Architectures” by Pepelnjak and Guichard is an excellent resource for
learning more about MPLS.
IP Multicast
IP Multicasting allows a device on the network to send a steam of information to a limited and defined group of hosts.
These hosts generally add and remove themselves to and from the data stream. By this time you should be
comfortable with the concepts behind Unicasts and Broadcasts, but just to reiterate:
Unicast – A packet that has a specific destination address of a unique host in the IP network. The packet is
passed through the routed or switched network to its destination, or dropped if it is unreachable.
Broadcast - Packet that a single host sends to all IP hosts on the broadcast domain (usually a network
segment). Keep in mind that every host that receives the broadcast interrupts its other work to process the
packet. Under normal circumstances, routers do not forward broadcasts.
Multicast traffic is a different beast. It’s based on the concept of a group; a collection of recipient hosts which have
“asked” to join a particular data stream; the group does not necessarily have any physical or geographical boundaries
(depending on the network design), and potentially, group members can be located anywhere on the Internet.
Analogously, think of it as a newspaper subscription, or a cable TV drop; they don’t normally “just happen”, the
recipient must make an effort, you know - express an interest.
Hosts interested in receiving a particular data flow join the IP Multicast Group using Internet Group Management
Protocol (IGMP). Hosts must be a member of the group to receive the data stream. Hosts join the group – they receive
the traffic; if they don’t – they don’t.
The source then sends IP packets to an IP Multicast Group Address, then IP multicast routers forward out packets to
interfaces that lead to members of the group. This means one flow of traffic leaves the source, and the routers in
between know how to process the packets to get them to a series of destinations that have either chosen or been
defined as part of a multicast group.
The same information could be sent through broadcasts, but then every destination would be affected; or it could be
sent through unicasts, but then each communication would require a separate data-stream, consuming valuable
bandwidth. With thousands of potential receivers, even low-bandwidth applications benefit from using IP Multicast.
High-bandwidth applications can often require a large portion of the available network bandwidth for just one single
stream; the thought of multiple monster streams is what keeps a good Network Architect from spending time with their
family.
As you can see, we have been describing a bandwidth-conserving technology that reduces traffic by simultaneously
delivering a single stream of information to any number of destinations, without forwarding the traffic to disinterested
destinations. It delivers source traffic to multiple receivers without adding any additional burden on the source or the
receivers, while using less network bandwidth than might otherwise be the case.
Popular IP Multicast applications include:
Multimedia Conferencing – Geographically dispersed group meetings using audio/visual or audio-only
communication, and often including electronic whiteboard applications.
Data Distribution – Reliably replicating data files from a central site to a number of remote locations, such as
distributing price and product information from a central corporate headquarters to a number of remote sales
locations.
Real-Time Data Multicasts – Pushing out real-time data to a number of subscribing hosts, such as stock or
news ticker updates.
The benefits of IP Multicasting include significant savings in both bandwidth and server overhead because the source
device only sends the material once. Because of the reduced bandwidth utilization, there may also be a reduction of
router CPU utilization, although the added load of handling multicast traffic may negate that under some
circumstances.
Multicast packets are replicated in the network by Cisco routers enabled with Protocol Independent Multicast (PIM)
and other supporting multicast protocols. Configuration is fairly simple, and should be part of your knowledge arsenal
if you intend to take the CCIE path later.
Because IP Multicasting is a one-to-many proposition, UDP is the layer-4 protocol of choice. Problems related to
unreliable packet delivery - such as lost packets, duplicate packets and lack of control over network congestion - do
exist, but can be reduced by proper network design.
Addressing
Normal Unicast traffic is defined with a specific destination IP address that corresponds to a specific physical device.
This is not true of Multicast traffic, which forwards to a set of destinations, none of which has the specific IP address
designated in the packet. Remember when you first learned IP addressing, and you used A, B and C-class
addresses? Well, the instructor didn’t mention it to you - but there was also a D-class set of addresses, and that’s
what is used for multicast addressing.
Multicast IP addresses (D-class addresses) are in the range of 224.0.0.0 to 239.255.255.255, meaning the first four
bits of the address are 0x1110. These addresses are administered by the Internet Assigned Number Authority (IANA),
and tightly controlled they are. Don’t count on grabbing a few addresses in case you ever need them; with that limited
range of addresses available, they are very stingy about assigning them. One interesting outcropping of this is that
there is now a DHCP-like service running that allows the entire Internet community to share the remaining unassigned
range of IP multicast addresses dynamically (please notice I said DHCP-like, not actual DHCP).
The IANA has put aside 239.0.0.0 through 239.255.255.255 for private multicast domains, much like the reserved IP
unicast ranges (192.168.x.x, 172.16.x.x and 10.x.x.x). When you are developing an internal application that will
remain within the boundaries of your network, these should be the addresses you choose to implement.
The addresses in the range of 224.0.0.0 to 224.0.0.255 have been put aside by the IANA for use by routing protocols
on the local network segment, meaning routers have been programmed not to forward them, regardless of what the
TTL value is. Reserved addresses in this range include:
Address Usage
224.0.0.1 All Hosts
224.0.0.2 All Multicast Routers
224.0.0.4 DVMRP Routers
224.0.0.5 OSPF Routers
224.0.0.6 OSFP Designated Routers
224.0.0.7 ST Routers
224.0.0.8 ST Hosts
224.0.0.9 RIP2 Routers
224.0.0.10 IGRP Routers
224.0.0.12 DHCP Server/Relay Agent
224.0.0.13 All PIM Routers
Translate Multicast Addresses into Ethernet MAC addresses

IANA maintains a block of Ethernet MAC addresses from 0100.5e00.0000 through 0100.5e7f.ffff as the range of
available Ethernet MAC address destinations for IP Multicast. This allocation allows 23 bits in the Ethernet Address to
correspond to the IP Multicast group address.
As we’ve already discussed, Multicast IP addresses are Class-D addresses which are in the range 224.0.0.0 to
239.255.255.255 (first octet equal to binary 11100000 through 11101111). They are also referred to as Group
Destination Addresses (GDA). For each GDA there is an associated MAC address. This MAC address is formed by
appending 01-00-5e to the last 23 bits of the GDA, translated into hex. Remember that since only the last 23 bits of
the GDA address is used, the second octet of the address can have either of two values and still be correct.
For example:
A GDA of 229.119.213.55 translates to a MAC of 01-00-5e-77-d5-37
Here’s why…
Decimal IP address = 229.119.213.55
Binary equivalent = 11100101.01110111. 11010101.00110111

Last 23 bits = 1110111. 11010101.00110111
Hex equivalent of last 23 bits = 77-d5-37
Append with 01-00-5e = 01-00-5e-77-d5-37
Internet Group Management Protocol (IGMP)

and Cisco Group Management Protocol
(CGMP)
In order to manage IP multicasting, allow directed switching of multicast
traffic, and dynamically configure switch ports so that IP multicast traffic is
forwarded only to the appropriate ports Cisco switches use:
Internet Group Management Protocol (IGMP) - A standard protocol
designed to manage the multicast transmissions passed to routed
ports by dynamically registering individual hosts in a multicast group.
Hosts identify group memberships by sending IGMP messages to their
local multicast routers. Under IGMP, routers listen to IGMP messages
and periodically send out queries to discover which groups are active
or inactive on a particular subnet. One of the problems with this
protocol is if a VLAN on a switch is set to receive, all the workstations
on that VLAN will get the multicast stream.
Cisco Group Management Protocol (CGMP) - A Cisco proprietary
protocol designed to control the flow of multicast streams to individual
VLAN port members while limiting the impact on the switch. CGMP
requires IGMP to be running on the router.
IGMP
There are two versions of IGMP. Version 1 is defined in RFC 1112 and
provides just two different types of IGMP messages:
Membership Reports - Hosts send out IGMP Membership Reports
corresponding to a particular multicast group to indicate they are
interested in joining that group.
Membership Queries - The router periodically sends out an IGMP
Membership Query to verify that at least one host on the subnet is still
interested in receiving traffic directed to that group. When there is no
reply to three consecutive IGMP Membership Queries, the router will
stop forwarding traffic directed toward that group.
IGMP Version 2 is defined in RFC 2236.The primary difference is the
inclusion of a Leave Group message, which allows hosts to take the initiative
and actively communicate to the local multicast router that they no longer
wish to be part of the multicast group. The router then sends out a group
specific query and determines if there are any remaining hosts interested in
receiving the traffic. If there are no replies, the router will time out the group
and stop forwarding the traffic. This can greatly reduce the leave latency
found with IGMP Version 1.
The default behavior for a Layer 2 switch would be to forward all multicast
traffic to every port that belongs to the destination LAN on the switch.
Basically, if one host on a VLAN wants to see the multicast, everybody on the VLAN gets it. Since the purpose of a
switch is to limit traffic to just the ports that need to see it, this is not a desirable behavior. There are two methods to
deal the problem - Cisco Group Management Protocol (CGMP) and IGMP Snooping.
CGMP
CGMP and IGMP software components run on both the Cisco routers and Cisco Catalyst switches. Together they
allow these switches to leverage IGMP information on Cisco routers to make layer-2 (switching) forwarding decisions.
With CGMP, IP Multicast traffic is delivered only to those Catalyst switch ports that are interested in the traffic; ports
that have not explicitly requested the traffic will not receive it.
When the CGMP/IGMP-capable router receives an IGMP control packet, it processes it as it would any other IGMP
request, and then creates a CGMP message, which it then forwards to the switch. These can either be “join” or “leave”
messages, depending on what the host is asking for.
The switch receives the CGMP message and then modifies the port status in its CAM (Content Addressable Memory)
table for that multicast group. All subsequent traffic directed to this multicast group will be forwarded to the port. The
router port is also added to the entry for the multicast group.
It’s important to note that Multicast routers are required to monitor all multicast traffic for every group, since the IGMP
control messages look just like regular multicast traffic. With CGMP, the switch only has to listen to CGMP “Join” and
“Leave” messages from the router. The rest of the multicast traffic is forwarded using its CAM table as normal. The
router carries the load.
Please note that if there is a spanning-tree topology change, the CGMP/IGMP-learned multicast groups on the VLAN
are purged and the CGMP/IGMP-capable router must generate new multicast group information. If a CGMP/IGMP-
learned port link is disabled, the corresponding port is removed from any multicast group.
CGMP/IGMP-capable routers send out periodic multicast group queries, so if a host wants to remain in a multicast
group, it must respond to the query. If, after a number of queries, the router receives no reports from any host in a
multicast group, the router sends a CGMP/IGMP command to the switch to remove the group from the forwarding
tables. CGMP’s fast-leave-processing allows the switch to detect IGMP version-2 leave messages sent to the all-
routers multicast address by hosts on any of the supervisor engine module ports.
Remember that CGMP must be configured on both the multicast routers and the layer-2 switches and that CGMP is
Cisco proprietary.
IGMP Snooping
IGMP Snooping is another technique to avoid sending multicast traffic to disinterested switched Ethernet ports on a
Cisco switch. It requires the LAN switch to examine, (“snoop” through) network layer information in the IGMP packets
sent between the hosts and the router.
When the switch hears the IGMP Host Report from a host for a particular multicast group, the switch adds the host's
port number to the associated multicast table entry. When the switch hears the IGMP “Leave” Group message from a
host, it removes the host's port from the table entry. This obviously puts the burden of processing on the switch,
creating a potential performance impact on low-end switches with limited CPU horsepower. Many high-end switches
have special ASICs that can perform the IGMP checks in hardware.
Multicast Distribution Trees

Multicast capable routers use distribution trees to control the paths used by traffic as it traverses the network. There
are two basic types of multicast distribution trees:
Source Trees - A source tree is the simplest type of a multicast distribution tree, with its root at the source and
branches forming a spanning tree through the network to all the receivers. Source trees have the advantage of
creating the optimal path between the source and the receivers, and are therefore often referred to as “shortest
path trees”. The size of the multicast routing table can create problems on larger multicast networks.
Shared Trees - Shared trees use a predefined shared root, called a Rendezvous Point (RP), which allows the
routers to know little about the overall network layout, lowering the overall memory requirements for a network
that only allows shared trees.
Because multicast group members can join or leave at any time, distribution trees must be dynamically updated.
Protocol Independent Multicast (PIM)

PIM is used to forward multicast packets through a network. It must be enabled for a Cisco interface to perform IP
multicast routing. Enabling PIM on an Interface also enables IGMP operation on that interface. It can be configured in
Dense, Sparse or Dense-spare modes. Dense is used when most hosts have plenty of bandwidth and wish to be part
of the multicast. Sparse is used when there is a lesser percentage of hosts that wish the service, RP’s are used, or if
there are expensive WAN links that do not require the multicast broadcast.
PIM uses whichever unicast routing protocol is in place to populate the unicast routing table, including EIGRP, OSPF,
BGP or even just static routes; that’s why it is considered IP routing protocol independent (thus the name). The
information gained from the unicast routing process is used to support the multicast forwarding function by performing
Reverse Path Forwarding (RPF) functions instead of building up a separate multicast routing table. This enables
routers to correctly forward multicast traffic down a distribution tree by using existing unicast routing table information
to determine upstream and downstream neighbors. A router will only forward a multicast packet if it is received on the
upstream interface. RPF check ensures that the distribution tree is free of loops.
For PIM to work, it must be in one of these modes (remember that PIM is not enabled by default; and does not have a
default mode):
PIM Dense Mode (PIM-DM) - Dense-mode interfaces are always added to the table. Dense mode is used when
multicast group members are densely distributed throughout the network and there is plenty of bandwidth
available. Dense mode PIM floods the multimedia packet to all routers and prunes routers that do not support
members of that particular multicast group. This should be considered a “push” model, used to flood multicast
traffic to every corner of the network. PIM-DM can only support source trees; it cannot be used to build a shared
distribution tree.
PIM Sparse Mode (PIM-SM) - Sparse-mode interfaces are added to the table only when periodic “join”
messages are received from downstream routers, or when there is a directly connected member on the
interface. Sparse mode is used when members are more spread out and there is limited bandwidth available.
Sparse mode PIM relies on rendezvous points (RP). This should be considered a “pull” model, building its
groups through requests from specific destinations. The explicit join mechanism prevents unwanted traffic from
flooding slow WAN links, and minimizing other network bandwidth utilization. PIM-SM uses a shared tree to
distribute its information.
Sparse-dense Mode - These interfaces are treated as dense mode if the group is in dense mode, or in sparse
mode if the group is in sparse mode. This configuration option allows individual groups to run in either sparse or
dense mode, depending on whether RP information is available for that specific group. If the router learns RP
information for a particular group it will be treated as sparse mode, otherwise that group will be treated as dense.
Sparse-dense mode provides a great deal of flexibility for the Network Architect.
A significant difference between Dense and Sparse modes is that a dense mode router assumes all other routers are
willing to forward multicast packets for a group, while a sparse mode router requires an explicit request for the traffic.
PIM-Spare Mode Mechanics

In dense mode, multicast traffic is initially flooded to all segments of the network. Routers with no downstream
neighbors or directly connected receivers prune back the unwanted traffic.
In sparse networks, only those segments with active receivers that have explicitly requested multicast data will be
forwarded the traffic. Rendezvous points (RP) (described below) provide the mechanism for providing multiple
distribution points; the source feeds the RP with one stream, which is then redistributed to the destinations within the
various RP domains.
PIM-SM Joining & Pruning

A Multicast join message is sent from the router to the Rendezvous Point (RP) when a new device requests the
multicast group and the router is not already receiving it. A multicast group is requested to be pruned when there are
no more devices receiving the group.
IP Multicast Routing Table (mroute)

The IP Multicast Routing table is known as the “mroute” table. This table shows the multicast groups the router can
access with PIM-SM, the rendezvous point, and the interfaces for the group.
Distribution Trees
Multicast-capable routers create distribution trees to control the path through the network. The two basic types of
multicast distribution trees are:
Source Trees - These are the simplest form of a multicast distribution tree, where the root is the source of the
multicast tree and the branches form a spanning tree through the network to the receivers. Because this tree
uses the shortest path through the network, it is also referred to as a shortest path tree (SPT).
Shared Trees - Unlike source trees that have their root at the source, shared trees use a single common root
placed at some chosen point in the network. This shared root is called the rendezvous point (RP).
Rendezvous Points
The most significant difference between PIM sparse and dense mode configurations is the requirement for
Rendezvous Points (RP) to be defined in sparse networks. This acts as the meeting place for sources and receivers
of multicast data. The sources send their traffic to the RP, and it is then forwarded to receivers down a shared
distribution tree. By default, when the first hop router of the receiver learns about the source, it will send a join
message directly to the source, creating a source-based distribution tree from the source to the receiver.
Since by default the RP is only needed to start new sessions with sources and receivers, it experiences little additional
overhead from traffic flow or processing.
In PIM-SM version 1, all routers directly connected to sources or receivers (leaf routers) are manually configured with
the IP address of the RP; for this reason this type of configuration is also known as a “static RP” configuration. This
isn’t much of a problem in a small network (like a lab exam), but it can create obvious problems in a large, complex
network.
PIM-SM version 2 has an Auto-RP feature that automates the distribution of group-to-RP mappings in a PIM network.
The advantages of this are:
Not having to configure a static RP address on every router.
Changes need only be configured on the RP routers, not on all the leaf routers.
The ability to “scope” the RP address within a domain, giving it an area of the network to cover. Scoping can be
achieved by defining the time-to-live (TTL) value allowed for the Auto-RP advertisements.
Bootstrap Router (BSR)

PIM version 2 supports something called a Bootstrap router (BSR). A BSR is an alternative to using an the Auto-
Rendezvous Point (Auto-RP) feature. BSR is detailed in RFC 2362 (PIM Version 2). To use BSR, you select BSR
Candidate routers. These routers have priorities that you configure. The router with the highest priority becomes the
bootstrap router.
The Cisco Press book “Developing IP Multicast Networks” by Beau Williamson is an excellent resource for Multicast
Networking.
Reference
The following text was used as a reference in the creation of this Cramsession:
CCIE Routing and Switching Exam Certification Guide by A. Anthony Bruno, ISBN 1-58720-53-8

1403 CCIE Routing

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1403 CCIE Routing

Uploaded by

Copyright:

Available Formats

Routing and Switching Written Qualification Exam (350-001)

Switching Technique Types ..................................................................................................................................... 21

Access list types are designated by the list Numbers:............................................................................................. 33

Dial-on-Demand Routing (DDR) .................................................................................................................................. 45

Split Horizon and Frame Relay Interfaces ............................................................................................................... 55

Carrier Sense Multiple Access Collision Detect (CSMA/CD)................................................................................... 68

Cisco Device Operation

Software Configuration Bit Meanings

Bunch of Bits (some of the more interesting Configuration Register Bits,

Bit 3 Bit 2 Bit 1 Bit 0 Hex Value Net-boot

Bit 14 Bit 10 Address

Off Off <ones><ones>

Bit 12 Bit 11 Baud Rate

Seeing and Changing Configuration Register Settings

My simplistic description of the boot sequence

Copying and Backing up Configuration Files

Configuring a new router

Security & Passwords

General Networking Theory

General Routing Concepts

Ethernet Cable Specifications

You will find an excellent clarification of this process at:

Fragmentation & MTU

Bridging and LAN Switching

Integrated Routing and Bridging (IRB)

Bridge ACL & Filtering

Multiple-Instance Spanning Tree Protocol (MISTP)

Source-Route Bridging (SRB)

Data Link Switching (DLSw) and DLSw+

Source-Route Transparent Bridging (SRT) and Source-Route

Switching Technique Types

Command-Line Interface (CLI)

Ports On Off Auto Desirable Non-Negotiate

On Yes No Yes Yes Yes

Auto Yes No No Yes No

Desirable Yes No Yes Yes Yes

Non-Negotiate Yes No No Yes Yes

Virtual LAN (VLAN)

VLAN Trunk Protocol (VTP)

Spanning-Tree Protocol (STP)

Root Bridges and Switches

Bridge Protocol Data Units (BPDUs)

How STP Works

Ports in an STP domain will progress through the following states:

Notes about STP Port States:

Fast Ether Channel (FEC)

Cisco Discovery Protocol (CDP)

IP Receive Access-list (RACL)

Multi-Layer Switching (MLS)

Internet Protocol (IP)

IP Purpose High- Default Address Range

A Few large 0 255.0.0.0 1.0.0.0 to 126.0.0.0

B Medium-size 10 255.255.0.0 128.1.0.0 to

C Relatively small 110 255.255.255.0 192.0.1.0 to

D Multicast groups 1110 N/A 224.0.0.0 to

E Experimental 1111 N/A 240.0.0.0 to

Line 2 Binaries 128 64 32 16 8 4 2 1

Line 4 Hosts 126 62 30 14 6 2 0 0

Line 5 Nets 2 4 8 16 32 64 128 256

How to create the chart:

Services & Applications

ARP & RARP

BOOTP & DHCP