5. The connection between homogenous and heterogonous devices to share their resources and information is
called network, Network is studied by its two sides as System side and Network side.
The system side is studied under following certifications as:
1. MCP: Microsoft Certified Professional.
2. MCSE: Microsoft Certified System Engineer
3. MCSA: Microsoft Certified System Administrator
The network side is studied under following certifications as:
1. CCNA: Cisco Certified Network Associate.
2. CCNP: Cisco Certified Network Professional.
3. CCIE: Cisco Certified Inter network Expert, etc.
The main purpose of this course is a Network’s administration in the following bases as Routing
and switching, Security, and Voice over IP.
15-12-2009
6. 1.
! This device is used just as a connection between two devices.
2. # This device is used as a repeater but to strengthen the signal between two LAN
networks.
3. This device is just a multiport Bridge that beside LAN networks here; PCs also can be
connected, and HUB is a single collision domain.
4. $%' ( This device works as a HUB but it is promoted with the increase of
buses inside, it works on the base of MAC addresses so the first time a switch is connected on a LAN
network; it broadcasts a “Hello/echo” massage and in reply to that massage by Hosts, it saves all the
MAC addresses on a MAC table so switch is called a single broadcasting domain, if all the switch ports
are in use then sometimes it causes a LAN blockage. Switch is a multiple collision domain, and in Cisco
it is still called a (24port Bridge), the data format in switch is called data Frames.
5.
)*+$( This device is used on WANs, over internetwork (the network
of Routers); it is both multiple broadcasting multiple collision domains because more buses are used
inside it. The address used over routers is all logical addresses (IP addresses), the data formats moving
over routers is called Packets so the packet exchange between routers in an internetwork is called packet
switching and the decision for packet switching is called packet filtering.
16-12-2009
,,,#-
NOW WE SEE DEFFIRENT COMPANIES HAS PRODUCCED THESE DEVICES; so in order to
communicate them ISO (International Standardization Organization) has introduced some Models as following:
1. ,,$,,$,( 7-Layers Model:
a. Application layer: This layer presents the data for users.
b. Presentation layer: It collects the data and presents it to application layer and also encryption and
decryption of data is done in same layer.
c. Session layer: This layer divides the data into sessions for every user and supplies the type of
communications whether it is Simplex, Half duplex, or full duplex.
CCNA 1
7. d. Transport layer: It provides a logical link for end to end communication maybe reliable or
unreliable by the use of TCP/UDP protocols. If TCP (Transmission Control Protocol) is used
Connection Oriented Protocol works here for receiving an acknowledgment of packet arrival to
the other host but UDP (User Datagram Protocol) has no acknowledgment massage received.
This layer is also responsible for the flow control (Windowing: The size of Sender’s data sent at
a time, Buffering: The amount of data received at a time by receiver) to avoid Congestion. The
data is called Segment yet.
e. Network layer (L3): It provides a physical link for end to end communication, here segments are
changed into Packets for routing (checking the direction of packets) with the help of logical
addresses (IP address) and the device used here is Routeri under protocols as Routing protocols
(Refreshes the link update as RIP, IGRP etc) Routed protocols (helps a packet rich to its
destination from a host as IPv4, IPv6) both work together interconnecting each other.
f. Data link layer (L2): Frames’ transfer occurs now by the use of physical addresses (MAC
address) and the devices for this layer are switchesii, Intelligent HUB, further two layers work
inside this layer as MAC (Media Access Control) layer that interacts with the upper layer
(Physical), LLC (Logical Link Control) layer that interacts with the lower (Network) layer.
g. Physical layer (L1): The devices on this layer are Dump HUB as a multiport Bridge to provide
communication for sending and receiving bits (0, 1).
2. ./. (Transmission Control Protocol/ Internet Protocol)
4-Layers Model: introduced by DOD (Department Of Defense)
a. Process/Application layer: It works as OSI first 3 layers to provide user interface.
b. Host-to-Host layer: All the data is sequenced here as in session layer and provides end to end
communication by the use of protocol from transport layer.
c. Internet layer: It provides routing by the use of logical addresses as in Network layer.
d. Network access layer: It does all the activities done in Data link layer Physical layer.
i Metric: The destination between two internetworks, where routing and routed protocols work.
ii If switches work for routing in network layer so they are called L3 switches.
CCNA 2
8. 17-12-2009
3. $*0-!%!$%$!--
a. Access layer: It completes the switching for Host-to-Host communication by switches over
LANs and VLANs.
b. Distribution layer: It distributes packets after taking routing decisions by routers with the help of
logical addresses.
c. Core layer (Back bone layer): It completes the transportation through physical link for end to end
communication.
.
Internet Protocol addresses is of two types as (IPv4, IPv6).
1. .+': It consists of 32 bits (4Bytes), 4 octets separated by dots (.) as (xxx.xxx.xxx.xxx), it is
called decimal addresses because only decimal numbers are used in it and classified into five classes:
a. Class A: (1.0.0.0) to (126.255.255.255)i for large organizations (Governmental)
b. Class B: (128.0.0.0) to (191.255.255.255) for middle range companies
c. Class C: (192.0.0.0) to (223.255.255.255) for small organizations
d. Class D: (224.0.0.0) to (239.255.255.255) for Multicasting
e. Class E: (240.0.0.0) to (247.255.255.255) Under research for future use
Due to the lake of IP addresses some rules were introduced as NAT (Network addresses Translation), CIDR
(Classless Inter Domain Routing (Sub netting)), Private IP addresses for each class of IP (10.0.0.0 -
10.255.255.255/ 172.16.0.0 - 172.31.255.255/ 192.168.0.0 - 192.168.255.255) but again the lake of IP
addresses were felt so IPv6 was introduced.
2. .+1 It consists of 128 bits (16 Bytes), 8 octets separated by colons (:) and it supports
hexadecimal numbers as (xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx), it is of three types:
a. Global unicast IP: This type starts with (2001, 3001, 4001)ii, it is used on WANs for routers e.g.
(2001:0000:0000:0000:0000:0000:0000:0001) - (2001:0000:0000:0000:FFFF:FFFF:FFFF:FFFF)
in this type the first four octets is network portion and last four octets are host but called interface
portion.
b. Site local IP: These are not purchased as Private IP addresses and starts with (FEC0:) e.g.
(FEC0:0000:0000:0000:0000:0000:0000:0001)
c. Link local IP: These are used inside LAN communications and starts with (FE80:) e.g.
(FE80:0000:0000:0000:0000:0000:0000:0001)
Multicast addresses starts with (FE00:) and used for multicasting.
IPv6 can be abbreviated as bellow:
(2001:0000:0000:0000:0000:0000:0000:0001) = (2001::0000:0000:0000:0001)
(2001::0010:0000:0000:0001) = (2001:: 10::1) IPv6 is used over Back bones.
)!-!$,# The way of communication between IPv4 IPv6 through NATTING, this is
called a GRE tunnel.
IPv6 (NATTING) IPv4 (NATTING) IPv6
i The IP (127.0.0.1) is called Loop back IP that is used for self pinging with a switch or other device.
ii (3001, 4001) is not used yet.
CCNA 3
9. 18-12-2009
2
Only for IPv4 (IPv6 can not be subnetted): A network runs over subnet masks defined for them, subnet mask is
used to define the number of hosts allowed and send through a network by its host portion but network portion
can not be subnetted; each IP class has got an automatic default subnet mask as below:
1. Class A: Network (255.)- Host (0.0.0) = (255.0.0.0)
2. Class B: Network (255.255.)- Host (0.0) = (255.255.0.0)
3. Class C: Network (255.255.255.)- Host (0) = (255.255.255.0)
4. Class D: Network (255.255.255.255) - Host () = (255.255.255.255) for routers only.
5. Class E is still under research for future use.
,+,#!$!-.,3,! (255.0.0.0)
255: 11111111
/ 2 2 2 2 2 2 2
0: 00000000
255 127-1 63-1 31-1 15-1 7-1 3-1 1-1
0: 00000000
0: 00000000 255 = 1 1 1 1 1 1 11
Now as we see here all 1s shows the up/on bits and all the 0s shows the down/off bits.
21-12-09
10. %!4)3,,#5
The word “Subnet” is derived from two words; Sub (a part of), Net (network) so it means being a part of
network, an internetwork is also called the part of a network, to avoid wasting the large amount of IP addresses
of a skim “subnetting” is introduce, by the help of which we can divide a class of IP addresses into small
subnetworks so that a class of IP addresses is used by a large amount of networks. In each network’s IP series
the first and the last IP is not used by users/hosts because the first IP of every IP pool is for self network
identification (Network IP) and the last IP of every pool is used for broadcast of that network (Broadcast IP); so
the least number of IP addresses in each pool must be 4 in order to connect only two users/hosts. Two directly
connected devices should used same network’s IP; e.g. two routers and connected to each other, the assigned IP
for their connected interfacesi should continue as (192.168.1.1 192.168.1.2).
)3,
For subnetting a class of IP addresses we should know some of the following terms:
1. Each class of IP has a default subnet mask, the number of “up” bits in a default subnet mask is called the
prefix value for that class of IP addresses; e.g. in class C default subnet mask is (255.255.255.0) in
binary number we can have it as (11111111.11111111.11111111.00000000), start counting from left
side we have 24 “up” bits so the prefix value for class C is (24).
2. Value extracted from binary number is on the base of following weights (1281 641 321 161 81 41 21 11) the
on bits’ weight is added from left side and written e.g. 11111000 = (128+64+32+16+8) = 248
3. Subnetting always occurs in the host portion of an IP class by changing “down” bits to “up” so it’s
added to the network portion.
4. For getting the number of pools (group) and IP addresses per pool some formulas are used as the
formula (2n where “n” = “up bits of a subnetted mask”) to find out the number of Pools or groups, the
formula (2n where “n” = “down bits of subnetted mask”) to find range of IP addresses per pool, in each
pool 2 IP addresses are considered as “Network” “Broadcast” IPs then the formula (2n-2 where “n” =
“down bits of sub netted mask”) is used for total usable IPs for hosts. The number of IP/pool including
network and broadcast IP addresses is called block size.
5. The prefix value after subnetting can be called “CIDR” value as well, and its range for every class is
fixed in which a mask can be subnetted but (31 32) CIDR values are not valid for subnetting because
for 31 we can’t get user IPs and for 32 no IP available.
i A router is not included in a network only the interface is used in a network; a router can be used by multiple networks.
CCNA 4
11. 22-12-09
)3,,#$-! Some notations about this class:
1. The prefix value for class C is 24; (X.X.X.X/24)
2. The CIDR value range is (25 to 32); (X.X.X.X/25-32); But (31 32) CIDR is not used for user
3. Default subnet mask is (255.255.255.0)
4. For better study of this class; we start sub netting from 30 downward.
e.g. IP 192.168.0.0/24; Default mask 255.255.255.0 = 11111111.11111111.11111111.00000000
For IP 192.168.0.0/30; Subnetted mask 255.255.255.252; last octet = .111111100
Number of pools = 26 = 64 Number of IP per Pool = 22 = 4
1st: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3 Broadcast IP
2nd: 192.168.0.4 Network IP
192.168.0.5
192.168.0.6
192.168.0.7 Broadcast IP
63rd: 192.168.0.248 Network IP
192.168.0.249
192.168.0.250
192.168.0.251 Broadcast IP
64th: 192.168.0.252 Network IP
192.168.0.253
192.168.0.254
192.168.0.255 Broadcast IP
For IP 192.168.0.0/29; Subnetted mask 255.255.255.248; last octet = .11111000
Number of pools = 25 = 32 Number of IP per Pool = 23 = 8
1st: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
192.168.0.6
192.168.0.7 Broadcast IP
32nd: 192.168.0.248 Network IP
192.168.0.249
192.168.0.250
192.168.0.251
192.168.0.252
192.168.0.253
192.168.0.254
192.168.0.255 Broadcast IP
For IP 192.168.0.0/28; Subnetted mask 255.255.255.240; last octet = .11110000
Number of pools = 24 = 16 Number of IP per Pool = 24 = 16
1st: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
192.168.0.6
192.168.0.7
192.168.0.8
192.168.0.9
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
192.168.0.15 Broadcast IP
16th: 192.168.0.240 Network IP
192.168.0.241
192.168.0.242
192.168.0.243
192.168.0.244
192.168.0.245
192.168.0.256
192.168.0.247
192.168.0.248
192.168.0.249
192.168.0.250
192.168.0.251
192.168.0.252
192.168.0.253
192.168.0.254
192.168.0.255 Broadcast IP
CCNA 5
12. For IP 192.168.0.0/27; Subnetted mask 255.255.255.224; last octet = 11100000
Number of pools = 23 = 8 Number of IP per Pool = 25 = 32
1st: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
. . .
192.168.0.31 Broadcast IP
8th: 192.168.0.224 Network IP
192.168.0.225
. . .
. . .
192.168.0.254
192.168.0.255 Broadcast IP
For IP 192.168.0.0/26; Subnetted mask 255.255.255.192; last octet = .11000000
Number of pools = 22 = 4 Number of IP per Pool = 26 = 64
1st: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
192.168.0.62
192.168.0.63 Broadcast IP
2nd: 192.168.0.64 Network IP
192.168.0.65
. . .
. . .
192.168.0.126
192.168.0.127 Broadcast IP
3rd: 192.168.0.128 Network IP
192.168.0.129
. . .
. . .
192.168.0.190
192.168.0.191 Broadcast IP
4th: 192.168.0.192 Network IP
192.168.0.193
. . .
. . .
192.168.0.254
192.168.0.255 Broadcast IP
For IP 192.168.0.0/25; Subnetted mask 255.255.255.128; last octet = .10000000
Number of pools = 21 = 2 Number of IP per Pool = 27 = 128
1st: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
192.168.0.63
192.168.0.64
. . .
. . .
192.168.0.126
192.168.0.127 Broadcast IP
2nd: 192.168.0.128 Network IP
192.168.0.129
. . .
. . .
192.168.0.191
192.168.0.192
. . .
. . .
192.168.0.254
192.168.0.255 Broadcast IP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1. To find the specific pool with its network and broadcast IPs for a subnetted IP address with the CIDR
value given, follow this manner; first solve the number of Pools and IP per pool from the CIDR value
given, second get the subnet mask for the IP, finally write down the pool as in following example:
E.g. Find the Network and Broadcast IPs for the pool which (194.100.9.83/29) IP exists in?
Ans: CIDR value = 29, it means last octet is (.11111000) so the subnet mask is 255.255.255.248;
number of pools = 25 (32); number of IP/pool = 23 (8). So by counting (10x8=80 11x8=88
808388) we get “this IP exists in 11th Pool, and the network IP for this Pool is [(“Pool no”-1) x “No
of IP/pool”] = [(11-1) x 8 = 80] (194.100.9.80) the Broadcast IP is got [(“Pool no” x “No of
IP/pool”) -1] = (11 x 8 -1 = 87) (194.100.9.87)
2. Network IP of every Pool is in “Even” numbers other than Broadcast IP is always in “Odd” numbers.
CCNA 6
13. 23-12-09
)3,,#$-! Some notations about this class:
1. The prefix value for class B is 16; (X.X.X.X/16)
2. The CIDR value range is (17 to 32); (X.X.X.X/17-32); But (31 32) CIDR is not used for user
3. Default subnet mask is (255.255.0.0)
4. For better study of this class; we start sub netting from 17 upward to 24.
E.g. IP 172.16.0.0/16; Default mask 255.255.0.0 = 11111111.11111111.00000000.00000000
For IP 172.16.0.0/17; Subnetted mask 255.255. 128.0; last two octets = .10000000.00000000
Number of pools = 21 = 2 Number of IP per Pool = 215 = 32768
1st: 172.16.0.0 to 172.16.127.255 Last: 172.16.128.0 to 172.16.255.255
For IP 172.16.0.0/18; Subnetted mask 255.255.192.0; last two octets = .11000000.00000000
Number of pools = 22 = 4 Number of IP per Pool = 214 = 16384
1st: 172.16.0.0 to 172.16.63.255 Last: 172.16.192.0 to 172.16.255.255
For IP 172.16.0.0/19; Subnetted mask 255.255.224.0; last two octets = .11100000.00000000
Number of pools = 23 = 8 Number of IP per Pool = 213 = 8192
1st: 172.16.0.0 to 172.16.31.255 Last: 172.16.224.0 to 172.16.255.255
For IP 172.16.0.0/20; Subnetted mask 255.255.240.0; last two octets = .11110000.00000000
Number of pools = 24 = 16 Number of IP per Pool = 212 = 4096
1st: 172.16.0.0 to 172.16.15.255 Last: 172.16.240.0 to 172.16.255.255
For IP 172.16.0.0/21; Subnetted mask 255.255.248.0; last two octets = .11111000.00000000
Number of pools = 25 = 32 Number of IP per Pool = 211 = 2048
1st: 172.16.0.0 to 172.16.7.255 Last: 172.16.248.0 to 172.16.255.255
For IP 172.16.0.0/22; Subnetted mask 255.255.252.0; last two octets = .11111100.00000000
Number of pools = 26 = 64 Number of IP per Pool = 210 = 1024
1st: 172.16.0.0 to 172.16.3.255 Last: 172.16.252.0 to 172.16.255.255
For IP 172.16.0.0/23; Subnetted mask 255.255.254.0; last two octets = .11111110.00000000
Number of pools = 27 = 128 Number of IP per Pool = 29 = 512
1st: 172.16.0.0 to 172.16.1.255 Last: 172.16.254.0 to 172.16.255.255
For IP 172.16.0.0/24; Subnetted mask 255.255.255.0; last two octets = .11111111.00000000 (For Class B)
Number of pools = 28 = 256 Number of IP per Pool = 28 = 256
1st: 172.16.0.0 to 172.16.0.255 Last: 172.16.255.0 to 172.16.255.255
24-12.09
)3,,#$-! Some notations about this class:
1. The prefix value for class A is 8; (X.X.X.X/8)
2. The CIDR value range is (9 to 32); (X.X.X.X/9-32); But (31 32) CIDR is not used for user
3. Default subnet mask is (255.0.0.0)
4. For better study of this class; we start sub netting from 9 upward to 16.
E.g. IP 10.0.0.0/8; Default mask 255.0.0.0 = 11111111.00000000.00000000.00000000
For IP 10.0.0.0/9; Subnetted mask 255.128.0.0; last 3 octets = .10000000.00000000.00000000
Number of pools = 21 = 2 Number of IP per Pool = 223 = 8388608
1st: 10.0.0.0 to 10.127.255.255 Last: 10.128.0.0 to 10.255.255.255
For IP 10.0.0.0/10; Subnetted mask 255.192.0.0; last 3 octets = .11000000.00000000.00000000
Number of pools = 22 = 4 Number of IP per Pool = 222 = 4194304
1st: 10.0.0.0 to 10.63.255.255 Last: 10.192.0.0 to 10.255.255.255
For IP 10.0.0.0/11; Subnetted mask 255.224.0.0; last 3 octets = .11100000.00000000.00000000
Number of pools = 23 = 8 Number of IP per Pool = 221 = 2097152
1st: 10.0.0.0 to 10.31.255.255 Last: 10.224.0.0 to 10.255.255.255
For IP 10.0.0.0/12; Subnetted mask 255.240.0.0; last 3 octets = .11110000.00000000.00000000
Number of pools = 24 = 16 Number of IP per Pool = 220 = 1048576
1st: 10.0.0.0 to 10.15.255.255 Last: 10.240.0.0 to 10.255.255.255
For IP 10.0.0.0/13; Subnetted mask 255.248.0.0; last 3 octets = .11111000.00000000.00000000
CCNA - 7 -
14. Number of pools = 25 = 32 Number of IP per Pool = 219 = 524288
1st: 10.0.0.0 to 10.7.255.255 Last: 10.248.0.0 to 10.255.255.255
For IP 10.0.0.0/14; Subnetted mask 255.252.0.0; last 3 octets = .11111100.00000000.00000000
Number of pools = 26 = 64 Number of IP per Pool = 218 = 262144
1st: 10.0.0.0 to 10.3.255.255 Last: 10.252.0.0 to 10.255.255.255
For IP 10.0.0.0/15; Subnetted mask 255.254.0.0; last 3 octets = .11111110.00000000.00000000
Number of pools = 27 = 128 Number of IP per Pool = 217 = 131072
1st: 10.0.0.0 to 10.1.255.255 Last: 10.254.0.0 to 10.255.255.255
For IP 10.0.0.0/16; Subnetted mask 255.255.0.0; last 3 octets = .11111111.00000000.00000000 (Class A)
Number of pools = 28 = 256 Number of IP per Pool = 216 = 65536
1st: 10.0.0.0 to 10.0.255.255 Last: 10.255.0.0 to 10.255.255.255
:
1. CIDR value is called a also Subnetted prefix for a class of IP; which is the abbreviation for (Classless
Inter Domain Routing) but when in it was introduced by Cisco so changed to CCIDR (Cisco CIDR).
2. The number of usable IPs in a class excluding Network and Broadcast IPs is called “Block size”.
26-12-09
!!3-,#%)3,!(
This is a easy way to take a network and create many networks using subnet mask of different lengths and
different types of network designs called VLSM networking, it benefits us to save a group of IP address space,
as we can have different subnet masks for different router interfaces each joining separate networks as you can
see in this figure:
CCNA - 8 -
15. 29-12-09
2
)
This device is used over network layer on internetwork, it uses and operating system called IOS (Internetwork
Operating System) that provides us Communication, Static/Dynamic routing support, Scalabilityi, Security for
user and network access. There are four ways for router’s connectivity in different conditions as:
1. Console cable: this is a “RS232” “RJ45” ends’ connecter cable used for essential configuration only;
its further usage for troubleshooting or traffic control is not recommended by Cisco.
2. Telnet: Once configuration is done on a router and it is up, then if any traffic problem or troubleshooting
occurs then the router is accessed from remote area by NMS (Network Management Server) via Telnet.
3. Aux (Auxiliary): this connectivity is done through a modem connected to the router and the number
assigned for it, is dialed remotely and then router is set, but new routers doesn’t have modem interfaces.
4. SSH (Secure Shell): here, a router is configured remotely by an OS as windows or Linuxii but not used
with new routers.
A figure from backside of a Cisco 2600 router shows the important portsiii except two serial ports used for
connecting to other routers called (Point to point/ Peer to peer) connectivity.
) $,6#)!,: Router configuration is of two types; when it is configured
through Console cable or Aux directly, it is called “Out-of-band”, while configuring through Telnet or SSH
from any of its networks that is called “In-band” configurations. Configuring through console cable: after
connecting “RS232” PC port to “RJ45” router console port, then on “Windows XP” follow this path: Start All
programs Accessories Communication Hyper terminal Edit for any “Name” Click “Restore Default” for
values OK wait while router completes its loading step Edit “NO” then you move to “Router console mode”
(you are asked to press RETURN) by pressing “Enter” move to “User executive mode ( Router )” Edit for
(enable)iv command and by pressing “Enter”, it moves to “User privilege mode ( Router# )” here you can
access basic commands to show or check some information about router by using following commands:
1. show version For checking the version of a router.
2. show ? For getting more info about “show” usages.
3. show clock For checking router time.
Using the command (configure terminal) and pressing “Enter”, move to “Router/User/Global
configuration mode” determined as ( Router(config)# ) where you get access to configure a router.
i The ability to adjust configuration and size to fit new conditions
ii Not much usage because “Linux” is mostly used on servers and router is not configured by a server
iii On ports the sign 0/0 means (
Slot number/Port number).
iv If any word is present uniquely in IOS dictionary so by typing only some begging letter of command and pressing “TAB”; the
command will be auto completed as: ena enable, conf t configure terminal etc.
CCNA - 9 -
16. 30-12-09
)7$%!,!+6),$,
Introducing four functions to administrate a router or a switch:
1. ,!: first and most important point is to configure a host name for a router with the
help of (hostname) command followed by a specific name for router or switch.
2. .!: as you know security is must for a device so that security is implemented by
configuring the following password configurations to the device step by step in configuration mode:
a. Enable password: the passkey implemented by (enable password) command followed by a
password, asked back while moving to “User privilege mode” but this password is revealed
while showing running configurations then secret code is used.
b. Enable secret password: this code is implemented by (enable secret) followed by a pass
code, and this code for hacking avoidance in routers.
c. Aux password: auxiliary pass code is implemented by (line aux 0 password a word
login ) commands for aux port, this is asked when router is accessed through Aux
connectivity, the “0 or 1” digits included command shows the number of ports on router.
d. Console password: console pass code is implemented by (line console 0 password a
word login ) command for security on connectivity through console cable.
e. Telnet password: this code is very important to secure a router from hacking that is easily
implemented by (line vty 0 4 password a word login ) commands, the number
of telnet servers’ access is defined while password configuration in the underlined part of the
command, which is (0 4) for non enterprise IOS and (0 1180) for enterprise IOS version.
3. !,,: it is used to display information, it’s of four types: 1. Executive process, 2. Incoming
process, 3. Login process (console), and 4. Massage of the day (contains a router’s information located
at the top, arrange it in user configuration mode of a router by (banner motd # some information
about the router # ), shown back after console mode.
4. ,6!$$ ,: at User privilege mode; for getting information about the
ports’ connectivity using commands as (show ip interface brief ) to check router’s
interfaces’ IP assigned to, (show int followed by interface Id as s0/0, s0/1, f0/0 or f0/1) to
get information about the specific port’s connectivity, to describe a port; at interface’s configuration
mode (description “Some words to describe the port” ) command is used, this description is
shown back in “user privilege mode” for interface.
Implementations: switch on a router and start with the following! Command Descriptions
Routerenable User Executive mode.
Router#configure terminal User privilege mode.
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Qta router Changing hostname.
Qta router(config)#enable password 123 Adding Enable password.
Qta router(config)#enable secret 456 Adding Enable secret password.
Qta router(config)#line console 0 Entering console line.
Qta router(config-line)#password 789 Adding Console password.
Qta router(config-line)#login Enabling console password.
Qta router(config-line)#exit Getting out of console line.
Qta router(config)#line vty 0 4 Entering telnet path for 5 users.
Qta router(config-line)#password 1234 Adding password for telnet users.
Qta router(config-line)#login
Qta router(config-line)#exit
Qta router(config)#banner motd # Adding Massage of the day banner.
Enter TEXT message. End with the character '#'.
This is the Quetta router # Banner massage, ending with #.
Qta router(config)#interface serial 0/0 Entering interface mode.
Qta router(config-if)#description This port is connected to Karachi
CCNA - 1 0 -
17. Qta router(config-if)#exit Description added to the port.
Qta router(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
Qta router#show interface serial 0/0 “Show” command in privilege mode.
Serial0/0 is down, line protocol is down (disabled)
Hardware is HD64570
Description: This port is connected to Karachi This line is added via description.
%SYS-5-CONFIG_I: Configured from console by console
This is the quetta router This is the banner, defined earlier.
User Access Verification
Password: Console password is needed.
Qta routerenable
Password: Enable password is needed.
Password: Enable secret password is needed.
Qta router# Back to privilege mode.
:
1. For ending any configuration use the command (exit).
2. For console and Aux connectivity users we can set session time.
31-12-09
),#
Defining paths for packets transfer from one internetwork to another internetwork is called routing, a router
checks packet’s destinies through IP addressesi, the destiny a packet passes leaving an interface of first router
and crosses the 2nd router is called One “Hop” distance, any routing’s trust worthiness is defined for its “AD
(administrative distance)”; AD value varies between (0-255) but AD approximating to (0) is considered the
better routing because lower AD path is always followed by packets, after defining the paths (routing) router
configurations a router creates some tables for saving different information on them as:
1. Routing table: this table is made in a router to keep routes’ information on it.
2. Neighbor table: this table saves information about its neighbor router.
3. Topologyii table: if two routers are connected by multiple connections, so some routers save all
connection routes on routing table but some of them save only the best connectivity on routing table
then the remaining connections are saved on topology table with network’s structure. Topology table is
same for all routers in an internetwork because all routers are connected to same structured network.
Routing is of three types as Static routing, Default routing, Dynamic routing.
i IP addresses are assigned and used only with devices having multiple broadcasts as router not single broadcast as switches.
ii Topology is the name for a network structure.
CCNA - 1 1 -
18. !$),#: in static routing a network administrator has to define all routes of a network
manually, which has got some advantages as:
1. Once all routes are defined then there is no need felt for “update packets”, which due to less overhead.
2. The AD value for static routing is (1) which is considered the best AD.
But some disadvantages of static routing are:
1. Static routing depends on network administrator with a lot of responsibilities.
2. A static routed network can not be managed easily without a basic model guide for it.
01-01-10
Static routing configuration: for the implementation of static routing we attend the following example:
PC/Switch, Switch/Router is straight cable but Router to Route is Pair to pair connectivity.
On Router1:
Self decompressing the image:
########################################################################## [OK]
--- System Configuration Dialog --- COMMAND DISCRIPTIONS
Continue with configuration dialog? [Yes/no]: No Continue with manual setup
Press RETURN to get started! Press ENTER
RouterEnable User executive mode
Router#conf t User privilege mode
Router(config)#Hostname A Changes router’s name
A(config)#int s0/0 Enter a serial interface
A(config-if)#ip address 1.0.0.1 255.0.0.0 Assign IP
A(config-if)#encapsulation PPP Establish peer connection
A(config-if)#no shutdown Interface turns on
A(config-if)#exit Get out of interface
A(config)#int f0/0 Enter a Fast Ethernet interface
A(config-if)#ip address 200.100.50.1 255.255.255.0 Assign IP
A(config-if)#no shutdown Interface turn on
A(config-if)#exit
A(config)#do show ip interface brief Check IP configurations
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.100.50.1 YES manual up up
Serial0/0 1.0.0.1 YES manual up up
Serial0/1 unassigned YES manual administratively down down Means (it isn’t made UP)
CCNA - 1 2 -
19. On Router 2:
Self decompressing the image:
########################################################################## [OK]
--- System Configuration Dialog ---
Continue with configuration dialog? [Yes/no]: No
Press RETURN to get started!
RouterEnable
Router#conf t Configurating terminal
Router(config)#hostname B
B(config)#int s0/0
B(config-if)#ip address 1.0.0.2 255.0.0.0
B(config-if)#clock rate 64000 Must for DCE porti
B(config-if)#encapsulation PPP Only on Serial connections
B(config-if)#no shutdownii
B(config-if)#exit
B(config)#int f0/0
B(config-if)#ip address 200.100.100.1 255.255.255.0
B(config-if)#no shutdown
B(config-if)#exit
B(config)#doiii show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.100.100.1 YES manual up up
Serial0/0 1.0.0.2 YES manual up up
Back to Router 1:
A(config)#ip route 200.100.100.0 255.255.255.0 1.0.0.0 Mention route in Static routing
A(config)#do show ip route Check routing table
C 1.0.0.0/8 is directly connected, Serial0/0 Directly connected
C 200.100.50.0/24 is directly connected, FastEthernet0/0
S 200.100.100.0/24 [1/0] via 1.0.0.0 Mentioned through routing
Back to Router 2:
B(config)#ip route 200.100.50.0 255.255.255.0 1.0.0.0 STATIC ROUTINGiv
B(config)#do show ip route
C 1.0.0.0/8 is directly connected, Serial0/0
S 200.100.50.0/24 [1/0]v via 1.0.0.0
C 200.100.100.0/24 is directly connected, FastEthernet0/0
B(config)#do ping 200.100.50.1 Check direct connectivity
!!!!! Connection success sign but (.....) is connection failed sign
On Router 1:
A(config)#do ping 200.100.100.1
!!!!!
: While assigning IP for PCs: PC1 (IP 200.100.50.2, Subnet 255.255.255.0, Default gateway
200.100.50.1i) but PC2 (IP 200.100.100.2, Subnet 255.255.255.0, Default gateway 200.100.100.1)
i The clock rate is must on a DCE (Female) serial port for synchronization.
ii While making further changes on an interface it should be turned down by the use of (shutdown) command.
iii This “Do” is used before a command from “User privilege mode” to enforce it run at “Configuration mode”.
iv For canceling any of the defined routes just use (no) command before that routing command.
v (1) shows the AD (Administrative Distance) and (0) shows METRIC (number of Hopes) for a route.
CCNA - 1 3 -
20. 04-01-10
6!)-),#: default routing is also called default static routing, it has got less overhead
than static routing with the best (AD = 0), but the most important point is; default routing is configured where
only one exit pointii exists on the router otherwise, loop will occur whilst the packet will be moving round the
network but gets to no LAN network. For default routing; no route is defined in routing table but only one line
starting with (S*) sign that defines a default route. As we see in example below: here default routing is
configured only on Router D because the only exit point is from (S0/0), no other exit point but on (A, B, C)
routers we define all networks statically as before:
Now in this model we see that Router A has got 3 exit
interfaces, Router B has got 2 exit interfaces, and
Router D also has got 2 exit interfaces so we can’t
configure Default routing on them but as we see that
Router C has got only one exit interface (highlighted
in blue). So after all IP configurations on routers and
Static routings for (A, B, C) routers at last we can
configure default routing on Router D as defined only
by one line for its exit point: [C (config)#IP route
0.0.0.0 0.0.0.0 4.0.0.0] and on its routing
table, it is shown as: (S* 0.0.0.0/0 [1/0]
via 4.0.0.0) which is different from other
routers’ routing table.
Default routing model
05-01-10
,!$),#: The routing which follows some algorithms (set of rules called protocols)
is called dynamic, it is also easy to configure and troubleshoot as compare to Static routing, every protocol is
defined for its specific metric that it uses, some of them makes and works on all (Routing, Neighbor,
Topology) tables but some works only on routing tables. This is the routing in which routers check all
(protocols, links, connectivity for neighbor routers etc) then every router sends the collected information to its
all neighbor routers as a packet called “Update packet”, if a router receives no update packet from its neighbor
router then it puts a cross on that neighbor. Dynamic routing’s protocols are defined in Types and Classes:
.$- : protocols are defined in three types as following:
1. Routing Information Protocol: its metric that it works on is hop-counts and its examples are RIP, RIPv2.
2. Interior Gateway Protocol: its metric is Bandwidth (link’s capacity) and runs on only one Autonomousiii
inside as IGRP (Interior Gateway Routing Protocol) it’s Cisco’s proprietary but very weak.
3. Exterior Gateway Protocol: it has no relation inside a network but it work on the outgoing connectivity
of a network as an outstanding, and strong protocol but inside a network it’ll be the weakest one, it’s not
corrupt shortly but again its information is update by user as: BGP (Border Gateway Protocol).
.$--!: protocols are classified into three classes as following:
1. Distance vector protocol: for its distance measuring vector it uses Hop-counts and always follows the
less number or hops as RIP, RIPv2, and IGRPiv.
i PCs’ default gateway is always the IP assigned on router’s interface joining same network.
ii Only Serial or peer to peer connectivity is called an “exit point” for a router, not a fast Ethernet.
iii A huge size of network by routers connected to the only network is called one “Autonomous System” AS.
iv IGRP uses bandwidth but while facing equal hop-counts; it prefers to follow high bandwidth.
CCNA - 1 4 -
21. 2. Link state protocols: considering its distance measured, always the shortest path is followed and works
on all three tables as OSPF (Open Shortest Path First) which is a widely used, and reliable protocol for
interior and different autonomous system networks.
3. Hybrid protocols: it is mixed up of both first and second protocol classes and uses its specifics as EIGRP
(Enhanced Interior Gateway Routing Protocol) which also works on different Autonomous systems.
06-01-10
RIP: RIP is a distance victor protocol that sends update packets to neighborly connected routers; duration
between two update packets sent is (30sec) called “update timer”, if no update packet is sent by a router for
(180sec) called “Invalid timer” then it is marked as invalid for neighbor router, after invalid timer “Hold down
timer up to 240sec” starts during which an echo packet is sent by neighbor router and waits for reply, but if till
240sec no reply received then the next “Flash timer” starts in which the down router is removed from neighbor
routers’ routing table. Maximum number of hops for RIP is 15, means that RIP can be configured over 15
routers’ network, while trying to connecting the 16th router on RIP a “Destination unreachable” massage is
shown so it is efficient for small network to the range of 15 routers. The AD value for this protocol is 120. Ripi
supports only class-full routing because no subnet mask information is sent in update packets. Rip supports 4 to
6 serial “up” connectivity at a time for two routers called “Equal load balancing” but no support of down
connectivity for backup on its topology table called “Unequal load balancing”. The algorithm used by RIP is
called “Belemenford algorithm”. For configuring RIP on a router use (router RIP ) command, then add
all networks directly connected to the router by mentioning their network IP via command as (network
1.0.0.0 Exit) on all routers joining a network.
07-01-10
RIP configuration: here we can see that after all interfaces’ IP configured then dynamic routing is configured
on two routers using RIP protocol just by opening the Rip’s command and define all directly connected network
to the router as following:
Router A:
A(config)#router rip
A(config-router)#network 1.0.0.0
A(config-router)#network 200.100.50.0
A(config-router)#exit
Router B:
B(config)#router rip
B(config-router)#network 1.0.0.0
B(config-router)#network 200.100.100.0
B(config-router)#exit
On routing table the network connected to a router via rip is
shown as you see here on router B:
(R 200.100.50.0/24 [120/1] via 1.0.0.1, 00:00:12, Serial0/0)
08-01-10
RIP version 2: in short to explain that all other specifics between RIP and RIPv2 as (Metric, AD, timers, and
maximum router’s support on one network) are same but two major differences are:
1. RIPv2 supports classless routing since it is sending the subnet mask information in update packets so
VLSM is also supported by RIPv2.
2. RIPv2 is introduced with a multicasting feature as it has a multicast IP address (244.0.0.9) but RIP was
able to unicast only, no multicasting on RIP.
While configuring RIPv2 the only difference is the use of (version 2 ) command after opening RIP.
11-01-10
i In RIP configured network the only CIDR value for all classes of IP is supported.
CCNA - 1 5 -
22. RIPv2 configuration: check here that after all interfaces’ IP configured then dynamic routing is configured on
two routers using RIPv2 protocol just by opening the Ripv2’s command and define all directly connected
networks to the router as following:
A(config)#router rip
A(config)#version 2
A(config-router)#network 1.0.0.0
A(config-router)#network 200.100.50.0
A(config-router)#exit
B(config)#router rip
B(config)#version 2
B(config-router)#network 1.0.0.0
B(config-router)#network 200.100.100.0
B(config-router)#exit
If routers are connected in a circle so one router’s LAN will be
shown twice in routing table with different hops because it will be available via both paths.
12-01-10
IGRP (Interior Gateway Routing Protocol): This routing protocol which is a Cisco proprietary, is an interior
gateway protocol, it is from distance vector class and works on different autonomous systems. This protocol is
developed to overcome the RIP problems seeing that IGRP includes 100 hop-counts for best service but it is
scalable to its maximum support of 255 hop counts. IGRP has 90 seconds update timer. By default “hop-count”
is the metric for IGRP but due to providing both equal and unequal load balancing (bandwidth delay) is also
used called composite metrics for it, some non-default metrics as (Reliability, Load, and MTUi) are used. The
algorithm followed by IGRP is “Belmenford”, having the “AD = 100”. IGRP is a class-full routing protocol, but
finally to declare that IGRP is the older version so not used anymore. The sample configuration on a router is
simple as starting with (Router IGRP 1) command where “1” is the number of AS, that is to be same for all
routers then continue the commands for advertising directly connected networks.
13-01-10
EIGRP (Enhanced Interior Gateway Routing Protocol): it is an interior gateway protocol, enhanced or
advanced distance vector protocol that also contains some features from Link state protocol class so it is a kind
of hybrid class protocols, because by default its metric is hop-count (Best till 100 routers, scalable to 255) but
being the best protocol for unequal load balancing; it uses composite and non-default or secondary metrics as
used by IGRP. Only at network’s upping time EIGRP sends an update packet to neighbor routers after that in
each update timerii only an “echo packet” is sent, no update packet anymore until any change occurs in
network’s topology; this results to maximize bandwidthiii and lessen chocking on network. EIGRP is rapid
convergence (spread fast over network) protocol, which can work on different AS. The algorithm followed by
EIGRP is “DUAL (Diffusing Update Algorithm)”, and this is the best protocol of Cisco proprietary with the
reliable AD of 90. EIGRP is a classless routing protocol that supports VLSM, CIDR and Multicasting. Wildcard
mask configuration, which is used for blocking and permitting networks and users, is also supported by the
mentioned protocol, but its configuration is optional as an example (wildcard mask for 255.0.0.0 is
0.255.255.255). Not to forget that beside IPv4 this protocol supports IPv6 as well. The ease in configuration is
to open it by (router EIGRP 1) command and advertise all directly connected networks to a router.
i MTU stands for Maximum Transmission Unit.
ii The update timer for EIGRP is also same as IGRP (90 Sec).
iii Also called low bandwidth utilization that means network resources utilization.
CCNA - 1 6 -
23. 14-01-10
EIGRP configuration: After all interfaces’ IP configured then dynamic routing is configured for two routers
using EIGRP protocol just by opening the EIGRP’s command and advertise all directly connected networks to
the router as following:
A(config)#router EIGRP 1
A(config-router)#network 1.0.0.0 0.255.255.255
A(config-router)#network 200.100.50.0 0.0.0.255
A(config-router)#exit
B(config)#router EIGRP 1
B(config-router)#network 1.0.0.0 0.255.255.255
B(config-router)#network 200.100.100.0 0.0.0.255
B(config-router)#exit
When routing table was checked on Router A, shows this result:
(D 200.100.100.0/24 [90/2172416] via 1.0.0.2, 00:00:13, Serial0/0) as it
is seen that EIGRP route is defined by the letter “D”. Its metric is something different not “hop-counts”; so
don’t forget that EIGRP is showing MTU, which is not a default metric but a secondary metric.
15-01-10
OSPF (Open Shortest Path First): OSPF is a link state protocol that chooses the shortest path first. The
algorithm followed by OSPF is called “Dikjkastra”, and it follows IETF open standard’s both version 1 2.
OSPF is an extra-scalable protocol for as much routers on a network. This is a rapid convergence protocol as
compare to RIP and RIPv2 but not as EIGRP. OSPF, which maintains and works on all three (Routing,
Neighbor, and Topology) tables, has an update timer of “40sec”. OSPF contains two types of network as:
1. Multi-access network: in such a network all routers are connected by “Fast Ethernet” via “Cross over”
cables (no serial connectivity), and no routing update is sent. This network contains one “Designated
Router (DR)” that saves self-whole network’s topology and routing information from/to other routers; if
a new router joins the network, it requests the “DR” for topology then DR sends it as a packet. Self DR
is elected by two manners:
a. If all routers are upped at a time then based on some rules DR election occurs.
b. If all routers are not upped at a time then the router, loaded first, becomes the DR.
After DR in a multi-access network there is “Backup Designated Router (BDR)” that automatically becomes
DR, if network’s DR downs due to any problem. And all other network’s routers are called “DR other”.
DR election rules: the following steps are obeyed in router’s interface selection as DR of a network:
a. Router ID: every router has got a virtual or logical interface that supports up to (10) IP addresses
(0-9) called loopback IP. If any of this IP is advertisedi on the routing protocol, it becomes that
router’s ID, which can’t be same for two routers in one network. So the first option noted for DR
election is the highest Router-ID to which an interface is attached.
b. Interface priority: when router is elected then its interfaces’ priority is checked, since a higher
priority is elected; by default each interface’s priority is 1.
c. If priority is not set or is remained by default then at third and last step higher interface IP is
elected. When DR is elected the second choice is for BDR.
These steps are followed only in case of router’s circle connectivity but if routers are connected as in a tree
then only Router-ID is check for DR election; the highest R-ID becomes DR after then BDR is elected.
2. Point to point network: this network is used on different ASes each AS contains areas inside as
following:
a. Area 0, which is called the backbone area, is the main and center area for an AS.
b. Other areas, which surround “area 0” and are connected to it, are called border areas.
OSPF is a classless protocol that supports VLSM, CIDR and multicasting through the fixed IP (244.0.0.5), it
possesses the AD value of (110) and it is a multi-venderii protocol too. OSPF supports both IPv4 IPv6, its
i Router-ID is not implemented until OSPF is not reloaded by (clear IP OSPF process) command in user privilege mode.
ii Multi-vender means that it can be implemented on non-Cisco devices.
CCNA - 1 7 -
24. metric is called “Cost”; the link with lowest cost value is more reliable and can provide high bandwidth. OSPF
provides equal and unequal load balancing for unlimited connections, while unequal load balancing the primary
backup link, which is defined by cost value, is called “Feasible successor” that is to replace primary link if it
turns down. While advertising networks on OSPF, wildcard and area definition is must. The easy configuration
is to start OSPF with (router OSPF 1) command and advertise the directly connected networks including
wildcard and specific area for a router.
16-01-10
OSPF configuration: After all interfaces’ IP configured then dynamic routing is configured for two routers
using OSPF protocol just by opening the OSPF’s command and advertise all directly connected networks to the
router including their wildcard mask and area, which are must for OSPF as following:
A(config)#router ospf 1
A(config-router)#network 1.0.0.0 0.255.255.255 area 0
A(config-router)#network 200.100.50.0 0.0.0.255 area 0
A(config-router)#exit
B(config)#router ospf 1
B(config-router)#network 1.0.0.0 0.255.255.255 area 0
B(config-router)#network 200.100.100.0 0.0.0.255 area 0
B(config-router)#exit
Observing the routing table for router “B” it’s seen that the path guided
through OSPF is shown with the “O” letter, metric is “Cost”, and default
AD is “110” as (O 200.100.100.0/24 [110/782] via
1.0.0.2, 00:06:12, Serial0/0). Some extra commands used with protocols:
1. Show controllers int: to get information about the connectivity of any port.
2. Clear IP ospf process: used to reload all OSPF settings.
3. Show IP ospf process: used to check all processes running with OSPF.
18-01-10
25. -$!$!-$)-!,
wildcard is calculated from subnet mask implemented to an interfaces’ IP as the subnet mask minus
(255.255.255.255) value for example: a router’s serial interface’s IP is (1.0.0.1 255.255.224.0), as seen this is a
subnetted mask for class A, and the network IP advertised on OSPF as (1.0.0.0/19) then its wildcard is counted
like: (255.255.255.255 – 255.255.224.0 = 0.0.31.255) and defined for OSFP.
:
On some switches we get additional ports as “Giga”, these ports use Fast Ethernet Cat 6i cables.
WR: this command is used after each configuration to save them for startup memory.
Ctrl + Shift + 6: this is the shortcut key for translation canceling.
i Cat 6 cables transfer over 1000mbps data used with Giga port.
CCNA - 1 8 -
27. 2
Starting with OSI layer-2, which is called data link layer (DLL) and includes two further layers inside namely
called MAC layer to control physical media interacting with physical layer and second is LLC interacting with
network layer to control logical links. As mentioned before, the device used in this layer is called switch that are
also of two types as L2 switches and L3 switches.
$%
This device is used with small networks, which are limited networks; called local area networks (LAN) relating
one organization. For such networks the area range is not considered but signal range depending on media used
for a network as in the following table:
Remember that a half
duplex communication
can never facilitate you
as a full duplex
communication. Switch
works on MAC
addresses, which is a
Connectivity Range (meter) Speed (mbps) Communication type Cable type
Ethernet 10 10 Half duplex Cat-5
Fast Ethernet 100 100 Full duplex Cat-6e
Gigabit 1000 1000 Full duplex Cat-6u
10 Gigabit 10000 10000 Full duplex Cat-6u
100 Gigabit This is implemented but no standards applied by IEEE yet.
physical address embossed on LAN cards, it can’t be same for any two LAN cards in the world. Mac addresses
of all hosts connected to a switch is resolved by a protocol named “Address Resolution Protocol (ARP)” from
IP addresses sent to switch in reply to switch’s broadcast then saved on Mac table in switch. The main
difference between routing and switching is that; routing uses IP addresses for path definition but in switching
there is no path definition but IP address is used for host-to-host communication. The mechanism used in switch
for switching services is called “ASICs (A6)” to build their filter table inside switch’s processor.
20-01-10
Switch is single broadcast domain that means it has got a single passage for data travel and the data sessions in
switch is called data frames. The time period while frame entry from one port and getting out of other port or in
other words the time, during which a data frame is inside a switch is called “Latency” so less latency switch is
considered the best. L2 switches has no routing capability but L3 switches provides routing capabilities due to
having SUP (Supervisor Engine) beside A6 mechanism. Some Cisco switch models are these:
Switching has two levels of failure namely High
point of failure that happens due to more boxes
connected in line, and second is Less point of
failure as failure is decreased by using less boxes
that L3 switch 6500 is used as best solution.
There is a rule in switching called (80-20), which
means on a LAN network; 80% of its traffic
should depend on local hosts and only 20% of its
traffic depends on out-network (e.g. internet…).
Type of Switch Models number Situation
L2 1900, 2900, 5000 EOS EOL
L3 3550, 3560 EOS
L2 2950 EOS
L2 L3 2950, 3550, 3560 TMM
L3 400, 4500, 6000, 6500* TMM
* 6500 is the latest model, which is all in one (Switch, Router,
xxviii
ASA)
As mentioned before that switch is a single broadcast domain resulting that LAN works in a single broadcast
domain and uses the network broadcast IP address, so in order to break a single broadcast into multiple
broadcasts, an option is introduced called VLAN (Virtual LAN) and its process is called “virtual local area
networking”.
21-01-10
: by default a switch supports 255 VLANs but only 5 of them are usable in which VLAN 1is for
user by default and the rest are for administrative functions, the action of creating VLANs only makes existing
VLANs usable. The number of VLANs depends on switch’s IOS as well; if a switch has enterprise IOS it
supports (1-1005) VLANs but if switch’s IOS is non-enterprise, its maximum support of VLANs is (64) and
only some of them can support up to (128) VLANs. By default all switch ports are included in VLAN 1, until
xxviii EOS = End Of Sale, EOL = End Of Life, TMM = Top Most Models, ASA = is a name for “firewall” device.
CCNA - 1 9 -
28. you define them for other VLANs then broadcast domain is broken not before, but remember that one port can
be defined only for one VLAN. A short definition for VLAN can be (All local area networks in a box). When
VLANs are defined on a switch then a VLAN databasexxix or record is created then the mentioned database is
exchanged between switches based on some rules called “VLAN Trunking Protocol (VTP)” via trunking. There
are two types of connectivity between switches the first one is Access (on access connectivity only one VLAN’s
data travels) the second one is Trunk that any VLAN’s data travels on it.
Configuration:
A(config)#vlan 2 Two create 2nd VLAN.
A(config-vlan)#name sales Assign name for VLAN.
A(config-vlan)#exit Get the VLAN mode.
A#sh vlan br Check VLANs.
VLAN Name Status Ports
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
2 sales active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
22-01-10
.),,#.$-(
Starting with some of the VTP status:
1. VTP version: VTP has got two versions (1 2), but on switch version 1 runs by default and its 2nd
version has got its maximum support as (token ring…).
2. VTP revision number: higher revision number is preferred for dominance, for example the switch with
high revision number overrides a switch with lower revision number means while database exchange
always high revision number’s switch overwrites its database on lower revision number’s switch.
3. VTP modes: switches are configured on three modes for VTP as:
a. Server mode: the switch with high revision number should be configured as server and VLANs
are always created on server, because its data is copied on clients.
b. Client mode: the switch wanted to get the database from any server mode switch then its mode is
changed into client.
c. Transparent mode: a switch with transparent mode is used only as a bridge between a server
mode switch and client mode in order to transfer the database from server switch to client switch,
no database is copied on transparent mode switch.
VTP mode always overrides VTP revision number for example a server switch’s database is always copied
on client though client switch’s revision number is being higher then server switch’s revision number.
4. VTP domain: it is strongly recommended that a domain name must be given for server switch then the
same domain name is transferred to other client switches so domain name must be same for all switches
otherwise no database exchange will take place.
5. VTP password: same as domain name, VTP password is also recommended to be same for all switches,
domain name is automatically sent to other switches but database exchange occurs when same VTP
password is set on any client mode switch.
xxix If any change occurs in VLAN database, in real time devices it takes 300 Seconds to exchange the database.
CCNA - 2 0 -
29. )$,#xxx: there are two types of Trunking as DTP manual:
1. Trunking via DTP (Dynamic Trunking Protocol): in dynamic Trunking protocol two connected ports get
different status as “Auto” that is looking for any other port to communicate to but the other end is
“Desirable” that is waiting for any “auto” port to communicate with, communication starts between a
pair of “auto desirable” ports, as media is connected between two switches then a DTP starts by
default but can’t provide communication because at that time both ends are set in auto mode and auto-to-
auto communication is not possible. Once DTP is implemented on both sides then they start sending
only link updates to each other called DTP packets and the first packet is always initiated from Auto
mode interface.
2. Manual Trunking: manual Trunking is same as static routing that all paths were defined for routers and
here on both ends, Trunking is implemented manually, as mentioned before by default DTP starts and it
send DTP packets, and after implementing manual Trunking this packets are not stopped and they are
useless for network but dangerous due to hackers, so they must be stop manually while manual
Trunking. If a manual Trunking is changed back to DTP these packets transmission starts automatically.
Configurations:
1. VTP configuration: for configuring VTP (Mode, Domain name, Password) are specified for server
switch and on client only (Mode password) is configured as here on (A B) switches:
A(config)#vtp mode server
Device mode already VTP SERVER
A(config)#vtp domain YAMA
Changing VTP domain name from NULL to YAMA
A(config)#vtp password 123
Setting device VLAN database password to 123
A(config)#^Z
A#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : YAMA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest: 0x22 0x2C 0x06 0xB3 0x41 0x70 0x10 0
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
B(config)#vtp mode client
Setting device to VTP CLIENT mode.
B(config)#vtp password 123
Setting device VLAN database password to 123
B(config)#^Z
B#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : YAMA
VTP Pruning Mode : Disabled
xxx The trunked port is not shown in any VLAN so it is check by (show interface f0/1 switchport) command.
CCNA - 2 1 -
30. VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest: 0x22 0x2C 0x06 0xB3 0x41 0x70 0x10 0
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
As you see that domain name is automatically copied to client but after Trunking. The best practice is that first
configure Trunking then VTP configuration.
2. Trunking via DTP: Trunking is always configured in interface mode, always shut the interface then
configure Trunking, on which connected to other switch and in DTP it is must to define the interface
mode whether “auto or desirable” as following:
A(config)#int f0/1 Move to interface.
A(config-if)#shutdown Turn it down.
A(config-if)#switchport mode dynamic auto Allow DTP auto port.
A(config-if)#no shutdown Up the interface back.
A(config-if)#exit
A#show interfaces f0/1 switchport Check the Trunked switch.
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
B(config)#int f0/1 Move to interface.
B(config-if)#shutdown Turn it down.
B(config-if)#switchport mode dynamic desirable Allow DTP desirable port.
B(config-if)#no shutdown Up the interface back.
B(config-if)#exit
B#show interfaces f0/1 switchport Check the Trunked switch.
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
3. Trunking manually: in manual Trunking no mode is defined for interface, but not to forget that stopping
hackers is necessary (stop DTP packets exchange) because they are of no use any more so using the
(switchport nonegotiate) as following:
A(config)#interface f0/1
A(config-if)#shutdown
A(config-if)#switchport mode trunk
A(config-if)#switchport nonegotiate
A(config-if)#no shutdown
A(config-if)#exit
A#show interfaces f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
B(config)#interface f0/1
B(config-if)#shutdown
B(config-if)#switchport mode trunk
B(config-if)#switchport nonegotiate
B(config-if)#no shutdown
B(config-if)#exit
B#show int f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
CCNA - 2 2 -
31. 23-01-10
. !,,,#.$-(xxxi
As it clear that data always follows the lower cost (high bandwidth), and the cost for between switches’
connectivity is always lower then a broadcast domain’s cost; observing the upper examples; in figure 1: it’s
seen that there is a 2nd link as a backup so when the data enters a switch from any of primary or backup link
then it gets lower cost than broadcast domain at other backup or primary link then it goes back to its previous
switch repeating this action ends with loop occurrence. Or in figure 2: when data enters any switch then it gets
lower cost at second port instead of switch’s broadcast domain finally data follows a circle ending with loop
occurrence. For avoiding these loops, there is a protocol running on every switch, called STP that blocks some
links automatically. STP is an automatic protocol used for loop avoidance; in STP there are two statuses for
switches as 1st one is called “Root Bridge (RB)”, which is elected based switch’s “lowest priority” or in case of
equal priorities “highest MAC address” is accepted, is the captain for a network, and the remaining switches
joined that network comes in 2nd status called “Non-Root Bridge (NRB)”. This election is not stable and can be
changed by lowering the priority of any switch than RB others so it becomes the RB of network. STP provides
some roles for ports as well;
1. Designated Port (DP): ports sending BPDU, and in a Root Bridge all ports are DP and send best BPDU.
2. Root Port (RP): ports receiving BPDU/best BPDU; exist in all NRPs.
3. Non-Root Port (NRP): those ports blocked by STP, and can’t receive BPDU.
BPDU (Bridge Protocol Data Unit) is the name of update packets in switching. In RB all of its ports become
DP but in NRB a DP ports is elected based on higher priority, the DP ports on a RP sends the best BPDU
but DP ports on other switches can’t send best one but only BPDU and finally NRP is used by STP for
blocking any port to avoid loops.
After connecting cable to switches, it takes 52 seconds while upping the ports in which ports gets following
states as: for the first 20 seconds its two states are Blocking (Receiving BPDU) and Learning (Send and
Receive BPDU), then 15 seconds is for third state called Listening (Creating MAC table), the last (1-16)
seconds is for forth state called Forwarding (forwarding frames), at 52nd second the port is upped and its
color turns green from umber color. In the first condition, if the primary link is down the backup
link automatically ups as a primary and NRP is changed to RP with the help of automatic protocol of STP.
xxxi STP is an automatic protocol so it’s not manually needed to block or unblock any port, it does all automatically.
CCNA - 2 3 -
32. 25-01-10
, ),#: this is an old scenario used to provide communication between
VLANs in a switch but using a router port via trunk connection. In this case a switch depends on a fast Ethernet
port from router, by creating multiple logical ports in a router’s physical port for each VLAN, because in this
case only Layer-2 switch is used, also considered as a high point of failure due to multiple boxes used.
Forwarding with configuration: as seen Switch is connected to router by (F0/1) trunk link, encapsulated to
(dot1Q).
Switch:
A(config-if)#exit
A(config)#int f0/1
Router:
A(config-if)#shut
A(config)#int f0/0.10
A(config-if)#switchport mode trunk
A(config-subif)#encapsulation dot1Q 10
A(config-if)#switchport nonegotiate
A(config-subif)#ip add 10.0.0.1 255.0.0.0
A(config-if)#no shut
A(config-subif)#no shut
A(config-if)#vlan 10
A(config-subif)#exit
A(config-vlan)#exit
A(config)#int f0/0.20
A(config)#vlan 20
A(config-subif)#encapsulation dot1Q 20
A(config-vlan)#exit
A(config-subif)#ip add 20.0.0.1 255.0.0.0
A(config)#int f0/10
A(config-subif)#no shut
A(config-if)#switchport access vlan 10
A(config-subif)#exit
A(config-if)#exit
A(config)#int f0/0
A(config)#int f0/20
A(config-if)#no shut
A(config-if)#switchport access vlan 20
A(config-if)#exit
On any PC run (Tracert destination IP) command to troubleshoot any path failure problem.
26-01-10
)--!$%,#(
This scenario is the outcome of previous one inside a single box, used for same purpose as to provide
communication for VLANs in a switch with the help of a layer-3 switch only. In this case only Layer-3 switch
is used, and considered with less point of failure due to using only one box replacing router and switch both. In
this case an alone L-3 switch provides both Multilayer switching and interVLAN routing, that’s why it is called
a multilayer switch too (it provides both switching for “Physical layer” routing for “Network layer”). Moving
to configuration; as observed in the model below, only switch helps us for both routing and switching, VLANs
are defined with their specific IP address and ports, all in existence on a L-3 switch.
Switch:
B(config)#int f0/10
B(config-if)#switchportxxxii
B(config-if)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10xxxiii
B(config-if)#exit
B(config)#int f0/20
B(config-if)#switchport
xxxii This command forces any Port to work as a switch’s port not for routing.
xxxiii If a VLAN doesn’t exist and you assign any port to it then that VLAN is created automatically.
CCNA - 2 4 -
33. B(config-if)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
B(config-if)#exit
B(config)#int vlan 10
B(config-if)xxxiv#ip add 10.0.0.1 255.0.0.0
B(config-if)#exit
B(config)#int vlan 20
B(config-if)#ip add 20.0.0.1 255.0.0.0
B(config-if)#exit
At a time some commands can be applied on two or more ports but by selecting them as a range, in this
command for configuring two interfaces of fast Ethernet: (int range f0/1-2)
The difference between Juniper’s PIX firewall and Cisco’s ASA firewalls is that PIX is used before defense
line router because it doesn’t support WAN connections but ASA is used after last router on exact defense
line because of having support for WAN connections.
xxxiv In this case IP is assigned to VLANs not to ports.
CCNA - 2 5 -
34. 27-01-10
8
A network’s security is considered in two parameters as following:
1. External parameters: depending on firewalls or routers at the defense line of a network.
2. Internal parameters: the security state depending on internal routers also called additional security that is
implemented on various parts of a network according to administration choice and mostly implemented
through Access Control List (ACL).
Security is implemented on a network for avoiding some threats that’s to be denied, some examples below:
1. Denial of services (DoS): it checks packet headers and drops to find any suspected packet.
2. Trojan horse attack: this attacks a network to maintain connection with any network outside.
3. Distributed denial of services (DdoS): all running services are stopped on a network.
4. Packet sniffing: mostly happens in telecommunication, a copy of any packet is received by hacker.
5. Password attacks: discovering user passwords.
6. IP sniffing and spoofing attack: revealing any IP address that later on, it can be changed, deleted … etc.
$$,-(
ACL is used for securing the inside portion of an internetwork by categorizing packets, which helps to control
network traffic by user privilege or by analyzing packet traffics, to stop unwanted traffic across the network,
based on packet IP for forwarding purpose. ACL has got three types as following:
1. Standard ACL: this type is implemented at network’s own side router or end terminal to control
outbound (Outgoing) traffic.
2. Extended ACL: the type configured on other end router to control inbound (incoming) traffic from other
routers.
3. Named ACL: this type can be any standard or extended ACL but the only difference is the name given
to them.
28-01-10
!,!$,6#)!,
Observing the following diagram; a standard ACL is configured to stop outbound traffic for all hosts in
(200.100.50.0) network except the host with (200.100.50.2) IP
address, so after running any type of routing then we see the
mentioned network is connected to the (A) router so we implement
an ACL on the same router to be a standard one as:
A(config)#access-list 1 permit host 200.100.50.2
A(config)#access-list 1 deny any
A(config)#int s0/0
A(config-if)#ip access-group 1 out
A(config-if)#exit
A#show ip access-lists
Standard IP access list 1
permit host 200.100.50.2 (4 match(es))
deny any (4 match(es))
The access-list number range (0-99) shows Standard ACL and the range of (100-199) shows an extended ACL.
On serial interface the command (Out) is given due to standard ACL for outbound traffic.
Note: remember that (out) command can be given on Fast Ethernet interface also more useful and best unless
there are VLANs defined for that port because it causes blocking interVLAN communication.
CCNA - 2 6 -
35. 29-01-10
9,$,6#)!,
Observing the coming diagram; an extended ACL is configured this time stopping inbound traffic to
(200.100.100.0) network “Wildcard is must” from all hosts in (200.100.50.0) network excluding the host with
(200.100.50.3) IP address, so after running any type of routing then observing that the destination network
(200.100.100.0) is connected to (B) router so the ACL is implemented on the same router (maybe via telnet
connection) to be a extended one for the network (200.100.50.0) connected to router (A), important to mention
that an extended ACL is recognized by its value in a range of (100-199), as:
B(config)#access-list 101 permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
B(config)#access-list 101 deny ip any any
B(config)#int s0/1
B(config-if)#ip access-group 101 in
B(config-if)#exit
B#show ip access-lists
Extended IP access list 101
permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
deny ip any any
Here it is observed that ACL number is (101) being the
extended one, and interface command is changed to (in) to
filter only inbound traffic. If you want to deny traffic only
from (200.100.100.0) network, not from the whole router,
S0/1
then you must run (in) command only on (B) router’s fast Ethernet port.
!$,6#)!,
As mentioned before; a named access-list can be either standard or extended; depending on the condition a
standard named ACL or an extended one can be implemented.
Correlated to the diagrams before a standard ACL for (Admins) and an extended ACL (Sales) in named ACL
commands goes as following:
A(config)#ip access-list standard ADMINS
A(config-std-nacl)#permit host 200.100.50.2
A(config-std-nacl)#deny any
A(config-std-nacl)#exit
A(config)#int s0/0
A(config-if)#ip access-group ADMINS out
A(config-if)#exit
A#show access-lists
Standard IP access list ADMINS
permit host 200.100.50.2
deny any
B(config)#ip access-list extended SALES
B(config-ext-nacl)#permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
B(config-ext-nacl)#deny ip any any
B(config-ext-nacl)#exit
B(config)#int s0/1
B(config-if)#ip access-group SALES in
B(config-if)#exit
B#show access-lists
Extended IP access list SALES
permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
deny ip any any
CCNA - 2 7 -
36. 30-01-10
2 (Network Address Translation)
Natting is used for translating one logical address to another logical address, now the question arises that what
is the need to translate an existing IP address as well as again to an IP address? The best answer it goes for can
be: that for a network the IP addressing is used from private address in each class of IP wherein (A: 10.0.0.0 to
10.255.255.255/ B: 172.16.0.0 to 172.31.255.255/ C: 192.168.0.0 to 192.168.255.255) but while
communicating with WAN, the network is unable to communicate through private IP addresses so for WAN
communication; a network needs some public IP addresses purchased. Now the problem is that for every host
on a network, it is too difficult to get a public IP due to its high prices, but by using a single public IP for a
complete network, natting provides facility to save money or in other words it can be defined as “Translating
Public IP to Private and its reverse is called natting”. There are three types of natting as:
1. Static natting: in static natting, one private IP is mapped to only one public IP statically, used while
mapping any gateway of a network to a single public IP purchased.
2. Dynamic natting: in this case a network of Public IP addresses is defined on router, needed while
multiple gateways are connected to a router and needs WAN communication, when each gateway
communicates to WAN from the group of Public IP present on router, one is dynamically mapped to that
gateway, which is not mapped to any other gateway, finally all gateways connected gets their public IP
to communicate WAN.
3. Overloading “Port Address Translation (PAT)”: its need is felt when again one wants to save public IP
addresses for multiple gateways connected to a router, through “overloading” all gateways can be
mapped to one and single Public IP address instead of one for each.
,6#),#!$
NAT statically by defining Public IP and Private IP; as in following example the port (Serial0/0) is connected to
WAN so its private IP (10.0.0.1) is mapped to a public IP (1.0.0.1) but it can be mapped with two conditions:
1. Data packets should own private IP coming inside the network and Public IP when sent to WAN:
A(config)#ip nat inside source static 10.0.0.1 1.0.0.1
A(config)#int s0/0
A(config-if)#ip nat outside
A(config-if)#exit
A(config)#int f0/0
A(config-if)#ip nat inside
A(config-if)#exit
In this condition packets use its private IP
(10.0.0.1) inside self network but while going on WAN, they use the public IP (1.0.0.1) as the result below
got by pinging border interface from both regions:
WAN-PCping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 1.0.0.1: bytes=32 time=110ms TTL=254
Reply from 1.0.0.1: bytes=32 time=79ms TTL=254
Reply from 1.0.0.1: bytes=32 time=94ms TTL=254
Reply from 1.0.0.1: bytes=32 time=93ms TTL=254
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 110ms, Average =
94ms
PC1ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=62ms TTL=255
Reply from 10.0.0.1: bytes=32 time=62ms TTL=255
Reply from 10.0.0.1: bytes=32 time=63ms TTL=255
Reply from 10.0.0.1: bytes=32 time=62ms TTL=255
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 63ms, Average =
62ms
Comparing both results: it is observed that the reply to WAN region from border router is from (1.0.0.1),
means that packet sent on WAN possesses the Public IP but in reply to internal region shown in 2nd column,
packet uses the IP assigned to the interface that means packet is using its private IP inside network.
2. This time data packets work opposing the first condition; they use private IP addresses on WAN and
public IP inside, configured by changing some parameters as:
CCNA - 2 8 -
37. A(config)#ip nat inside source static 10.0.0.1 1.0.0.1
A(config)#int s0/0
A(config-if)#ip nat inside
A(config-if)#exit
A(config)#int f0/0
A(config-if)#ip nat outside
A(config-if)#exit
This time the results for WAN side and network side replace each
other due to packet’s IP holding decision change. (Private IP used
for WAN and Public IP inside network).
01-02-10
,6#),#,!$
The important points to remember in dynamic NAT are:
1. Dynamic NAT is configured mostly at border router for LAN gateways, so the network assigned on
serial connectivity toward WAN (router to WAN) must be any Public IP address.
2. The pool of public IP addresses that we want to map LANs’ gateways to; is taken from the network on a
network’s WAN connectivity.
Following such points let’s check an example diagram below: interface serial 0/0 is connected to (1.0.0.0)
network, which is a public network. Public IP addresses for mapping lower networks’ gateways to; is a pool of
IP addresses from the public network assigned on serial interface toward WAN, (1.0.0.3-1.0.0.5):
A(config)#ip nat pool YAMA 1.0.0.3 1.0.0.5 netmask 255.255.255.248
A(config)#access-list 1 permit 192.168.0.0 0.0.3.255
A(config)#ip nat inside source list 1 pool YAMA
A(config)#int s0/0
A(config-if)#ip nat outside
A(config-if)#exit
A(config)#int f0/0
A(config-if)#ip nat inside
A(config-if)#exit
A(config)#int f0/1
A(config-if)#ip nat inside
A(config-if)#exit
A(config)#int f1/0
A(config-if)#ip nat inside
A(config-if)#exit
In dynamic NAT and overloading translation occurs after
a packet sent, not before that. After IP translation all IP
addresses are classified according to their different states
as:
1. Inside Global: The IP used by a packet moving on the WAN, mostly the public IP addresses mapped for
gateways, are called inside global IP address for a network.
2. Inside local: The IP used by packet inside a network is called inside local IP addresses, mostly those
private IP addresses used on LANs connected to its corporate router.
3. Outside local: Those IP addresses that are the IP on the WAN to communicate to.
4. Outside global: The destination IP address for outbound packets is called outside global IP addresses.
All theses states of IP address are checked by running the command (show IP NAT translations):
A#show ip nat translations
Pro Inside global Inside local Outside local Outside global
Icmp 1.0.0.3:4 192.168.1.2:4 192.168.4.2:4 192.168.4.2:4
Icmp 1.0.0.4:5 192.168.2.2:5 192.168.4.2:5 192.168.4.2:5
Icmp 1.0.0.5:6 192.168.3.2:6 192.168.4.2:6 192.168.4.2:6
Icmp 1.0.0.5:1 192.168.1.2:1 192.168.4.2:1 192.168.4.2:1
Icmp 1.0.0.3:1 192.168.2.2:1 192.168.4.2:1 192.168.4.2:1
CCNA - 2 9 -
38. To get information about the NAT pool, then run this command (show IP NAT statistics):
A#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0
Inside Interfaces: FastEthernet0/0 , FastEthernet0/1 , FastEthernet1/0
Hits: 0 Misses: 3
Expired translations: 6
Dynamic mappings:
Inside Source
access-list 1 pool YAMA refCount 0
pool YAMA: netmask 255.255.255.248
start 1.0.0.3 end 1.0.0.5
type generic, total addresses 3 , allocated 0 (0%), misses 0
On the fifth line of this result (Expired translations) value is seen; this is the time that the translations is expired
after a time interval, depending on the routing protocol’s update timer duration. This happens in dynamic and
overloading only but not in static NAT.
02-02-10
,6#),# +-!,#
In “Overloading” IP addresses are saved but more important is money saved, by getting only one public IP
address from network’s WAN connected network and map the entire network’s LANs to that only IP address as
in this example:
A(config)#ip nat pool YAMA 1.0.0.1 1.0.0.1 netmask 255.255.255.252
A(config)#access-list 1 permit 192.168.0.0 0.0.3.255
A(config)#ip nat inside source list 1 pool YAMA overload
A(config)#int s0/0
A(config-if)#ip nat outside
A(config)#int f0/0
A(config-if)#ip nat inside
A(config)#int f0/1
A(config-if)#ip nat inside
A(config)#int f1/0
A(config-if)#ip nat inside
Now let’s take a glance on NAT translations’ table: that shows, all Private IP addresses on LAN gateways are
translated to the only Public IP address that is chosen form the public network on which WAN connection is
running, and later in NAT statistics table that “Overloading” also follows a translation expiry, depending on the
routing protocol’s update timer same as checked in dynamic NAT statistics table:
A#show ip nat translations
Inside global Inside local Outside local Outside global
1.0.0.1:13 192.168.1.2:13 192.168.4.2:13 192.168.4.2:13
1.0.0.1:16 192.168.2.2:16 192.168.4.2:16 192.168.4.2:16
1.0.0.1:19 192.168.3.2:19 192.168.4.2:19 192.168.4.2:19
1.0.0.1:1024 192.168.3.2:1 192.168.4.2:1 192.168.4.2:1024
1.0.0.1:1026 192.168.3.2:3 192.168.4.2:3 192.168.4.2:1026
1.0.0.1:1027 192.168.3.2:4 192.168.4.2:4 192.168.4.2:1027
A#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0
Inside Interfaces: FastEthernet0/0 , FastEthernet0/1 ,
FastEthernet1/0
Hits: 0 Misses: 3
CCNA - 3 0 -
39. Expired translations: 6
Dynamic mappings:
Inside Source
access-list 1 pool YAMA refCount 0
pool YAMA: netmask 255.255.255.252
start 1.0.0.1 end 1.0.0.1
type generic, total addresses 1 , allocated 0 (0%), misses 0
CCNA - 3 1 -
