Your SlideShare is downloading. ×
0
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
CCNA Training
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CCNA Training

3,222

Published on

This is CCNA Presentation

This is CCNA Presentation

Published in: Education
1 Comment
5 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,222
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
699
Comments
1
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent
  • Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent
  • Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent
  • Note: Once a port has been assigned to a VLAN, it cannot send or receive traffic from devices in another VLAN without the intervention of a Layer 3 device like a router. The 1900 can’t be configure as the VMPS. A CiscoWorks 2000 or CWSI management station or a Catalyst 5000 switch can be configured as the VMPS. In the future, dynamic VLANs may also offer membership based on other criteria such as protocol or application. Dynamic VLANs are covered in the Managing Cisco Switched Internetworks class.
  • 8 28 25 25 Purpose: Provide the student with the basic information Emphasize: Slide contents Transition:
  • Note: The 1900 only supports ISL trunking. ISL is Cisco proprietary. 802.1Q is an IEEE standard. Other trunk types: LANE (VLANSs over ATM) 802.10 (FDDI trunk)
  • Notes: VTP is a Cisco proprietary feature. VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. A VTP domain (also called a VLAN management domain) is one switch or several interconnected switches sharing the same VTP domain. A switch is configured to be in only one VTP domain. You make global VLAN configuration changes for the domain by using the Cisco IOS command-line interface (CLI), Cisco Visual Switch Manager Software, or Simple Network Management Protocol (SNMP). By default, a 1900 switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain. The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned. If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch then ignores advertisements with a different management domain name or an earlier configuration revision number. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE). If you configure a switch from VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.
  • Emphasize: Default VTP mode on the Catalyst switches is server. Be careful when adding new switches into an existing network. This is covered in more detail later.
  • Layer 2 of 2 Emphasize: The latest revision number is what the switches will synchronize to.
  • Emphasize: VTP prunning provides optimized flooding. Without VTP prunning, station A’s broadcast will be flooded to all switches whether they have any port in the red VLAN or not. Note: VLAN1 can’t be prunned. STP, CDP, VTP updates are sent on VLAN1. All switches in the switched network must support prunning or prunning will be disabled. Each trunk port maintains a state variable per VLAN indicating if the switch has any port assigned to a particular VLAN or not.
  • Notes: All switches in a VTP domain must run the same VTP version. The password entered with a domain name should be the same for all switches in the domain. If you configure a VTP password, the management domain will not function properly if you do not assign the management domain password to each switch in the domain. A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1, provided version 2 is disabled on the version 2-capable switch (version 2 is disabled by default). Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable version 2 on a switch, all of the version 2-capable switches in the domain must have version 2 enabled. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled. If there are Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain. In the lab, all the switches are set to VTP transparent mode.
  • Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent
  • Transcript

    • 1. © 2003, Cisco Systems, Inc. All rights reserved.
    • 2. 2
    • 3. Data NetworksSharing data through the use of floppy disks is not an efficientor cost-effective manner in which to operate businesses.Businesses needed a solution that would successfully addressthe following three problems:• How to avoid duplication of equipment and resources• How to communicate efficiently• How to set up and manage a networkBusinesses realized that networking technology couldincrease productivity while saving money. 3
    • 4. Networking DevicesEquipment that connects directly to a network segment isreferred to as a device.These devices are broken up into two classifications.• end-user devices• network devicesEnd-user devices include computers, printers, scanners, andother devices that provide services directly to the user.Network devices include all the devices that connect the end-user devices together to allow them to communicate. 4
    • 5. Network Interface CardA network interface card (NIC) is a printed circuit boardthat provides network communication capabilities to andfrom a personal computer. Also called a LAN adapter. 5
    • 6. Networking Device Icons 6
    • 7. RepeaterA repeater is a network device used to regenerate a signal.Repeaters regenerate analog or digital signals distorted bytransmission loss due to attenuation. A repeater does notperform intelligent routing. 7
    • 8. HubHubs concentrateconnections. In other words,they take a group of hostsand allow the network to seethem as a single unit.This is done passively,without any other effect onthe data transmission.Active hubs not onlyconcentrate hosts, but theyalso regenerate signals. 8
    • 9. BridgeBridges convert network transmission data formats as well asperform basic data transmission management. Bridges, asthe name implies, provide connections between LANs. Notonly do bridges connect LANs, but they also perform a checkon the data to determine whether it should cross the bridge ornot. This makes each part of the network more efficient. 9
    • 10. Workgroup SwitchWorkgroup switches addmore intelligence to datatransfer management.Switches can determinewhether data should remainon a LAN or not, and theycan transfer the data to theconnection that needs thatdata. 10
    • 11. RouterRouters have all capabilities of the previous devices. Routerscan regenerate signals, concentrate multiple connections,convert data transmission formats, and manage datatransfers.They can also connect to a WAN, which allows themto connect LANs that are separated by great distances. 11
    • 12. “The Cloud”The cloud is used in diagrams to represent where theconnection to the internet is.It also represents all of the devices on the internet. 12
    • 13. Network TopologiesNetwork topology defines the structure of the network.One part of the topology definition is the physical topology,which is the actual layout of the wire or media.The other part is the logical topology,which defines how themedia is accessed by the hosts for sending data. 13
    • 14. Physical Topologies 14
    • 15. Bus TopologyA bus topology uses a single backbone cable that isterminated at both ends.All the hosts connect directly to this backbone. 15
    • 16. Ring TopologyA ring topology connects one host to the next and the last hostto the first.This creates a physical ring of cable. 16
    • 17. Star TopologyA star topology connects all cables to a central point ofconcentration. 17
    • 18. Extended Star TopologyAn extended star topology links individual stars together byconnecting the hubs and/or switches.This topology can extendthe scope and coverage of the network. 18
    • 19. Hierarchical TopologyA hierarchical topology is similar to an extended star. 19
    • 20. Mesh TopologyA mesh topology is implemented to provide as muchprotection as possible from interruption of service.Each host has its own connections to all other hosts.Although the Internet has multiple paths to any onelocation, it does not adopt the full mesh topology. 20
    • 21. LANs, MANs, & WANsOne early solution was the creation of local-area network(LAN) standards which provided an open set of guidelines forcreating network hardware and software, making equipmentfrom different companies compatible.What was needed was a way for information to moveefficiently and quickly, not only within a company, but alsofrom one business to another.The solution was the creation of metropolitan-area networks(MANs) and wide-area networks (WANs). 21
    • 22. Examples of Data Networks 22
    • 23. LANs 23
    • 24. Wireless LAN Organizations and StandardsIn cabled networks, IEEE is the prime issuer of standards forwireless networks. The standards have been created within theframework of the regulations created by the FederalCommunications Commission (FCC).A key technology contained within the 802.11 standard is DirectSequence Spread Spectrum (DSSS). 24
    • 25. Cellular Topology for Wireless 25
    • 26. WANs 26
    • 27. SANsA SAN is a dedicated, high-performance network used tomove data between serversand storage resources.Because it is a separate,dedicated network, it avoidsany traffic conflict betweenclients and servers. 27
    • 28. Virtual Private NetworkA VPN is a private network that is constructed within a public networkinfrastructure such as the global Internet. Using VPN, a telecommutercan access the network of the company headquarters through theInternet by building a secure tunnel between the telecommuter’s PCand a VPN router in the headquarters. 28
    • 29. Bandwidth 29
    • 30. Measuring Bandwidth 30
    • 31. 31
    • 32. Why do we need the OSI Model?To address the problem of networks increasing in sizeand in number, the International Organization forStandardization (ISO) researched many networkschemes and recognized that there was a need tocreate a network model that would help networkbuilders implement networks that could communicateand work together and therefore, released the OSIreference model in 1984. 32
    • 33. Don’t Get Confused.ISO - International Organization for StandardizationOSI - Open System InterconnectionIOS - Internetwork Operating SystemThe ISO created the OSI to make the IOS moreefficient. The “ISO” acronym is correct as shown.To avoid confusion, some people say “InternationalStandard Organization.” 33
    • 34. The OSI Reference Model7 Application The OSI Model will be used throughout your6 Presentation entire networking5 Session career!4 Transport3 Network Memorize it!2 Data Link1 Physical 34
    • 35. Layer 7 - The Application Layer7 Application This layer deal with networking applications.6 Presentation5 Session Examples:4 Transport • Email • Web browsers3 Network2 Data Link PDU - User Data1 Physical 35
    • 36. Layer 6 - The Presentation Layer7 Application This layer is responsible for presenting the data in6 Presentation the required format which5 Session may include:4 Transport • Encryption • Compression3 Network2 Data Link PDU - Formatted Data1 Physical 36
    • 37. Layer 5 - The Session Layer7 Application This layer establishes, manages, and terminates6 Presentation sessions between two5 Session communicating hosts.4 Transport Example:3 Network • Client Software2 Data Link ( Used for logging in)1 Physical PDU - Formatted Data 37
    • 38. Layer 4 - The Transport Layer7 Application This layer breaks up the data from the sending host and6 Presentation then reassembles it in the5 Session receiver.4 Transport It also is used to insure3 Network reliable data transport2 Data Link across the network.1 Physical PDU - Segments 38
    • 39. Layer 3 - The Network Layer7 Application Sometimes referred to as the “Cisco Layer”.6 Presentation5 Session Makes “Best Path4 Transport Determination” decisions based on logical addresses3 Network (usually IP addresses).2 Data Link PDU - Packets1 Physical 39
    • 40. Layer 2 - The Data Link Layer7 Application This layer provides reliable transit of data across a6 Presentation physical link.5 Session4 Transport Makes decisions based on physical addresses (usually3 Network MAC addresses).2 Data Link PDU - Frames1 Physical 40
    • 41. Layer 1 - The Physical Layer This is the physical media7 Application through which the data,6 Presentation represented as electronic signals, is sent from the5 Session source host to the4 Transport destination host.3 Network Examples:2 Data Link • CAT5 (what we have)1 Physical • Coaxial (like cable TV) • Fiber optic PDU - Bits 41
    • 42. OSI Model AnalogyApplication Layer - Source HostAfter riding your new bicycle a few times inNewYork, you decide that you want to give it to afriend who lives in Munich,Germany. 42
    • 43. OSI Model AnalogyPresentation Layer - Source HostMake sure you have the proper directions todisassemble and reassemble the bicycle. 43
    • 44. OSI Model Analogy Session Layer - Source HostCall your friend and make sure you have hiscorrect address. 44
    • 45. OSI Model Analogy Transport Layer - Source HostDisassemble the bicycle and put different piecesin different boxes. The boxes are labeled “1 of 3”, “2 of 3”, and “3 of 3”. 45
    • 46. OSI Model Analogy Network Layer - Source HostPut your friends complete mailing address (andyours) on each box.Since the packages are toobig for your mailbox (and since you don’t haveenough stamps) you determine that you need togo to the post office. 46
    • 47. OSI Model Analogy Data Link Layer – Source HostNewYork post office takes possession of theboxes. 47
    • 48. OSI Model Analogy Physical Layer - MediaThe boxes are flown from USA to Germany. 48
    • 49. OSI Model Analogy Data Link Layer - DestinationMunich post office receives your boxes. 49
    • 50. OSI Model Analogy Network Layer - DestinationUpon examining the destination address,Munich post office determines that yourboxes should be delivered to your writtenhome address. 50
    • 51. OSI Model Analogy Transport Layer - DestinationYour friend calls you and tells you he got all 3boxes and he is having another friend namedBOB reassemble the bicycle. 51
    • 52. OSI Model Analogy Session Layer - DestinationYour friend hangs up because he is done talkingto you. 52
    • 53. OSI Model AnalogyPresentation Layer - DestinationBOB is finished and “presents” the bicycle toyour friend. Another way to say it is that yourfriend is finally getting him “present”.53
    • 54. OSI Model AnalogyApplication Layer - DestinationYour friend enjoys riding his new bicycle inMunich. 54
    • 55. Host Layers7 Application These layers only exist in the6 Presentation source and5 Session destination host4 Transport computers.3 Network2 Data Link1 Physical 55
    • 56. Media Layers7 Application6 Presentation5 Session4 Transport These layers manage3 Network the information out in2 Data Link the LAN or WAN1 Physical between the source and destination hosts. 56
    • 57. 57
    • 58. 58
    • 59. Data Flow Through a Network 59
    • 60. 60
    • 61. LAN Physical LayerVarious symbols are used to represent media types.The function of media is to carry a flow of informationthrough a LAN.Networking media are consideredLayer 1, or physical layer, components of LANs.Each media has advantages and disadvantages.Some of the advantage or disadvantage comparisonsconcern:• Cable length• Cost• Ease of installation• Susceptibility to interferenceCoaxial cable, optical fiber, and even free space cancarry network signals. However, the principal mediumthat will be studied is Category 5 unshielded twisted-pair cable (Cat 5 UTP) 61
    • 62. Unshielded Twisted Pair (UTP) Cable 62
    • 63. UTP ImplementationEIA/TIA specifies an RJ-45 connector for UTP cable.The RJ-45 transparent end connector shows eight colored wires.Four of the wires carry the voltage and are considered “tip” (T1 through T4).The other four wires are grounded and are called “ring” (R1 through R4).The wires in the first pair in a cable or a connector are designated as T1 & R1 63
    • 64. Connection MediaThe registered jack (RJ-45) connector and jack are the mostcommon.In some cases the type of connector on a network interfacecard (NIC) does not match the media that it needs to connectto.The attachment unit interface (AUI) connector allows differentmedia to connect when used with the appropriate transceiver.A transceiver is an adapter that converts one type ofconnection to another. 64
    • 65. Ethernet StandardsThe Ethernet standard specifies that each of the pins on anRJ-45 connector have a particular purpose. A NIC transmitssignals on pins 1 & 2, and it receives signals on pins 3 & 6. 65
    • 66. Remember…A straight-thru cable has T568B on both ends. A crossover (orcross-connect) cable has T568B on one end and T568A on theother. A console cable had T568B on one end and reverse T568Bon the other, which is why it is also called a rollover cable. 66
    • 67. Straight-Thru or CrossoverUse straight-through cables for the following cabling:• Switch to router• Switch to PC or server• Hub to PC or serverUse crossover cables for the following cabling:• Switch to switch• Switch to hub• Hub to hub• Router to router• PC to PC• Router to PC 67
    • 68. Sources of Noise on Copper MediaNoise is any electrical energy on thetransmission cable that makes it difficult for areceiver to interpret the data sent from thetransmitter. TIA/EIA-568-B certification of a cablenow requires testing for a variety of types ofnoise.Twisted-pair cable is designed to takeadvantage of the effects of crosstalk in order tominimize noise. In twisted-pair cable, a pair ofwires is used to transmit one signal.The wire pairis twisted so that each wire experiences similarcrosstalk. Because a noise signal on one wirewill appear identically on the other wire, thisnoise be easily detected and filtered atreceiver.Twisting one pair of wires in a cablealso helps to reduce crosstalk of data or noisesignals from adjacent wires. 68
    • 69. Shielded Twisted Pair (STP) Cable 69
    • 70. Coaxial Cable 70
    • 71. Fiber Optic Cable 71
    • 72. Fiber Optic ConnectorsConnectors are attached to the fiber ends so that the fibers canbe connected to the ports on the transmitter and receiver.The type of connector most commonly used with multimode fiberis the Subscriber Connector (SC connector).On single-modefiber, the Straight Tip (ST) connector is frequently used 72
    • 73. Fiber Optic Patch PanelsFiber patch panels similar to the patch panels used with coppercable. 73
    • 74. Cable Specifications10BASE-TThe T stands for twisted pair.10BASE5The 5 represents the fact that a signal can travel for approximately500 meters 10BASE5 is often referred to as Thicknet.10BASE2The 2 represents the fact that a signal can travel for approximately200 meters 10BASE2 is often referred to as Thinnet.All 3 of these specifications refer to the speed of transmission at 10Mbps and a type of transmission that is baseband, or digitallyinterpreted. Thinnet and Thicknet are actually a type of networks,while 10BASE2 & 10BASE5 are the types of cabling used in thesenetworks. 74
    • 75. Ethernet Media Connector Requirements 75
    • 76. LAN Physical Layer Implementation 76
    • 77. Ethernet in the Campus 77
    • 78. WAN Physical Layer 78
    • 79. WAN Serial Connection Options 79
    • 80. Serial Implementation of DTE & DCE When connecting directly to a service provider, or to a device such as a CSU/DSU that will perform signal clocking, the router is a DTE and needs a DTE serial cable. This is typically the case for routers. 80
    • 81. Back-to-Back Serial ConnectionWhenperforming aback-to-backrouter scenarioin a testenvironment,one of therouters will be aDTE and theother will be aDCE. 81
    • 82. RepeaterA repeater is a network device used to regenerate a signal.Repeaters regenerate analog or digital signals distorted bytransmission loss due to attenuation.Repeater is a PhysicalLayer device 82
    • 83. The 4 Repeater RuleThe Four Repeater Rule for 10-Mbps Ethernet should beused as a standard when extending LAN segments.This rule states that no more than four repeaterscan be used between hosts on a LAN.This rule is used to limit latency added to frame travel byeach repeater. 83
    • 84. HubHubs concentrateconnections.In other words,they take a group of hostsand allow the network to seethem as a single unit.Hub is a physical layerdevice. 84
    • 85. Network Interface CardThe function of a NIC is to connect a host device to the network medium.A NIC is a printed circuit board that fits into the expansion slot on the motherboard orperipheral device of a computer. The NIC is also referred to as a network adapter.NICs are considered Data Link Layer devices because each NIC carries aunique code called a MAC address. 85
    • 86. MAC AddressMAC address is 48 bits in length and expressed as twelve hexadecimaldigits.MAC addresses are sometimes referred to as burned-in addresses(BIA) because they are burned into read-only memory (ROM) and arecopied into random-access memory (RAM) when the NIC initializes. 86
    • 87. BridgeBridges are Data Link layer devices.Connected hostaddresses are learned and stored on a MAC addresstable.Each bridge port has a unique MAC address 87
    • 88. Bridges 88
    • 89. Bridging Graphic 89
    • 90. SwitchSwitches are Data Linklayer devices.Each Switch port has aunique MAC address.Connected host MACaddresses are learned andstored on a MAC addresstable. 90
    • 91. Switching Modescut-throughA switch starts to transfer the frame as soon as the destination MACaddress is received. No error checking is available.Must use synchronous switching.store-and-forwardAt the other extreme, the switch can receive the entire frame beforesending it out the destination port. This gives the switch software anopportunity to verify the Frame Check Sum (FCS) to ensure that theframe was reliably received before sending it to the destination.Must be used with asynchronous switching.fragment-freeA compromise between the cut-through and store-and-forward modes.Fragment-free reads the first 64 bytes, which includes the frame header,and switching begins before the entire data field and checksum are read. 91
    • 92. Full DuplexAnother capability emerges when only two nodes are connected. In a network thatuses twisted-pair cabling, one pair is used to carry the transmitted signal from onenode to the other node. A separate pair is used for the return or received signal. It ispossible for signals to pass through both pairs simultaneously. The capability ofcommunication in both directions at once is known as full duplex. 92
    • 93. Switches – MAC Tables 93
    • 94. Switches – Parallel Communication 94
    • 95. MicrosegmentationA switch is simply a bridge with many ports. When only one node is connected to aswitch port, the collision domain on the shared media contains only two nodes.The two nodes in this small segment, or collision domain, consist of the switch portand the host connected to it. These small physical segments are called microsegments. 95
    • 96. Peer-to-Peer NetworkIn a peer-to-peer network, networked computers act as equal partners, or peers.As peers, each computer can take on the client function or the server function.At one time, computer A may make a request for a file from computer B, whichresponds by serving the file to computer A. Computer A functions as client, while Bfunctions as the server. At a later time, computers A and B can reverse roles.In a peer-to-peer network, individual users control their own resources. Peer-to-peer networks are relatively easy to install and operate. As networks grow, peer-to-peer relationships become increasingly difficult to coordinate. 96
    • 97. Client/Server NetworkIn a client/server arrangement, network services are located on a dedicatedcomputer called a server.The server responds to the requests of clients.The server is a central computer that is continuously available to respond torequests from clients for file, print, application, and other services.Most network operating systems adopt the form of a client/server relationship. 97
    • 98. 98
    • 99. Why Another Model?Although the OSI reference model is universallyrecognized, the historical and technical open standardof the Internet is Transmission Control Protocol /Internet Protocol (TCP/IP).The TCP/IP reference model and the TCP/IP protocolstack make data communication possible between anytwo computers, anywhere in the world, at nearly thespeed of light.The U.S. Department of Defense (DoD) created theTCP/IP reference model because it wanted a networkthat could survive any conditions, even a99 nuclear war.
    • 100. Don’t Confuse the Models7 Application6 Presentation Application5 Session4 Transport Transport3 Network Internet2 Data Link Network1 Physical Access 100
    • 101. 2 Models Side-By-Side7 Application6 Presentation Application5 Session4 Transport Transport3 Network Internet2 Data Link Network1 Physical Access 101
    • 102. The Application LayerThe applicationlayer of theTCP/IP modelhandles high-level protocols,issues ofrepresentation,encoding, anddialog control. 102
    • 103. The Transport LayerThe transport layer provides transport services fromthe source host to the destination host. It constitutesa logical connection between these endpoints of thenetwork. Transport protocols segment andreassemble upper-layer applications into the samedata stream between endpoints.The transport layer data stream provides end-to-endtransport services. 103
    • 104. The Internet Layer The purpose of the Internet layer is to select the best path through the network for packets to travel. The main protocol that functions at this layer is the Internet Protocol (IP). Best path determination and packet switching occur at this layer. 104
    • 105. The Network Access Layer The network access layer is also called the host-to- network layer. It the layer that is concerned with all of the issues that an IP packet requires to actually make a physical link to the network media. It includes LAN and WAN details, and all the details contained in the OSI physical and data-link layers. NOTE: ARP & RARP work at both the Internet and Network Access Layers. 105
    • 106. Comparing TCP/IP & OSI ModelsNOTE: TCP/IP transport layer using UDP does not always guaranteereliable delivery of packets as the transport layer in the OSI model does. 106
    • 107. Introduction to the Transport LayerThe primary duties of the transport layer, Layer 4 of the OSImodel, are to transport and regulate the flow of information fromthe source to the destination, reliably and accurately.End-to-end control and reliability are provided by slidingwindows, sequencing numbers, and acknowledgments. 107
    • 108. More on The Transport LayerThe transport layer provides transport services from thesource host to the destination host.It establishes a logical connection between the endpoints ofthe network.• Transport services include the following basic services:• Segmentation of upper-layer application data• Establishment of end-to-end operations• Transport of segments from one end host to another end host• Flow control provided by sliding windows• Reliability provided by sequence numbers and acknowledgments 108
    • 109. Flow ControlAs the transport layer sends data segments, it tries to ensure that data is not lost.A receiving host that is unable to process data as quickly as it arrives could be acause of data loss.Flow control avoids the problem of a transmitting host overflowing the buffers inthe receiving host. 109
    • 110. 3-Way HandshakeTCP requires connection establishment before data transfer begins.For a connection to be established or initialized, the two hosts mustsynchronize their Initial Sequence Numbers (ISNs). 110
    • 111. Basic WindowingData packets must bedelivered to therecipient in the sameorder in which theywere transmitted tohave a reliable,connection-orienteddata transfer.The protocol fails ifany data packets arelost, damaged,duplicated, orreceived in a differentorder.An easy solution is tohave a recipientacknowledge thereceipt of each packetbefore the next packetis sent. 111
    • 112. Sliding Window 112
    • 113. Sliding Windowwith Different Window Sizes 113
    • 114. TCP Sequence & Acknowledgement 114
    • 115. TCPTransmission Control Protocol (TCP) is a connection-oriented Layer 4protocol that provides reliable full-duplex data transmission.TCP is part of the TCP/IP protocol stack. In a connection-orientedenvironment, a connection is established between both ends before thetransfer of information can begin.TCP is responsible for breaking messages into segments, reassemblingthem at the destination station, resending anything that is not received,and reassembling messages from the segments.TCP supplies a virtualcircuit between end-user applications.The protocols that use TCP include:• FTP (File Transfer Protocol)• HTTP (Hypertext Transfer Protocol)• SMTP (Simple Mail Transfer Protocol)• Telnet 115
    • 116. TCP Segment Format 116
    • 117. UDPUser Datagram Protocol (UDP) is the connectionless transport protocolin the TCP/IP protocol stack.UDP is a simple protocol that exchanges datagrams, withoutacknowledgments or guaranteed delivery. Error processing andretransmission must be handled by higher layer protocols.UDP uses no windowing or acknowledgments so reliability, if needed, isprovided by application layer protocols. UDP is designed for applicationsthat do not need to put sequences of segments together.The protocols that use UDP include:• TFTP (Trivial File Transfer Protocol)• SNMP (Simple Network Management Protocol)• DHCP (Dynamic Host Control Protocol)• DNS (Domain Name System) 117
    • 118. UDP Segment Format 118
    • 119. Well Known Port NumbersThe following port numbers should be memorized:NOTE:The curriculum forgot to mention one of the most important port numbers.Port 80 is used for HTTP or WWW protocols. (Essentially access to the internet.) 119
    • 120. URL 120
    • 121. SNMP – Managed Network 121
    • 122. 122
    • 123. Base 2 Number System101102 = (1 x 24 = 16) + (0 x 23 = 0) + (1 x 22 = 4) + (1 x 21 = 2) + (0 x 20 = 0) = 22 123
    • 124. Converting Decimal to BinaryConvert 20110 to binary: 201 / 2 = 100 remainder 1 100 / 2 = 50 remainder 0 50 / 2 = 25 remainder 0 25 / 2 = 12 remainder 1 12 / 2 = 6 remainder 0 6 / 2 = 3 remainder 0 3 / 2 = 1 remainder 1 1 / 2 = 0 remainder 1When the quotient is 0, take all the remainders inreverse order for your answer: 20110 = 110010012 124
    • 125. 125
    • 126. Network and Host AddressingUsing the IP address of thedestination network, a router candeliver a packet to the correctnetwork.When the packet arrives at arouter connected to thedestination network, the routeruses the IP address to locate theparticular computer connected tothat network.Accordingly, every IP address hastwo parts. 126
    • 127. Network Layer Communication PathA router forwards packets from the originating network to thedestination network using the IP protocol. The packets mustinclude an identifier for both the source and destination networks. 127
    • 128. Internet AddressesIP Addressing is a hierarchical structure.An IP address combines twoidentifiers into one number. This number must be a unique number,because duplicate addresses would make routing impossible.Thefirst part identifies the systems network address.The second part,called the host part, identifies which particular machine it is on thenetwork. 128
    • 129. IP Address ClassesIP addresses are divided into classes to define the large,medium, and small networks.Class A addresses are assigned to larger networks.Class B addresses are used for medium-sized networks, &Class C for small networks. 129
    • 130. Identifying Address Classes 130
    • 131. Address Class PrefixesTo accommodate different size networks and aid in classifying these networks, IPaddresses are divided into groups called classes.This is classful addressing. 131
    • 132. Network and Host DivisionEach complete 32-bit IP address is broken down into a network partand a host part. A bit or bit sequence at the start of each addressdetermines the class of the address. There are 5 IP address classes. 132
    • 133. Class A AddressesThe Class A address was designed to support extremely largenetworks, with more than 16 million host addresses available.Class A IP addresses use only the first octet to indicate thenetwork address. The remaining three octets provide for hostaddresses. 133
    • 134. Class B AddressesThe Class B address was designed to support the needs ofmoderate to large-sized networks.A Class B IP address usesthe first two of the four octets to indicate the network address.The other two octets specify host addresses. 134
    • 135. Class C AddressesThe Class C address space is the most commonly used of theoriginal address classes.This address space was intended tosupport small networks with a maximum of 254 hosts. 135
    • 136. Class D AddressesThe Class D address class was created to enable multicasting in anIP address. A multicast address is a unique network address thatdirects packets with that destination address to predefined groups ofIP addresses. Therefore, a single station can simultaneously transmita single stream of data to multiple recipients. 136
    • 137. Class E AddressesA Class E address has been defined. However, the InternetEngineering Task Force (IETF) reserves these addresses forits own research. Therefore, no Class E addresses have beenreleased for use in the Internet. 137
    • 138. IP Address RangesThe graphic below shows the IP address range of the first octetboth in decimal and binary for each IP address class. 138
    • 139. IPv4As early as 1992, the Internet EngineeringTask Force (IETF) identified two specificconcerns: Exhaustion of the remaining,unassigned IPv4 network addresses and theincrease in the size of Internet routing tables.Over the past two decades, numerousextensions to IPv4 have been developed.Two of the more important of these aresubnet masks and classless interdomainrouting (CIDR). 139
    • 140. Finding the Network Address with ANDingBy ANDing the Host address of 192.168.10.2 with 255.255.255.0(its network mask) we obtain the network address of 192.168.10.0 140
    • 141. Network Address 141
    • 142. Broadcast Address 142
    • 143. Network/Broadcast Addresses at the Binary LevelAn IP address that has binary 0s in all host bit positions isreserved for the network address, which identifies the network.An IP address that has binary 1s in all host bit positions isreserved for the broadcast address, which is used to send datato all hosts on the network. Here are some examples:Class Network Address Broadcast AddressA 100.0.0.0 100.255.255.255B 150.75.0.0 150.75.255.255C 200.100.50.0 200.100.50.255 143
    • 144. Public IP AddressesUnique addresses are required for each device on a network.Originally, an organization known as the Internet Network InformationCenter (InterNIC) handled this procedure.InterNIC no longer exists and has been succeeded by the Internet AssignedNumbers Authority (IANA).No two machines that connect to a public network can have the same IPaddress because public IP addresses are global and standardized.All machines connected to the Internet agree to conform to the system.Public IP addresses must be obtained from an Internet service provider(ISP) or a registry at some expense. 144
    • 145. Private IP AddressesPrivate IP addresses are another solution to the problem of theimpending exhaustion of public IP addresses.As mentioned, publicnetworks require hosts to have unique IP addresses.However, private networks that are not connected to the Internet mayuse any host addresses, as long as each host within the privatenetwork is unique. 145
    • 146. Mixing Public and Private IP AddressesPrivate IP addresses can be intermixed, as shown in the graphic, withpublic IP addresses.This will conserve the number of addresses used forinternal connections. Connecting a network using private addresses tothe Internet requires translation of the private addresses to publicaddresses. This translation process is referred to as Network AddressTranslation (NAT). 146
    • 147. Introduction to SubnettingSubnetting a network means to use the subnet mask to divide thenetwork and break a large network up into smaller, more efficient andmanageable segments, or subnets.With subnetting, the network is not limited to the default Class A, B, orC network masks and there is more flexibility in the network design.Subnet addresses include the network portion, plus a subnet field anda host field.The ability to decide how to divide the original host portioninto the new subnet and host fields provides addressing flexibility forthe network administrator. 147
    • 148. The 32-BitBinary IP Address 148
    • 149. Numbers That Show Up InSubnet Masks (Memorize Them!) 149
    • 150. Addressing with Subnetworks 150
    • 151. Obtaining an Internet Address 151
    • 152. Static Assignment of an IP AddressStatic assignmentworks best on smallnetworks.The administratormanually assigns andtracks IP addressesfor each computer,printer, or server onthe intranet.Network printers,application servers,and routers should beassigned static IPaddresses. 152
    • 153. ARP(Address Resolution Protocol) Host A ARP Request - Broadcast to all hosts SIEMENS NIXDORF „What is the hardware address for IP address 128.0.10.4?“ ARP Reply SIE NS ME NIXDORF SIEMENS NIXDORF Host B IP Address: 128.0.10.4 HW Address: 080020021545 153 Fig. 32 How does ARP work? (TI1332EU02TI_0004 The Network Layer, 47)
    • 154. 154Fig. 33 The ARP command (TI1332EU02TI_0004 The Network Layer, 47)
    • 155. 1 Network = 1 Broadcast Domain A B host B would reply Broadcast: ARP request 2 Networks = 2 Broadcast Domains A B no one would reply RouterBroadcast: ARP request 155 Fig. 34 Proxy-ARP concept (TI1332EU02TI_0004 The Network Layer, 49)
    • 156. A B A B Router R I take care, to forward IP packets to B Broadcast Message to all:If your IP address matches “B” Yes, I know the destination then please tell me your network, let me give you my Ethernet address Ethernet address 156
    • 157. RARPReverse Address Resolution Protocol (RARP) associates a known MAC addresseswith an IP addresses.A network device, such as a diskless workstation, might know its MAC address but notits IP address. RARP allows the device to make a request to learn its IP address.Devices using RARP require that a RARP server be present on the network to answerRARP requests. 157
    • 158. BootPThe bootstrap protocol (BOOTP) operates in a client-server environment and onlyrequires a single packet exchange to obtain IP information.However, unlike RARP, BOOTP packets can include the IP address, as well asthe address of a router, the address of a server, and vendor-specific information.One problem with BOOTP, however, is that it was not designed to providedynamic address assignment. With BOOTP, a network administrator creates aconfiguration file that specifies the parameters for each device.The administratormust add hosts and maintain the BOOTP database.Even though the addresses are dynamically assigned, there is still a one to onerelationship between the number of IP addresses and the number of hosts.This means that for every host on the network there must be a BOOTP profilewith an IP address assignment in it. No two profiles can have the same IPaddress. 158
    • 159. DHCPDynamic host configuration protocol (DHCP) is the successor to BOOTP.Unlike BOOTP, DHCP allows a host to obtain an IP address dynamically without thenetwork administrator having to set up an individual profile for each device.All that is required when using DHCP is a defined range of IP addresses on a DHCPserver.As hosts come online, they contact the DHCP server and request an address.The DHCP server chooses an address and leases it to that host.With DHCP, the entire network configuration of a computer can be obtained in onemessage.This includes all of the data supplied by the BOOTP message, plus a leased IPaddress and a subnet mask.The major advantage that DHCP has over BOOTP is that it allows users to be mobile. 159
    • 160. 160
    • 161. Introduction to RoutersA router is a special type of computer. It has the same basic components as astandard desktop PC. However, routers are designed to perform some very specificfunctions. Just as computers need operating systems to run software applications,routers need the Internetwork Operating System software (IOS) to run configurationfiles. These configuration files contain the instructions and parameters that control theflow of traffic in and out of the routers. The many parts of a router are shown below: 161
    • 162. RAMRandom Access Memory, also called dynamic RAM (DRAM)RAM has the following characteristics and functions:• Stores routing tables• Holds ARP cache• Holds fast-switching cache• Performs packet buffering (shared RAM)• Maintains packet-hold queues• Provides temporary memory for the configuration file of the router while the router is powered on• Loses content when router is powered down or restarted 162
    • 163. NVRAMNon-Volatile RAMNVRAM has the following characteristics and functions:• Provides storage for the startup configuration file• Retains content when router is powered down or restarted 163
    • 164. FlashFlash memory has the following characteristics andfunctions:• Holds the operating system image (IOS)• Allows software to be updated withoutremoving and replacing chips on the processor• Retains content when router is powered down or restarted• Can store multiple versions of IOS softwareIs a type of electronically erasable, programmableROM (EEPROM) 164
    • 165. ROMRead-Only MemoryROM has the following characteristics and functions:• Maintains instructions for power-on self test(POST) diagnostics• Stores bootstrap program and basic operating system software• Requires replacing pluggable chips on themotherboard for software upgrades 165
    • 166. InterfacesInterfaces have the following characteristics and functions:• Connect router to network for frame entry and exit• Can be on the motherboard or on a separate moduleTypes of interfaces:• Ethernet• Fast Ethernet• Serial• Token ring• ISDN BRI• Loopback• Console• Aux 166
    • 167. Internal Components of a 2600 Router 167
    • 168. External Components of a 2600 Router 168
    • 169. External Connections 169
    • 170. Fixed InterfacesWhen cabling routers for serial connectivity, the routers will either havefixed or modular ports. The type of port being used will affect the syntaxused later to configure each interface. Interfaces on routers with fixedserial ports are labeled for port type and port number. 170
    • 171. Modular Serial Port InterfacesInterfaces on routers with modular serial ports are labeled for port type, slot, and portnumber.The slot is the location of the module.To configure a port on a modular card, it isnecessary to specify the interface using the syntax “port type slot number/port number.” Usethe label “serial 0/1,” when the interface is serial, the slot number where the module isinstalled is slot 0, and the port that is being referenced is port 1. 171
    • 172. Routers & DSL ConnectionsThe Cisco 827 ADSL router has one asymmetric digitalsubscriber line (ADSL) interface. To connect a router for DSLservice, use a phone cable with RJ-11 connectors. DSLworks over standard telephone lines using pins 3 and 4 on astandard RJ-11 connector. 172
    • 173. Computer/Terminal Console Connection 173
    • 174. Modem Connection to Console/Aux Port 174
    • 175. HyperTerminal Session Properties 175
    • 176. Establishing a HyperTerminal SessionTake the following stepsto connect a terminal tothe console port on therouter:First, connect theterminal using the RJ-45to RJ-45 rollover cableand an RJ-45 to DB-9 orRJ-45 to DB-25 adapter.Then, configure theterminal or PC terminalemulation software for9600 baud, 8 data bits,no parity, 1 stop bit, andno flow control. 176
    • 177. Cisco IOSCisco technology is built around the CiscoInternetwork Operating System (IOS), which is thesoftware that controls the routing and switchingfunctions of internetworking devices.A solid understanding of the IOS is essential for anetwork administrator. 177
    • 178. The Purpose of Cisco IOSAs with a computer, a router or switch cannot function withoutan operating system. Cisco calls its operating system theCisco Internetwork Operating System or Cisco IOS.It is the embedded software architecture in all of the Ciscorouters and is also the operating system of the Catalystswitches.Without an operating system, the hardware does not have anycapabilities.The Cisco IOS provides the following network services:• Basic routing and switching functions• Reliable and secure access to networked resources• Network scalability 178
    • 179. Router Command Line Interface 179
    • 180. Setup ModeSetup is not intended as the mode for entering complex protocol features in therouter. The purpose of the setup mode is to permit the administrator to install aminimal configuration for a router, unable to locate a configuration from anothersource.In the setup mode, default answers appear in square brackets [ ] following thequestion. Press the Enter key to use these defaults.During the setup process, Ctrl-C can be pressed at any time to terminate theprocess. When setup is terminated using Ctrl-C, all interfaces will beadministratively shutdown.When the configuration process is completed in setup mode, the following optionswill be displayed:[0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]: 180
    • 181. Operation of Cisco IOS SoftwareThe Cisco IOS devices have three distinct operating environments ormodes:• ROM monitor• Boot ROM• Cisco IOSThe startup process of the router normally loads into RAM and executesone of these operating environments. The configuration register setting canbe used by the system administrator to control the default start up mode forthe router.To see the IOS image and version that is running, use the show versioncommand, which also indicates the configuration register setting. 181
    • 182. IOS File System Overview 182
    • 183. Initial Startup of Cisco RoutersA router initializes by loading the bootstrap, the operating system, and aconfiguration file.If the router cannot find a configuration file, it enters setup mode.Upon completion of the setup mode a backup copy of the configuration filemay be saved to nonvolatile RAM (NVRAM).The goal of the startup routines for Cisco IOS software is to start the routeroperations. To do this, the startup routines must accomplish the following:• Make sure that the router hardware is tested and functional.• Find and load the Cisco IOS software.• Find and apply the startup configuration file or enter the setupmode.When a Cisco router powers up, it performs a power-on self test (POST).During this self test, the router executes diagnostics from ROM on allhardware modules. 183
    • 184. After the Post…After the POST, the following events occur as the router initializes:Step 1The generic bootstrap loader in ROM executes. A bootstrap is a simple set ofinstructions that tests hardware and initializes the IOS for operation.Step 2The IOS can be found in several places. The boot field of the configuration registerdetermines the location to be used in loading the IOS. If the boot field indicates aflash or network load, boot system commands in the configuration file indicate theexact name and location of the image.Step 3The operating system image is loaded.Step 4The configuration file saved in NVRAM is loaded into main memory and executedone line at a time. The configuration commands start routing processes, supplyaddresses for interfaces, and define other operating characteristics of the router.Step 5If no valid configuration file exists in NVRAM, the operating system searches for an 184available TFTP server. If no TFTP server is found, the setup dialog is initiated.
    • 185. Step in Router Initialization 185
    • 186. Router LED IndicatorsCisco routers use LED indicators to provide status information.Depending upon the Cisco router model, the LED indicators willvary. An interface LED indicates the activity of the correspondinginterface. If an LED is off when the interface is active and theinterface is correctly connected, a problem may be indicated. If aninterface is extremely busy, its LED will always be on. The green OKLED to the right of the AUX port will be on after the system initializescorrectly. 186
    • 187. EnhancedCisco IOS Commands 187
    • 188. The show version CommandThe show version command displays information about the Cisco IOSsoftware version that is currently running on the router. This includes theconfiguration register and the boot field settings.The following information is available from the show version command: IOS version and descriptive information• Bootstrap ROM version• Boot ROM version• Router up time• Last restart method• System image file and location• Router platform• Configuration register settingUse the show version command to identify router IOS image and bootsource. To find out the amount of flash memory, issue the show flashcommand. 188
    • 189. 189
    • 190. 190
    • 191. Router User Interface ModesThe Cisco command-line interface (CLI) uses a hierarchical structure. Thisstructure requires entry into different modes to accomplish particular tasks.Each configuration mode is indicated with a distinctive prompt and allowsonly commands that are appropriate for that mode.As a security feature the Cisco IOS software separates sessions into twoaccess levels, user EXEC mode and privileged EXEC mode. The privilegedEXEC mode is also known as enable mode. 191
    • 192. Overview of Router Modes 192
    • 193. Router Modes 193
    • 194. User Mode Commands 194
    • 195. Privileged Mode Commands NOTE: There are many more commands available in privileged mode. 195
    • 196. Specific Configuration Modes 196
    • 197. CLI Command ModesAll command-line interface (CLI) configuration changes to a Cisco routerare made from the global configuration mode. Other more specific modesare entered depending upon the configuration change that is required.Global configuration mode commands are used in a router to applyconfiguration statements that affect the system as a whole.The following command moves the router into global configuration modeRouter#configure terminal (or config t)Router(config)#When specific configuration modes are entered, the router prompt changesto indicate the current configuration mode.Typing exit from one of these specific configuration modes will return therouter to global configuration mode. Pressing Ctrl-Z returns the router to allthe way back privileged EXEC mode. 197
    • 198. Configuring a Router’s NameA router should be given a unique name as one of thefirst configuration tasks.This task is accomplished in global configurationmode using the following commands:Router(config)#hostname TokyoTokyo(config)#As soon as the Enter key is pressed, the promptchanges from the default host name (Router) to thenewly configured host name (which is Tokyo in theexample above). 198
    • 199. Settingthe Clockwith Help 199
    • 200. Message Of The Day (MOTD)A message-of-the-day (MOTD) banner can be displayed on all connected terminals.Enter global configuration mode by using the command config tEnter the commandbanner motd # The message of the day goes here #.Save changes by issuing the command copy run start 200
    • 201. Configuring a Console PasswordPasswords restrict access to routers.Passwords should always be configured for virtual terminallines and the console line.Passwords are also used to control access to privileged EXECmode so that only authorized users may make changes to theconfiguration file.The following commands are used to set an optional butrecommended password on the console line:Router(config)#line console 0Router(config-line)#password <password>Router(config-line)#login 201
    • 202. Configuring a Modem PasswordIf configuring a router via a modem you are most likelyconnected to the aux port.The method for configuring the aux port is very similar toconfiguring the console port.Router(config)#line aux 0Router(config-line)#password <password>Router(config-line)#login 202
    • 203. Configuring InterfacesAn interface needs an IP Address and a Subnet Mask to be configured.All interfaces are “shutdown” by default.The DCE end of a serial interface needs a clock rate.Router#config tRouter(config)#interface serial 0/1Router(config-if)#ip address 200.100.50.75 255.255.255.240Router(config-if)#clock rate 56000 (required for serial DCE only)Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#int f0/0Router(config-if)#ip address 150.100.50.25 255.255.255.0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#exitRouter#On older routers, Serial 0/1 would be just Serial 1 and f0/0 would be e0.s = serial e = Ethernet 203 f = fast Ethernet
    • 204. Configuring a Telnet PasswordA password must be set on one or more of the virtual terminal(VTY) lines for users to gain remote access to the router usingTelnet.Typically Cisco routers support five VTY lines numbered 0through 4.The following commands are used to set the same passwordon all of the VTY lines:Router(config)#line vty 0 4Router(config-line)#password <password>Router(config-line)#login 204
    • 205. Examining the show CommandsThere are many show commands that can be used to examine the contents of filesin the router and for troubleshooting. In both privileged EXEC and user EXECmodes, the command show ? provides a list of available show commands. The listis considerably longer in privileged EXEC mode than it is in user EXEC mode.show interfaces – Displays all the statistics for all the interfaces on the router.show int s0/1 – Displays statistics for interface Serial 0/1show controllers serial – Displays information-specific to the interface hardwareshow clock – Shows the time set in the routershow hosts – Displays a cached list of host names and addressesshow users – Displays all users who are connected to the routershow history – Displays a history of commands that have been enteredshow flash – Displays info about flash memory and what IOS files are stored thereshow version – Displays info about the router and the IOS that is running in RAMshow ARP – Displays the ARP table of the routershow start – Displays the saved configuration located in NVRAMshow run – Displays the configuration currently running in RAMshow protocol – Displays the global and interface specific status of any configured Layer 3 protocols 205
    • 206. 206
    • 207. 207
    • 208. 208
    • 209. Ethernet OverviewEthernet is now the dominant LAN technology in the world.Ethernet is not one technology but a family of LANtechnologies.All LANs must deal with the basic issue of how individualstations (nodes) are named, and Ethernet is no exception.Ethernet specifications support different media, bandwidths,and other Layer 1 and 2 variations.However, the basic frame format and addressing scheme isthe same for all varieties of Ethernet. 209
    • 210. Ethernet and the OSI ModelEthernetoperates in twoareas of theOSI model, thelower half ofthe data linklayer, known asthe MACsublayer andthe physicallayer 210
    • 211. Ethernet TechnologiesMapped to the OSI Model 211
    • 212. Layer 2 FramingFraming is the Layer 2 encapsulation process.A frame is the Layer 2 protocol data unit.The frame format diagram shows different groupings of bits(fields) that perform other functions. 212
    • 213. Ethernet and IEEE FrameFormats are Very Similar 213
    • 214. 3 Common Layer 2 TechnologiesEthernetUses CSMA/CD logical bus topology(information flow is on a linear bus)physical star or extended star (wired as astar)Token Ringlogical ring topology (information flow iscontrolled in a ring) and a physical startopology (in other words, it is wired as astar)FDDIlogical ring topology (information flow iscontrolled in a ring) and physical dual-ring topology(wired as a dual-ring) 214
    • 215. Collision DomainsTo move data between one Ethernet station andanother, the data often passes through a repeater.All other stations in the same collision domain seetraffic that passes through a repeater.A collision domain is then a shared resource.Problems originating in one part of the collisiondomain will usually impact the entire collisiondomain. 215
    • 216. CSMA/CD Graphic 216
    • 217. BackoffAfter a collision occurs and all stations allow the cable tobecome idle (each waits the full interframe spacing), then thestations that collided must wait an additional and potentiallyprogressively longer period of time before attempting toretransmit the collided frame.The waiting period is intentionally designed to be random sothat two stations do not delay for the same amount of timebefore retransmitting, which would result in more collisions. 217
    • 218. 218
    • 219. Hierarchical Addressing Using Variable-Length Subnet Masks© 2003, Cisco Systems, Inc. All rights reserved. 219
    • 220. Prefix Length and Network MaskRange of Addresses: 192.168.1.64 through 192.168.1.79 Fourth Octet • Have the first 28 bits in common, which is 64 01000000 represented by a /28 prefix length 65 01000001 • 28 bits in common can also be represented in dotted 66 01000010 decimal as 255.255.255.240 67 01000011 68 01000100Binary ones in the network mask represent network bits in the 69 01000101accompanying IP address; binary zeros represent host bits 70 01000110 11000000.10101000.00000001.0100xxxx IP Address 71 01000111 11111111.11111111.11111111.11110000 Network 72 01001000 Mask 73 01001001In the IP network number that accompanies the network 74 01001010mask, when the host bits of the IP network number are: 75 01001011 • All binary zeros – that address is the bottom of the 76 01001100 address range 77 01001101 • All binary ones – that address is the top of the 78 01001110 address range 220 79 01001111
    • 221. Implementing VLSM 221
    • 222. Range Of Addresses for VLSM 222
    • 223. Breakdown Address Space for Largest Subnet 223
    • 224. Breakdown Address Spacefor Ethernets at Remote Sites 224
    • 225. Address Space for Serial Subnets 225
    • 226. Calculating VLSM: Binary 226
    • 227. Route Summarization and Classless Interdomain Routing© 2003, Cisco Systems, Inc. All rights reserved. 227
    • 228. What Is Route Summarization? 228
    • 229. Summarizing Within an Octet 229
    • 230. Summarizing Addresses in a VLSM-Designed Network 230
    • 231. Classless Interdomain Routing– CIDR is a mechanism developed to alleviate exhaustion of addresses and reduce routing table size.– Block addresses can be summarized into single entries without regard to the classful boundary of the network number.– Summarized blocks are installed in routing tables. 231
    • 232. What Is CIDR?• Addresses are the same as in the route summarization figure, except that Class B network 172 has been replaced by Class C network 192. 232
    • 233. CIDR Example 233
    • 234. 234
    • 235. Anatomy of an IP PacketIP packets consist of the data from upper layers plus an IPheader. The IP header consists of the following: 235
    • 236. 236
    • 237. 237
    • 238. 238
    • 239. Administrative DistanceThe administrative distance is an optional parameter that gives a measureof the reliability of the route. The range of an AD is 0-255 where smallernumbers are more desireable.The default administrative distance when using next-hop address is 1,while the default administrative distance when using the outgoing interfaceis 0. You can statically assign an AD as follows: Router(config)#ip route 172.16.3.0 255.255.255.0 172.16.4.1 130Sometimes static routes are used for backup purposes. A static route canbe configured on a router that will only be used when the dynamicallylearned route has failed. To use a static route in this manner, simply set theadministrative distance higher than that of the dynamic routing protocolbeing used. 239
    • 240. Configuring Default RoutesDefault routes are used to route packets with destinations that donot match any of the other routes in the routing table.A default route is actually a special static route that uses this format:ip route 0.0.0.0 0.0.0.0 [next-hop-address | outgoing interface]This is sometimes referred to as a “Quad-Zero” route.Example using next hop address:Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.4.1Example using the exit interface: Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0 240
    • 241. Verifying Static Route ConfigurationAfter static routes are configured it is important toverify that they are present in the routing table andthat routing is working as expected.The command show running-config is used to viewthe active configuration in RAM to verify that the staticroute was entered correctly.The show ip route command is used to make surethat the static route is present in the routing table. 241
    • 242. 242
    • 243. Path Determination Graphic 243
    • 244. Routing Protocol Router Switch Router Router Router RouterSwitch What is an optimal route ? 244
    • 245. Routing ProtocolsRouting protocolsincludes the following:processes for sharingroute informationallows routers tocommunicate withother routers to updateand maintain therouting tablesExamples of routingprotocols that supportthe IP routed protocolare:RIP, IGRP,OSPF, BGP,and EIGRP. 245
    • 246. 246
    • 247. Routed ProtocolsProtocols used at the network layer that transfer data from one host to another acrossa router are called routed or routable protocols. The Internet Protocol (IP) and NovellsInternetwork Packet Exchange (IPX) are examples of routed protocols. Routers userouting protocols to exchange routing tables and share routing information. In otherwords, routing protocols enable routers to route routed protocols. 247
    • 248. 248
    • 249. Autonomous System An Autonomous System (AS) is a group of IP networks, which has a single and clearly defined external routing policy. EGP Exterior Gateway Protocols are used for routing between Autonomous Systems AS 1000 AS 3000 IGP Interior Gateway Protocols are used for routing decisions AS 2000 within an Autonomous System. 249 Fig. 48 IGP and EGP (TI1332EU02TI_0004 The Network Layer, 67)
    • 250. Interior Gateway Protocol Exterior Gateway Interior Gateway Protocol (IGP) Protocol (EGP) (IGP) AS 1000 AS 3000 EGP EGP IGP EGP AS 2000 250 Fig. 49 The use of IGP and EGP protocols (TI1332EU02TI_0004 The Network Layer, 67)
    • 251. IGP and EGPAn autonomous system is a network or set of networks undercommon administrative control, such as the cisco.com domain. 251
    • 252. Categories of Routing ProtocolsMost routing algorithms can be classified into one of twocategories:• distance vector• link-stateThe distance vector routing approach determines the direction(vector) and distance to any link in the internetwork.The link-state approach, also called shortest path first,recreates the exact topology of the entire internetwork. 252
    • 253. Distance VectorRouting Concepts 253
    • 254. Distance Vector Routing (DVR) Routing table contains the addresses Destination Distance of destinations and the distance 192.16.1.0 1 of the way to this destination. 192.16.5.0 1 192.16.7.0 2 2 Hops 1 Hop 1 Hop Router A Router B Router C Router D 192.16.1.0 Flow of routing 192.16.7.0 information 192.16.5.0 254
    • 255. Routing Tables Graphic 255
    • 256. Distance VectorTopology Changes 256
    • 257. Router Metric Components 257
    • 258. Distance Vector Routing (DVR) 192.16.3.0 192.16.2.0 192.16.6.0 Router A Router B Router C Router D 192.16.4.0 192.16.1.0 192.16.7.0 192.16.5.0 192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L 192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L 192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L 192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L 192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C 192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C 192.16.5.0 1 C 192.16.2.0 1 B L Locally connected 192.16.6.0 1 C 192.16.7.0 1 D 258
    • 259. Distance Vector Routing (DVR) 192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L 192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L 192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C 192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C 192.16.5.0 2 B 192.16.5.0 1 C 192.16.2.0 1 B 192.16.3.0 2 C 192.16.6.0 2 B 192.16.6.0 1 C 192.16.7.0 1 D 192.16.2.0 2 C 192.16.7.0 2 C 192.16.1.0 2 B 192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L 192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L 192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C 192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C 192.16.5.0 2 B 192.16.5.0 1 C 192.16.2.0 1 B 192.16.3.0 2 C 192.16.6.0 2 B 192.16.6.0 1 C 192.16.7.0 1 D 192.16.2.0 2 C 192.16.7.0 3 B 192.16.7.0 2 C 192.16.1.0 2 B 192.16.1.0 3 C 259 Fig. 53 Distribution of routing information with distance vector routing protocol (cont.) (TI1332EU02TI_0004 The Network Layer, 71)
    • 260. RIPv1 Distance Vector Routing Protocol, classfulDistribution of Routing Tables via broadcast to adjacent routers Fig. 59 Properties of RIPv1 (TI1332EU02TI_0004 The Network Layer, 81) Only one kind of metric: Number of Hops Connections with different bandwidth can not be weighted Routing loops can occur -> bad convergence in case of a failure Count to infinity problem (infinity = 16) Maximum network size is limited by the number of hops 260
    • 261. RIP Characteristics 261
    • 262. RIP-1 permits only a Single Subnet Mask Port 1 130.24.13.1/24 130.24.13.0/24 RIP-1: 130.24.36.0 RIP-1: 130.24.36.0 130.24.25.0/24 Router A RIP-1: 130.24.0.0 Port 2 200.14.13.0/24 130.24.36.0/24 200.14.13.2/24 262 Fig. 60 RIP-1 permits only a single subnet mask (TI1332EU02TI_0004 The Network Layer, 83)
    • 263. Router ConfigurationThe router command starts a routing process.The network command is required because it enables therouting process to determine which interfaces participate in thesending and receiving of routing updates.An example of a routing configuration is:GAD(config)#router ripGAD(config-router)#network 172.16.0.0The network numbers are based on the network classaddresses, not subnet addresses or individual host addresses. 263
    • 264. Configuring RIP Example 264
    • 265. Verifying RIP Configuration 265
    • 266. The debug ip rip CommandMost of the RIPconfigurationerrors involve anincorrect networkstatement,discontiguoussubnets, or splithorizons. Onehighly effectivecommand forfinding RIP updateissues is thedebug ip ripcommand. Thedebug ip ripcommanddisplays RIProuting updates asthey are sent andreceived. 266
    • 267. Routing loopscan occur Problem: Routing Loopswheninconsistentrouting tablesare notupdated dueto slowconvergencein a changingnetwork. 267
    • 268. Problem: Counting to Infinity 268
    • 269. Solution: Define a Maximum 269
    • 270. Solution: Split Horizon 270
    • 271. Route PoisoningRoute poisoning is used by various distance vector protocols in order toovercome large routing loops and offer explicit information when a subnetor network is not accessible. This is usually accomplished by setting thehop count to one more than the maximum. 271
    • 272. Triggered UpdatesNew routing tables are sent to neighboring routers on a regular basis.For example, RIP updates occur every 30 seconds.However a triggered update is sent immediately in response to somechange in the routing table.The router that detects a topology change immediately sends an updatemessage to adjacent routers that, in turn, generate triggered updatesnotifying their adjacent neighbors of the change.When a route fails, an update is sent immediately rather than waiting on theupdate timer to expire.Triggered updates, used in conjunction with route poisoning, ensure that allrouters know of failed routes before any holddown timers can expire. 272
    • 273. Triggered Updates Graphic 273
    • 274. Solution: Holddown Timers 274
    • 275. IGRPInterior Gateway Routing Protocol (IGRP) is a proprietaryprotocol developed by Cisco.Some of the IGRP key design characteristics emphasizethe following:• It is a distance vector routing protocol.• Routing updates are broadcast every 90 seconds.• Bandwidth, load, delay and reliability are used to create a composite metric. 275
    • 276. IGRP Stability FeaturesIGRP has a number of features that are designed to enhance its stability, such as:• Holddowns• Split horizons• Poison reverse updatesHolddownsHolddowns are used to prevent regular update messages from inappropriatelyreinstating a route that may not be up.Split horizonsSplit horizons are derived from the premise that it is usually not useful to sendinformation about a route back in the direction from which it came.Poison reverse updatesSplit horizons prevent routing loops between adjacent routers, but poison reverseupdates are necessary to defeat larger routing loops.Today, IGRP is showing its age, it lacks support for variable length subnet masks(VLSM). Rather than develop an IGRP version 2 to correct this problem, Cisco hasbuilt upon IGRPs legacy of success with Enhanced IGRP. 276
    • 277. Configuring IGRP 277
    • 278. Routing Metrics Graphics 278
    • 279. Link State Concepts 279
    • 280. Link State Topology Changes 280
    • 281. Link State Routing (LSR)LSP: LSP:„My links to SPF „My links to R1 and R3 areR2 and R4 are up“ up. Routing My link to R2 is down.“ Table Router 1 Router 4 Router 2 Router 3 LSP: „My links to LSP: „My links to R1 and R3 are up, R2 and R4 are up.“ my link to R4 is down.“ LSP....link state packet SPF... shortest path first 281
    • 282. Link State Concerns 282
    • 283. Link State Routing (LSR) 1 Router A Router C 4 2 2 Router E 1 4 Router B Router D Link State Database B-2 A-2 A-1 C-2 C-4 C-1 D-4 D-2 B-4 D-1 E-4 E-1 Router A Router B Router C Router D Router E A B C D B C A D D A E C B D C E E B A E 283
    • 284. Link State Routing FeaturesLink-state algorithms are also known as Dijkstras algorithm or as SPF (shortest path first)algorithms.Link-state routing algorithms maintain a complex database of topology information.The distance vector algorithm are also known as Bellman-Ford algorithms. They havenonspecific information about distant networks and no knowledge of distant routers.A link-state routing algorithm maintains full knowledge of distant routers and how theyinterconnect. Link-state routing uses:• Link-state advertisements (LSAs) A link-state advertisement (LSA) is a small packet of routing information that is sent between routers.• Topological database A topological database is a collection of information gathered from LSAs.• SPF algorithm The shortest path first (SPF) algorithm is a calculation performed on the database resulting in the SPF tree.• Routing tables – A list of the known paths and interfaces. 284
    • 285. Link State Routing 285
    • 286. Comparing Routing Methods 286
    • 287. OSPF (Open Shortest Path First) Protocol© 2003, Cisco Systems, Inc. All rights reserved. 287
    • 288. OSPF is a Link-State Routing Protocols– Link-state (LS) routers recognize much more information about the network than their distance-vector counterparts,Consequently LS routers tend to make more accurate decisions.– Link-state routers keep track of the following: • Their neighbours • All routers within the same area • Best paths toward a destination 288
    • 289. Link-State Data Structures– Neighbor table: • Also known as the adjacency database (list of recognized neighbors)– Topology table: • Typically referred to as LSDB (routers and links in the area or network) • All routers within an area have an identical LSDB– Routing table: • Commonly named a forwarding database (list of best paths to destinations) 289
    • 290. OSPF vs. RIPRIP is limited to 15 hops, it converges slowly, and it sometimes choosesslow routes because it ignores critical factors such as bandwidth in routedetermination. OSPF overcomes these limitations and proves to be arobust and scalable routing protocol suitable for the networks of today. 290
    • 291. OSPF TerminologyThe next several slides explain various OSPF terms-one per slide. 291
    • 292. OSPF Term: Link 292
    • 293. OSPF Term: Link State 293
    • 294. OSPF Term: Area 294
    • 295. OSPF Term: Link Cost 295
    • 296. OSPF Term: Forwarding Database 296
    • 297. OSPF Term: Adjacencies Database 297
    • 298. OSPF Terms: DR & BDR 298
    • 299. Link-State Data Structure: Network Hierarchy•Link-state routing requires a hierachicalnetwork structure that is enforced by OSPF.•This two-level hierarchy consists of thefollowing:• Transit area (backbone or area 0)• Regular areas (nonbackbone areas) 299
    • 300. OSPF Areas 300
    • 301. Area Terminology 301
    • 302. LS Data Structures: Adjacency Database– Routers discover neighbors by exchanging hello packets.– Routers declare neighbors to be up after checking certain parameters or options in the hello packet.– Point-to-point WAN links: • Both neighbors become fully adjacent.– LAN links: • Neighbors form an adjacency with the DR and BDR. • Maintain two-way state with the other routers (DROTHERs).– Routing updates and topology information are only passed between adjacent routers. 302
    • 303. OSPF AdjacenciesRouters build logical adjacencies between each otherusing the Hello Protocol. Once an adjacency is formed:• LS database packets are exchanged to synchronize each other’s LS databases.• LSAs are flooded reliably throughout the area or network using these adjacencies. 303
    • 304. 304
    • 305. Open Shortest Path First Calculation•Routers find the best paths to destinations byapplying Dijkstra’s SPF algorithm to the link-statedatabase as follows:– Every router in an area has the identical link-state database.– Each router in the area places itself into the root of the tree that is built.– The best path is calculated with respect to the lowest total cost of links to a specific destination.– Best routes are put into the forwarding database. 305
    • 306. OSPF Packet Types 306
    • 307. OSPF Packet Header Format 307
    • 308. Neighborship 308
    • 309. Establishing Bidirectional Communication 309
    • 310. Establishing Bidirectional Communication (Cont.) 310
    • 311. Establishing Bidirectional Communication (Cont.) 311
    • 312. Establishing Bidirectional Communication 312
    • 313. Discovering the Network Routes 313
    • 314. Discovering the Network Routes 314
    • 315. Adding the Link-State Entries 315
    • 316. Adding the Link-State Entries (Cont.) 316
    • 317. Adding the Link-State Entries 317
    • 318. Maintaining Routing Information • Router A notifies all OSPF DRs on 224.0.0.6 318
    • 319. Maintaining Routing Information (Cont.) • Router A notifies all OSPF DRs on 224.0.0.6 • DR notifies others on 224.0.0.5 319
    • 320. Maintaining Routing Information (Cont.) • Router A notifies all OSPF DRs on 224.0.0.6 • DR notifies others on 224.0.0.5 320
    • 321. Maintaining Routing Information • Router A notifies all OSPF DRs on 224.0.0.6 • DR notifies others on 224.0.0.5 321
    • 322. Configuring Basic OSPF: Single AreaRouter(config)#router ospf process-id• Turns on one or more OSPF routing processes in the IOS software.Router(config-router)#network address inverse-mask area [area-id]• Router OSPF subordinate command that defines the interfaces (by network number) that OSPF will run on. Each network number must be defined to a specific area. 322
    • 323. Configuring OSPF on Internal Routers of a Single Area 323
    • 324. Verifying OSPF OperationRouter#show ip protocols• Verifies the configured IP routing protocol processes, parameters and statisticsRouter#show ip route ospf• Displays all OSPF routes learned by the routerRouter#show ip ospf interface• Displays the OSPF router ID, area ID and adjacency information 324
    • 325. Verifying OSPF Operation (Cont.)Router#show ip ospf• Displays the OSPF router ID, timers, and statisticsRouter#show ip ospf neighbor [detail]• Displays information about the OSPF neighbors, including Designated Router (DR) and Backup Designated Router (BDR) information on broadcast networks 325
    • 326. The show ip route ospf CommandRouterA# show ip route ospf Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate defaultGateway of last resort is not set 10.0.0.0 255.255.255.0 is subnetted, 2 subnetsO 10.2.1.0 [110/10] via 10.64.0.2, 00:00:50, Ethernet0 326
    • 327. The show ip ospf interface CommandRouterA# show ip ospf interface e0Ethernet0 is up, line protocol is up Internet Address 10.64.0.1/24, Area 0 Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2 Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.64.0.2 (Designated Router) Suppress hello for 0 neighbor(s) 327
    • 328. The show ip ospf neighbor CommandRouterB# show ip ospf neighborNeighbor ID Pri State Dead Time Address Interface10.64.1.1 1 FULL/BDR 00:00:31 10.64.1.1 Ethernet010.2.1.1 1 FULL/- 00:00:38 10.2.1.1 Serial0 328
    • 329. show ip protocol show ip route 329
    • 330. show ip ospf neighbor detail show ip ospf database 330
    • 331. OSPF Network Types - 1 331
    • 332. Point-to-Point Links• Usually a serial interface running either PPP or HDLC• May also be a point-to-point subinterface running Frame Relay or ATM• No DR or BDR election required• OSPF autodetects this interface type• OSPF packets are sent using multicast 224.0.0.5 332
    • 333. Multi-access Broadcast Network• Generally LAN technologies like Ethernet and Token Ring• DR and BDR selection required• All neighbor routers form full adjacencies with the DR and BDR only• Packets to the DR use 224.0.0.6• Packets from DR to all other routers use 224.0.0.5 333
    • 334. Electing the DR and BDR• Hello packets are exchanged via IP multicast.• The router with the highest OSPF priority is selected as the DR.• Use the OSPF router ID as the tie breaker.• The DR election is nonpreemptive. 334
    • 335. Setting Priority for DR Election Router(config-if)#ip ospf priority number• This interface configuration command assigns the OSPF priority to an interface.• Different interfaces on a router may be assigned different values.• The default priority is 1. The range is from 0 to 255.• 0 means the router is a DROTHER; it can’t be the DR or BDR. 335
    • 336. OSPF Network Types - 2 336
    • 337. Creation of AdjacenciesRouterA# debug ip ospf adjPoint-to-point interfaces coming up: No election%LINK-3-UPDOWN: Interface Serial1, changed state to upOSPF: Interface Serial1 going UpOSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2OSPF: End of hello processingOSPF: Build router LSA for area 0, router ID 192.168.0.10OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32state INITOSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAYOSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32OSPF: NBR Negotiation Done. We are the SLAVEOSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72 337
    • 338. Creation of Adjacencies (Cont.)RouterA# debug ip ospf adjEthernet interface coming up: ElectionOSPF: 2 Way Communication to 192.168.0.10 on Ethernet0, state 2WAYOSPF: end of Wait on interface Ethernet0OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.12OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.12 (Id)OSPF: Send DBD to 192.168.0.12 on Ethernet0 seq 0x546 opt 0x2 flag 0x7 len 32<…>OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.11OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.11 (Id) 338
    • 339. 339
    • 340. OverviewEnhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol based on Interior Gateway Routing Protocol(IGRP).Unlike IGRP, which is a classful routing protocol, EIGRP supports CIDRand VLSM.Compared to IGRP, EIGRP boasts faster convergence times, improvedscalability, and superior handling of routing loops.Furthermore, EIGRP can replace Novell Routing Information Protocol(RIP) and AppleTalk Routing Table Maintenance Protocol (RTMP),serving both IPX and AppleTalk networks with powerful efficiency.EIGRP is often described as a hybrid routing protocol, offering the bestof distance vector and link-state algorithms. 340
    • 341. Comparing EIGRP with IGRPIGRP and EIGRP are compatible with each other.EIGRP offers multiprotocol support, but IGRP does not.EIGRP and IGRP use different metric calculations.EIGRP scales the metric of IGRP by a factor of 256.IGRP has a maximum hop count of 255.EIGRP has a maximum hop count limit of 224.Enabling dissimilar routing protocols such as OSPF and RIP toshare information requires advanced configuration.Redistribution, the sharing of routes, is automatic betweenIGRP and EIGRP as long as both processes use the sameautonomous system (AS) number. 341
    • 342. EIGRP & IGRP Metric Calculation 342
    • 343. Comparing EIGRP with IGRP 343
    • 344. Comparing EIGRP with IGRP 344
    • 345. EIGRP Concepts & TerminologyEIGRP routers keep route and topology information readilyavailable in RAM, so they can react quickly to changes.Like OSPF, EIGRP saves this information in several tables anddatabases.EIGRP saves routes that are learned in specific ways.Routes are given a particular status and can be tagged toprovide additional useful information.EIGRP maintains three tables:• Neighbor table• Topology table• Routing table 345
    • 346. Neighbor TableThe neighbor table is the most important table in EIGRP.Each EIGRP router maintains a neighbor table that lists adjacentrouters. This table is comparable to the adjacency database used byOSPF. There is a neighbor table for each protocol that EIGRPsupports.When a neighbor sends a hello packet, it advertises a hold time. Thehold time is the amount of time a router treats a neighbor asreachable and operational. In other words, if a hello packet is notheard within the hold time, then the hold time expires.When the hold time expires, the Diffusing Update Algorithm (DUAL),which is the EIGRP distance vector algorithm, is informed of thetopology change and must recalculate the new topology. 346
    • 347. Topology TableThe topology table is made up of all the EIGRP routing tables in theautonomous system.DUAL takes the information supplied in the neighbor table and the topologytable and calculates the lowest cost routes to each destination. Bytracking this information, EIGRP routers can identify and switch to alternateroutes quickly.The information that the router learns from the DUAL is used to determinethe successor route, which is the term used to identify the primary or bestroute.A copy is also placed in the topology table.Every EIGRP router maintains a topology table for each configured networkprotocol. All learned routes to a destination are maintained in the topologytable. 347
    • 348. Routing TableThe EIGRP routing table holds the best routes to a destination. Thisinformation is retrieved from the topology table. Each EIGRP routermaintains a routing table for each network protocol.A successor is a route selected as the primary route to use to reach adestination.DUAL identifies this route from the information contained in theneighbor and topology tables and places it in the routing table.There can be up to four successor routes for any particular route. Thesecan be of equal or unequal cost and are identified as the best loop-freepaths to a given destination.A copy of the successor routes is also placed in the topology table.A feasible successor (FS) is a backup route.These routes are identified atthe same time the successors are identified, but they are only kept in thetopology table. Multiple feasible successors for a destination can be 348retained in the topology table although it is not mandatory.
    • 349. EIGRP Data StructureLike OSPF, EIGRP relies on different types of packets to maintain its various tablesand establish complex relationships with neighbor routers. The five EIGRP packettypes are:• Hello• Acknowledgment• Update• Query• ReplyEIGRP relies on hello packets to discover, verify, and rediscover neighbor routers.Rediscovery occurs if EIGRP routers do not receive hellos from each other for ahold time interval but then re-establish communication.EIGRP routers send hellos at a fixed but configurable interval, called the hellointerval. The default hello interval depends on the bandwidth of the interface.On IP networks, EIGRP routers send hellos to the multicast IP address 224.0.0.10. 349
    • 350. Default Hello Intervalsand Hold Times for EIGRP 350
    • 351. EIGRP AlgorithmThe sophisticated DUAL algorithm results in the exceptionally fastconvergence of EIGRP.Each router constructs a topology table that contains information about howto route to a destination network.Each topology table identifies the following:• The routing protocol or EIGRP• The lowest cost of the route, which is called Feasible Distance• The cost of the route as advertised by the neighboring router,which is called Reported DistanceThe Topology heading identifies the preferred primary route, called thesuccessor route (Successor), and, where identified, the backup route,called the feasible successor (FS). Note that it is not necessary to have anidentified feasible successor. 351
    • 352. FS Route Selection Rules 352
    • 353. DUAL Example 353
    • 354. Configuring EIGRP 354
    • 355. Verifying the EIGRP ConfigurationTo verify the EIGRP configuration a number of showand debug commands are available.These commands are shown on the next few slides. 355
    • 356. show ip eigrp topology show ip eigrp topology[active | pending | successors] 356
    • 357. show ip eigrp topology all-links show ip eigrp traffic 357
    • 358. Administrative Distances 358
    • 359. Classful and Classless Routing Protocols 359
    • 360. 360
    • 361. What are ACLs?ACLs are lists of conditions that are applied to traffic travelingacross a routers interface. These lists tell the router what typesof packets to accept or deny. Acceptance and denial can bebased on specified conditions.ACLs can be created for all routed network protocols, such asInternet Protocol (IP) and Internetwork Packet Exchange (IPX).ACLs can be configured at the router to control access to anetwork or subnet.Some ACL decision points are source and destination addresses,protocols, and upper-layer port numbers.ACLs must be defined on a per-protocol, per direction, or per portbasis. 361
    • 362. Reasons to Create ACLsThe following are some of the primary reasons to create ACLs:• Limit network traffic and increase network performance.• Provide traffic flow control.• Provide a basic level of security for network access.• Decide which types of traffic are forwarded or blocked at the router interfaces. For example: Permit e-mail traffic to be routed, but block all telnet traffic.Allow an administrator to control what areas a client can accesson a network.If ACLs are not configured on the router, all packets passingthrough the router will be allowed onto all parts of362 network. the
    • 363. ACLs Filter Traffic Graphic 363
    • 364. How ACLs Filter Traffic 364
    • 365. One List per Port, perDestination, per Protocol... 365
    • 366. How ACLs work. 366
    • 367. Creating ACLsACLs are created in the global configuration mode. There are manydifferent types of ACLs including standard, extended, IPX,AppleTalk, and others. When configuring ACLs on a router, eachACL must be uniquely identified by assigning a number to it. Thisnumber identifies the type of access list created and must fall withinthe specific range of numbers that is valid for that type of list. Since IP is by far the most popular routed protocol, addition ACL numbers have been added to newer router IOSs. Standard IP: 1300-1999 Extended IP: 2000-2699 367
    • 368. The access-list command 368
    • 369. The ip access-group command { in | out } 369
    • 370. ACL Example 370
    • 371. Basic Rules for ACLsThese basic rules should be followed when creating and applying access lists:• One access list per protocol per direction.• Standard IP access lists should be applied closest to the destination.• Extended IP access lists should be applied closest to the source.• Use the inbound or outbound interface reference as if looking at the port from inside the router.• Statements are processed sequentially from the top of list to the bottomuntil a match is found, if no match is found then the packet is denied.• There is an implicit deny at the end of all access lists. This will not appear in the configuration listing.• Access list entries should filter in the order from specific to general.Specific hosts should be denied first, and groups or general filters shouldcome last.• Never work with an access list that is actively applied.• New lines are always added to the end of the access list.• A no access-list x command will remove the whole list. It is not possible to selectively add and remove lines with numbered ACLs.• Outbound filters do not affect traffic originating from the local router. 371
    • 372. Wildcard Mask Examples5 Examples follow that demonstrate how a wildcard mask can beused to permit or deny certain IP addresses, or IP address ranges.While subnet masks start with binary 1s and end with binary 0s,wildcard masks are the reverse meaning they typically start withbinary 0s and end with binary 1s.In the examples that follow Cisco has chosen to represent the binary1s in the wilcard masks with Xs to focus on the specific bits beingshown in each example.You will see that while subnet masks were ANDed with ipaddresses, wildcard masks are ORed with IP addresses.. 372
    • 373. Wildcard Mask Example #1 373
    • 374. Wildcard Mask Example #2 374
    • 375. Wildcard Mask Example #3 375
    • 376. Wildcard Mask Example #4 - Even IPs 376
    • 377. Wildcard Mask Example #5 - Odd IP#s 377
    • 378. The any and host Keywords 378
    • 379. Verifying ACLsThere are many show commands that will verify the contentand placement of ACLs on the router.The show ip interface command displays IP interfaceinformation and indicates whether any ACLs are set.The show access-lists command displays the contents of allACLs on the router.show access-list 1 shows just access-list 1.The show running-config command will also reveal theaccess lists on a router and the interface assignmentinformation. 379
    • 380. Standard ACLsStandard ACLs check the source address of IP packets that are routed.The comparison will result in either permit or deny access for an entire protocolsuite, based on the network, subnet, and host addresses.The standard version of the access-list global configuration command is used todefine a standard ACL with a number in the range of 1 to 99 (also from 1300 to1999 in recent IOS).If there is no wildcard mask. the default mask is used, which is 0.0.0.0.(This only works with Standard ACLs and is the same thing as using host.)The full syntax of the standard ACL command is:Router(config)#access-list access-list-number{deny | permit} source [source-wildcard ] [log]The no form of this command is used to remove a standard ACL. This is the syntax:Router(config)#no access-list access-list-number 380
    • 381. Extended ACLsExtended ACLs are used more often than standard ACLs because they provide agreater range of control. Extended ACLs check the source and destination packetaddresses as well as being able to check for protocols and port numbers.The syntax for the extended ACL statement can get very long and often will wrap inthe terminal window.The wildcards also have the option of using the host or any keywords in thecommand.At the end of the extended ACL statement, additional precision is gained from a fieldthat specifies the optional Transmission Control Protocol (TCP) or User DatagramProtocol (UDP) port number.Logical operations may be specified such as, equal (eq), not equal (neq), greaterthan (gt), and less than (lt), that the extended ACL will perform on specific protocols.Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000to 2699 in recent IOS). 381
    • 382. Extended ACL Syntax 382
    • 383. Extended ACL ExampleThis extended ACL will allow people in network 200.100.50.0to surfing the internet, but not allow any other protocols likeemail, ftp, etc. access-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq 80 oraccess-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq www oraccess-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq httpNOTE: Just like all Standard ACLs end with an implicit "denyany", all Extended ACLs end with an implicit "deny ip any any"which means deny the entire internet from anywhere toanywhere. 383
    • 384. ip access-groupThe ip access-group command links an existing standard orextended ACL to an interface.Remember that only one ACL per interface, per direction, perprotocol is allowed.The format of the command is:Router(config-if)#ip access-groupaccess-list-number {in | out} 384
    • 385. Named ACLsIP named ACLs were introduced in Cisco IOS Software Release 11.2,allowing standard and extended ACLs to be given names instead ofnumbers.The advantages that a named access list provides are:• Intuitively identify an ACL using an alphanumeric name.• Eliminate the limit of 798 simple and 799 extended ACLs• Named ACLs provide the ability to modify ACLs without deleting them completely and then reconfiguring them.Named ACLs are not compatible with Cisco IOS releases prior to Release11.2.The same name may not be used for multiple ACLs. 385
    • 386. Named ACL Example 386
    • 387. Placing ACLsThe general rule is to put the extended ACLs as close as possible to thesource of the traffic denied. Standard ACLs do not specify destinationaddresses, so they should be placed as close to the destination aspossible. For example, in the graphic a standard ACL should be placed onFa0/0 of Router D to prevent traffic from Router A. 387
    • 388. 388
    • 389. Permitting a Single HostRouter(config)# access-list 1 permit 200.100.50.23 0.0.0.0orRouter(config)# access-list 1 permit host 200.100.50.23orRouter(config)# access-list 1 permit 200.100.50.23(The implicit “deny any” ensures that everyone else is denied.)Router(config)# int e0Router(config-if)# ip access-group 1 inorRouter(config-if)# ip access-group 1 out 389
    • 390. Denying a Single HostRouter(config)# access-list 1 deny 200.100.50.23 0.0.0.0Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255orRouter(config)# access-list 1 deny host 200.100.50.23Router(config)# access-list 1 permit any(The implicit “deny any” is still present, but totally irrelevant.)Router(config)# int e0Router(config-if)# ip access-group 1 inorRouter(config-if)# ip access-group 1 out 390
    • 391. Permitting a Single NetworkClass CRouter(config)# access-list 1 permit 200.100.50.0 0.0.0.255orClass BRouter(config)# access-list 1 permit 150.75.0.0 0.0.255.255orClass ARouter(config)# access-list 1 permit 13.0.0.0 0.255.255.255(The implicit “deny any” ensures that everyone else is denied.)Router(config)# int e0Router(config-if)# ip access-group 1 inorRouter(config-if)# ip access-group 1 out 391
    • 392. Denying a Single NetworkClass CRouter(config)# access-list 1 deny 200.100.50.0 0.0.0.255Router(config)# access-list 1 permit anyorClass BRouter(config)# access-list 1 deny 150.75.0.0 0.0.255.255Router(config)# access-list 1 permit anyorClass ARouter(config)# access-list 1 deny 13.0.0.0 0.255.255.255Router(config)# access-list 1 permit any(The implicit “deny any” is still present, but totally irrelevant.) 392
    • 393. Permitting a Class C SubnetNetwork Address/Subnet Mask: 200.100.50.0/28Desired Subnet: 3rdProcess:32-28=4 2^4 = 161st Usable Subnet address range it 200.100.50.16-312nd Usable Subnet address range it 200.100.50.32-473rd Usable Subnet address range it 200.100.50.48-63Subnet Mask is 255.255.255.240 Inverse Mask is 0.0.0.15or subtract 200.100.50.48 from 200.100.50.63 to get 0.0.0.15Router(config)# access-list 1 permit 200.100.50.48 0.0.0.15(The implicit “deny any” ensures that everyone 393 is denied.) else
    • 394. Denying a Class C SubnetNetwork Address/Subnet Mask: 192.68.72.0/27Undesired Subnet: 2ndProcess:32-27=5 2^5=321st Usable Subnet address range it 192.68.72.32-632nd Usable Subnet address range it 192.68.72.64-95Subnet Mask is 255.255.255.224 Inverse Mask is 0.0.0.31or subtract 192.68.72.64 from 192.68.72.95 to get 0.0.0.31Router(config)# access-list 1 deny 192.68.72.64 0.0.0.31Router(config)# access-list 1 permit any(The implicit “deny any” is still present, but totally irrelevant.) 394
    • 395. Permitting a Class B SubnetNetwork Address/Subnet Mask: 150.75.0.0/24Desired Subnet: 129thProcess:Since exactly 8 bits are borrowed the 3rd octet will denote thesubnet number.129th Usable Subnet address range it 150.75.129.0-255Subnet Mask is 255.255.255.0 Inverse Mask is 0.0.0.255or subtract 150.75.129.0 from 150.75.129.255 to get 0.0.0.255Router(config)# access-list 1 permit 150.75.129.0 0.0.0.255(The implicit “deny any” ensures that everyone 395 is denied.) else
    • 396. Denying a Class B SubnetNetwork Address/Subnet Mask: 160.88.0.0/22Undesired Subnet: 50thProcess:32-22=10 (more than 1 octet) 10-8=2 2^2=41st Usable Subnet address range it 160.88.4.0-160.88.7.2552nd Usable Subnet address range it 160.88.8.0-160.88.11.25550 * 4 = 200 50th subnet is 160.88.200.0-160.88.203.255Subnet Mask is 255.255.252.0 Inverse Mask is 0.0.3.255or subtract 160.88.200.0 from 160.88.203.255 to get 0.0.3.255Router(config)# access-list 1 deny 160.88.200.0 0.0.3.255Router(config)# access-list 1 permit any 396
    • 397. Permitting a Class A SubnetNetwork Address/Subnet Mask: 111.0.0.0/12Desired Subnet: 13thProcess:32-12=20 20-16=4 2^4=161st Usable Subnet address range is 111.16.0.0-111.31.255.25513*16=20813th Usable Subnet address range is 111.208.0.0-111.223.255.255Subnet Mask is 255.240.0.0 Inverse Mask is 0.15.255.255or subtract 111.208.0.0 from 111.223.255.255 to get 0.15.255.255Router(config)# access-list 1 permit 111.208.0.0 0.15.255.255 397(The implicit “deny any” ensures that everyone else is denied.)
    • 398. Denying a Class A SubnetNetwork Address/Subnet Mask: 40.0.0.0/24Undesired Subnet: 500thProcess:Since exactly 16 bits were borrowed the 2nd and 3rd octet willdenote the subnet.1st Usable Subnet address range is 40.0.1.0-40.0.1.255255th Usable Subnet address range is 40.0.255.0-40.0.255.255256th Usable Subnet address range is 40.1.0.0-40.1.0.255300th Usable Subnet address range is 40.1.44.0-40.1.44.255500th Usable Subnet address range is 40.1.244.0-40.1.244.255Router(config)# access-list 1 deny 40.1.244.0 0 0.0.0.255 398Router(config)# access-list 1 permit any
    • 399. 399
    • 400. Permit 200.100.50.24-100 Plan Aaccess-list 1 permit host 200.100.50.24access-list 1 permit host 200.100.50.25access-list 1 permit host 200.100.50.26 Thisaccess-list 1 permit host 200.100.50.27 wouldaccess-list 1 permit host 200.100.50.28 get very: : : : : : : : tedious!access-list 1 permit host 200.100.50.96access-list 1 permit host 200.100.50.97access-list 1 permit host 200.100.50.98access-list 1 permit host 200.100.50.99access-list 1 permit host 200.100.50.100 400
    • 401. Permit 200.100.50.24-100 Plan Baccess-list 1 permit 200.100.50.24 0.0.0.7 (24-31)access-list 1 permit 200.100.50.32 0.0.0.31 (32-63)access-list 1 permit 200.100.50.64 0.0.0.31 (64-95)access-list 1 permit 200.100.50.96 0.0.0.3 (96-99)access-list 1 permit host 200.100.50.100 (100)(The implicit “deny any” ensures that everyone else is denied.) 401
    • 402. Permit 200.100.50.16-127 Plan Aaccess-list 1 permit 200.100.50.16 0.0.0.15 (16-31)access-list 1 permit 200.100.50.32 0.0.0.31 (32-63)access-list 1 permit 200.100.50.64 0.0.0.63 (64-127)(The implicit “deny any” ensures that everyone else is denied.) 402
    • 403. Permit 200.100.50.16-127 Plan Baccess-list 1 deny 200.100.50.0 0.0.0.15 (0-15)access-list 1 permit 200.100.50.0 0.0.0.127 (0-127)First we make sure that addresses 0-15 are denied.Then we can permit any address in the range 0-127.Since only the first matching statement in an ACL is applied anaddress in the range of 0-15 will be denied by the first statementbefore it has a chance to be permitted by the second.(The implicit “deny any” ensures that everyone else is denied.) 403
    • 404. Permit 200.100.50.1,5,13,29,42,77access-list 1 permit host 200.100.50.1access-list 1 permit host 200.100.50.5access-list 1 permit host 200.100.50.13access-list 1 permit host 200.100.50.29access-list 1 permit host 200.100.50.42access-list 1 permit host 200.100.50.77Sometimes a group of addresses has no pattern and the bestway to deal with them is individually.(The implicit “deny any” ensures that everyone else is denied.) 404
    • 405. 405
    • 406. Permit Source Network access-list 101 permit ip 200.100.50.0 0.0.0.255 0.0.0.0 255.255.255.255oraccess-list 101 permit ip 200.100.50.0 0.0.0.255 anyImplicit deny ip any any 406
    • 407. Deny Source Network access-list 101 deny ip 200.100.50.0 0.0.0.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255oraccess-list 101 deny ip 200.100.50.0 0.0.0.255 any access-list 101 permit ip any anyImplicit deny ip any any is present but irrelevant. 407
    • 408. Permit Destination Network access-list 101 permit ip 0.0.0.0 255.255.255.255 200.100.50.0 0.0.0.255oraccess-list 101 permit ip any 200.100.50.0 0.0.0.255Implicit deny ip any any 408
    • 409. Deny Destination Network access-list 101 deny ip 0.0.0.0 255.255.255.255 200.100.50.0 0.0.0.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255or access-list 101 deny ip any 200.100.50.0 0.0.0.255 access-list 101 permit ip any anyImplicit deny ip any any is present but irrelevant. 409
    • 410. Permit one Source Network toanother Destination NetworkAssume the only traffic you want is traffic from network200.100.50.0 to network 150.75.0.0 access-list 101 permit ip 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255Implicit deny ip any anyTo allow 2 way traffic between the networks add this statement: access-list 101 permit ip 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255 410
    • 411. Deny one Source Network toanother Destination NetworkAssume you want to allow all traffic EXCEPT from network200.100.50.0 to network 150.75.0.0 access-list 101 deny ip 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255 access-list 101 permit ip any anyTo deny 2 way traffic between the networks add this statement: access-list 101 deny ip 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255 411
    • 412. Deny FTPAssume you do not want anyone FTPing on the network. access-list 101 deny tcp any any eq 21 access-list 101 permit ip any anyor access-list 101 deny tcp any any eq ftp access-list 101 permit ip any any 412
    • 413. Deny TelnetAssume you do not want anyone telnetting on the network. access-list 101 deny tcp any any eq 23 access-list 101 permit ip any anyor access-list 101 deny tcp any any eq telnet access-list 101 permit ip any any 413
    • 414. Deny Web SurfingAssume you do not want anyone surfing the internet. access-list 101 deny tcp any any eq 80 access-list 101 permit ip any anyor access-list 101 deny tcp any any eq www access-list 101 permit ip any any You can also use http instead of www. 414
    • 415. Complicated Example #1Suppose you have the following conditions:• No one from Network 200.100.50.0 is allowed to FTP anywhere• Only hosts from network 150.75.0.0 may telnet to network 50.0.0.0• Subnetwork 100.100.100.0/24 is not allowed to surf the internet access-list 101 deny tcp 200.100.50.0 0.0.0.255 any eq 21 access-list 101 permit tcp 150.75.0.0 0.0.255.255 50.0.0.0 0.255.255.255 eq 23 access-list 101 deny tcp any any eq 23 access-list 101 deny tcp 100.100.100.0 0.0.0.255 any eq 80 415 access-list 101 permit ip any any
    • 416. Complicated Example #2Suppose you are the admin of network 200.100.50.0. You want to permitEmail only between your network and network 150.75.0.0. You wish to placeno restriction on other protocols like web surfing, ftp, telnet, etc.• Email server send/receive Protocol: SMTP, port 25• User Check Email Protocol: POP3, port 110This example assumes the your Email server is at addresses 200.100.50.25access-list 101 permit tcp 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255 eq 25 access-list 101 permit tcp 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255 eq 25 access-list 101 permit tcp 200.100.50.0 0.0.0.255 200.100.50.0 0.0.0.255 eq 110 access-list 101 deny tcp any any smtp access-list 101 deny tcp any any pop3 access-list 101 permit ip any any 416
    • 417. NATNetwork Address Translator 417 Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)
    • 418. New addressing concepts Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses is forecasted for the year 2005 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network Address Translator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range 418 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 419. NAT: Network Address Translator NAT Translates between local addresses and public ones Many private hosts share few global addresses Private Network Public Network Uses private address range Uses public addresses (local addresses) Local addresses may not Public addresses are be used externally globally unique 419 Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9)
    • 420. realm with realm withprivate addresses public addresses translate reserve To be pool translated map NAT exclude exclude NAT Router 420 Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)
    • 421. free NAT PoolA timeout value (default 15 min) instructs NAThow long to keep an association in an idle state beforereturning the external IP address to the free NAT pool. 421 Fig. 8 How does NAT know when to return the public IP address to the pool? (TI1332EU02TI_0003 New Address Concepts, 15)
    • 422. NAT Addressing Terms• Inside Local – The term “inside” refers to an address used for a host inside an enterprise. It is the actual IP address assigned to a host in the private enterprise network.• Inside Global – NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet. – A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. 422
    • 423. NAT Addressing Terms• Outside Global – The term “outside” refers to an address used for a host outside an enterprise, the Internet. – An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet.• Outside Local – NAT uses an outside local address to represent the outside host as the packet is sent through the private enterprise network. – A NAT router changes a packet’s destination IP address, sent from an outside global address to an inside host, as the packet goes from the outside to the inside network. 423
    • 424. WAN Router Router A with NAT Router Router Router B SA = 193.50.30.4 DA = 192.50.20.5 SA = 10.47.10.10 Router Router DA = 192.50.20.5 Net B 192.50.20.0 LAN LAN Net A10.0.0.0 10.47.10.10 192.50.20.5 424 Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)
    • 425. WAN NAT with Router WAN interface: 138.76.28.4 138.76.29.7 RouterSA = 138.76.28.4 SA = 138.76.29.7DA =138.76.29.7 DA = 138.76.28.4 RouterSA = 10.0.0.10 SA = 138.76.29.7DA = 138.76.29.7 DA = 10.0.0.10 Net A 10.0.0.0/8 10.0.0.10 425 Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
    • 426. Types Of NAT• There are different types of NAT that can be used, which are – Static NAT – Dynamic NAT – Overloading NAT with PAT (NAPT) 426
    • 427. Static NAT• With static NAT, the NAT router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf. 427
    • 428. Dynamic NAT• Like static NAT, the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network.• However, the mapping of an inside local address to an inside global address happens dynamically. 428
    • 429. Dynamic NAT• Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT.• The dynamic entry in the NAT table stays in there as long as traffic flows occasionally. 429
    • 430. PATPort Address Translator 430 Fig. 9 NAPT (TI1332EU02TI_0003 New Address Concepts, 17)
    • 431. WAN NAPT with Router WAN interface: 138.76.28.4 138.76.29.7 RouterSA = 138.76.28.4, sport = 1024 SA = 138.76.29.7, spor t= 23DA =138.76.29.7, dpor t= 23 DA = 138.76.28.4, dport = 1024 RouterSA = 10.0.0.10, sport = 3017 SA = 138.76.29.7, spor t= 23DA = 138.76.29.7, dpor t= 23 DA = 10.0.0.10, dport = 3017 Net A 10.0.0.0/8 10.0.0.10 431 Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
    • 432. PAT with e.g. single public IP address PAT with e.g. aasingle public IP address single public IP address private IP network WAN (e.g. SOHO) pool of TU port numbers local IP @, registered IP @, local TU port # mapping assigned TU port #TU....TCP/UDP 432 Fig. 10 NAPT (TI1332EU02TI_0003 New Address Concepts, 19)
    • 433. NAT&PATNetwork Address Translation & Port Address Transation 433 Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)
    • 434. New addressing concepts Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses is forecasted for the year 2006 Address classes were replaced by usage of CIDR, but this is not sufficient Short term solution NAT: Network Address Translator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range 434 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 435. NAT: Network Address Translator NAT Translates between local addresses and public ones Many private hosts share few global addresses Private Network Public Network Uses private address range Uses public addresses (local addresses) Local addresses may not Public addresses are be used externally globally unique 435 Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9)
    • 436. private addresses public addresses translate reserve To be pool translated map NAT exclude exclude NAT Router 436 Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)
    • 437. free NAT PoolA timeout value (default 15 min) instructs NAThow long to keep an association in an idle state beforereturning the external IP address to the free NAT pool. 437 Fig. 8 How does NAT know when to return the public IP address to the pool? (TI1332EU02TI_0003 New Address Concepts, 15)
    • 438. NAT Addressing Terms• Inside Local “Private address” – The term “inside” refers to an address used for a host inside an enterprise. It is the actual IP address assigned to a host in the private enterprise network.• Inside Global “Public address” – NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the WAN. – A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. 438 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 439. WAN Router Router A with NAT Router Router Router B SA = 193.50.30.4 DA = 192.50.20.5 SA = 10.47.10.10 Router Router DA = 192.50.20.5 Net B 192.50.20.0 LAN LAN Net A10.0.0.0 10.47.10.10 192.50.20.5 439 Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)
    • 440. WAN NAT with Router WAN interface: 138.76.28.4 138.76.29.7 RouterSA = 138.76.28.4 SA = 138.76.29.7DA =138.76.29.7 DA = 138.76.28.4 RouterSA = 10.0.0.10 SA = 138.76.29.7DA = 138.76.29.7 DA = 10.0.0.10 Net A 10.0.0.0/8 10.0.0.10 440 Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
    • 441. Types Of NAT• There are different types of NAT that can be used, which are – Static NAT – Dynamic NAT – Overloading NAT with PAT (NAT Over PAT) 441 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 442. Static NAT• With static NAT, the NAT router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf. 442 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 443. Static NAT Configuration• To form NAT tableRouter(config)#IP Nat inside source static [inside localsource IP address] [inside global source IP address]• Assign NAT to an InterfaceRouter(config)#Interface [Serial x/y]Router(config-if)#IP NAT [Inside]• See Example 443 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 444. Dynamic NAT• Like static NAT, the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network.• However, the mapping of an inside local address to an inside global address happens dynamically. 444 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 445. Dynamic NAT• Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT.• The dynamic entry in the NAT table stays in there as long as traffic flows occasionally.• If a new packet arrives, and it needs a NAT entry, but all the pooled IP addresses are in 445 use, the router simply discards the packet. Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 446. Dynamic NAT Configuration • Specify inside addresses to be translatedRouter(config)#IP Nat inside source list [standard AccessList number] pool [NAT Pool Name]• Specify NAT poolRouter(config)#IP Nat pool [NAT Pool Name] [First insideglobal address] [Last inside global address] netmask[subnet mask]• Assign NAT to an InterfaceRouter(config)#Interface [Serial x/y]Router(config-if)#IP NAT [Inside]• See Example 446 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 447. PATPort Address Translator 447 Fig. 9 NAPT (TI1332EU02TI_0003 New Address Concepts, 17)
    • 448. WAN NAPT with Router WAN interface: 138.76.28.4 138.76.29.7 RouterSA = 138.76.28.4, sport = 1024 SA = 138.76.29.7, spor t= 23DA =138.76.29.7, dpor t= 23 DA = 138.76.28.4, dport = 1024 RouterSA = 10.0.0.10, sport = 3017 SA = 138.76.29.7, spor t= 23DA = 138.76.29.7, dpor t= 23 DA = 10.0.0.10, dport = 3017 Net A 10.0.0.0/8 10.0.0.10 448 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 449. PAT with e.g. single public IP address PAT with e.g. aasingle public IP address single public IP address private IP network WAN (e.g. SOHO) pool of TU port numbers local IP @, registered IP @, local TU port # mapping assigned TU port #TU....TCP/UDP 449 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 450. PAT Configuration • Specify inside addresses to be translatedRouter(config)#IP Nat inside source list [standard AccessList number] pool [NAT Pool Name] overload• Specify PAT poolRouter(config)#IP Nat pool [NAT Pool Name] [First insideglobal address] [Last inside global address] netmask[subnet mask]• Assign PAT to an InterfaceRouter(config)#Interface [Serial x/y]Router(config-if)#IP NAT [Inside]• See Example 450 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
    • 451. 451
    • 452. Ethernet Access with Hubs 452
    • 453. Ethernet Access with Bridges 453
    • 454. Ethernet Access with Switches 454
    • 455. Todays LAN 455
    • 456. Full Duplex TransmittingFull-duplex Ethernet allows the transmission of a packet and the reception of adifferent packet at the same time.This simultaneous transmission and reception requires the use of two pairs of wiresin the cable and a switched connection between each node. This connection isconsidered point-to-point and is collision free.The full-duplex Ethernet switch takes advantage of the two pairs of wires in thecable by creating a direct connection between the transmit (TX) at one end of thecircuit and the receive (RX) at the other end.Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidthbecause of collisions and latency. Full-duplex Ethernet offers 100% of thebandwidth in both directions. This produces a potential 20 Mbps throughput. 456
    • 457. Collision Domains 457
    • 458. Segmentation with Bridges 458
    • 459. Segmentation with Routers 459
    • 460. Segmentation with Switches 460
    • 461. Basic Operations of a SwitchSwitching is a technology that decreases congestion in Ethernet, TokenRing, and FDDI LANs. Switching accomplishes this by reducing traffic andincreasing bandwidth. LAN switches are often used to replace shared hubsand are designed to work with existing cable infrastructures.Switching equipment performs the following two basic operations:• Switching data frames• Maintaining switching operations 461
    • 462. Switching Methods1. Store-and-ForwardThe entire frame is received before any forwarding takes place. Filters areapplied before the frame is forwarded. Most reliable and also most latencyespecially when frames are large.2. Cut-ThroughThe frame is forwarded through the switch before the entire frame isreceived. At a minimum the frame destination address must be read beforethe frame can be forwarded. This mode decreases the latency of thetransmission, but also reduces error detection.3. Fragment-FreeFragment-free switching filters out collision fragments before forwardingbegins. Collision fragments are the majority of packet errors. In a properlyfunctioning network, collision fragments must be smaller than 64 bytes.Anything > 64 bytes is a valid packet and is usually received without error. 462
    • 463. Frame Transmission Modes 463
    • 464. Benefits of Switching 464
    • 465. How Switches and Bridges Learn AddressesBridges and switches learn in the following ways:• Reading the source MAC address of eachreceived frame or datagram• Recording the port on which the MAC addresswas received.In this way, the bridge or switch learns which addressesbelong to the devices connected to each port. 465
    • 466. CAMContent Addressable MemoryCAM is used in switch applications:• To take out and process the address information from incoming data packets• To compare the destination address with a table ofaddresses stored within itThe CAM stores host MAC addresses and associated portnumbers. The CAM compares the received destination MACaddress against the CAM table contents. If the comparisonyields a match, the port is provided, and switching controlforwards the packet to the correct port and address. 466
    • 467. Shared vs. Dedicates BandwidthIf a hub is used, bandwidth is shared. If a switch is used, then bandwidth isdedicated. If a workstation or server is directly connected to a switch port, then thefull bandwidth of the connection to the switch is available to the connectedcomputer. If a hub is connected to a switch port, bandwidth is shared between alldevices connected to the hub. 467
    • 468. Microsegmentation of a Network 468
    • 469. Microsegmentation 469
    • 470. 3 Methods of Communication 470
    • 471. Switches & Broadcast DomainsWhen two switches are connected, the broadcast domain is increased.The overall result is a reduction in available bandwidth. This happens because alldevices in the broadcast domain must receive and process the broadcast frame.Routers are Layer 3 devices. Routers do not propagate broadcasts. Routers areused to segment both collision and broadcast domains. 471
    • 472. Broadcast Domain 472
    • 473. 473
    • 474. OverviewTo design reliable, manageable, and scalable networks, a networkdesigner must realize that each of the major components of anetwork has distinct design requirements.Good network design will improve performance and also reduce thedifficulties associated with network growth and evolution.The design of larger LANs includes identifying the following:• An access layer that connects end users into the LAN• A distribution layer that provides policy-based connectivity between end-user LANs• A core layer that provides the fastest connection betweenthe distribution pointsEach of these LAN design layers requires switches that are bestsuited for specific tasks. 474
    • 475. The Access LayerThe access layer is the entry point for user workstations and servers tothe network. In a campus LAN the device used at the access layer canbe a switch or a hub.Access layer functions also include MAC layer filtering andmicrosegmentation. Layer 2 switches are used in the access layer. 475
    • 476. Access Layer SwitchesAccess layer switches operate at Layer 2 of the OSI modelThe main purpose of an access layer switch is to allow endusers into the network.An access layer switch should provide this functionality withlow cost and high port density.The following Cisco switches are commonly used at theaccess layer:• Catalyst 1900 series• Catalyst 2820 series• Catalyst 2950 series• Catalyst 4000 series• Catalyst 5000 series 476
    • 477. The Distribution LayerThe distribution layer of the network is between the access and core layers.Networks are segmented into broadcast domains by this layer. Policies can beapplied and access control lists can filter packets.The distribution layer isolates network problems to the workgroups in which theyoccur. The distribution layer also prevents these problems from affecting the corelayer. Switches in this layer operate at Layer 2 and Layer 3. 477
    • 478. Distribution Layer SwitchesThe distribution layer switch must have high performance.The distribution layer switch is a point at which a broadcast domain isdelineated. It combines VLAN traffic and is a focal point for policydecisions about traffic flow.For these reasons distribution layer switches operate at both Layer 2and Layer 3 of the OSI model.Switches in this layer are referred to as multilayer switches. Thesemultilayer switches combine the functions of a router and a switch inone device.The following Cisco switches are suitable for the distribution layer:• Catalyst 2926G• Catalyst 5000 family• Catalyst 6000 family 478
    • 479. The Core LayerThe core layer is a high-speed switching backbone.This layer of the network design should not perform any packet manipulation.Packet manipulation, such as access list filtering, would slow down the process.Providing a core infrastructure with redundant alternate paths gives stability to thenetwork in the event of a single device failure.The core can be designed to use Layer 2 or Layer 3 switching. AsynchronousTransfer Mode (ATM) or Ethernet switches can be used. 479
    • 480. Core Layer SwitchesThe switches in this layer can make use of a number of Layer 2technologies. Provided that the distance between the core layerswitches is not too great, the switches can use Ethernet technology.In a network design, the core layer can be a routed, or Layer 3, core.Core layer switches are designed to provide efficient Layer 3functionality when needed.Factors such as need, cost, and performance should be consideredbefore a choice is made.The following Cisco switches are suitable for the core layer:• Catalyst 6500 series• Catalyst 8500 series• IGX 8400 series• Lightstream 1010 480
    • 481. 481
    • 482. Physical Startup of the Catalyst SwitchSwitches are dedicated, specializedcomputers, which contain a CPU, RAM, andan operating system.Switches usually have several ports for thepurpose of connecting hosts, as well asspecialized ports for the purpose ofmanagement.A switch can be managed by connecting tothe console port to view and make changesto the configuration.Switches typically have no power switch toturn them on and off. They simply connect ordisconnect from a power source.Several switches from the Cisco Catalyst2950 series are shown in graphic to the right. 482
    • 483. Switch LED IndicatorsThe front panel of a switch has several lights to help monitor systemactivity and performance. These lights are called light-emitting diodes(LEDs). The switch has the following LEDs:• System LED• Remote Power Supply (RPS) LED• Port Mode LED• Port Status LEDsThe System LED shows whether the system is receiving power andfunctioning correctly.The RPS LED indicates whether or not the remote power supply is in use.The Mode LEDs indicate the current state of the Mode button.The Port Status LEDs have different meanings, depending on the currentvalue of the Mode LED. 483
    • 484. Verifying Port LEDs During Switch POSTOnce the power cable is connected, the switch initiates aseries of tests called the power-on self test (POST).POST runs automatically to verify that the switch functionscorrectly.The System LED indicates the success or failure of POST. 484
    • 485. Connecting a Switch to a Computer 485
    • 486. Examining Help in the Switch CLIThe command-line interface (CLI) for Cisco switches is verysimilar to the CLI for Cisco routers.The help command is issued by entering a question mark (?).When this command is entered at the system prompt, a list ofcommands available for the current command mode isdisplayed.The help command is very flexible and essentially functionsthe same way it does in a router CLI.This form of help is called command syntax help, because itprovides applicable keywords or arguments based on a partialcommand. 486
    • 487. Switch Command ModesSwitches have several command modes.The default mode is User EXEC mode, which ends in agreater-than character (>).The commands available in User EXEC mode are limited tothose that change terminal settings, perform basic tests, anddisplay system information.The enable command is used to change from User EXECmode to Privileged EXEC mode, which ends in a pound-signcharacter (#).The configure command allows other command modes to beaccessed. 487
    • 488. Show Commands in User-Exec Mode 488
    • 489. Setting Switch HostnameSetting Passwords on Lines 489
    • 490. 490
    • 491. OverviewRedundancy in a network is extremely important becauseredundancy allows networks to be fault tolerant.Redundant topologies based on switches and bridges aresusceptible to broadcast storms, multiple frametransmissions, and MAC address database instability.Therefore network redundancy requires careful planningand monitoring to function properly.The Spanning-Tree Protocol is used in switched networksto create a loop free logical topology from a physicaltopology that has loops. 491
    • 492. Redundant Switched TopologiesNetworks with redundant paths and devices allow for more network uptime.In the graphic, if Switch A fails, traffic can still flow from Segment 2 toSegment 1 and to the router through Switch B. If port 1 fails on Switch A thentraffic can still flow through port 1 on Switch B.Switches learn the MAC addresses of devices on their ports so that data canbe properly forwarded to the destination. Switches will flood frames forunknown destinations until they learn the MAC addresses of the devices.A redundant switched topology may cause broadcast storms, multiple framecopies, and MAC address table instability problems. 492
    • 493. Broadcast StormsBroadcasts and multicasts can cause problems in a switched network.Multicasts are treated as broadcasts by the switches.Broadcasts and multicasts frames are flooded out all ports, except the one onwhich the frame was received.The switches continue to propagate broadcast traffic over and over. This iscalled a broadcast storm. This will continue until one of the switches isdisconnected. The network will appear to be down or extremely slow. 493
    • 494. Multiple Frame TransmissionsIn a redundant switched network it is possible for an end device to receivemultiple frames. Assume that the MAC address of Router Y has been timedout by both switches. Also assume that Host X still has the MAC address ofRouter Y in its ARP cache and sends a unicast frame to Router Y. The routerreceives the frame because it is on the same segment as Host X. Switch Adoes not have the MAC address of the Router Y and will therefore flood theframe out its ports. Switch B also does not know which port Router Y is on.Switch B then floods the frame it received causing Router Y to receivemultiple copies of the same frame. This is a cause of unnecessary processingin all devices. 494
    • 495. MAC Database InstabilityA switch can incorrectly learn that a MAC address is on one port, when it isactually on a different port. In this example the MAC address of Router Y isnot in the MAC address table of either switch. Host X sends a frame directedto Router Y. Switches A & B learn the MAC address of Host X on port 0. Theframe to Router Y is flooded on port 1 of both switches. Switches A and B seethis information on port 1 and incorrectly learn the MAC address of Host X onport 1. When Router Y sends a frame to Host X, Switch A and Switch B willalso receive the frame and will send it out port 1. This is unnecessary, but theswitches have incorrectly learned that Host X is on port 1. 495
    • 496. Using Bridging Loopsfor Redundancy 496
    • 497. Logical Loop Free TopologyCreated with STP 497
    • 498. NOTE:Don’t confuse Spanning Tree Protocol(STP) with Shielded Twisted Pair (STP). 498
    • 499. Spanning Tree Protocol - 1Ethernet bridgesand switches canimplement theIEEE 802.1DSpanning-TreeProtocol and usethe spanning-treealgorithm toconstruct a loopfree shortest pathnetwork.Shortest path isbased oncumulative linkcosts.Link costs arebased on thespeed of the link. 499
    • 500. Spanning Tree Protocol - 2The Spanning-Tree Protocolestablishes a root node, called theroot bridge/switch.The Spanning-Tree Protocolconstructs a topology that has onepath for reaching every networknode. The resulting tree originatesfrom the root bridge/switch.The Spanning-Tree Protocol requiresnetwork devices to exchangemessages to detect bridging loops.Links that will cause a loop are putinto a blocking state.The message that a switch sends,allowing the formation of a loop freelogical topology, is called a BridgeProtocol Data Unit (BPDU). 500
    • 501. Selecting the Root BridgeThe first decision that all switches in the network make, is to identifythe root bridge. The position of the root bridge in a network will affectthe traffic flow.When a switch is turned on, the spanning-tree algorithm is used toidentify the root bridge. BPDUs are sent out with the Bridge ID (BID).The BID consists of a bridge priority that defaults to 32768 and theswitch base MAC address.When a switch first starts up, it assumes it is the root switch andsends BPDUs. These BPDUs contain the switch MAC address in boththe root and sender BID. As a switch receives a BPDU with a lowerroot BID it replaces that in the BPDUs that are sent out. All bridgessee these and decide that the bridge with the smallest BID value willbe the root bridge.A network administrator may want to influence the decision by setting 501the switch priority to a smaller value than the default.
    • 502. BDPUsBPDUs contain enough information so that all switches can dothe following:• Select a single switch that will act as the root of thespanning tree• Calculate the shortest path from itself to the root switch• Designate one of the switches as the closest one to the root, for each LAN segment. This bridge is called the“designated switch”. The designated switch handles allcommunication from that LAN towards the root bridge.• Each non-root switch choose one of its ports as its root port, this is the interface that gives the best path to the root switch.• Select ports that are part of the spanning tree, thedesignated ports. Non-designated ports are blocked. 502
    • 503. Spanning Tree OperationWhen the network has stabilized, it has converged and there is one spanningtree per network. As a result, for every switched network the followingelements exist:• One root bridge per network• One root port per non root bridge• One designated port per segment• Unused, non-designated portsRoot ports and designated ports are used for forwarding (F) data traffic.Non-designated ports discard data traffic.Non-designated ports are called blocking (B) or discarding ports. 503
    • 504. Spanning Tree Port States 504
    • 505. Spanning Tree RecalculationA switched internetwork has converged when all the switch andbridge ports are in either the forwarding or blocked state.Forwarding ports send and receive data traffic and BPDUs.Blocked ports will only receive BPDUs.When the network topology changes, switches and bridgesrecompute the Spanning Tree and cause a disruption of usertraffic.Convergence on a new spanning-tree topology using the IEEE802.1D standard can take up to 50 seconds.This convergence is made up of the max-age of 20 seconds, plusthe listening forward delay of 15 seconds, and the learning forwarddelay of 15 seconds. 505
    • 506. Rapid STP Designations 506
    • 507. 507
    • 508. VLANsVLAN implementation combines Layer 2 switching and Layer 3 routingtechnologies to limit both collision domains and broadcast domains.VLANs can also be used to provide security by creating the VLANgroups according to function and by using routers to communicatebetween VLANs.A physical port association is used to implement VLAN assignment.Communication between VLANs can occur only through the router.This limits the size of the broadcast domains and uses the router todetermine whether one VLAN can talk to another VLAN.NOTE: This is the only way a switch can break up a broadcast domain! 508
    • 509. Setting up VLAN Implementation 509
    • 510. VLAN Communication 510
    • 511. VLAN Membership Modes• VLAN membership can either be static or dynamic. 511
    • 512. Static VLANs• All users attached to same switch port must be in the same VLAN. 512
    • 513. Configuring VLANs in Global Mode Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3 Switch(config-vlan)#exit Switch(config)#end 513
    • 514. Configuring VLANsin VLAN Database Mode Switch#vlan database Switch(vlan)#vlan 3 VLAN 3 added: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Exiting.... 514
    • 515. Deleting VLANs in Global Mode Switch#configure terminal Switch(config)#no vlan 3 Switch(config)#end 515
    • 516. Deleting VLANsin VLAN Database Mode Switch#vlan database Switch(vlan)#no vlan 3 VLAN 3 deleted: Name: VLAN0003 Switch(vlan)#exit APPLY completed. Exiting.... 516
    • 517. Assigning Access Ports to a VLANSwitch(config)#interface gigabitethernet 1/1• Enters interface configuration modeSwitch(config-if)#switchport mode access• Configures the interface as an access portSwitch(config-if)#switchport access vlan 3• Assigns the access port to a VLAN 517
    • 518. Verifying the VLAN ConfigurationSwitch#show vlan [id | name] [vlan_num | vlan_name]VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7 Fa0/8, Fa0/9, Fa0/11, Fa0/12 Gi0/1, Gi0/22 VLAN0002 active51 VLAN0051 active52 VLAN0052 active…VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 10032 enet 100002 1500 - - - - - 0 051 enet 100051 1500 - - - - - 0 052 enet 100052 1500 - - - - - 0 0…Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports 518------- --------- ----------------- ------------------------------------------
    • 519. Verifying the VLAN Port ConfigurationSwitch#show running-config interface {fastethernet |gigabitethernet} slot/port• Displays the running configuration of the interfaceSwitch#show interfaces [{fastethernet | gigabitethernet}slot/port] switchport• Displays the switch port configuration of the interfaceSwitch#show mac-address-table interface interface-id [vlanvlan-id] [ | {begin | exclude | include} expression]• Displays the MAC address table information for the specified interface in the specified VLAN 519
    • 520. Implementing VLAN Trunks 520© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-520
    • 521. VLAN Trunking 521
    • 522. Importance of Native VLANs 522
    • 523. ISL Encapsulation – Performed with ASIC – Not intrusive to client stations; client does not see the header – Effective between switches, and between routers and switches 523
    • 524. ISL and Layer 2 Encapsulation 524
    • 525. Configuring ISL TrunkingSwitch(config)#interface fastethernet 2/1 • Enters interface configuration modeSwitch(config-if)#switchport mode trunk • Configures the interface as a Layer 2 trunkSwitch(config-if)#switchport trunk encapsulation [isl|dot1q] • Selects the encapsulation 525
    • 526. Verifying ISL TrunkingSwitch#show running-config interface {fastethernet |gigabitethernet} slot/portSwitch#show interfaces [fastethernet | gigabitethernet]slot/port [ switchport | trunk ] Switch#show interfaces fastethernet 2/1 trunk Port Mode Encapsulation Status Native VLAN Fa2/1 desirable isl trunking 1 Port VLANs allowed on trunk Fa2/1 1-1005 Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005 Port VLANs in spanning tree forwarding state and not pruned Fa2/1 1-2,1002-1005 526
    • 527. 802.1Q Trunking 527
    • 528. Configuring 802.1Q TrunkingSwitch(config)#interface fastethernet 5/8Switch(config-if)#shutdownSwitch(config-if)#switchport trunk encapsulation dot1qSwitch(config-if)#switchport trunk allowed vlan 1,15,11,1002-1005Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport nonegotiateSwitch(config-if)#no shutdown 528
    • 529. Verifying 802.1Q TrunkingSwitch#show running-config interface {fastethernet |gigabitethernet} slot/portSwitch#show interfaces [fastethernet | gigabitethernet]slot/port [ switchport | trunk ] Switch#show interfaces gigabitEthernet 0/1 switchport Name: Gi0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 . . . 529
    • 530. Implementing VLAN Trunk Protocol 530© 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-530
    • 531. VTP Protocol Features– Advertises VLAN configuration information– Maintains VLAN configuration consistency throughout a common administrative domain– Sends advertisements on trunk ports only 531
    • 532. VTP Modes • Creates, modifies, and deletes VLANs • Sends and forwards advertisements • Synchronizes VLAN configurations • Saves configuration in NVRAM• Cannot create, change, or delete • Creates, modifies, and VLANs deletes VLANs locally• Forwards only advertisements • Forwards• Synchronizes advertisements VLAN • Does not configurations synchronize VLAN• Does not save in configurations NVRAM • Saves configuration in NVRAM 532
    • 533. VTP Operation• VTP advertisements are sent as multicast frames.• VTP servers and clients are synchronized to the latest update identified revision number.• VTP advertisements are sent every 5 minutes or when there is a change. 533
    • 534. VTP Pruning• Increases available bandwidth by reducing unnecessary flooded traffic• Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN. 534
    • 535. VTP Configuration Guidelines– Configure the following: • VTP domain name • VTP mode (server mode is the default) • VTP pruning • VTP password– Be cautious when adding a new switch into an existing domain.– Add a new switch in a Client mode to get the last up-to- date information from the network then convert it to Server mode.– Add all new configurations to switch in transparent mode and check your configuration well then convert it to Server mode to prevent the switch from propagating incorrect VLAN information. 535
    • 536. Configuring a VTP ServerSwitch(config)#vtp server• Configures VTP server modeSwitch(config)#vtp domain domain-name• Specifies a domain nameSwitch(config)#vtp password password• Sets a VTP passwordSwitch(config)#vtp pruning• Enables VTP pruning in the domain 536
    • 537. Configuring a VTP Server (Cont.) Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode. Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end 537
    • 538. Verifying the VTP ConfigurationSwitch#show vtp statusSwitch#show vtp statusVTP Version : 2Configuration Revision : 247Maximum VLANs supported locally : 1005Number of existing VLANs : 33VTP Operating Mode : ClientVTP Domain Name : Lab_NetworkVTP Pruning Mode : EnabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49Switch# 538
    • 539. Verifying the VTP Configuration (Cont.)Switch#show vtp countersSwitch#show vtp countersVTP statistics:Summary advertisements received : 7Subset advertisements received : 5Request advertisements received : 0Summary advertisements transmitted : 997Subset advertisements transmitted : 13Request advertisements transmitted : 3Number of config revision errors : 0Number of config digest errors : 0Number of V1 summary errors : 0VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa5/8 43071 42766 5 539
    • 540. 540
    • 541. Contents• Remote access overview• WAN Connection Types• Defining WAN Encapsulation Protocols• Determining the WAN Type to Use• OSI Layer-2 Point-to-Point WANs – PPP – HDLC – Frame Relay 541
    • 542. Remote Access Overview• A WAN is a data communications network covering a relatively broad geographical area.• A network administrator designing a remote network must weight issues concerning users needs such as bandwidth and cost of the variable available technologies. 542
    • 543. WAN Connection Types 543
    • 544. WAN Connection Types• Leased lines – It is a pre-established WAN communications path from the CPE, through the DCE switch, to the CPE of the remote site, allowing DTE networks to communicate at any time with no setup procedures before transmitting data.• Circuit switching – Sets up line like a phone call. No data can transfer before the end-to-end connection is established. 544
    • 545. WAN Connection Types• Packet switching – WAN switching method that allows you to share bandwidth with other companies to save money. As long as you are not constantly transmitting data and are instead using bursty data transfers, packet switching can save you a lot of money. – However, if you have constant data transfers, then you will need to get a leased line. – Frame Relay and X.25 are packet switching technologies. 545
    • 546. Defining WAN Encapsulation Protocols• Each WAN connection uses an encapsulation protocol to encapsulate traffic while it crossing the WAN link.• The choice of the encapsulation protocol depends on the underlying WAN technology and the communicating equipment. 546
    • 547. Defining WAN Encapsulation Protocols• Typical WAN encapsulation types include the following: – Point-to-Point Protocol (PPP) – Serial Line Internet Protocol (SLIP) – High-Level Data Link Control Protocol (HDLC) – X.25 / Link Access Procedure Balanced (LAPB) – Frame Relay – Asynchronous Transfer Mode (ATM) 547
    • 548. Determining the WAN Type to Use• Availability – Each type of service may be available in certain geographical areas.• Bandwidth – Determining usage over the WAN is important to evaluate the most cost-effective WAN service.• Cost – Making a compromise between the traffic you need to transfer and the type of service with the available cost that will suit you. 548
    • 549. Determining the WAN Type to Use• Ease of Management – Connection management includes both the initial start-up configuration and the outgoing configuration of the normal operation.• Application Traffic – Traffic may be as small as during a terminal session , or very large packets as during file transfer. 549
    • 550. Max. WAN Speeds for WAN Connections MaximumWAN Type SpeedAsynchronous Dial-Up 56-64 KbpsX.25, ISDN – BRI 128 KbpsISDN – PRI E1 / T1Leased Line / Frame Relay E3 / T3 550
    • 551. OSI Layer-2 Point-to-Point WANs• WAN protocols used on Point-to-Point serial links provide the basic function of data delivery across that one link.• The two most popular data link protocols used today are Point-to-Point Protocol (PPP) and High-Level Data Link Control (HDLC). 551
    • 552. HDLC• HDLC performs OSI Layer-2 functions.• It determines when it is appropriate to use the physical medium.• Ensures that the correct recipient receives and processes the data that is sent.• Determines whether the sent data was received correctly or not (error detection). 552
    • 553. HDLC• HDLC Frame Format• The original HDLC didn’t include any Protocol Type field, every company (including Cisco) added its own field, so it became a proprietary protocol that can be used between only Cisco routers. 553
    • 554. Point-to-Point Protocol (PPP)• PPP is a standard encapsulation protocol for the transport of different Network Layer protocols (including, but not limited to, IP).• It has the following main functional components – Link Control Protocol (LCP) that establishes, authenticates, and tests the data link connection. – Network Control Protocols (NCPs) that establishes and configure different network layer protocols. 554
    • 555. Point-to-Point Protocol (PPP)• PPP discards frames that do not pass the error check.• PPP is a standard protocol, and so it can be used with all types of routers (not Cisco Proprietary). 555
    • 556. PPP LCP Features• Authentication• Compression• Multilink PPP• Error Detection• Looped Link Detection 556
    • 557. Compression• Compression enables higher data throughput across the link.• Different compression schemes are available: – Predictor : checks if the data was already compressed. – Stacker : it looks at the data stream and only sends each type of data once with information about where the type occurs and then the receiving side uses this information to reassemble the data stream. – MPPC (Microsoft Point-to-Point Compression) : allows Cisco routers to compress data with Microsoft clients. 557
    • 558. PPP Multilink• PPP Multilink provides load balancing over dialer interfaces-including ISDN, synchronous, and asynchronous interfaces.• This can improve throughput and reduce latency between systems by splitting packets and sending fragments over parallel circuits. 558
    • 559. Error Detection• PPP can take down a link based on the value of what is called LQM (Link Quality Monitor) as it gets the ratio of corrupted packets to the total number of sent packets, and according to a predetermined value, the link can be brought down if it is thought that its performance is beyond limits accepted. 559
    • 560. Looped Link Detection• PPP can detect looped links (that are sometimes done by Teleco companies) using what is called Magic Number.• Every router will have a magic number, and if packets were received having the same router’s magic number, then the link is looped. 560
    • 561. PPP Configuration Commands• To enable PPP – Router(config-if)#encapsulation ppp• To configure PAP authentication – Router(Config-if)#ppp authentication pap – Router(Config-if)#ppp pap username .. password ..• To configure Compression – Router(Config-if)#compress [predictor|stack|mppc] 561
    • 562. Frame Relay 562© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-562
    • 563. Frame Relay• Frame Relay networks use permanent virtual circuits (PVCs) or switched virtual circuits (SVCs) but most nowadays Frame Relay networks use permanent virtual circuits (PVCs).• The logical path between each pair of routers is called a Virtual Circuit (VC).• VCs share the access link and the frame relay network.• Each VC is committed to a CIR (Committed Information Rate) which is a guarantee by the provider that a particular VC gets at least this much of BW. 563
    • 564. PVCPC PVC Port PVC CPE SVC UNI SVCController Router ISDN dial-up connection or Switch direct connection (V.35, E1, RS232)PBXVideoDesktop & LAN Network access Frame Relay Network Formats packets in frames 564
    • 565. LMI and Encapsulation Types• The LMI is a definition of the messages used between the DTE and the DCE.• The encapsulation defines the headers used by a DTE to communicate some information to the DTE on the other end of a VC.• The switch and its connected router care about using the same LMI; the switch does not care about the encapsulation. The endpoint routers (DTEs) do care about the encapsulation. 565
    • 566. LMI• The most important LMI message is the LMI status inquiry message. Status messages perform two key functions: – Perform a keepalive function between the DTE and DCE. If the access link has a problem, the absence of keepalive messages implies that the link is down. – Signal whether a PVC is active or inactive. Even though each PVC is predefined, its status can change. 566
    • 567. LAPF• A Frame Relay-connected router encapsulates each Layer 3 packet inside a Frame Relay header and trailer before it is sent out an access link.• The header and trailer are defined by the Link Access Procedure Frame Bearer Services (LAPF) specification.• The LAPF framing provides error detection with an FCS in the trailer, as well as the DLCI, DE, FECN, and BECN fields in the header. 567
    • 568. LAPF• DTEs use and react to the fields specified by these two types of encapsulation, but Frame Relay switches ignore these fields. Because the frames flow from DTE to DTE, both DTEs must agree to the encapsulation used.• However, each VC can use a different encapsulation. In the configuration, the encapsulation created by Cisco is called cisco, and the other one is called ietf. 568
    • 569. DLCI Addressing Details• The logical path between a pair of DTEs is called a virtual circuit (VC).• The data-link connection identifier (DLCI) identifies each individual PVC.• When multiple VCs use the same access link, the Frame Relay switches know how to forward the frames to the correct remote sites.The DLCI is the Frame Relay address describing a Virtual Circuit 569
    • 570. DLCI=17 B DLCI=32 DLCI=32 DLCI=16 FR-networkR DLCI=17 DLCI=16 DLCI=16 DLCI=21 R Virtual circuit R Router B Bridge Frame Relay switch 570
    • 571. DLCI Addressing Details• The difference between layer-2 addressing and DLCI addressing is mainly because the fact that the header has a single DLCI field, not both Source and Destination DLCI fields. 571
    • 572. Global DLCI Addressing• Frame Relay DLCIs are locally significant; this means that the addresses need to be unique only on the local access link.• Global addressing is simply a way of choosing DLCI numbers when planning a Frame Relay network so that working with DLCIs is much easier.• Because local addressing is a fact, global addressing does not change these rules. Global addressing just makes DLCI assignment more obvious. 572
    • 573. Global DLCI Addressing• The final key to global addressing is that the Frame Relay switches actually change the DLCI value before delivering the frame.• The sender treats the DLCI field as a destination address, using the destination’s global DLCI in the header.• The receiver thinks of the DLCI field as the source address, because it contains the global DLCI of the frame’s sender. 573
    • 574. Layer 3 Addressing• Cisco’s Frame Relay implementation defines three different options for assigning subnets and IP addresses on Frame Relay interfaces: – One subnet containing all Frame Relay DTEs – One subnet per VC – A hybrid of the first two options 574
    • 575. One Subnet Containing All Frame Relay DTEs• The single-subnet option is typically used when a full mesh of VCs exists.• In a full mesh, each router has a VC to every other router, meaning that each router can send frames directly to every other router 575
    • 576. One Subnet Per VC• The single-subnet-per-VC alternative, works better with a partially meshed Frame Relay network. 576
    • 577. Hybrid Terminology• Point-to-point subinterfaces are used when a single VC is considered to be all that is in the group—for instance, between Routers A and D and between Routers A and E.• Multipoint subinterfaces are used when more than two routers are considered to be in the same group— for instance, with Routers A, B, and C. 577
    • 578. Frame Relay Address Mapping• Mapping creates a correlation between a Layer- 3 address (IP Address) and its corresponding Layer-2 address (DLCI in Frame Relay).• It is used so that after the router receives the packet with the intended IP address could be able to handle it to the right Frame Relay switch (with the appropriate DLCI) 578
    • 579. Mapping Methods• Mapping can be done either two ways:• Dynamic Mapping – Using the Inverse ARP that is enabled by default on Cisco routers.• Static Mapping – Using the frame-relay map command but you should first disable the inverse arp using the command no frame-relay inverse-arp 579
    • 580. Integrated Services Digital Network (ISDN) 580© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-580
    • 581. LAPD & PPP on D and B Channels• LAPD is used as a data-link protocol across an ISDN D channel.• Essentially, a router with an ISDN interface needs to send and receive signaling messages to and from the local ISDN switch to which it is connected.• LAPD provides the data-link protocol that allows delivery of messages across that D channel to the local switch. 581
    • 582. LAPD & PPP on D and B Channels• The call setup and teardown messages themselves are defined by the Q.931 protocol. So, the local switch can receive a Q.931 call setup request from a router over the LAPD-controlled D channel, and it should react to that Q.931 message by setting up a circuit over the public network. 582
    • 583. LAPD & PPP on D and B Channels• An ISDN switch often requires some form of authentication with the device connecting to it.• Switches use a free-form decimal value, call the service profile identifier (SPID), to perform authentication.• In short, before any Q.931 call setup messages are accepted, the switch asks for the configured SPID values. If the values match what is configured in the switch, call setup flows are accepted. 583
    • 584. PRI Encoding and Framing• ISDN PRI in North America is based on a digital T1 circuit. T1 circuits use two different encoding schemes—Alternate Mark Inversion (AMI) and Binary 8 with Zero Substitution (B8ZS).• The two options for framing on T1s are to use either Extended Super Frame (ESF) or the older option—Super Frame (SF). In most cases today, new T1s use ESF. 584
    • 585. DDR (Dial On Demand Routing)• You can configure DDR in several ways, including Legacy DDR and DDR dialer profiles.• The main difference between the two is that Legacy DDR associates dial details with a physical interface, whereas DDR dialer profiles disassociate the dial configuration from a physical interface, allowing a great deal of flexibility. 585
    • 586. Legacy DDR Operation1. Route packets out the interface to be dialed.2. Determine the subset of the packets that trigger the dialing process.3. Dial (signal).4. Determine when the connection is terminated. 586
    • 587. DDR Step 1: Routing Packets Out the Interface to Be Dialed• DDR does not dial until some traffic is directed (routed) out the dial interface.• The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design for DDR defines that the router receives some user- generated traffic and, through normal routing processes, decides to route the traffic out the interface to be dialed.• The router (SanFrancisco) can receive a packet that must be routed out BRI0; routing the packet out BRI0 triggers the Cisco IOS software, causing the dial to occur. 587
    • 588. DDR Step 2: Determining the Interesting Traffic• Packets that are worthy of causing the device to dial are called interesting packets.• Two different methods can be used to define interesting packets. – In the first method, interesting is defined as all packets of one or more Layer 3 protocols. – The second method allows you to define packets as interesting if they are permitted by an access list. 588
    • 589. DDR Step 3: Dialing (Signaling)• Defining the phone number to be dialed.• The command is dialer string , where string is the phone number (used when dialing only one site).• The dialer map command maps the different dialer numbers to the equivalent IP addresses of the routers to be dialed. 589
    • 590. Configuring SPIDs• You might need to configure the Service Profile Identifier (SPID) for one or both B channels, depending on the switch’s expectations.• When the telco switch has configured SPIDs, it might not allow the BRI line to work unless the router announces the correct SPID values to the switch. SPIDs, when used, provide a basic authentication feature. 590
    • 591. ISDN PRI Configuration1. Configure the type of ISDN switch to which this router is connected.2. Configure the T1 or E1 encoding and framing options (controller configuration mode).3. Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configuration mode).4. Configure any interface settings (for example, PPP encapsulation and IP address) on the interface representing the D channel. 591
    • 592. Configuring a T1 or E1 Controller• Your service provider will tell you what encoding and framing to configure on the router. Also, in almost every case, you will use all 24 DS0 channels in the PRI—23 B channels and the D channel. 592
    • 593. DDR With Dialer Profiles• Dialer profiles pool the physical interfaces so that the router uses any available B channel on any of the BRIs or PRIs in the pool.• Dialer profiles configuration moves most of the DDR interface configuration to a virtual interface called a dialer interface. 593

    ×