Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,140
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
10

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mohannad Al-Hanahnah© 2003, Cisco Systems, Inc. All rights reserved.
  • 2. Communications and Services Certifications Mohannad Al-Hanahnah
  • 3. Mohannad Al-Hanahnah
  • 4. Data NetworksSharing data through the use of floppy disks is not an efficient orcost-effective manner in which to operate businesses.Businesses needed a solution that would successfully address thefollowing three problems:• How to avoid duplication of equipment and resources• How to communicate efficiently• How to set up and manage a networkBusinesses realized that networking technology could increaseproductivity while saving money. Mohannad Al-Hanahnah
  • 5. Networking DevicesEquipment that connects directly to a network segment is referredto as a device.These devices are broken up into two classifications.• end-user devices• network devicesEnd-user devices include computers, printers, scanners, and otherdevices that provide services directly to the user.Network devices include all the devices that connect the end-userdevices together to allow them to communicate. Mohannad Al-Hanahnah
  • 6. Network Interface CardA network interface card (NIC) is a printed circuit board thatprovides network communication capabilities to and from apersonal computer. Also called a LAN adapter. Mohannad Al-Hanahnah
  • 7. Networking Device Icons Mohannad Al-Hanahnah
  • 8. Cisco Icons and Symbols Router Wireless Secure Router Firewall Home Office RouterWorkgroup Access Point IP Phone Mobile Small Switch Access Business Phone Wireless Line: Serial Line: Ethernet Connectivity Mohannad Al-Hanahnah
  • 9. RepeaterA repeater is a network device used to regenerate a signal.Repeaters regenerate analog or digital signals distorted bytransmission loss due to attenuation. A repeater does not performintelligent routing. Mohannad Al-Hanahnah
  • 10. HubHubs concentrate connections.In other words, they take agroup of hosts and allow thenetwork to see them as a singleunit.This is done passively, withoutany other effect on the datatransmission.Active hubs not onlyconcentrate hosts, but theyalso regenerate signals. Mohannad Al-Hanahnah
  • 11. BridgeBridges convert network transmission data formats as well asperform basic data transmission management. Bridges, as thename implies, provide connections between LANs. Not only dobridges connect LANs, but they also perform a check on the data todetermine whether it should cross the bridge or not. This makeseach part of the network more efficient. Mohannad Al-Hanahnah
  • 12. Workgroup SwitchWorkgroup switches add moreintelligence to data transfermanagement.Switches can determinewhether data should remainon a LAN or not, and they cantransfer the data to theconnection that needs thatdata. Mohannad Al-Hanahnah
  • 13. RouterRouters have all capabilities of the previous devices. Routers canregenerate signals, concentrate multiple connections, convert datatransmission formats, and manage data transfers.They can alsoconnect to a WAN, which allows them to connect LANs that areseparated by great distances. Mohannad Al-Hanahnah
  • 14. “The Cloud”The cloud is used in diagrams to represent where the connection tothe internet is.It also represents all of the devices on the internet. Mohannad Al-Hanahnah
  • 15. Network TopologiesNetwork topology defines the structure of the network.One part of the topology definition is the physical topology, which isthe actual layout of the wire or media.The other part is the logical topology,which defines how the mediais accessed by the hosts for sending data. Mohannad Al-Hanahnah
  • 16. Physical Topologies Mohannad Al-Hanahnah
  • 17. Bus TopologyA bus topology uses a single backbone cable that is terminated atboth ends.All the hosts connect directly to this backbone. Mohannad Al-Hanahnah
  • 18. Ring TopologyA ring topology connects one host to the next and the last host tothe first.This creates a physical ring of cable. Mohannad Al-Hanahnah
  • 19. Star TopologyA star topology connects all cables to a central point ofconcentration. Mohannad Al-Hanahnah
  • 20. Extended Star TopologyAn extended star topology links individual stars together byconnecting the hubs and/or switches.This topology can extend thescope and coverage of the network. Mohannad Al-Hanahnah
  • 21. Hierarchical TopologyA hierarchical topology is similar to an extended star. Mohannad Al-Hanahnah
  • 22. Mesh TopologyA mesh topology is implemented to provide as muchprotection as possible from interruption of service.Each host has its own connections to all other hosts. Althoughthe Internet has multiple paths to any one location, it doesnot adopt the full mesh topology. Mohannad Al-Hanahnah
  • 23. LANs, MANs, & WANsOne early solution was the creation of local-area network (LAN)standards which provided an open set of guidelines for creatingnetwork hardware and software, making equipment from differentcompanies compatible.What was needed was a way for information to move efficiently andquickly, not only within a company, but also from one business toanother.The solution was the creation of metropolitan-area networks(MANs) and wide-area networks (WANs). Mohannad Al-Hanahnah
  • 24. Examples of Data Networks Mohannad Al-Hanahnah
  • 25. LANsMohannad Al-Hanahnah
  • 26. Cellular Topology for Wireless Mohannad Al-Hanahnah
  • 27. WANsMohannad Al-Hanahnah
  • 28. SANsA SAN is a dedicated, high-performance network used tomove data between servers andstorage resources.Because it is a separate,dedicated network, it avoids anytraffic conflict between clientsand servers. Mohannad Al-Hanahnah
  • 29. Virtual Private NetworkA VPN is a private network that is constructed within a public networkinfrastructure such as the global Internet. Using VPN, a telecommuter canaccess the network of the company headquarters through the Internet bybuilding a secure tunnel between the telecommuter’s PC and a VPN router inthe headquarters. Mohannad Al-Hanahnah
  • 30. Bandwidth Mohannad Al-Hanahnah
  • 31. Measuring Bandwidth Mohannad Al-Hanahnah
  • 32. Mohannad Al-Hanahnah
  • 33. Understanding Host-to-Host Communications– Older model • Proprietary • Application and combinations software controlled by one vendor– Standards-based model • Multivendor software • Layered approach Mohannad Al-Hanahnah
  • 34. Why do we need the OSI Model?To address the problem of networks increasing in size andin number, the International Organization forStandardization (ISO) researched many network schemesand recognized that there was a need to create a networkmodel that would help network builders implementnetworks that could communicate and work together andtherefore, released the OSI reference model in 1984. Mohannad Al-Hanahnah
  • 35. OSI Model Reduces complexity Standardizes interfaces Ensures interoperable technology Accelerates evolution Simplifies teaching and learning Mohannad Al-Hanahnah
  • 36. Don’t Get Confused.ISO - International Organization for StandardizationOSI - Open System InterconnectionIOS - Internetwork Operating SystemThe ISO created the OSI to make the IOS more efficient.The “ISO” acronym is correct as shown.To avoid confusion, some people say “InternationalStandard Organization.” Mohannad Al-Hanahnah
  • 37. The OSI Reference Model7 Application The OSI Model will be used throughout your entire6 Presentation networking career!5 Session4 Transport3 Network Memorize it!2 Data Link1 Physical Mohannad Al-Hanahnah
  • 38. Layer 7 - The Application Layer7 Application This layer deal with networking applications.6 Presentation5 Session Examples:4 Transport  Email  Web browsers3 Network2 Data Link PDU - Data1 Physical Mohannad Al-Hanahnah
  • 39. Layer 6 - The Presentation Layer7 Application This layer is responsible for presenting the data in the6 Presentation required format which may5 Session include:4 Transport  Encryption  Compression3 Network2 Data Link PDU - Data1 Physical Mohannad Al-Hanahnah
  • 40. Layer 5 - The Session Layer7 Application This layer establishes, manages, and terminates sessions6 Presentation between two communicating5 Session hosts.4 Transport3 Network PDU - Data2 Data Link1 Physical Mohannad Al-Hanahnah
  • 41. Layer 4 - The Transport Layer7 Application This layer breaks up the data from the sending host and then6 Presentation reassembles it in the receiver.5 Session4 Transport It also is used to insure reliable data transport across the3 Network network. Also provide error2 Data Link correction.1 Physical PDU - Segments Mohannad Al-Hanahnah
  • 42. Layer 3 - The Network Layer7 Application Makes “Best Path6 Presentation Determination” decisions based5 Session on logical addresses (usually IP4 Transport addresses).3 Network PDU - Packets2 Data Link1 Physical Mohannad Al-Hanahnah
  • 43. Layer 2 - The Data Link Layer7 Application This layer provides reliable transit of data across a physical6 Presentation link “error detection”.5 Session4 Transport Makes decisions based on physical addresses (usually MAC3 Network addresses).2 Data Link PDU - Frames1 Physical Mohannad Al-Hanahnah
  • 44. Layer 1 - The Physical Layer This is the physical media7 Application through which the data,6 Presentation represented as electronic signals, is sent from the source host to5 Session the destination host.4 Transport3 Network PDU - Bits2 Data Link1 Physical Mohannad Al-Hanahnah
  • 45. Host Layers7 Application These layers only exist in the source6 Presentation and destination5 Session host computers.4 Transport3 Network2 Data Link1 Physical Mohannad Al-Hanahnah
  • 46. Media Layers7 Application6 Presentation5 Session4 Transport These layers manage the3 Network information out in the2 Data Link LAN or WAN between the1 Physical source and destination hosts. Mohannad Al-Hanahnah
  • 47. Data Encapsulation Mohannad Al-Hanahnah
  • 48. Data De-Encapsulation Mohannad Al-Hanahnah
  • 49. Peer-to-Peer Communication Mohannad Al-Hanahnah
  • 50. Data Flow Through a Network Mohannad Al-Hanahnah
  • 51. Mohannad Al-Hanahnah
  • 52. Cabling the Campus Core_ Server core_sw_a Leased Line/ISDN Cloud Frame Relay Mohannad Al-Hanahnah
  • 53. Unshielded Twisted-Pair Cable– Speed and throughput: 10 to 1000 Mb/s– Average cost per node: Least expensive– Media and connector size: Small– Maximum cable length: Varies Mohannad Al-Hanahnah
  • 54. RJ-45 Connector Mohannad Al-Hanahnah
  • 55. RJ-45 Jack Mohannad Al-Hanahnah
  • 56. UTP Implementation (Straight-Through) Cable 10BASE-T/ 100BASE-TX Straight-Through Straight-Through Cable Pin Label Pin Label 1 TX+ 1 TX+ 2 TX- 2 TX- 3 RX+ 3 RX+ 4 NC 4 NC 5 NC 5 NC 6 RX- 6 RX- 7 NC 7 NC Wires on cable ends 8 NC 8 NC are in same order. Mohannad Al-Hanahnah
  • 57. UTP Implementation (Crossover) Cable 10BASE-T or100BASE-TX Straight-Through Crossover Cable EIA/TIA T568A EIA/TIA T568B Pin Label Pin Label 1 TX+ 1 TX+ 2 TX- 2 TX- 3 RX+ 3 RX+ 4 NC 4 NC 5 NC 5 NC 6 RX- 6 RX- 7 NC 7 NC Some wires on cable 8 NC 8 NC ends are crossed. Mohannad Al-Hanahnah
  • 58. Ethernet StandardsThe Ethernet standard specifies that each of the pins on an RJ-45connector have a particular purpose. A NIC transmits signals onpins 1 & 2, and it receives signals on pins 3 & 6. Mohannad Al-Hanahnah
  • 59. Remember…A straight cable has T568B or T568A on both ends. A crossover (or cross-connect) cable has T568B on one end and T568A on the other. A consolecable had T568B on one end and reverse T568B on the other, which iswhy it is also called a rollover cable. Mohannad Al-Hanahnah
  • 60. UTP Implementation: Straight-Through vs. Crossover Mohannad Al-Hanahnah
  • 61. Using Varieties of UTP Mohannad Al-Hanahnah
  • 62. Shielded Twisted Pair (STP) Cable Mohannad Al-Hanahnah
  • 63. Coaxial Cable Mohannad Al-Hanahnah
  • 64. Fiber Optic Cable Mohannad Al-Hanahnah
  • 65. Fiber Optic ConnectorsConnectors are attached to the fiber ends so that the fibers can beconnected to the ports on the transmitter and receiver.The type of connector most commonly used with multimode fiber isthe Subscriber Connector (SC connector).On single-mode fiber, theStraight Tip (ST) connector is frequently used Mohannad Al-Hanahnah
  • 66. Cable Specifications10BASE-TThe T stands for twisted pair.10BASE5The 5 represents the fact that a signal can travel for approximately 500meters 10BASE5 is often referred to as Thicknet.10BASE2The 2 represents the fact that a signal can travel for approximately 200meters 10BASE2 is often referred to as Thinnet.All 3 of these specifications refer to the speed of transmission at 10 Mbpsand a type of transmission that is baseband, or digitally interpreted. Thinnetand Thicknet are actually a type of networks, while 10BASE2 & 10BASE5 arethe types of cabling used in these networks. Mohannad Al-Hanahnah
  • 67. Comparing Ethernet Media Requirements Mohannad Al-Hanahnah
  • 68. LAN Physical Layer Implementation Mohannad Al-Hanahnah
  • 69. WAN Physical Layer Implementations • Physical layer implementations vary • Cable specifications define speed of link Frame HDLC PPP Relay ISDN BRI (with PPP) EIA/TIA-232 RJ-45 EIA/TIA-449 X.21 V.24 V.35 HSSI Mohannad Al-Hanahnah
  • 70. Serial Point-to-Point Connections Mohannad Al-Hanahnah
  • 71. Serial Implementation of DTE & DCEWhen connecting directly to a service provider, or to a devicesuch as a CSU/DSU that will perform signal clocking, the router isa DTE and needs a DTE serial cable.This is typically the case for routers. Mohannad Al-Hanahnah
  • 72. Back-to-Back Serial ConnectionWhen performinga back-to-backrouter scenario ina testenvironment, oneof the routers willbe a DTE and theother will be aDCE. Mohannad Al-Hanahnah
  • 73. RepeaterA repeater is a network device used to regenerate a signal.Repeaters regenerate analog or digital signals distorted bytransmission loss due to attenuation.Repeater is a Physical Layerdevice Mohannad Al-Hanahnah
  • 74. The 4 Repeater RuleThe Four Repeater Rule for 10-Mbps Ethernet should be used as astandard when extending LAN segments.This rule states that no more than four repeaters can beused between hosts on a LAN. Mohannad Al-Hanahnah
  • 75. HubHubs concentrateconnections.In other words,they take a group of hosts andallow the network to see themas a single unit.Hub is a physical layer device. All devices in the same collision domain. All devices in the same broadcast domain. Devices share the same bandwidth. Mohannad Al-Hanahnah
  • 76. Network Interface CardThe function of a NIC is to connect a host device to the network medium.A NIC is a printed circuit board that fits into the expansion slot on the motherboard orperipheral device of a computer. The NIC is also referred to as a network adapter.NICs are considered Data Link Layer devices because each NIC carries a unique code called aMAC address. Mohannad Al-Hanahnah
  • 77. MAC AddressMAC address is 48 bits in length and expressed as twelve hexadecimaldigits.MAC addresses are sometimes referred to as burned-in addresses (BIA)because they are burned into read-only memory (ROM) Mohannad Al-Hanahnah
  • 78. BridgeBridges are Data Link layer devices.Connected hostaddresses are learned and stored on a MAC addresstable.Each bridge port has a unique MAC address Mohannad Al-Hanahnah
  • 79. BridgesMohannad Al-Hanahnah
  • 80. Bridging Graphic Mohannad Al-Hanahnah
  • 81. SwitchSwitches are Data Link layerdevices.Each Switch port has a uniqueMAC address.Connected host MACaddresses are learned andstored on a MAC addresstable. Mohannad Al-Hanahnah
  • 82. • No. of broadcast domain=No. of router interfaces• Switches create separate collision domains but a single broadcast domain.Routers provide a separate broadcast domain for each interface. Mohannad Al-Hanahnah
  • 83. Hub: One collision domain, one broadcast domainBridge: Two collision domains, one broadcast domainSwitch: Four collision domains, one broadcast domainRouter: Three collision domains, three broadcast domains Mohannad Al-Hanahnah
  • 84. Switching Modescut-throughA switch starts to transfer the frame as soon as the destination MAC address isreceived. No error checking is available.store-and-forwardThe switch can receive the entire frame before sending it out the destinationport. This gives the switch software an opportunity to verify the Frame CheckSum (FCS) to ensure that the frame was reliably received before sending it to thedestination.fragment-freeA compromise between the cut-through and store-and-forward modes.Fragment-free reads the first 64 bytes, which includes the frame header, andswitching begins before the entire data field and checksum are read. Mohannad Al-Hanahnah
  • 85. Full DuplexAnother capability emerges when only two nodes are connected. In a network that usestwisted-pair cabling, one pair is used to carry the transmitted signal from one node to theother node. A separate pair is used for the return or received signal. It is possible for signalsto pass through both pairs simultaneously. The capability of communication in bothdirections at once is known as full duplex. Mohannad Al-Hanahnah
  • 86. Switches – MAC Tables Mohannad Al-Hanahnah
  • 87. Peer-to-Peer NetworkIn a peer-to-peer network, networked computers act as equal partners, or peers.As peers, each computer can take on the client function or the server function.At one time, computer A may make a request for a file from computer B, which respondsby serving the file to computer A. Computer A functions as client, while B functions as theserver. At a later time, computers A and B can reverse roles.In a peer-to-peer network, individual users control their own resources. Peer-to-peernetworks are relatively easy to install and operate. As networks grow, peer-to-peerrelationships become increasingly difficult to coordinate. Mohannad Al-Hanahnah
  • 88. Client/Server NetworkIn a client/server arrangement, network services are located on a dedicated computercalled a server.The server responds to the requests of clients.The server is a central computer that is continuously available to respond to requests fromclients for file, print, application, and other services.Most network operating systems adopt the form of a client/server relationship. Mohannad Al-Hanahnah
  • 89. Mohannad Al-Hanahnah
  • 90. Why Another Model?Although the OSI reference model is universallyrecognized, the historical and technical open standardof the Internet is Transmission Control Protocol /Internet Protocol (TCP/IP).The TCP/IP reference model and the TCP/IP protocolstack make data communication possible between anytwo computers, anywhere in the world, at nearly thespeed of light.The U.S. Department of Defense (DoD) created theTCP/IP reference model. Mohannad Al-Hanahnah
  • 91. Don’t Confuse the Models7 Application6 Presentation Application5 Session4 Transport Transport3 Network Internet2 Data Link Network1 Physical Access Mohannad Al-Hanahnah
  • 92. 2 Models Side-By-Side7 Application6 Presentation Application5 Session4 Transport Transport3 Network Internet2 Data Link Network1 Physical Access Mohannad Al-Hanahnah
  • 93. The Application LayerThe applicationlayer of theTCP/IP modelhandles high-level protocols,issues ofrepresentation,encoding, anddialog control. Mohannad Al-Hanahnah
  • 94. The Transport LayerThe transport layer provides transport services fromthe source host to the destination host. It constitutesa logical connection between these endpoints of thenetwork. Transport protocols segment andreassemble upper-layer applications into the samedata stream between endpoints. Mohannad Al-Hanahnah
  • 95. The Internet Layer The purpose of the Internet layer is to select the best path through the network for packets to travel. The main protocol that functions at this layer is the Internet Protocol (IP). Best path determination and packet switching occur at this layer. Mohannad Al-Hanahnah
  • 96. The Network Access Layer It the layer that is concerned with all of the issues that an IP packet requires to actually make a physical link to the network media. It includes LAN and WAN details, and all the details contained in the OSI physical and data-link layers. NOTE: ARP & RARP work at both the Internet and Network Access Layers. Mohannad Al-Hanahnah
  • 97. Introduction to the Transport LayerThe primary duties of the transport layer, Layer 4 of the OSImodel, are to transport and regulate the flow of information fromthe source to the destination, reliably and accurately.End-to-end control and reliability are provided by slidingwindows, sequencing numbers, and acknowledgments. Mohannad Al-Hanahnah
  • 98. More on The Transport LayerThe transport layer provides transport services from thesource host to the destination host.It establishes a logical connection between the endpoints ofthe network.Transport services include the following basic services:• Segmentation of upper-layer application data• Transport of segments from one end host to another end host• Flow control provided by sliding windows• Reliability provided by sequence numbers and acknowledgments Mohannad Al-Hanahnah
  • 99. Flow ControlAs the transport layer sends data segments, it tries to ensure that data is not lost.A receiving host that is unable to process data as quickly as it arrives could be acause of data loss.Flow control avoids the problem of a transmitting host overflowing the buffers inthe receiving host. Mohannad Al-Hanahnah
  • 100. TCPTransmission Control Protocol (TCP) is a connection-oriented Layer 4protocol that provides reliable full-duplex data transmission.TCP is part of the TCP/IP protocol stack. In a connection-orientedenvironment, a connection is established between both ends before thetransfer of information can begin.TCP is responsible for breaking messages into segments, reassemblingthem at the destination station, resending anything that is not received,and reassembling messages from the segments.TCP supplies a virtualcircuit between end-user applications.The protocols that use TCP include:• FTP (File Transfer Protocol)• HTTP (Hypertext Transfer Protocol)• SMTP (Simple Mail Transfer Protocol)• Telnet Mohannad Al-Hanahnah
  • 101. TCP Segment Format Mohannad Al-Hanahnah
  • 102. UDPUser Datagram Protocol (UDP) is the connectionless transport protocolin the TCP/IP protocol stack.UDP is a simple protocol that exchanges datagrams, withoutacknowledgments or guaranteed delivery. Error processing andretransmission must be handled by higher layer protocols.UDP uses no windowing or acknowledgments so reliability, if needed, isprovided by application layer protocols. UDP is designed for applicationsthat do not need to put sequences of segments together.The protocols that use UDP include:• TFTP (Trivial File Transfer Protocol)• SNMP (Simple Network Management Protocol)• DHCP (Dynamic Host Control Protocol)• DNS (Domain Name System) Mohannad Al-Hanahnah
  • 103. UDP Segment Format Mohannad Al-Hanahnah
  • 104. Well Known Port NumbersThe following port numbers should be memorized:NOTE:The curriculum forgot to mention one of the most important port numbers.Port 80 is used for HTTP or WWW protocols. (Essentially access to the internet.) Mohannad Al-Hanahnah
  • 105. 3-Way HandshakeTCP requires connection establishment before data transfer begins.For a connection to be established or initialized, the two hosts mustsynchronize their Initial Sequence Numbers (ISNs). CTL = Which control bits in the TCP header Mohannad Al-Hanahnah
  • 106. Basic WindowingData packets must bedelivered to therecipient in the sameorder in which theywere transmitted tohave a reliable,connection-orienteddata transfer.The protocol fails ifany data packets arelost, damaged,duplicated, orreceived in a differentorder.An easy solution is tohave a recipientacknowledge thereceipt of each packetbefore the nextpacket is sent. Mohannad Al-Hanahnah
  • 107. Sliding Window Mohannad Al-Hanahnah
  • 108. TCP Sequence & Acknowledgement Mohannad Al-Hanahnah
  • 109. Mohannad Al-Hanahnah
  • 110. Decimal vs. Binary Numbers– Decimal numbers are represented by the numbers 0 through 9.– Binary numbers are represented by a series of 1s and 0s. Mohannad Al-Hanahnah
  • 111. Decimal and Binary Numbers ChartBase-10 Decimal Conversion—63204829 MSB LSB Baseexponent 107 106 105 104 103 102 101 100 Column Value 6 3 2 0 4 8 2 9 Decimal Weight 10000000 1000000 100000 10000 1000 100 10 1 Column Weight 60000000 3000000 200000 0 4000 800 20 9 60000000 + 3000000 + 200000 + 0 + 4000 + 800 + 20 + 9 = 63204829Base-2 Binary Conversion—11101001 (233) MSB LSB Baseexponent 27 26 25 24 23 22 21 20 Column Value 1 1 1 0 1 0 0 1 Decimal Weight 128 64 32 16 8 4 2 1 Column Value 128 64 32 0 8 0 0 1 128 + 64 + 32 + 0 + 8 + 0 + 0 + 1 = 233
  • 112. Powers of 2 Mohannad Al-Hanahnah
  • 113. Decimal-to-Binary Conversion 35 = 25 + 21 + 20 35 = (32 * 1) + (2 * 1) + (1 * 1) 35 = 0 + 0 + 1 + 0 + 0 + 0 +1 + 1 35 = 00100011 Mohannad Al-Hanahnah
  • 114. Binary-to-Decimal Conversion1 0 1 1 1 0 0 1 = (128 * 1) + (64 * 0) + (32 * 1) + (16 * 1) + (8 * 1) + (4 * 0) + (2 * 0) + (1 * 1)1 0 1 1 1 0 0 1 = 128 + 0 + 32 + 16 + 8 + 0 + 0 + 11 0 1 1 1 0 0 1 = 185 Mohannad Al-Hanahnah
  • 115. Mohannad Al-Hanahnah
  • 116. Why IP Addresses?– They uniquely identify each device on an IP network.– Every host (computer, networking device, peripheral) must have a unique address.
  • 117. Network Layer Communication PathA router forwards packets from the originating network to thedestination network using the IP protocol. The packets mustinclude an identifier for both the source and destination networks. Mohannad Al-Hanahnah
  • 118. Network PDU Header Mohannad Al-Hanahnah
  • 119. Network and Host DivisionEach complete 32-bit IP address is broken down into a network partand a host part. A bit or bit sequence at the start of each addressdetermines the class of the address. There are 5 IP address classes. Mohannad Al-Hanahnah
  • 120. IP Address Format: Dotted Decimal Notation Mohannad Al-Hanahnah
  • 121. IP Address RangesThe graphic below shows the IP address range of the first octetboth in decimal and binary for each IP address class. Mohannad Al-Hanahnah
  • 122. IP Address Classes: The First Octet Mohannad Al-Hanahnah
  • 123. IP Address Ranges*127 (01111111) is a Class A address reserved for loopback testing andcannot be assigned to a network. Mohannad Al-Hanahnah
  • 124. Reserved Address Mohannad Al-Hanahnah
  • 125. Public IP AddressesUnique addresses are required for each device on a network.The Internet Assigned Numbers Authority (IANA).No two machines that connect to a public network can have the same IPaddress because public IP addresses are global and standardized.All machines connected to the Internet agree to conform to the system.Public IP addresses must be obtained from an Internet service provider(ISP) or a registry at some expense. Mohannad Al-Hanahnah
  • 126. Private IP AddressesPrivate IP addresses are another solution to the problem of theimpending exhaustion of public IP addresses.As mentioned, publicnetworks require hosts to have unique IP addresses.However, private networks that are not connected to the Internet mayuse any host addresses, as long as each host within the privatenetwork is unique. Class Private Address Range A 10.0.0.0 to 10.255.255.255 B 172.16.0.0 to 172.31.255.255 C 192.168.0.0 to 192.168.255 Mohannad Al-Hanahnah
  • 127. Network Address Mohannad Al-Hanahnah
  • 128. Broadcast Address Mohannad Al-Hanahnah
  • 129. Network/Broadcast Addresses at the Binary LevelAn IP address that has binary 0s in all host bit positions isreserved for the network address, which identifies the network.An IP address that has binary 1s in all host bit positions isreserved for the broadcast address, which is used to send datato all hosts on the network. Here are some examples:Class Network Address Broadcast AddressA 100.0.0.0 100.255.255.255B 150.75.0.0 150.75.255.255C 200.100.50.0Mohannad Al-Hanahnah 200.100.50.255
  • 130. DHCPMohannad Al-Hanahnah
  • 131. Network Connection Mohannad Al-Hanahnah
  • 132. ipconfigMohannad Al-Hanahnah
  • 133. HOW WILL YOU FIND How many bits are NETWORK portion ? How many bits are HOST portion ? Solution : Using Network Prefix or Subnet Mask . . . Mohannad Al-Hanahnah
  • 134. Subnet maskSubnet Mask is another common method used to identify the network portion and host portion of an IP address.In a subnet mask, All network bits = 1 All host bits = 0For example, 172.16.4.0the subnet mask = 255.255.0.0 Mohannad Al-Hanahnah
  • 135. Default Subnet masks of IPv4 Classes Mohannad Al-Hanahnah
  • 136. Network PrefixesA Network Prefix is a method to identify the network portion and host portion of an IP address.The prefix length is nothing but the number of network bits in the IP address.For example, in 192.168.1.0 /24, the number 24 is no. of network bits.the subnet mask = 255.255.255.0 Mohannad Al-Hanahnah
  • 137. How to find the Network address when a Host IP and Subnet mask is given …Any IPv4 Networkaddress Address Mohannad Al-Hanahnah
  • 138. AND ing the Host IP and Subnet mask to get Network Address 0 Mohannad Al-Hanahnah
  • 139. Mohannad Al-Hanahnah
  • 140. Introduction to SubnettingSubnetting a network means to use the subnet mask to divide thenetwork and break a large network up into smaller, more efficient andmanageable segments, or subnets.With subnetting, the network is not limited to the default Class A, B, orC network masks and there is more flexibility in the network design.Subnet addresses include the network portion, plus a subnet field anda host field.The ability to decide how to divide the original host portioninto the new subnet and host fields provides addressing flexibility forthe network administrator. Mohannad Al-Hanahnah
  • 141. Subnetting Review• To identify subnets, you will “borrow” bits from the host ID portion of the IP address: – The number of subnets available depends on the number of bits borrowed. • The available number of subnets = 2s, I which s is the number of bits borrowed. – The number of hosts per subnet available depends upon the number of host ID bits not borrowed. • The available number of hosts per subnet = 2h -2, in which h is the number of host bits not borrowed. • One address is reserved as the network address. • One address is reserved as the broadcast address. Mohannad Al-Hanahnah
  • 142. Possible Subnets and Hosts for a Class C Network Mohannad Al-Hanahnah
  • 143. Possible Subnets and Hosts for a Class B Network Mohannad Al-Hanahnah
  • 144. Possible Subnets and Hosts for a Class A Network Mohannad Al-Hanahnah
  • 145. To create a subnet follow these steps:1.Determine the number of required network IDs:One for each subnet2.Determine the number of required host IDs per subnet:One for each hostOne for each router interface3.Based on the above requirements, create the following:One subnet mask for your entire networkA unique subnet ID for each physical segmentA range of host IDs for each subnet Mohannad Al-Hanahnah
  • 146. In a Class C address, only 8 bits are available for defining the hosts. Rememberthat subnet bits start at the left and go to the right, without skipping bits. Thismeans that the only Class C subnet masks can be the following:We can’t use a /31 or /32 because we have to have at least 2 host bits forassigning IP addresses to hosts. Mohannad Al-Hanahnah
  • 147. When you’ve chosen a possible subnet mask for your network and need todetermine the number of subnets, valid hosts, and broadcast addresses ofa subnet that the mask provides, all you need to do is answer five simplequestions:• How many subnets does the chosen subnet mask produce?• How many valid hosts per subnet are available?• What are the valid subnets?• What’s the broadcast address of each subnet?• What are the valid hosts in each subnet?How many subnets? 2s, I which s is the number of bits borrowed. For example,in 11000000, the number of 1s gives us 22 subnets. In this example, thereare 4 subnets.How many hosts per subnet? 2h -2, in which h is the number of host bits notborrowed. For example, in 11000000, the number of 0s gives us 26 – 2hosts. In this example, there are 62 hosts per subnet. You need to subtract 2 forthe subnet address and the broadcast address, which are not valid hosts. Mohannad Al-Hanahnah
  • 148. What are the valid subnets? 256 – subnet mask = block size, or incrementnumber. An example would be 256 – 192 = 64. The block size of a 192 mask isalways 64. Start counting at zero in blocks of 64 until you reach the subnet maskvalue and these are your subnets. 0, 64, 128, 192.What’s the broadcast address for each subnet? Since we counted our subnets inthe last section as 0, 64, 128, and 192, the broadcast address is always thenumber right before the next subnet. For example, the 0 subnet has a broadcastaddress of 63 because the next subnet is 64. The 64 subnet has a broadcastaddress of 127 because the next subnet is 128. And so on.What are the valid hosts? Valid hosts are the numbers between the subnets,omitting the all 0s and all 1s. For example, if 64 is the subnet number and 127 isthe broadcast address, then 65–126 is the valid host range —it’s always thenumbers between the subnet address and the broadcast address. Mohannad Al-Hanahnah
  • 149. 192.168.10.33/28 Calculate all things???255.255.255.11110000192.168.10. 00100001Number of network=16 {0,16,32,48,64,80,96,112,128,144,160 176,192,208,224,240}Number of hosts=16-2=14block size=16Network ID ::192.168.10.32first usable ::192.168.10.33last usable ::192.168.10.46broadcast address::192.168.10.47 Mohannad Al-Hanahnah
  • 150. 192.168.10.65/26 (255.255.255.192) Calculate all things?255.255.255.11000000192.168.10. 01000001number of network=4 {0,64,128,192}number of hosts =64-2=62Network ID ::192.168.10.64first usable ::192.168.10.65last usable ::192.168.10.126broadcast address::192.168.10.127 Mohannad Al-Hanahnah
  • 151. 172.16.0.0 = Network address255.255.192.0 = Subnet maskCalculate every things??Number Subnets? 22 = 4Number Hosts? 214 – 2 = 16,382Valid subnets? 256 – 192= 64 {0, 64, 128, 192} Mohannad Al-Hanahnah
  • 152. 172.16.0.0 = Network address255.255.240.0 = Subnet maskCalculate all things??Number Subnets? 24 = 16Number Hosts? 212 – 2 = 4094Valid subnets? 256 – 240= 16 {0, 16, 32, 48, etc., up to 240} Mohannad Al-Hanahnah
  • 153. Given the Class C network of 204.15.5.0/24, subnet the network in order to createthe network in Figure with the host requirements shown.? You need three subnet bits>>> 23 =8 subnetwork Number of host >>>> 25 -2=32-2=30 hosts Subnetmask >>>>255.255.255.224 Block size = 256- 25 =256-224=32 netA: 204.15.5.0/27 host address range 1 to 30 netB: 204.15.5.32/27 host address range 33 to 62 netC: 204.15.5.64/27 host address range 65 to 94 netD: 204.15.5.96/27 host address range 97 to 126 netE: 204.15.5.128/27 host address range 129 to 158 Mohannad Al-Hanahnah
  • 154. In this example, you are given two address / mask combinations, written with theprefix/length notation, which have been assigned to two devices. Your task is todetermine if these devices are on the same subnet or different subnets.??DeviceA: 172.16.17.30/20DeviceB: 172.16.28.15/20 DeviceA and DeviceB have addresses that are part of the same subnet. Mohannad Al-Hanahnah
  • 155. In all of the previous examples of subnetting, notice that the same subnet mask was applied for all the subnets. This means that each subnet has the same number of available host addresses. You can need this in some cases, but, in most cases, having the same subnet mask for all subnets ends up wasting address space.Subnet 172.16.1.0/24 is divided into smaller subnets. – Subnet with one mask (/27). – Then further subnet one of the unused /27 subnets into multiple /30 subnets Mohannad Al-Hanahnah
  • 156. Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in Figure with the host requirements shown.?netA: 204.15.5.0/27netB: 204.15.5.32/27netC: 204.15.5.64/27netD: 204.15.5.96/27netE: 204.15.5.128/27 NetA, NetC, and NetD have a lot of unused host address space. It is possible that this was a deliberate design accounting for future growth, but in many cases this is just wasted address space due to the fact that the same subnet mask is being used for all the subnets. Mohannad Al-Hanahnah
  • 157. Solution using VLSM::netA: must support 14 hostsnetB: must support 28 hostsnetC: must support 2 hostsnetD: must support 7 hostsnetE: must support 28 hostDetermine what mask allows the required numberof hosts.netA: requires a /28netB: requires a /27netC: requires a /30netD: requires a /28netE: requires a /27 Mohannad Al-Hanahnah
  • 158. Question: What subnet and broadcast address is the IP address 172.16.66.10 /18a member of?Answer: The interesting octet is the third octet instead of the fourth octet.Block size=256 – 192 = 64.0, 64, 128. The subnet is 172.16.64.0. The broadcast must be 172.16.127.255since 128.0 is the next subnet.Question: A router receives a packet on an interface with a destination address of172.16.46.191/26. What will the router do with this packet? Answer: 172.16.46.191/26 is a 255.255.255.192 mask, which gives us a block size of 64. Our subnets are then 0, 64, 128, 192. 191 is the broadcast address of the 128 subnet, so a router, by default, will discard any broadcast packets. Mohannad Al-Hanahnah
  • 159. introduced to improve both address space utilization and routing scalability in theInternet. It was needed because of the rapid growth of the Internet and growth ofthe IP routing tables held in the Internet routers.CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and soon). In CIDR , an IP network is represented by a prefix, which is an IP address andsome indication of the length of the mask.This allows for the summarization of the domains to be done at the higher level. Forexample, if an ISP owns network 172.16.0.0/16, then the ISP can offer172.16.1.0/24, 172.16.2.0/24, and so on to customers. Yet, when advertising toother providers, the ISP only needs to advertise 172.16.0.0/16. Mohannad Al-Hanahnah
  • 160. Summarizing Addresses in a VLSM-Designed Network Mohannad Al-Hanahnah
  • 161. Classful Routing Overview – Classful routing protocols do not include the subnet mask with the network in the routing advertisement. – Within the same network, consistency of the subnet masks is assumed, one subnet mask for the entire network. – Summary routes are exchanged between foreign networks. – Examples of classful routing protocols include: • RIPv1 • IGRP• Note: Classful routing protocols are legacy routing protocols typically used to address compatibility issues. Mohannad Al-Hanahnah
  • 162. Classless Routing Overview– Classless routing protocols include the subnet mask with the network in the advertisement.– Classless routing protocols support VLSM; one network can have multiple masks.– Summary routes must be manually controlled within the network.– Examples of classless routing protocols include: • RIPv2 • EIGRP • OSPF Mohannad Al-Hanahnah
  • 163. Mohannad Al-Hanahnah
  • 164. Introduction to RoutersA router is a special type of computer. It has the same basic components as astandard desktop PC. However, routers are designed to perform some very specificfunctions. Just as computers need operating systems to run software applications,routers need the Internetwork Operating System software (IOS) to run configurationfiles. These configuration files contain the instructions and parameters that control theflow of traffic in and out of the routers. The many parts of a router are shown below: Mohannad Al-Hanahnah
  • 165. RAMRandom Access Memory, also called dynamic RAM (DRAM)RAM has the following characteristics and functions:• Stores routing tables• Holds ARP cache• Performs packet buffering (shared RAM)• Provides temporary memory for the configuration file of the router while the router is powered on• Loses content when router is powered down or restarted Mohannad Al-Hanahnah
  • 166. NVRAMNon-Volatile RAMNVRAM has the following characteristics and functions:• Provides storage for the startup configuration file• Retains content when router is powered down or restarted Mohannad Al-Hanahnah
  • 167. FlashFlash memory has the following characteristics andfunctions:• Holds the operating system image (IOS)• Allows software to be updated without removing and replacing chips on the processor• Retains content when router is powered down or restarted• Can store multiple versions of IOS software Mohannad Al-Hanahnah
  • 168. ROMRead-Only MemoryROM has the following characteristics and functions:• Maintains instructions for power-on self test (POST) diagnostics• Stores bootstrap program and basic operating system software Mohannad Al-Hanahnah
  • 169. Mohannad Al-Hanahnah
  • 170. InterfacesInterfaces have the following characteristics and functions:• Connect router to network for frame entry and exit• Can be on the motherboard or on a separate moduleTypes of interfaces:• Ethernet• Fast Ethernet• Serial• Token ring• ISDN BRI• Console• Aux Mohannad Al-Hanahnah
  • 171. Internal Components of a 2600 Router Mohannad Al-Hanahnah
  • 172. External Components of a 2600 Router Mohannad Al-Hanahnah
  • 173. External Connections Mohannad Al-Hanahnah
  • 174. Fixed InterfacesWhen cabling routers for serial connectivity, the routers will either havefixed or modular ports. The type of port being used will affect the syntaxused later to configure each interface. Mohannad Al-Hanahnah
  • 175. Computer/Terminal Console Connection Mohannad Al-Hanahnah
  • 176. Router Power-On/Bootup Sequence1. Perform power-on self test (POST).2. Load and run bootstrap code.3. Find the Cisco IOS software.4. Load the Cisco IOS software.5. Find the configuration.6. Load the configuration.7. Run the configured Cisco IOS software. Mohannad Al-Hanahnah
  • 177. Step in Router Initialization Mohannad Al-Hanahnah
  • 178. show version CommandRouter#show versionCisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-JS-M), Version 12.0(7a), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2002 by cisco Systems, Inc.Compiled Tue 05-Feb-02 01:48 by pwadeImage text-base: 0x80008088, data-base: 0x80B0404CROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)Router uptime is 1 minuteSystem restarted by reloadSystem image file is "flash:c2600-js-mz.120-7a.bin"cisco 2610 (MPC860) processor (revision 0x300) with 53248K/12288K bytes of memory.Processor board ID JAD06090BMD (2719249260)M860 processor: part number 0, mask 49Bridging software.X.25 software, Version 3.0.0.SuperLAT software (copyright 1990 by Meridian Technology Corp).TN3270 Emulation software.Basic Rate ISDN software, Version 1.1.1 Ethernet/IEEE 802.3 interface(s)2 Serial(sync/async) network interface(s)1 ISDN Basic Rate interface(s)32K bytes of non-volatile configuration memory.16384K bytes of processor board System flash (Read/Write)Configuration register is 0x2102 Mohannad Al-Hanahnah
  • 179. Mohannad Al-Hanahnah
  • 180. Overview of Router Modes Mohannad Al-Hanahnah
  • 181. Router Modes Mohannad Al-Hanahnah
  • 182. User Mode Commands Mohannad Al-Hanahnah
  • 183. Privileged Mode Commands NOTE: There are many more commands available in privileged mode. Mohannad Al-Hanahnah
  • 184. Specific Configuration Modes Mohannad Al-Hanahnah
  • 185. Saving Configurations wg_ro_c# wg_ro_c#copy running-config startup-config Destination filename [startup-config]? Building configuration… wg_ro_c#• Copies the current configuration to NVRAM Mohannad Al-Hanahnah
  • 186. The copy run tftp Command Mohannad Al-Hanahnah
  • 187. The copy tftp run Command Mohannad Al-Hanahnah
  • 188. Configuring Router Identification– Sets the local identity or message for the accessed router or interface Mohannad Al-Hanahnah
  • 189. Configuring a Router Password Mohannad Al-Hanahnah
  • 190. Configuring an InterfaceRouter(config)#interface type numberRouter(config-if)#• type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, tunnel, and so on• number is used to identify individual interfacesRouter(config)#interface type slot/portRouter(config-if)#• For modular routers, selects an interfaceRouter(config-if)#exit • Quits from current interface configuration mode Mohannad Al-Hanahnah
  • 191. Configuring an Interface DescriptionRouterX(config-if)# description string string is a comment or a description to help you remember what is attached to this interface. The maximum number of characters for the string argument is 238. Mohannad Al-Hanahnah
  • 192. Disabling or Enabling an InterfaceRouterX#configure terminalRouterX(config)#interface serial 0RouterX(config-if)#shutdown%LINK-5-CHANGED: Interface Serial0, changed state to administratively down%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down  Administratively turns off an interfaceRouterX#configure terminalRouterX(config)#interface serial 0RouterX(config-if)#no shutdown%LINK-3-UPDOWN: Interface Serial0, changed state to up%LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up  Enables an interface that is administratively shut down Mohannad Al-Hanahnah
  • 193. Serial Interface show controller CommandRouter#show controller serial 0HD unit 0, idb = 0x121C04, driver structure at 0x127078buffer size 1524 HD unit 0, V.35 DTE Cable cable . . . • Shows the cable type of serial cables Mohannad Al-Hanahnah
  • 194. Setting the Clock with HelpMohannad Al-Hanahnah
  • 195. Configuring InterfacesAn interface needs an IP Address and a Subnet Mask to be configured.All interfaces are “shutdown” by default.The DCE end of a serial interface needs a clock rate.Router#config tRouter(config)#interface serial 0/1Router(config-if)#ip address 200.100.50.75 255.255.255.240Router(config-if)#clock rate 56000 (required for serial DCE only)Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#int f0/0Router(config-if)#ip address 150.100.50.25 255.255.255.0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#exitRouter# Mohannad Al-Hanahnah
  • 196. show and debug Commands Mohannad Al-Hanahnah
  • 197. Examining the show CommandsThere are many show commands that can be used to examine the contents of filesin the router and for troubleshooting. In both privileged EXEC and user EXECmodes, the command show ? provides a list of available show commands. The listis considerably longer in privileged EXEC mode than it is in user EXEC mode.show interfaces – Displays all the statistics for all the interfaces on the router.show int s0/1 – Displays statistics for interface Serial 0/1show controllers serial – Displays information-specific to the interface hardwareshow clock – Shows the time set in the routershow hosts – Displays a cached list of host names and addressesshow users – Displays all users who are connected to the routershow history – Displays a history of commands that have been enteredshow flash – Displays info about flash memory and what IOS files are stored thereshow version – Displays info about the router and the IOS that is running in RAMshow ARP – Displays the ARP table of the routershow start – Displays the saved configuration located in NVRAMshow run – Displays the configuration currently running in RAMshow protocol – Displays the global and interface specific status of any configured Layer 3 protocols Mohannad Al-Hanahnah
  • 198. Cisco Discovery Protocol “CDP”– Cisco Discovery Protocol is a proprietary utility that provides a summary of directly connected switches, routers, and other Cisco devices.– Cisco Discovery Protocol discovers neighboring devices, regardless of which protocol suite they are running. Mohannad Al-Hanahnah
  • 199. Discovering Neighbors with Cisco Discovery Protocol – Cisco Discovery Protocol runs on Cisco IOS devices. – Summary information includes: – Device identifiers – Address list – Port identifier – Capabilities list – Platform Mohannad Al-Hanahnah
  • 200. Using Cisco Discovery ProtocolRouterA#show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries traffic CDP statistics …RouterA(config)#no cdp run! Disable CDP GloballyRouterA(config)#interface serial0/0/0RouterA(config-if)#no cdp enable! Disable CDP on just this interface Mohannad Al-Hanahnah
  • 201. Using the show cdp neighbors CommandRouterA#show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - RepeaterDevice ID Local Intrfce Holdtme Capability Platform Port IDSwitchA fa0/0 122 S I WS-C2960 fa0/2RouterB s0/0/0 177 R S I 2811 s0/0/1 Mohannad Al-Hanahnah
  • 202. Using the show cdp entry CommandDevice ID: RouterBEntry address(es): IP address: 10.1.1.2Platform: Cisco 2811, Capabilities: Router Switch IGMPInterface: Serial0/0/0, Port ID (outgoing port): Serial0/0/1Holdtime : 155 secVersion :Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M),Version 12.4(12), RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2006 by Cisco Systems, Inc.Compiled Fri 17-Nov-06 12:02 Mohannad Al-Hanahnah by prod_rel_team
  • 203. Additional Cisco Discovery Protocol CommandsRouterA#show cdp trafficCDP counters : Total packets output: 8680, Input: 8678 Hdr syntax: 0, Chksum error: 0, Encaps failed: 5 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 8680, Input: 8678RouterA#show cdp interface s0/0/0Serial0/0/0 is up, line protocol is up Encapsulation PPP Sending CDP packets every 60 seconds Holdtime is 180 seconds Mohannad Al-Hanahnah
  • 204. Mohannad Al-Hanahnah
  • 205. Anatomy of an IP PacketIP packets consist of the data from upper layers plus an IPheader. The IP header consists of the following: Mohannad Al-Hanahnah
  • 206. Static vs. Dynamic RoutesRouting is the process that a router uses to forward packets towardthe destination network. A router makes decisions based upon thedestination IP address of a packet. All devices along the way use thedestination IP address to point the packet in the correct direction sothat the packet eventually arrives at its destination. In order to makethe correct decisions, routers must learn the direction to remotenetworks. • Static Route • Dynamic Route –Uses a route that a – Uses a route network routing that a network protocol adjusts administrator automatically for enters into the topology or traffic router manually changes Mohannad Al-Hanahnah
  • 207. Static Routes• Configure unidirectional static routes to and from a stub network to allow communications to occur. Mohannad Al-Hanahnah
  • 208. Configuring Static Routes bySpecifying Outgoing Interfaces Mohannad Al-Hanahnah
  • 209. Configuring Static Routes bySpecifying Next-Hop Addresses Mohannad Al-Hanahnah
  • 210. Default Routes• This route allows the stub network to reach all known networks beyond router A. Mohannad Al-Hanahnah
  • 211. Verifying the Static Route Configurationrouter#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static routeGateway of last resort is 0.0.0.0 to network 0.0.0.0 10.0.0.0/8 is subnetted, 1 subnetsC 10.1.1.0 is directly connected, Serial0S* 0.0.0.0/0 is directly connected, Serial0 Mohannad Al-Hanahnah
  • 212. What Is a Dynamic Routing Protocol? Routing protocols are used between routers to determine paths to remote networks and maintain those networks in the routing tables. After the path is determined, a router can route a routed protocol to the learned networks. Mohannad Al-Hanahnah
  • 213. Autonomous Systems: Interior and Exterior Routing Protocols  An autonomous system is a collection of networks within a common administrative domain.  Interior gateway protocols operate within an autonomous system.  Exterior gateway protocols connect different autonomous systems. Mohannad Al-Hanahnah
  • 214. Administrative Distance: Ranking Routes Mohannad Al-Hanahnah
  • 215. Classes of Routing Protocols Mohannad Al-Hanahnah
  • 216. Classful Routing Protocol– Classful routing protocols do not include the subnet mask with the route advertisement.– Within the same network, consistency of the subnet masks is assumed.– Summary routes are exchanged between foreign networks.– These are examples of classful routing protocols: • RIPv1 • IGRP Mohannad Al-Hanahnah
  • 217. Classless Routing Protocol– Classless routing protocols include the subnet mask with the route advertisement.– Classless routing protocols support a variable-length subnet mask (VLSM).– Summary routes can be manually controlled within the network.– These are examples of classless routing protocols: • RIPv2 • EIGRP • OSPF • IS-IS Mohannad Al-Hanahnah
  • 218. Selecting the Best Route Using Metrics Mohannad Al-Hanahnah
  • 219. Distance Vector Routing Protocols Routers pass periodic copies of their routing table to neighboring routers and accumulate distance vectors. Mohannad Al-Hanahnah
  • 220. Sources of Information and Discovering RoutesRouters discover the best path to destinations from each neighbor. Mohannad Al-Hanahnah
  • 221. Maintaining Routing Information Updates proceed step by step from router to router. Mohannad Al-Hanahnah
  • 222. Inconsistent Routing Entries:Counting to Infinity and Routing Loops Each node maintains the distance from itself to each possible destination network. Mohannad Al-Hanahnah
  • 223. Counting to InfinitySlow convergence produces inconsistent routing. Mohannad Al-Hanahnah
  • 224. Counting to Infinity (Cont.) Router C concludes that the best path to network 10.4.0.0 is through router B. Mohannad Al-Hanahnah
  • 225. Counting to Infinity (Cont.) Router A updates its table to reflect the new but erroneous hop count. Mohannad Al-Hanahnah
  • 226. Counting to Infinity (Cont.)The hop count for network 10.4.0.0 counts to infinity. Mohannad Al-Hanahnah
  • 227. Solution to Counting to Infinity: Defining a MaximumA limit is set on the number of hops to prevent infinite loops. Mohannad Al-Hanahnah
  • 228. Routing LoopsPackets for network 10.4.0.0 bounce(loop) between routers B and C. Mohannad Al-Hanahnah
  • 229. Solution to Routing Loops: Split Horizon It is never useful to send information about a route back in the direction from which the original information came. Mohannad Al-Hanahnah
  • 230. Solution to Routing Loops:Route Poisoning and Poison Reverse Routers advertise the distance of routes that have gone down to infinity. Mohannad Al-Hanahnah
  • 231. Solution to Routing Loops:Route Poisoning and Poison Reverse (Cont.) Poison reverse overrides split horizon. Mohannad Al-Hanahnah
  • 232. Solution to Routing Loops: Hold-Down TimersThe router keeps an entry for the “possibly down” state in the network,allowing time for other routers to recompute for this topology change. Mohannad Al-Hanahnah
  • 233. Triggered UpdatesThe router sends updates when a change in its routing table occurs. Mohannad Al-Hanahnah
  • 234. Link-State Routing ProtocolsAfter an initial flood of LSAs, link-state routers pass small,event-triggered link-state updates to all other routers. Mohannad Al-Hanahnah
  • 235. OSPF Hierarchical Routing  Consists of areas and autonomous systems  Minimizes routing update traffic Mohannad Al-Hanahnah
  • 236. Link-State Routing Protocol Algorithms
  • 237. Benefits and Drawbacks of Link-State Routing– Benefits of link-state routing: • Fast convergence: – Changes are reported immediately by the affected source • Robustness against routing loops: – Routers know the topology – Link-state packets are sequenced and acknowledged • Hierarchical network design enables optimization of resources.– Drawbacks of link-state routing: • Significant demands for resources: – Memory (three tables: adjacency, topology, forwarding) – CPU • Requires very strict network design • Configuration can be complex when tuning various parameters and when design is complex Mohannad Al-Hanahnah
  • 238. RIP Overview– Hop-count metric selects the path– Routes update every 30 seconds– Administrative distance 120
  • 239. RIPv1 and RIPv2 Comparison RIPv1 RIPv2Routing protocol Classful ClasslessSupports variable-length subnet mask? No YesSends the subnet mask along with the routing No Yesupdate?Addressing type Broadcast Multicast RFCs 1721, 1722,Defined in … RFC 1058 and 2453Supports manual route summarization? No YesAuthentication support? No Yes
  • 240. RIP ConfigurationRouterX(config)# router rip–Starts the RIP routing processRouterX(config-router)# version 2 Enables RIP version 2RouterX(config-router)# network network-number Selects participating attached networks Requires a major classful network number Mohannad Al-Hanahnah
  • 241. RIP Configuration Example Mohannad Al-Hanahnah
  • 242. Verifying the RIP ConfigurationA#show ip protocolRouting Protocol is "rip" Sending updates every 30 seconds, next due in 6 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 2 2 Serial0/0/2 2 2 Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 120 00:00:25 Distance: (default is 120)Mohannad Al-Hanahnah
  • 243. Displaying the IP Routing TableRouterA# show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered routeGateway of last resort is not set 172.16.0.0/24 is subnetted, 1 subnetsC 172.16.1.0 is directly connected, fastethernet0/0 10.0.0.0/24 is subnetted, 2 subnetsR 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial0/0/2C 10.1.1.0 is directly connected, Serial0/0/2R 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial0/0/2 Mohannad Al-Hanahnah
  • 244. debug ip rip CommandRouterA# debug ip ripRIP protocol debugging is onRouterA#00:06:24: RIP: received v1 update from 10.1.1.2 on Serial0/0/200:06:24: 10.2.2.0 in 1 hops00:06:24: 192.168.1.0 in 2 hops00:06:33: RIP: sending v1 update to 255.255.255.255 via FastEthernet0/0 (172.16.1.1)00:06:34: network 10.0.0.0, metric 100:06:34: network 192.168.1.0, metric 300:06:34: RIP: sending v1 update to 255.255.255.255 via Serial0/0/2 (10.1.1.1)00:06:34: network 172.16.0.0, metric 1 Mohannad Al-Hanahnah
  • 245. EIGRP Features Advanced distance vector  Flexible network design Rapid convergence  Multicast and unicast instead of broadcast Easy configuration address Incremental updates  Support for VLSM and discontiguous subnets  Support for multiple network layer protocols Mohannad Al-Hanahnah
  • 246. EIGRP Tables Mohannad Al-Hanahnah
  • 247. EIGRP Path Calculation (Router C) Mohannad Al-Hanahnah
  • 248. EIGRP ConfigurationRouterX(config)# router eigrp autonomous-systemRouterX(config-router)# network network-number Mohannad Al-Hanahnah
  • 249. EIGRP and Discontiguous Networks with no auto-summary Mohannad Al-Hanahnah
  • 250. Verifying the EIGRP ConfigurationRouterX# show ip route eigrp Displays the current EIGRP entries in the routing tableRouterX# show ip protocols Displays the parameters and current state of the active processRouterX# show ip eigrp interfaces Displays information about interfaces configured for EIGRP Mohannad Al-Hanahnah
  • 251. Verifying the EIGRP Configuration (Cont.)RouterX# show ip eigrp neighbors Displays the neighbors discovered by IP EIGRP Mohannad Al-Hanahnah
  • 252. Verifying the EIGRP Configuration (Cont.)RouterX# show ip eigrp topology Displays the IP EIGRP topology table Mohannad Al-Hanahnah
  • 253. Verifying the EIGRP Configuration (Cont.)RouterX# show ip eigrp traffic Displays the number of IP EIGRP packets sent and received Mohannad Al-Hanahnah
  • 254. debug ip eigrp CommandRouterX# debug ip eigrpIP-EIGRP: Processing incoming UPDATE packetIP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –256000 104960IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –256000 104960IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 –256000 104960IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1 Note: EIGRP routes are exchanged only when a change in topology occurs. Mohannad Al-Hanahnah
  • 255. EIGRP Metric• The criteria that EIGRP uses by default to calculate its metric: – Bandwidth – Delay• The optional criteria that EIGRP can be configured to use when calculating its metric: – Reliability – Load• Note: Although MTU is exchanged in EIGRP packets between neighbor routers, MTU is not factored into the EIGRP metric calculation. Mohannad Al-Hanahnah
  • 256. EIGRP Load Balancing– By default, EIGRP does equal-metric load balancing: • By default, up to four routes with a metric equal to the minimum metric are installed in the routing table.– There can be up to 16 entries in the routing table for the same destination: • The number of entries is configurable with the maximum-paths command. Mohannad Al-Hanahnah
  • 257. OSPF Overview– (OSPF) is an open standard routing protocol– Creates a neighbor relationship by exchanging hello packets– Floods LSAs to all OSPF routers in the area, not just directly connected routers– Pieces together all the LSAs generated by the OSPF routers to create the OSPF link-state database– Uses the SPF algorithm to calculate the shortest path to each destination and places it in the routing table Mohannad Al-Hanahnah
  • 258. OSPF Hierarchy Example Minimizes routing table entries Localizes the impact of a topology change within an area Mohannad Al-Hanahnah
  • 259. Neighbor Adjacencies: The Hello Packet Mohannad Al-Hanahnah
  • 260. SPF Algorithm 10 10 1 1 1 Places each router at the root of a tree and calculates the shortest path to each destination based on the cumulative cost Cost = Reference Bandwidth / Interface Bandwidth (b/s) Mohannad Al-Hanahnah
  • 261. Configuring WildcardsIf you want to advertise a partial octet (subnet), you need to use wildcards. – 0.0.0.0 means all octets match exactly – 0.0.0.255 means that the first three match exactly, but the last octet can be any valueAfter that, you must remember your block sizes…. Mohannad Al-Hanahnah
  • 262. WildcardThe wildcard address is always one less than the block size…. – 192.168.10.8/30 = 0.0.0.3 – 192.168.10.48/28 = 0.0.0.15 – 192.168.10.96/27 = 0.0.0.31 – 192.168.10.128/26 = 0.0.0.63 Mohannad Al-Hanahnah
  • 263. Configuring Single-Area OSPFRouterX(config)#router ospf process-id Defines OSPF as the IP routing protocolRouterX(config-router)#network address wildcard-mask area area-id Assigns networks to a specific OSPF area Mohannad Al-Hanahnah
  • 264. Verifying the OSPF ConfigurationRouter#show ip protocols• Verifies that OSPF is configuredRouter#show ip route• Displays all the routes learned by the routerRouter#show ip ospf interface• Displays area-ID and adjacency informationRouter#show ip ospf neighbor• Displays OSPF-neighbor information on a per-interface basis Mohannad Al-Hanahnah
  • 265. Administrative Distances Mohannad Al-Hanahnah
  • 266. Classful and Classless Routing Protocols Mohannad Al-Hanahnah
  • 267. Routing ProtocolComparison Chart Mohannad Al-Hanahnah
  • 268. Mohannad Al-Hanahnah
  • 269. Ethernet Switches and Bridges – Address learning – Forward/filter decision – Loop avoidance Mohannad Al-Hanahnah
  • 270. Transmitting FramesCut-Through Store and Forward • Switch checks destination address Complete frame is received and and immediately begins checked before forwarding. forwarding frame.Fragment-Free • Switch checks the first 64 bytes, then immediately begins forwarding frame. Mohannad Al-Hanahnah
  • 271. Layer 2 Addressing– MAC address– Assigned to end devices Mohannad Al-Hanahnah
  • 272. MAC Address Table• Initial MAC address table is empty. Mohannad Al-Hanahnah
  • 273. Learning Addresses• Station A sends a frame to station C.• Switch caches the MAC address of station A to port E0 by learning the source address of data frames.• The frame from station A to station C is flooded out to all ports except port E0 (unknown unicasts are flooded). Mohannad Al-Hanahnah
  • 274. Learning Addresses (Cont.)• Station D sends a frame to station C.• Switch caches the MAC address of station D to port E3 by learning the source address of data frames.• The frame from station D to station C is flooded out to all ports except port E3 (unknown unicasts are flooded). Mohannad Al-Hanahnah
  • 275. Filtering Frames• Station A sends a frame to station C.• Destination is known; frame is not flooded. Mohannad Al-Hanahnah
  • 276. Filtering Frames (Cont.)• Station A sends a frame to station B.• The switch has the address for station B in the MAC address table. Mohannad Al-Hanahnah
  • 277. ARPMohannad Al-Hanahnah
  • 278. ARP Table Mohannad Al-Hanahnah
  • 279. Host-to-Host Packet Delivery (1 of 22) Mohannad Al-Hanahnah
  • 280. Host-to-Host Packet Delivery (2 of 22) Mohannad Al-Hanahnah
  • 281. Host-to-Host Packet Delivery (3 of 22) Mohannad Al-Hanahnah
  • 282. Host-to-Host Packet Delivery (4 of 22) Mohannad Al-Hanahnah
  • 283. Host-to-Host Packet Delivery (5 of 22) Mohannad Al-Hanahnah
  • 284. Host-to-Host Packet Delivery (6 of 22) Mohannad Al-Hanahnah
  • 285. Host-to-Host Packet Delivery (7 of 22) Mohannad Al-Hanahnah
  • 286. Host-to-Host Packet Delivery (8 of 22) Mohannad Al-Hanahnah
  • 287. Host-to-Host Packet Delivery (9 of 22) Mohannad Al-Hanahnah
  • 288. Host-to-Host Packet Delivery (10 of 22) Mohannad Al-Hanahnah
  • 289. Host-to-Host Packet Delivery (11 of 22) Mohannad Al-Hanahnah
  • 290. Host-to-Host Packet Delivery (12 of 22) Mohannad Al-Hanahnah
  • 291. Host-to-Host Packet Delivery (13 of 22) Mohannad Al-Hanahnah
  • 292. Host-to-Host Packet Delivery (14 of 22) Mohannad Al-Hanahnah
  • 293. Host-to-Host Packet Delivery (15 of 22) Mohannad Al-Hanahnah
  • 294. Host-to-Host Packet Delivery (16 of 22) Mohannad Al-Hanahnah
  • 295. Host-to-Host Packet Delivery (17 of 22) Mohannad Al-Hanahnah
  • 296. Host-to-Host Packet Delivery (18 of 22) Mohannad Al-Hanahnah
  • 297. Host-to-Host Packet Delivery (19 of 22) Mohannad Al-Hanahnah
  • 298. Host-to-Host Packet Delivery (20 of 22) Mohannad Al-Hanahnah
  • 299. Host-to-Host Packet Delivery (21 of 22) Mohannad Al-Hanahnah
  • 300. Host-to-Host Packet Delivery (22 of 22) Mohannad Al-Hanahnah
  • 301. Default Gateway Mohannad Al-Hanahnah
  • 302. Host-Based Tools: ping Mohannad Al-Hanahnah
  • 303. Host-Based Tools: Table Mohannad Al-Hanahnah
  • 304. Host-Based Tools: tracert Mohannad Al-Hanahnah
  • 305. Mohannad Al-Hanahnah
  • 306. Redundant Topology Redundant topology eliminates single points of failure. Redundant topology causes broadcast storms, multiple frame copies, and MAC address table instability problems. Mohannad Al-Hanahnah
  • 307. Broadcast Frames Station D sends a broadcast frame. Broadcast frames are flooded to all ports except the originating port. Mohannad Al-Hanahnah
  • 308. Broadcast Storms Host X sends a broadcast. Switches continue to propagate broadcast traffic over and over. Mohannad Al-Hanahnah
  • 309. Multiple Frame Copies Host X sends a unicast frame to router Y. The MAC address of router Y has not been learned by either switch. Router Y will receive two copies of the same frame. Mohannad Al-Hanahnah
  • 310. MAC Database Instability Host X sends a unicast frame to router Y. The MAC address of router Y has not been learned by either switch. Switches A and B learn the MAC address of host X on port 1. The frame to router Y is flooded. Switches A and B incorrectly learn the MAC address of host X on port 2. Mohannad Al-Hanahnah
  • 311. Loop Resolution with STP Provides a loop-free redundant network topology by placing certain ports in the blocking state Published in the IEEE 802.1D specification Enhanced with the Cisco PVST+ implementation Mohannad Al-Hanahnah
  • 312. Spanning-Tree Operation One root bridge per broadcast domain. One root port per nonroot bridge. One designated port per segment. Nondesignated ports are unused. Mohannad Al-Hanahnah
  • 313. STP Root Bridge Selection BPDU (default = sent every 2 seconds) Root bridge = bridge with the lowest bridge ID Bridge ID = Bridge MAC Priority Address Mohannad Al-Hanahnah
  • 314. Spanning-Tree Port StatesSpanning tree transits each port through several different states: Mohannad Al-Hanahnah
  • 315. • Describe the role of STP port states and BPDU timers in the operation of STP Mohannad Al-Hanahnah
  • 316. Describing PortFastPortFast is configured on access ports, not trunk ports. Mohannad Al-Hanahnah
  • 317. Configuring and Verifying PortFastSwitchX(config-if)#spanning-tree portfast Configures PortFast on an interface ORSwitchX(config)#spanning-tree portfast default Enables PortFast on all non-trunking interfacesSwitchX#show running-config interface interface Verifies that PortFast has been configured on an interface Mohannad Al-Hanahnah
  • 318. Spanning-Tree Operation Example Mohannad Al-Hanahnah
  • 319. Spanning-Tree Path Cost Cost (New IEEE Cost (Old IEEE Link Speed Specification) Specification)10 Gb/s 2 11 Gb/s 4 1100 Mb/s 19 1010 Mb/s 100 100 Mohannad Al-Hanahnah
  • 320. Spanning-Tree Recalculation Mohannad Al-Hanahnah
  • 321. Per VLAN Spanning Tree Plus Mohannad Al-Hanahnah
  • 322. PVST+ Extended Bridge IDBridge ID without theextended system IDExtended bridge IDwith system IDSystem ID = VLAN Mohannad Al-Hanahnah
  • 323. Rapid Spanning Tree Protocol Mohannad Al-Hanahnah
  • 324. Default Spanning-Tree Configuration– Cisco Catalyst switches support three types of STPs: • PVST+ • PVRST+ • MSTP– The default STP for Cisco Catalyst switches is PVST+ : • A separate STP instance for each VLAN • One root bridge for all VLANs • No load sharing Mohannad Al-Hanahnah
  • 325. PVRST+ Configuration Guidelines1. Enable PVRST+.2. Designate and configure a switch to be the root bridge.3. Designate and configure a switch to be the secondary root bridge.4. Verify the configuration. Mohannad Al-Hanahnah
  • 326. PVRST+ Implementation CommandsSwitchX(config)#spanning-tree mode rapid-pvst Configures PVRST+SwitchX#show spanning-tree vlan vlan# [detail] Verifies the spanning-tree configurationSwitchX#debug spanning-tree pvst+ Displays PVST+ event debug messages Mohannad Al-Hanahnah
  • 327. Verifying PVRST+SwitchX# show spanning-tree vlan 30VLAN0030Spanning tree enabled protocol rstpRoot ID Priority 24606Address 00d0.047b.2800This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 secBridge ID Priority 24606 (priority 24576 sys-id-ext 30)Address 00d0.047b.2800Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300Interface Role Sts Cost Prio.Nbr Type-------- ----- --- --- -------- ----Gi1/1 Desg FWD 4 128.1 P2pGi1/2 Desg FWD 4 128.2 P2pGi5/1 Desg FWD 4 128.257 P2pThe spanning-tree mode is set to PVRST. Mohannad Al-Hanahnah
  • 328. Configuring the Root and Secondary Bridges Mohannad Al-Hanahnah
  • 329. Configuring the Root and Secondary Bridges: SwitchASwitchA(config)#spanning-tree vlan 1 root primary This command forces this switch to be the root for VLAN 1.SwitchA(config)#spanning-tree vlan 2 root secondary This command configures this switch to be the secondary root for VLAN 2. ORSwitchA(config)#spanning-tree vlan # priority priority This command statically configures the priority (increments of 4096). Mohannad Al-Hanahnah
  • 330. Configuring the Root and Secondary Bridges: SwitchBSwitchB(config)#spanning-tree vlan 2 root primary This command forces the switch to be the root for VLAN 2.SwitchB(config)#spanning-tree vlan 1 root secondary This command configures the switch to be the secondary root VLAN 1. ORSwitchB(config)#spanning-tree vlan # priority priority This command statically configures the priority (increments of 4096). Mohannad Al-Hanahnah
  • 331. Types of STP protocols Mohannad Al-Hanahnah
  • 332. Spanning-Tree Example Mohannad Al-Hanahnah
  • 333. Virtual LANs (VLANs)• Definition: A logical grouping of network users and resources connected to administratively defined ports on a switch. – Smaller broadcast domains – Organized by: • Location • Function • Department • Application or protocol Mohannad Al-Hanahnah
  • 334. SwitchesMohannad Al-Hanahnah
  • 335. Features of VLANs• Simplify network management• Provides a level of security over a flat network• Flexibility and Scalability Mohannad Al-Hanahnah
  • 336. Flat Network Structure Mohannad Al-Hanahnah
  • 337. Flexibility & Scalability• Layer-2 switches only read frames – Can cause a switch to forward all broadcasts• VLANs – Essentially create broadcast domains • Greatly reduces broadcast traffic • Ability to add wanted users to a VLAN regardless of their physical location • Additional VLANs can be created when network growth consumes more bandwidth Mohannad Al-Hanahnah
  • 338. Switched Network Mohannad Al-Hanahnah
  • 339. Physical LANs Connected To A Router Mohannad Al-Hanahnah
  • 340. VLANs Remove The Physical Boundary Mohannad Al-Hanahnah
  • 341. VLAN Memberships• Static VLANs – Typical method of creating VLANs – Most secure • A switch port assigned to a VLAN always maintains that assignment until changed• Dynamic VLANs – Node assignment to a VLAN is automatic • MAC addresses, protocols, network addresses, etc – VLAN Management Policy Server (VMPS) • MAC address database for dynamic assignments • MAC-address to VLAN mapping Mohannad Al-Hanahnah
  • 342. Identifying VLANs• Access links – A link that is part of only one VLAN• Trunk links – Carries multiple VLANs Mohannad Al-Hanahnah
  • 343. Identifying VLANs Mohannad Al-Hanahnah
  • 344. Frame Tagging• Definition: A means of keeping track of users & frames as they travel the switch fabric & VLANs – User-defined ID assigned to each frame – VLAN ID is removed before exiting trunked links & access links Mohannad Al-Hanahnah
  • 345. VLAN ID Methods• Inter-Switch Link (ISL) – Cisco proprietary – FastEthernet & Gibabit Ethernet only• IEEE 802.1q – Must use if trunking between Cisco & non-Cisco switch Mohannad Al-Hanahnah
  • 346. Inter-Switch Link (ISL) Protocol• Definition: A means of explicitly tagging VLAN information onto an Ethernet frame – Allows VLANs to be multiplexed over a trunk line – Cisco proprietary – External tagging process Mohannad Al-Hanahnah
  • 347. VLAN Trunk Protocol (VTP)• Purpose: to manage all configured VLANs across a switch internetwork & maintain consistency – Allows an administrator to add, delete, & rename VLANs Mohannad Al-Hanahnah
  • 348. VTP Benefits• Benefits – Consistent configuration – Accurate tracking – Dynamic reporting – Plug-and-Play• A VTP server must be created to manage VLANs Mohannad Al-Hanahnah
  • 349. VTP Modes Mohannad Al-Hanahnah
  • 350. VTP Modes of Operation• Server – Default for all Catalyst switches – Minimum one server for a VTP domain• Client – Receives information + sends/receives updates – Cannot make any changes• Transparent – Does not participate in a VTP domain but forwards VTP advertisements – Can add/delete VLANs – Locally significant Mohannad Al-Hanahnah
  • 351. Router with Individual VLAN associations Mohannad Al-Hanahnah
  • 352. Routing Between VLANs Mohannad Al-Hanahnah
  • 353. Configuring VLANs• Creating VLANs• Assigning Switch Ports to VLANs• Configuring Trunk Ports• Configuring Inter-VLAN routing Mohannad Al-Hanahnah
  • 354. Configuring VTP• Switches are configured to be VTP servers by default. Mohannad Al-Hanahnah
  • 355. Adding a VLANSwitchX# configure terminalSwitchX(config)# vlan 2SwitchX(config-vlan)# name switchlab99 Mohannad Al-Hanahnah
  • 356. Verifying a VLANSwitchX# show vlan [brief | id vlan-id || name vlan-name]SwitchX# show vlan id 2VLAN Name Status Ports---- -------------------------------- --------- -------------------------------2 switchlab99 active Fa0/2, Fa0/12VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------2 enet 100002 1500 - - - - - 0 0. . .SwitchX# Mohannad Al-Hanahnah
  • 357. Assigning Switch Ports to a VLANSwitchX(config-if)#switchport access [vlan vlan# | dynamic]SwitchX# configure terminalSwitchX(config)# interface range fastethernet 0/2 - 4SwitchX(config-if)# switchport access vlan 2SwitchX# show vlanVLAN Name Status Ports---- -------------------------------- --------- ----------------------1 default active Fa0/12 switchlab99 active Fa0/2, Fa0/3, Fa0/4 Mohannad Al-Hanahnah
  • 358. Verifying VLAN MembershipSwitchX# show vlan briefSwitchX# show vlan briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/12 switchlab99 active Fa0/2, Fa0/3, Fa0/43 vlan3 active4 vlan4 active1002 fddi-default act/unsup1003 token-ring-default act/unsupVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1004 fddinet-default act/unsup1005 trnet-default act/unsup Mohannad Al-Hanahnah
  • 359. Verifying VLAN Membership (Cont.)SwitchX(config-if)#show interfaces interface switchportSwitchX# show interfaces fa0/2 switchportName: Fa0/2Switchport: EnabledAdministrative Mode: dynamic autoOperational Mode: static accessAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: nativeNegotiation of Trunking: OnAccess Mode VLAN: 2 (switchlab99)Trunking Native Mode VLAN: 1 (default)--- output omitted ---- Mohannad Al-Hanahnah
  • 360. Setting Up Trunking Mohannad Al-Hanahnah
  • 361. Dividing a Physical Interface into Subinterfaces Physical interfaces can be divided into multiple subinterfaces. Mohannad Al-Hanahnah
  • 362. Routing Between VLANs with 802.1Q Trunks interface fastethernet 0/0.1 ip address 10.1.1.1 255.255.255.0 interface fastethernet 0/0.2 ip address 10.2.2.1 255.255.255.0 encapsulation dot1q 2 Mohannad Al-Hanahnah
  • 363. Executing Adds, Moves, and Changes for VLANs– When using VTP, the switch must be in VTP server or transparent mode to add, change, or delete VLANs.– When you make VLAN changes from a switch in VTP server mode, the change is propagated to other switches in the VTP domain.– Changing VLANs typically implies changing IP networks.– After a port is reassigned to a new VLAN, that port is automatically removed from its previous VLAN.– When you delete a VLAN, any ports in that VLAN that are not moved to an active VLAN will be unable to communicate with other stations. Mohannad Al-Hanahnah
  • 364. Mohannad Al-Hanahnah
  • 365. Differences Between WLAN and LAN– WLANs use radio waves as the physical layer. • WLANs use CSMA/CA instead of CSMA/CD for media access. • Two-way radio (half-duplex) communication.– Radio waves have problems that are not found on wires. • Connectivity issues: – Coverage problems – Interference, noise • Privacy issues– Access points are shared devices similar to an Ethernet hub for shared bandwidth.– WLANs must meet country-specific RF regulations. Mohannad Al-Hanahnah
  • 366. Organizations That Define WLAN•ITU-R: – International Telecommunication Union-Radiocommunication Sector – Regulates the RF used in wireless•IEEE: – Institute of Electrical and Electronic Engineers – 802.11 documents wireless technical standards•Wi-Fi Alliance: – Global nonprofit industry trade association – offers certification for interoperability between vendors of 802.11 products. This certification provides a comfort zone for the users who are purchasing the products.
  • 367. ITU-R with FCC Wireless ISM: industry, scientific, and  No exclusive use medical frequency band  Best-effort No license required  Interference possible Mohannad Al-Hanahnah
  • 368. IEEE 802.11 Standards Comparison 802.11b 802.11a 802.11g Frequency 2.4 GHz 5 GHz 2.4 GHz band No. of 3 Up to 23 3 channels Orthogonal Direct Orthogonal Direct Frequency Sequence Frequency Sequence DivisionTransmission Spread Division Spread Multiplexing Spectrum Multiplexing Spectrum (OFDM) (DSSS) (OFDM) (DSSS) Data rates 6, 9, 12, 18, 24, 6, 9, 12, 18, 1, 2, 5.5, 11 1, 2, 5.5, 11 [Mb/s] 36, 48, 54 24, 36, 48, 54
  • 369. ISM 2.4 Ghz Channels Mohannad Al-Hanahnah
  • 370. Wi-Fi Certification•Wi-Fi Alliance certifiesinteroperability between products. – Products include 802.11a, 802.11b, 802.11g, dual-band products, and security testing. – Provides assurance to customers of migration and integration options.•Cisco is a founding member of theWi-Fi Alliance.•Certified products can be found athttp://www.wi-fi.com. Mohannad Al-Hanahnah
  • 371. Wireless LAN Security Threats Mohannad Al-Hanahnah
  • 372. Evolution of Wireless LAN Security 1997 2001 2003 2004 to Present WEP 802.1x EAP WPA 802.11i / WPA2 Basic  Dynamic keys  Standardized  AES strong encryption encryption  Improved  Improved No strong encryption encryption  Authentication authentication  User  Strong, user  Dynamic key Not scalable authentication authentication management (such as, LEAP,  802.1X EAP PEAP, EAP- (LEAP, PEAP) FAST)  RADIUS Mohannad Al-Hanahnah
  • 373. Wireless Client Association– Access points send out beacons announcing SSID (Shared Service Set Identifier), data rates, and other information.– Client scans all channels.– Client listens for beacons and responses from access points.– Client associates to access point with strongest signal.– Client will repeat scan if signal becomes low to reassociate to another access point (roaming).– During association, SSID, MAC address, and security settings are sent from the client to the access point and checked by the access point. Mohannad Al-Hanahnah
  • 374. WPA and WPA2 Modes WPA WPA2Enterprise mode Authentication: Authentication:(Business, education, IEEE 802.1X/EAP IEEE 802.1X/EAPGovernment) Encryption: Encryption: TKIP/MIC AES-CCMPPersonal mode Authentication: Authentication:(SOHO, home and PSK PSKpersonal) Encryption: Encryption: TKIP/MIC AES-CCMP Mohannad Al-Hanahnah
  • 375. 802.11 Topology Building BlocksAd hoc mode: Independent Basic Service Set (IBSS) – Mobile clients connect directly without an intermediate access point.Infrastructure mode: Basic Service Set (BSS) – Mobile clients use a single access point for connecting to each other or to wired network resources. Extended Service Set (ESS): – Two or more BSSs are connected by a common distribution system .
  • 376. BSA Wireless Topology— Basic Coverage Mohannad Al-Hanahnah
  • 377. ESA Wireless Topology— Extended Cover Mohannad Al-Hanahnah
  • 378. Wireless Topology Data Rates— 802.11b Mohannad Al-Hanahnah
  • 379. Range Comparisons100 ft = 30.48 m Mohannad Al-Hanahnah
  • 380. Access Point Configuration•Basic parameters: – IP address (static or using DHCP), subnet mask, and default gateway – Wireless protocol (802.11g only, 802.11a/b/g, 802.11a) – Channel adjustment if needed—channel 1,6, or 11 pending interference•Security parameters: – Service Set Identifier (SSID)—identifies your network – Authentication method—usually WPA or WPA2 – Encryption method—usually TKIP, or AES if hardware-supported Mohannad Al-Hanahnah
  • 381. Steps to Implement a Wireless Network•Step 1: Verify local wired operation—DHCP and ISP.•Step 2: Install the access point.•Step 3: Configure the access point—SSID, no security.•Step 4: Install one wireless client—no security.•Step 5: Verify wireless network operation.•Step 6: Configure wireless security—WPA with PSK.•Step 7: Verify the wireless network operation. Mohannad Al-Hanahnah
  • 382. Wireless Clients•Wireless Zero Configuration (WZC): – Default on Windows XP or later operating system – Limited features for basic PSK – Verify that users have the correct encryption type and password•Cisco Compatible Extensions Program – Accelerated feature deployment of third-party clients – Wide deployment of various vendors•Cisco Secure Services Client – Enterprise full-featured wireless client supplicant – Wired and wireless Mohannad Al-Hanahnah
  • 383. Common Wireless Network Issues•Most problems are due to incorrect configuration: – Verify that the access point is running the latest revision of firmware. – Verify the channel configuration. Try channels 1, 6, or 11. – Verify that users have the correct encryption type and password.•Other common problems: – RF interference – Not connected – Radio not enabled – Poor antenna location Mohannad Al-Hanahnah
  • 384. Mohannad Al-Hanahnah
  • 385. IPv4 and IPv6 Currently, there are approximately 1.3 billion usable IPv4 addresses available. Mohannad Al-Hanahnah
  • 386. Why Do We Need a Larger Address Space?– Internet population • Approximately 973 million users in November 2005– Mobile users • PDA, pen tablet, notepad, and so on • Approximately 20 million in 2004– Mobile phones • Already 1 billion mobile phones delivered by the industry– Consumer devices • Billions of home and industrial appliances Mohannad Al-Hanahnah
  • 387. IPv6 Advanced Features• Larger address space: • Simpler header: – Global reachability and flexibility – Routing efficiency – Plug-and-play – Performance and forwarding rate – End-to-end without NAT scalability – No broadcasts – No checksums Mohannad Al-Hanahnah
  • 388. IPv6 Address Representation• Format: – x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field – Leading zeros in a field are optional – Successive fields of zeros can be represented as :: only once per address• Examples: – 2031:0000:130F:0000:0000:09C0:876A:130B • Can be represented as 2031:0:130f::9c0:876a:130b • Cannot be represented as 2031::130f::9c0:876a:130b – FF01:0:0:0:0:0:0:1 FF01::1 – 0:0:0:0:0:0:0:1 ::1 – 0:0:0:0:0:0:0:0 :: Mohannad Al-Hanahnah
  • 389. IPv6 Address Types– Unicast: • Address is for a single interface • IPv6 has several types (for example, global, reserved, link-local, and site-local)– Multicast: • One-to-many • Enables more efficient use of the network • Uses a larger address range– Anycast: • One-to-nearest (allocated from unicast address space) • Multiple devices share the same address • All anycast nodes should provide uniform service • Source devices send packets to anycast address • Routers decide on closest device to reach that destination Mohannad Al-Hanahnah
  • 390. Special Addresses0:0:0:0:0:0:0:0Equals :: This is the equivalent of IPv4’s 0.0.0.0, and is typically the sourceaddress of a host when you’re using stateful configuration.0:0:0:0:0:0:0:1Equals ::1. The equivalent of 127.0.0.1 in IPv4.0:0:0:0:0:0:192.168.100.1This is how an IPv4 address would be written in a mixed IPv6/IPv4 networkenvironment.2000::/3The global unicast address range.FC00::/7The unique local unicast range.FE80::/10The link-local unicast range. Mohannad Al-Hanahnah
  • 391. Special Addresses Cont.FF00::/8The multicast range.3FFF:FFFF::/32Reserved for examples and documentation.2001:0DB8::/32Also reserved for examples and documentation.2002::/16Used with 6to4, which is the transition system—the structure that allowsIPv6 packets to be transmitted over an IPv4 network without the need toconfigure explicit tunnels. Mohannad Al-Hanahnah
  • 392. IPv6 Unicast Addressing– Types of IPv6 unicast addresses: • Global: Starts with 2000::/3 and assigned by IANA • Reserved: Used by the IETF • Private: – Link local (starts with FE80::/10) – Site local (starts with "FEC0::", "FED0::", "FEE0::", or "FEF0::") • Loopback (::1) • Unspecified (::)– A single interface may be assigned multiple IPv6 addresses of any type: unicast, anycast, or multicast. Mohannad Al-Hanahnah
  • 393. IPv6 Global Unicast AddressesIPv6 has the same address format for global unicast and foranycast addresses. Uses a global routing prefix—a structure that enables aggregation upward, eventually to the ISP. A single interface may be assigned multiple addresses of any type (unicast, anycast, multicast). Mohannad Al-Hanahnah
  • 394. Link-Local Addresses Link-local addresses are used for automatic address configuration, neighbor discovery, and router discovery. Link-local addresses are also used by many routing protocols. Link-local addresses can serve as a way to connect devices on the same local network without needing global addresses. Mohannad Al-Hanahnah
  • 395. Assigning IPv6 Global Unicast Addresses  Static assignment – Manual interface ID assignment – EUI-64 interface ID assignment  Dynamic assignment  Stateless autoconfiguration  DHCPv6 (stateful) Mohannad Al-Hanahnah
  • 396. Enabling IPv6 on Cisco RoutersRouterX(config)#ipv6 unicast-routing Enables IPv6 traffic forwardingRouterX(config-if)#ipv6 address ipv6prefix/prefix-length eui-64 Configures the interface IPv6 addresses Mohannad Al-Hanahnah
  • 397. IPv6 Address Configuration Example Mohannad Al-Hanahnah
  • 398. RIPng for IPv6 Configuration Example Mohannad Al-Hanahnah
  • 399. Mohannad Al-Hanahnah
  • 400. Why Use ACLs? Filtering: Manage IP traffic by filtering packets passing through a router Classification: Identify traffic for special handling Mohannad Al-Hanahnah
  • 401. ACL Applications: Filtering Permit or deny packets moving through the router. Permit or deny vty access to or from the router. Without ACLs, all packets could be transmitted to all parts of your network. Mohannad Al-Hanahnah
  • 402. ACL Applications: Classification Special handling for traffic based on packet tests Mohannad Al-Hanahnah
  • 403. Outbound ACL OperationIf no ACL statement matches, discard the packet. Mohannad Al-Hanahnah
  • 404. A List of Tests: Deny or Permit Mohannad Al-Hanahnah
  • 405. Types of ACLs Standard ACL • Checks source address • Generally permits or denies entire protocol suite Extended ACL • Checks source and destination address • Generally permits or denies specific protocols and applications Two methods used to identify standard and extended ACLs: • Numbered ACLs use a number for identification • Named ACLs use a descriptive name or number for identification Mohannad Al-Hanahnah
  • 406. How to Identify ACLs Numbered standard IPv4 lists (1–99) test conditions of all IP packets for source addresses. Expanded range (1300–1999). Numbered extended IPv4 lists (100–199) test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports. Expanded range (2000–2699). Named ACLs identify IP standard and extended ACLs with an alphanumeric string (name). Mohannad Al-Hanahnah
  • 407. ACL Configuration Guidelines– Standard or extended indicates what can be filtered.– Only one ACL per interface, per protocol, and per direction is allowed.– The order of ACL statements controls testing, therefore, the most specific statements go at the top of the list.– The last ACL test is always an implicit deny everything else statement, so every list needs at least one permit statement.– ACLs are created globally and then applied to interfaces for inbound or outbound traffic.– An ACL can filter traffic going through the router, or traffic to and from the router, depending on how it is applied.– When placing ACLs in the network: • Place extended ACLs close to the source • Place standard ACLs close to the destination Mohannad Al-Hanahnah
  • 408. Wildcard Bits: How to Check the Corresponding Address Bits 0 means to match the value of the corresponding address bit 1 means to ignore the value of the corresponding address bit Mohannad Al-Hanahnah
  • 409. Wildcard Bits to Match IP Subnets Match for IP subnets 172.30.16.0/24 to 172.30.31.0/24. Address and wildcard mask: 172.30.16.0 0.0.15.255 Mohannad Al-Hanahnah
  • 410. Testing Packets withNumbered Standard IPv4 ACLs Mohannad Al-Hanahnah
  • 411. Numbered Standard IPv4 ACL ConfigurationRouterX(config)# access-list access-list-number {permit | deny | remark} source [mask] Uses 1 to 99 for the access-list-number. The first entry is assigned a sequence number of 10, and successive entries are incremented by 10. no access-list access-list-number removes the entire ACL. remark lets you add a description to the ACL.RouterX(config-if)# ip access-group access-list-number {in | out} Activates the list on an interface. Sets inbound or outbound testing. no ip access-group access-list-number {in | out} removes the ACL from the interface. Mohannad Al-Hanahnah
  • 412. Numbered Standard IPv4 ACL Example 1RouterX(config)# access-list 1 permit 172.16.0.0 0.0.255.255(implicit deny all - not visible in the list)(access-list 1 deny 0.0.0.0 255.255.255.255)RouterX(config)# interface ethernet 0RouterX(config-if)# ip access-group 1 outRouterX(config)# interface ethernet 1RouterX(config-if)# ip access-group 1 out Permit my network only Mohannad Al-Hanahnah
  • 413. Numbered Standard IPv4 ACL Example 2RouterX(config)# access-list 1 deny 172.16.4.13 0.0.0.0RouterX(config)# access-list 1 permit 0.0.0.0 255.255.255.255(implicit deny all)(access-list 1 deny 0.0.0.0 255.255.255.255)RouterX(config)# interface ethernet 0RouterX(config-if)# ip access-group 1 out Deny a specific host Mohannad Al-Hanahnah
  • 414. Numbered Standard IPv4 ACL Example 3RouterX(config)# access-list 1 deny 172.16.4.0 0.0.0.255RouterX(config)# access-list 1 permit any(implicit deny all)(access-list 1 deny 0.0.0.0 255.255.255.255)RouterX(config)# interface ethernet 0RouterX(config-if)# ip access-group 1 out Deny a specific subnet Mohannad Al-Hanahnah
  • 415. Testing Packets withNumbered Extended IPv4 ACLs Mohannad Al-Hanahnah
  • 416. Numbered Extended IPv4 ACL ConfigurationRouterX(config)#access-list access-list-number {permit | deny}protocol source source-wildcard [operator port]destination destination-wildcard [operator port] Sets parameters for this list entryRouterX(config-if)#ip access-group access-list-number {in | out} Activates the extended list on an interface Mohannad Al-Hanahnah
  • 417. Numbered Extended IPv4 ACL Example 1RouterX(config)# access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21RouterX(config)# access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20RouterX(config)# access-list 101 permit ip any any(implicit deny all)(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)RouterX(config)# interface ethernet 0RouterX(config-if)# ip access-group 101 out  Deny FTP traffic from subnet 172.16.4.0 to subnet 172.16.3.0 out E0  Permit all other traffic Mohannad Al-Hanahnah
  • 418. Numbered Extended IPv4 ACL Example 2RouterX(config)# access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23RouterX(config)# access-list 101 permit ip any any(implicit deny all)RouterX(config)# interface ethernet 0RouterX(config-if)# ip access-group 101 out Deny only Telnet traffic from subnet 172.16.4.0 out E0 Permit all other traffic Mohannad Al-Hanahnah
  • 419. Named IP ACL ConfigurationRouterX(config)#ip access-list {standard | extended} name Alphanumeric name string must be uniqueRouterX(config {std- | ext-}nacl)#[sequence-number] {permit | deny} {ip access list test conditions}{permit | deny} {ip access list test conditions} If not configured, sequence numbers are generated automatically starting at 10 and incrementing by 10 no sequence number removes the specific test from the named ACLRouterX(config-if)#ip access-group name {in | out} Activates the named IP ACL on an interface Mohannad Al-Hanahnah
  • 420. Named Standard IPv4 ACL Example RouterX(config)#ip access-list standard troublemaker RouterX(config-std-nacl)#deny host 172.16.4.13 RouterX(config-std-nacl)#permit 172.16.4.0 0.0.0.255 RouterX(config-std-nacl)#interface e0 RouterX(config-if)#ip access-group troublemaker out Deny a specific host Mohannad Al-Hanahnah
  • 421. Named Extended IPv4 ACL Example RouterX(config)#ip access-list extended badgroup RouterX(config-ext-nacl)#deny tcp 172.16.4.0 0.0.0.255 any eq 23 RouterX(config-ext-nacl)#permit ip any any RouterX(config-ext-nacl)#interface e0 RouterX(config-if)#ip access-group badgroup out Deny Telnet from a specific subnet Mohannad Al-Hanahnah
  • 422. Commenting ACL StatementsRouterX(config)#ip access-list {standard|extended} name Creates a named ACLRouterX(config {std- | ext-}nacl)#remark remark Creates a named ACL commentOrRouterX(config)#access-list access-list-number remark remark Creates a numbered ACL comment Mohannad Al-Hanahnah
  • 423. Monitoring ACL StatementsRouterX# show access-lists {access-list number|name}RouterX# show access-listsStandard IP access list SALES 10 deny 10.1.1.0, wildcard bits 0.0.0.255 20 permit 10.3.3.1 30 permit 10.4.4.1 40 permit 10.5.5.1Extended IP access list ENG 10 permit tcp host 10.22.22.1 any eq telnet (25 matches) 20 permit tcp host 10.33.33.1 any eq ftp 30 permit tcp host 10.44.44.1 any eq ftp-dataDisplays all access lists Mohannad Al-Hanahnah
  • 424. Verifying ACLsRouterX# show ip interfaces e0Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled <text ommitted> Mohannad Al-Hanahnah
  • 425. Troubleshooting Common ACL ErrorsError 1: Host 10.1.1.1 has no connectivity with 10.100.100.1. Mohannad Al-Hanahnah
  • 426. Troubleshooting Common ACL Errors (Cont.)Error 2: The 192.168.1.0 network cannot use TFTP to connect to10.100.100.1. Mohannad Al-Hanahnah
  • 427. Troubleshooting Common ACL Errors (Cont.)Error 3: 172.16.0.0 network can use Telnet to connect to 10.100.100.1,but this connection should not be allowed. Mohannad Al-Hanahnah
  • 428. Troubleshooting Common ACL Errors (Cont.)Error 4: Host 10.1.1.1 can use Telnet to connect to 10.100.100.1,but this connection should not be allowed. Mohannad Al-Hanahnah
  • 429. Troubleshooting Common ACL Errors (Cont.) A BError 5: Host 10.100.100.1 can use Telnet to connect to 10.1.1.1,but this connection should not be allowed. Mohannad Al-Hanahnah
  • 430. Mohannad Al-Hanahnah
  • 431. What is NAT?• Similar to Classless Inter-Domain Routing (CIDR), the original intention for NAT was to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses. Mohannad Al-Hanahnah
  • 432. Benefits of NAT• You need to connect to the Internet and your hosts don’t have globally unique IP addresses.• You change to a new ISP that requires you to renumber your network.• You need to merge two intranets with duplicate addresses. Mohannad Al-Hanahnah
  • 433. Where NAT is typically configured Mohannad Al-Hanahnah
  • 434. Basic NAT Mohannad Al-Hanahnah
  • 435. Three types of NAT• Static• Dynamic• Overloading Mohannad Al-Hanahnah
  • 436. Static NATLet’s take a look at a simple basic static NAT configuration:ip nat inside source static 10.1.1.1 170.46.2.2!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside! Mohannad Al-Hanahnah
  • 437. Dynamic NATHere is a sample output of a dynamic NAT configuration:ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0ip nat inside source list 1 pool todd!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255! Mohannad Al-Hanahnah
  • 438. Port Address Translation Mohannad Al-Hanahnah
  • 439. PATHere is a sample output of a PAT configuration:ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0ip nat inside source list 1 pool globalnet overload!interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255 Mohannad Al-Hanahnah
  • 440. What is your configuration? Mohannad Al-Hanahnah
  • 441. Wide Area Networks Mohannad Al-Hanahnah
  • 442. WAN Connection Types Mohannad Al-Hanahnah
  • 443. DTE-DCE-DTE Mohannad Al-Hanahnah
  • 444. WAN Support• Frame Relay• ISDN• HDLC• PPP• ATM Mohannad Al-Hanahnah
  • 445. HDLC Protocol• Data Link layer ISO standard protocol• Specifies a data encapsulation method• No authentication can be used Mohannad Al-Hanahnah
  • 446. HDLC Frame Format Mohannad Al-Hanahnah
  • 447. Point-to-Point Protocol (PPP)• Purpose: – Transport layer-3 packets across a Data Link layer point-to-point link• Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN) media – Uses Link Control Protocol (LCP) • Builds & maintains data-link connections Mohannad Al-Hanahnah
  • 448. Point-to-Point Protocol Stack Mohannad Al-Hanahnah
  • 449. PPP Main Components• EIA/TIA-232-C – Intl. Std. for serial communications• HDLC – Serial link datagram encapsulation method• LCP – Used in P-t-P connections: • Establishing • Maintaining • Terminating• NCP – Method of establishing & configuring Network Layer protocols – Allows simultaneous use of multiple Network layer protocols Mohannad Al-Hanahnah
  • 450. LCP Configuration Options• Authentication – PAP – CHAP• Compression – Stacker – Predictor• Error detection – Quality – Magic Number Mohannad Al-Hanahnah
  • 451. PPP Session Establishment• Link-establishment phase• Authentication phase• Network-layer protocol phase Mohannad Al-Hanahnah
  • 452. PPP Session Establishment Mohannad Al-Hanahnah
  • 453. PPP Authentication Methods• Password Authentication Protocol (PAP) – Passwords sent in clear text – Remote node returns username & password• Challenge Authentication Protocol (CHAP) – Done at start-up & periodically – Challenge & Reply • Remote router sends a one-way hash ~ MD5 Mohannad Al-Hanahnah
  • 454. Configuring PPP• Step #1: Configure PPP on RouterA & RouterB: Router__#config t Router__(config)#int s0 Router__(config-if)#encapsulation ppp Router__(config-if)#^Z• Step #2: Define the username & password on each router: – RouterA: RouterA(config)#username RouterB password cisco – RouterB: RouterB(config)#username RouterA password cisco NOTE: (1) Username maps to the remote router (2) Passwords must match• Step #3: Choose Authentication type for each router; CHAP/PAP Router__(Config)#int s0 Router__(config-if)#ppp authentication chap Router__(config-if)#ppp authentication pap Router__(config-if)#^Z Mohannad Al-Hanahnah
  • 455. PPP Example 1 Mohannad Al-Hanahnah
  • 456. PPP Example 2 Mohannad Al-Hanahnah
  • 457. PPP Example 3 Mohannad Al-Hanahnah
  • 458. PPP Example 4 Mohannad Al-Hanahnah
  • 459. Frame Relay• Background – High-performance WAN encapsulation method – OSI Physical & data Link layer• Supported Protocols – IP, DECnet, AppleTalk, Xerox Network Service (XNS), Novell IPX, Banyan Vines, Transparent Bridging, & ISO Mohannad Al-Hanahnah
  • 460. Before Frame Relay Mohannad Al-Hanahnah
  • 461. After Frame Relay Mohannad Al-Hanahnah
  • 462. Frame Relay• Purpose – Provide a communications interface between DTE & DCE equipment – Connection-oriented Data Link layer communication • Via virtual circuits • Provides a complete path from the source to destination before sending the first frame Mohannad Al-Hanahnah
  • 463. Frame Relay Terminology Mohannad Al-Hanahnah
  • 464. Frame Relay Encapsulation• Specified on serial interfaces• Encapsulation types: – Cisco (default encapsulation type) – IETF (used between Cisco & non-Cisco devices) RouterA(config)#int s0 RouterA(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr> Mohannad Al-Hanahnah
  • 465. Data Link Connection Identifiers (DLCIs)• Frame Relay PVCs are identified by DLCIs• IP end devices are mapped to DLCIs – Mapped dynamically or mapped by IARP• Global Significance: – Advertised to all remote sites as the same PVC• Local Significance: – DLCIs do not need to be unique• Configuration RouterA(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface RouterA(config-if)#frame-relay interface-dlci 16 Mohannad Al-Hanahnah
  • 466. DLCI’s are Locally Significant Mohannad Al-Hanahnah
  • 467. Local Management Interface (LMI)• Background• Purpose• LMI Messages – Keepalives – Multicasting – Multicast addressing – Status of virtual circuits Mohannad Al-Hanahnah
  • 468. LMI Types• Configuration: RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a – Beginning with IOS ver 11.2+ the LMI type is auto-sensed – Default type: cisco• Virtual circuit status: – Active – Inactive – Deleted Mohannad Al-Hanahnah
  • 469. Sub-interfaces• Definition – Multiple virtual circuits on a single serial interface – Enables the assignment of different network-layer characteristics to each sub-interface • IP routing on one sub-interface • IPX routing on another – Mitigates difficulties associated with: • Partial meshed Frame Relay networks • Split Horizon protocols Mohannad Al-Hanahnah
  • 470. Partial Meshed Networks Mohannad Al-Hanahnah
  • 471. Creating Sub-interfacesConfiguration: #1: Set the encapsulation on the serial interface #2: Define the subinterface RouterA(config)#int s0 RouterA(config)#encapsulation frame-relay RouterA(config)#int s0.? <0-4294967295> Serial interface number RouterA(config)#int s0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link Mohannad Al-Hanahnah
  • 472. Mapping Frame RelayNecessary to IP end devices to communicate – Addresses must be mapped to the DLCIs – Methods: • Frame Relay map command • Inverse-arp function Mohannad Al-Hanahnah
  • 473. Using the map commandRouterA(config)#int s0RouterA(config-if)#encap frameRouterA(config-if)#int s0.16 point-to-pointRouterA(config-if)#no inverse-arpRouterA(config-if)#ip address 172.16.30.1 255.255.255.0RouterA(config-if)#frame-relay map ip 172.16.30.17 16 ietf broadcastRouterA(config-if)#frame-relay map ip 172.16.30.18 17 broadcastRouterA(config-if)#frame-relay map ip 172.16.30.19 18 Mohannad Al-Hanahnah
  • 474. Using the inverse arp commandRouterA(config)#int s0.16 point-to-pointRouterA(config-if)#encap frame-relay ietfRouterA(config-if)#ip address 172.16.30.1 255.255.255.0 Mohannad Al-Hanahnah
  • 475. Monitoring Frame RelayRouterA>sho frame ? ip show frame relay IP statistics lmi show frame relay lmi statistics map Frame-Relay map table pvc show frame relay pvc statistics route show frame relay route traffic Frame-Relay protocol statisticsRouterA#sho int s0RouterB#show frame mapRouter#debug frame-relay lmi Mohannad Al-Hanahnah
  • 476. Troubleshooting Frame Relay Why can’t RouterA talk to RouterB? Mohannad Al-Hanahnah
  • 477. Troubleshooting Frame Relay Why is RIP not sent across the PVC? Mohannad Al-Hanahnah