2. 1 | P a g e
Chapter1:- Classful IP Addressing
Class A
Although not as efficient as VLSM and CIDR, classful IP addressing is still a standard on many networks using IPv4 and
32-bit IP addresses. (If you are using IPv6 and 128-bit addresses, which would mean that maybe you live in like, China,
maybe this primitive North American 32-bit stuff will still be helpful.) :-)
Anyway, there are basically three categories to concern yourself with in classful IP: A, B, and C classes. Depending on
the class you choose, Request For Comments (RFC) standards regulate how many bits are available for network
addresses. The other classes, D which is multicast and ranges from 224-239, and class E which is experimental and
ranges from 240-254, are not really our concern for now. Just remember there is an IP conspiracy and you'll learn about
these later as the plot thickens. I can hardly bear the suspense!
Even though many routers allow you to change it, for class A addresses, RFC standards state that the first bit of the first
byte MUST always be off. This means we can not use the 128 bit. What does this leave us with? Only 7 bits. Also, for
class A remember that 127 is the diagnostic loopback address, so we can’t use it.
27
26
25
24
23
22
21
20
128 64 32 16 8 4 2 1
3. 2 | P a g e
START 0 0 0 0 0 0 0 0
END 0 1 1 1 1 1 1 1
This gives us a network address range from 0-127, but as is the case with class A, we can not use 0 or the loopback
address, 127. This leaves us 126 useable network addresses.
Formulas:
# of networks: 2(y-1)
, where y = # bits available for network address. So, approximately
2(8-1)
= 27
= 128, minus the 127 diagnostic loopback and 0. This leaves
126 useable addresses.
# of hosts per network: (2x
– 2) = (224
– 2) = (16,777,216 - 2) = 16,777,214 hosts.
Summary:
Range = 1-126
# networks = 126
# hosts = 16,777,214
4. 3 | P a g e
Subnet mask = 255.0.0.0
Network Bits = 8
Host Bits = 24
Class B
Even though many routers allow you to change it, for class B addresses, RFC standards state that the first bit of the first
byte MUST always be on AND the second bit of the first byte must always be off. This means we can not use the 128 bit
OR the 64 bit. What does this leave us with? In a class B network, 16 bits are for networks and 16 bits are for hosts. But
here, 2 bits are “stuck”.
27
26
25
24
23
22
21
20
128 64 32 16 8 4 2 1
START 1 0 0 0 0 0 0 0
END 1 0 1 1 1 1 1 1
This gives us a network address range from 128-191.
5. 4 | P a g e
Formulas:
# of networks: 2(y-2)
, where y = # bits available for network address. So, approximately
2(16-2)
= 214
= 16,384 useable network addresses.
# of hosts per network: (2x
– 2) = (216
– 2) = (65,536 - 2) = 65,534 hosts.
Summary:
Range = 128-191
# networks = 16,384
# hosts = 65,534
Subnet mask = 255.255.0.0
Network Bits = 16
Host Bits = 16
6. 5 | P a g e
Class C
Even though many routers allow you to change it, for class C addresses, RFC standards state that the first bit of the first
byte MUST always be on AND the second bit of the first byte must always be on AND the third bit of the first byte must
always be off. This means we can not use the 128 bit OR the 64 bit OR the 32 bit. What does this leave us with? In a
class C network, 24 bits are for networks and 8 bits are for hosts. But remember, 3 bits are “stuck”.
27
26
25
24
23
22
21
20
128 64 32 16 8 4 2 1
START 1 1 0 0 0 0 0 0
END 1 1 0 1 1 1 1 1
This gives us a network address range from 191-223.
Formulas:
# of networks: 2(y-3)
, where y = # bits available for network address. So, approximately
2(24-3)
= 221
= 2,097,152 useable network addresses.
# of hosts per network: (2x
– 2) = (28
– 2) = (256 - 2) = 254 hosts.
Summary:
7. 6 | P a g e
Range = 192-223
# networks = 2,097,152
# hosts = 254
Subnet mask = 255.255.255.0
Network Bits = 24
Host Bits = 8
8. 7 | P a g e
Chapter2:- Subnetting
Subnetting a CLASS C network
There are plenty of situations where we do not need the full number of hosts available in Classful IP addressing. Yet for
security, organizational and structural purposes, we want to obtain more networks. Don't despair, there's hope. Sweet
9. 8 | P a g e
overflowing rivers of Vippa, we can do this by subnetting a network address! When we subnet, we steal bits normally
used for host IDs and give use them for network IDs.
Let’s subnet a class C network address of 192.168.20.x:
A class C address allows 24 bits for the network ID and 8 bits for the hosts. If we are going to subnet, we will have to
steal from the remaining 8 bits. There are two basic rules we should follow when subnetting: don’t turn all the bits on,
neither turn all the bits off. This immediately invalidates using 1 bit, at least by RFC standards, since it could only be
either all on or all off. Therefore, we must start with two bits. The formula for the number of subnets is the same as for
the number of hosts. The reason is that, in subnetting, we are taking bits from the host and giving them to the network
ID. We are splitting up an octet table, and as a result, the “minus two rules” will apply to both sides of the table. The
“minus two rules” stem from the fact that we can’t use 0, since it’s the general network address, nor may we use 255,
since it is the broadcast address. For 2 bits:
# subnets = (2x
– 2) = (22
– 2) = 2
# hosts = (2x
– 2) = (26
– 2) = 62
Subnet Mask = 128 + 64, so 255.255.255.192
# bits for network = 24
10. 9 | P a g e
# bits for subnetting = 2
# bits for hosts = 6
CIDR = 192.168.20.x /26
Let's look at this using a bit table:
Subnet Bits Host Bits
27
26
25
24
23
22
21
20
Base
10
128 64 32 16 8 4 2 1
0 1 0 0 0 0 0 1 65
1 0 0 0 0 0 0 1 129
To compute the range, the lowest number we can begin with, obeying our rules on both sides, is 64 on the subnet side
and 1 on the hosts side. Therefore, we must start with 64 + 1, or 65. All IP addresses from 1-64 are invalid, this is the
sacrifice we must make to subnet with 2 bits. We know by our formula that we can have 62 hosts per subnet, so all we
need to do now is add 62 to the 65. This will give us 127. Therefore, the first subnet has a range of 65 -> 127. The next
11. 10 | P a g e
lowest number we can come up with in the subnet column is 128, but we must also utilize the 1 in the hosts column
(remember our rules). Therefore, 128 itself is invalid, we must start with 128 + 1 or 129. Our two ranges are therefore:
N1 = 65 -> 127
N2 = 129 -> 191
We've looked at this class C subnetting exercise using a but table, because we want to see what is going on amongst all
those teeny tiny switches we call bits and bytes. Now that we have an idea about octets and those 8 bits making up the
bytes, we can look at a shortcut method. Introducing ...
The “BLOCK” Shortcut (Tah-dah!)
Everyone, please stop ohh-ing and ahh-ing, or we'll never get through this. Back to the subject ;-), it's time to bring up the
“BLOCK”. The BLOCK is the lowest number column of the subnet column. It represents the basic number by which the
subnet range is incremented each time. In the example above, the BLOCK is 64. This can give us a shortcut to
subnetting. BLOCK numbers by themselves will ALWAYS be invalid. We must always add 1 to the block number to find
a valid address. Let’s check this:
First BLOCK value = 64
Second BLOCK value = (64 + 64) = 128
12. 11 | P a g e
64 is invalid. 128 is invalid. Truthfully, our block numbers are invalid. To obtain the beginning of each range, just add 1:
Start of N1 = 64 + 1 = 65
Start of N2 = 128 + 1 = 129
To find the end of N1 for BLOCK 1, just subtract 1 from the next BLOCK, 128.
Another way to find the BLOCK is to take the subnet mask and subtract it from 256. If we took 256 and subtracted 192
from it, we would get 64. Therefore, a quick way to find the BLOCK for a subnet mask is to use the formula:
256 - subnet mask = BLOCK Example: 256 – 192 = 64
Subnetting a CLASS A network
Let’s subnet a class A network address of 10.x.x.x:
A class A address allows 8 bits for the network ID and 24 bits for the hosts. If we are going to subnet, we will have to
steal from the remaining 24 bits. Remember the rules: don’t turn all the bits on, neither turn all the bits off. This will apply
to both sides of the table, both the subnet columns and the host columns. Remember that this immediately invalidates
using 1 bit since it could only be either all on or all off. Again, we must start with two bits. The formula for the number of
subnets is the same as for the number of hosts. Remember that the “minus two rules” will apply to both sides of the
13. 12 | P a g e
table. To subnet, for example, 10.1.x.x, 8 bits are already set aside since it is class A and we would be using 8 bits for
subnetting. Recall that normally a class A address only uses the first octet for the network address, the other three are for
hosts. In this case, we are subnetting the entire second octet, so we are using 8 bits for subnetting. Our subnet mask will
be 255.255.0.0, which looks like a default class B subnet mask, but isn’t. This basically means that each subnet of our
class A address will give us the number of hosts of an entire class B address.
# subnets = (2x
– 2) = (28
– 2) = 254
# hosts = (2x
– 2) = (216
– 2) = 65,534
Subnet Mask = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1,
so 255.255.0.0
# bits for network = 8
# bits for subnetting = 8
# bits for hosts = 16
CIDR = 10.1.x.x /16
14. 13 | P a g e
BLOCK = 256 – 255 = 1
Valid subnets = 1, 2, 3, 4, 5 up to 254 in increments of 1 (the BLOCK). In other words:
subnet 1 = 10.1.0.0
subnet 2 = 10.2.0.0
subnet 3 = 10.3.0.0
subnet 4 = 10.4.0.0
subnet 5 = 10.5.0.0
up to the last subnet which = 10.254.0.0
broadcast addresses for each subnet would be all of the 16 host bits turned on, so:
subnet 1 = 10.1.255.255
subnet 2 = 10.2.255.255
15. 14 | P a g e
subnet 3 = 10.3.255.255
subnet 4 = 10.4.255.255
subnet 5 = 10.5.255.255
up to the last subnet which = 10.254.255.255
Valid hosts would be:
Here, we are using an entire octet, our BLOCK value is 1, and there are 16 bits used for hosts. Because of this, we can
treat the class A as though it were a class B, that is, we are not splitting the table on any octet like we normally do when
we subnet. This means that we can use the addresses from 1 all the way to 254.
subnet 1 = 10.1.0.1 – 10.1.255.254
subnet 2 = 10.2.0.1 – 10.2.255.254
subnet 3 = 10.3.0.1 – 10.3.255.254
subnet 4 = 10.4.0.1 – 10.4.255.254
16. 15 | P a g e
subnet 5 = 10.5.0.1 – 10.5.255.254
up to the last subnet which = 10.254.0.1 – 10.254.255.254
Class A with a subnet mask of 255.255.240.0
Let’s try another class A with a subnet mask of 255.255.240.0. We will subnet a class A network address of 10.1.x.x. The
8 bits of the first octet of a class A address make up the network bits. Here, with a subnet mask of 255.255.240.0, we are
using 8 bits from the second octet and 4 bits from the third octet for a total of 12 subnet bits. This leaves 12 bits left of the
total 32 bit IP address. Therefore, if we are using a subnet mask of 255.255.240.0 with a class A address, once we
subtract the 8 bits for the network address, we are using 12 bits for subnets and 12 bits for hosts.
# subnets = (2x
– 2) = (212
– 2) = 4094
# hosts = (2x
– 2) = (212
– 2) = 4094
Subnet Mask = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1,
128 + 64 + 32 + 16,
so 255.255.240.0
17. 16 | P a g e
# bits for subnetting = 12
# bits for hosts = 12
CIDR = 10.1.x.x /20
BLOCK = 256 – 240 = 16
BLOCK
18. 17 | P a g e
NETWORK Bits (8) SUBNET Bits (8)
SUBNET Bits
(4)
HOST Bits
(4)
HOST Bits (8)
2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0
2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0
2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0
2
7
2
6
2
5
2
4
2
3
2
2
2
1
2
0
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0
Notice that the “BLOCK” is the last, lowest subnet bit from the third octet, in this case “16”.
Here the rules get a little weird once again. We know that we can’t use the network address of “0” nor can we use the
broadcast address which is usually “255” by classful standards. Remember that the rules simply state that not all subnet
bits or host bits can be on, nor can they all be off. In this case, using a class A address, we are subnetting MORE than a
full octet. We are using 12 bits total for subnets, which means that in addition to the full 8 bits of the second octet, we are
using 4 bits from the third octet. Because of these 4 additional bits, we CAN turn off all the bits in the second octet,
making it 0, AS LONG AS at least one of the subnet bits is turned on in the third octet. For this reason, if the second octet
were 0, the third octet would HAVE to be at least 16 in order to be valid. A subnet of 10.0.0.x would not be allowed.
10.0.0.x is invalid since ALL subnet bits have been turned off. Nor would 10.0.1.x – 10.0.15.x be allowed. For the second
19. 18 | P a g e
octet to be 0, at least 1 of the first 4 bits in the third octet (128, 64, 32, or 16) must be turned on. Following this rule, the
following use of 0 in the second octet would be allowed:
10.0.16.x
10.0.32.x
10.0.48.x
10.0.64.x
10.0.80.x
10.0.96.x
10.0.112.x
10.0.128.x
10.0.144.x
10.0.160.x
10.0.176.x
10.0.192.x
10.0.208.x
10.0.224.x
10.0.240.x
10.0.240.x is the highest we can go up to, since that is using all 4 subnet bits in the third octet. Again, remember that the
only reason we can use “0” subnet bits in the second octet is IF we turn on at least 1 subnet bit in the third octet. The only
20. 19 | P a g e
reason we can use “240”, that is turn all the subnet bits on in the third octet, is that we have turned all the subnet bits off in
the second octet. We would at least have to turn one of the bits in the second octet off.
What if all the subnet bits in the second octet were turned on? This would give us 255. If this is the case, we could not
use 240 in the third octet, since that would mean all the subnet bits would be turned on. In other words, 10.255.240.x
would be an INVALID subnet. If all the bits are turned on in the second octet, the results are quite different. Example:
10.255.16.x
10.255.32.x
10.255.48.x
10.255.64.x
10.255.80.x
10.255.96.x
10.255.112.x
10.255.128.x
10.255.144.x
10.255.160.x
10.255.176.x
10.255.192.x
10.255.208.x
10.255.224.x
21. 20 | P a g e
In this case, 10.255.224.x is as far as we can go. We can’t use the next BLOCK subnet value, 10.255.240.0, since that
would mean we were turning all 12 subnet bits on.
Subnetting a CLASS B network
Let’s subnet a class B network address of 129.1.x.x:
A class B address allows 16 bits for the network ID and 16 bits for the hosts. If we are going to subnet, we will have to
steal from the remaining 16 bits. Remember the rules: don’t turn all the bits on, neither turn all the bits off. This will apply
to both sides of the table, both the subnet columns and the host columns. This immediately invalidates using just 1 bit in
the third octet, since it could only be either all on or all off. Again, we must start with two bits. The formula for the number
of subnets is the same as for the number of hosts. The “minus two rules” will apply to both sides of the table. With the
example above, 129.1.x.x, we will be using 2 bits for subnetting. Recall that normally a class B address only uses the first
two octets for the network address, the other two are for hosts. In this case, we are subnetting using 2 bits in the third
octet. Our subnet mask will be 255.255.192.0. We are stealing 2 bits from the hosts bits and giving them to the network
bits.
# subnets = (2x
– 2) = (22
– 2) = 2
# hosts = (2x
– 2) = (214
– 2) = 16,382
23. 22 | P a g e
subnet 1 = 129.1.64.0
subnet 2 = 129.1.128.0
At this point, we also must add 1 to the BLOCK to obtain the first valid IP address for the subnet. But it does not work like
it does with class C addresses, instead, with class B, simply add the one to the last (4th
) octet. Changing the “0” to a “1”
obtains the first valid address in the range. Example, using a BLOCK of 64:
N1 = 129.1.64.1 -> 129.1.127.254 N1 broadcast address = 129.1.127.255
N2 = 129.1.128.1 -> 129.1.191.254 N2 broadcast address = 129.1.191.255
We know by the block that we have to start with “64.1” and “128.1” respectively. To find the end range of the first subnet,
subtract 1 from 128.1, which rolls us back to 127.255, which is the broadcast address. Therefore, subtract 1 more, which
gives us 127.254 the end of the RANGE of valid IP addresses for the first subnet.
Another way to think of it is that, with a subnet mask of 255.255.192.0, there are 16,382 hosts. It would be tedious and
cumbersome to add this to each subnet. Again there is a shortcut! Notice that if we take the third octet and treat it as if it
24. 23 | P a g e
were the 4th
octet, the “192” of 255.255.192.0 would become 255.255.255.192. IF this were the case, we would have 6
bits left for hosts, giving us 62 hosts per subnet. Normally, we’d just add the 62 to the start of first range, which would be
determined by taking the block, 64, and adding 1, to give us 65. However, since this is class B and not class C, we have
two octets, not one. Therefore, we actually use the BLOCK address to start, 64, and add the 1 to the next octet. So if we
take our number of hosts and simply add 1 to it, giving us 63 instead of 62 hosts, we can add it to the starting BLOCK to
come up with the end of the range.
64 + 63 = 127
128 + 63 = 191
Now simply tack on the highest number we can get in the last octet, not 255 since it’s the broadcast address, but 254:
N1 = 129.1.64.1 -> 129.1.127.254
N2 = 129.1.128.1 -> 129.1.191.254
26. 25 | P a g e
Chapter3:- Supernetting
Supernetting, also known as route aggregation, is the reverse of subnetting. Recall that subnetting robs Peter to pay
Paul, that is, it steals bits that could have been used for host IDs and adds them to the number of bits making up the
network address. We gain subnets, but must sacrifice hosts. Supernetting is simply the opposite of subnetting. We rob
Paul to pay Peter. Instead of stealing bits from the hosts and adding them to the network bits, we steal bits from the
network address and add them to the host bits. This allows you to have more hosts in a class of IP address than would
normally be allowed.
Using supernetting, we could combine several smaller class C networks together to approximate the number of hosts
allowed on a single class B network (65,535). As an example, say we needed a network with approximately 2000 hosts.
If we used a class B network, this would waste about 63,000 addresses, since 65,000 – 2,000 would leave 63,000. What
if instead we supernetted some class C networks? Since class C networks can hold 254 hosts each, if we combine 8 of
them we would get about 2000 hosts (8 x 254 = 2032 hosts). To use our formula, we are taking 3 bits from the network
side and giving them to the 8 bits on the host side for a total of 11 bits. Therefore: (2x
- 2) = (211
- 2) = (2,048 - 2) = 2,046
hosts.
Now here’s the confusing part. A “supernetted” class C network looks like a “subnetted” class B network, when you look
at the subnet mask. It gets a little weird because we are using CIDR, and when we go classless the “rules” we are used
to get bent. We would normally use 24 bits for the network portion of a class C address and 8 bits for the host portion.
That would be CIDR /24. If we supernet, we will steal bits from the network side and give them to the host side. Let’s look
at a class C address:
27. 26 | P a g e
Class C Address
Supernetted Subnet
Mask
Binary
220.78.168.0 255.255.248.0 11111111.11111111.11111000.00000000
Instead of the normal 8 bits for host IDs, this would give us an additional 3 bits. The class C networks we would combine,
at 254 hosts each, would be:
220.78.168.0
220.78.169.0
220.78.170.0
220.78.171.0
220.78.172.0
220.78.173.0
220.78.174.0
220.78.175.0
28. 27 | P a g e
The expression 220.78.168.0 with a subnet mask of 255.255.248.0 would express the fact that the class C network
consists of a supernetted group of 8 class C networks. It could do this as a single routing table entry of
220.78.168.0/255.255.248.0.
Chapter4:- CIDR and VLSM
A. Contiguous VLSM
Classful IP addressing wastes IP addresses. Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masks
(VLSM) give us a way to subnet subnets, conserving network addresses and gaining additional subnets per network
address.
29. 28 | P a g e
Contiguous VLSM can be thought of as splitting subnets into a binary tree. essentially, we subnet a subnet. This tree
then forks so that we are subnetting a subnet of a subnet. Each time we progress further down in the tree, a greater
number of bits become "stuck" and can not be turned on or off.
CIDR replaces subnet masks as a more flexible way of declaring which bits represent the network IDs and which bits
represent the host IDs. It is represented by a slash “/” and the number of bits used for the network ID. Here’s some
examples:
Address Class Subnet Mask # network bits CIDR Notation
CLASS A 255.0.0.0 8 /8
CLASS B 255.255.0.0 16 /16
CLASS C 255.255.255.0 24 /24
Variable Length Subnetting a Class B Network
Remember we said VLSM is a way to subnet subnets? Let’s look at a class B example.
Default Class B
30. 29 | P a g e
Range = 128-191 (in 1st octet by RFC)
Subnet Mask = 255.255.0.0
CIDR = /16
# hosts = 65,534 Formula = (2x
– 2) so ( 216
– 2 )
# networks = 16,384 Formula = 2(y-2)
so ( 2(16-2)
so 214
)
*Note: Remember that RFC standards state that the first 2 bits are fixed for class B.
One single class B network would give us 65,534 host addresses.
157.54.0.0 /16 = 65,534 host addresses
If we divide this network into two subnets, we could get about half of that, or 32,000 hosts per subnet.
Class B in 2 Subnets
N1 = 157.54.0.0 /17 = approximately 32,000 hosts addresses Mask = 255.255.128.0
N2 = 157.54.128.0 /17 = approximately 32,000 hosts addresses Mask = 255.255.128.0
31. 30 | P a g e
Since the first two octets are the network address in class B networks, we will subnet the third octet and steal bits from the
host side. Notice that our old classful -2 rules are being bent here. Under VLSM, we use subnet bits that are all on and
all off sometimes.
Subnet 1 (128 bit off) =
27
26
25
24
23
22
21
20
128 64 32 16 8 4 2 1
0 x x x x x x x
Subnet 2 (128 bit on) =
27
26
25
24
23
22
21
20
128 64 32 16 8 4 2 1
1 x x x x x x x
32. 31 | P a g e
We can further divide one of the 2 subnets above of our class B address into more subnets. Using CIDR and two
subnets, we are currently using 17 bits for the network address /subnetting. Remember that when we use 4 bits to subnet
a typical octet, we get 14 subnets and 14 hosts. In this case, we can use the subnet we are subnetting as first subnet, so
in place of 14, we could get 15 subnets. We just add 4 more bits to the 17 bits we are already using with CIDR. 17 + 4 will
give us a total of 21 bits. Adding 4 more bits to the 1 we are already using gives us what appears to be 5 bits to subnet
with, however, the first bit, the 128 bit, is special. Because it represents a subnet itself, if we further subnet this address it
will become like the network address. It will be “stuck” on, and we can only manipulate the 4 new bits we have added for
subnets. Look at the third octet, the 128 bit is shaded since it is now stuck. Remember, we are now subnetting what was
already a subnet.
27
26
25
24
23
22
21
20
Base
10
128 64 32 16 8 4 2 1
1 0 0 0 0 x x x 128
1 0 0 0 1 x x x 136
1 0 0 1 0 x x x 144
33. 32 | P a g e
1 0 0 1 1 x x x 152
1 0 1 0 0 x x x 160
And so on and so on …
Because the 128 bit is “stuck”, every subnet from here on out must add the 128 bit, we have no choice. Here, using
CIDR, the “no subnet or host bits all on/all off” rule can be bent, allowing us to use 128 itself as the first subnet. With this
in mind, the next lowest value we can come up with will be 8 + the 128 that is “stuck” on. Therefore, the next subnet will
be 136, and we will keep adding 8 (the “BLOCK”) until we have 15 subnets. So, 128, 136, 144, 152, 160 and so on.
The number of bits left for hosts would be 8 from the 4th
octet plus the 3 left from the 3rd
octet, for a total of 11 bits. Now
we have the facts we need. We are using 4 bits for subnetting and 11 bits are left for hosts. Let’s use our formulas.
Subnets = (2x
– 2) = (24
– 2) = 14. Remember that we are using CIDR now and can bend the rules a little, so we actually
get our 15 networks here since we can use 128 as the starting subnet.
Hosts = (2x
– 2) = (211
– 2) = (2048 - 2) = 2046. So, when using CIDR /21, we can get approximately 2000 hosts on each
subnet. Let’s sum things up so far:
Class = B
34. 33 | P a g e
Subnet Mask = 255.255.248.0
CIDR = /21
BLOCK size = 8
Hosts per subnet = (2x
– 2) = (211
– 2) = (2048 – 2) = 2046
hosts
15 Subnets of previous Class B N2
N1 of N2 = 157.54.128.0 /21
N2 of N2 = 157.54.136.0 /21
N3 of N2 = 157.54.144.0 /21
N4 of N2 = 157.54.152.0 /21
N5 of N2 = 157.54.160.0 /21
35. 34 | P a g e
N6 of N2 = 157.54.168.0 /21
N7 of N2 = 157.54.176.0 /21
N8 of N2 = 157.54.184.0 /21
N9 of N2 = 157.54.192.0 /21
N10 of N2 = 157.54.200.0 /21
N11 of N2 = 157.54.208.0 /21
N12 of N2 = 157.54.216.0 /21
N13 of N2 = 157.54.224.0 /21
N14 of N2 = 157.54.232.0 /21
N15 of N2 = 157.54.240.0 /21
Now suppose that we want to take one of the 15 subnets subnetted from the 2nd
subnet of the class B network and subnet
one of those. Remember that we are now subnetting a subnet of a subnet of a class B network. Let’s say we want to
approximate about 8 Class C networks using our class B address. We are already using CIDR /21, and remember that
with CIDR we can bend our -2 rule a little bit. Let’s pick the last subnet of the previous stage – 157.54.240.0 /21 . To get
8 more subnets, we need to add 3 more bits. 2x
= 23
= 8, and no minus 2 this time, we are bending the rules with CIDR.
36. 35 | P a g e
Therefore, our new CIDR notation is /24, which is, coincidentally, leaving us with the same number of host bits we would
be left with a normal class C network. Let’s choose the last subnet in the previous stage, the “240”, to subnet. Since we
are subnetting a subnet of a subnet, the original 128 bit will be “stuck” this time as well as the 4 we added. A total of five
bits have now become “stuck”:
27
26
25
24
23
22
21
20
Base
10
128 64 32 16 8 4 2 1
1 1 1 1 1 0 0 0 248
1 1 1 1 1 0 0 1 249
1 1 1 1 1 0 1 0 250
1 1 1 1 1 0 1 1 251
1 1 1 1 1 1 0 0 252
1 1 1 1 1 1 0 1 253
1 1 1 1 1 1 1 0 254
37. 36 | P a g e
1 1 1 1 1 1 1 1 255
To sum things up:
Class = B
Subnet Mask = 255.255.255.0
(looks like a class C, but it’s a VLSM subnetted class B)
CIDR = /24
BLOCK size = 1 (Interesting, huh?)
Hosts per subnet = (2x
– 2) = (28
– 2) = 254
# of subnets = 2x
= 23
= 8
8 Subnets of previous N15
of Class B N2
N1 of N15 of N2 = 157.54.248.0 /24
38. 37 | P a g e
N2 of N15 of N2 = 157.54.249.0 /24
N3 of N15 of N2 = 157.54.250.0 /24
N4 of N15 of N2 = 157.54.251.0 /24
N5 of N15 of N2 = 157.54.252.0 /24
N6 of N15 of N2 = 157.54.253.0 /24
N7 of N15 of N2 = 157.54.254.0 /24
N8 of N15 of N2 = 157.54.255.0 /24
B. Non-Contiguous VLSM
But wait! It gets even weirder my friend! The classful subnetting rules that make our lives so safe and predictable are
about to be twisted and contorted even more. Ofcourse, if you didn't have a truly twisted mind you wouldn't be into VLSM
in the first place. Come to think of it, have you ever met anyone in this business that's "normal" ? Thinking ... Hmmm ...
Nope. If you're into this stuff, you're a fruitcake, myself included. Denial. It's not just a river in Egypt.
Anyway, another way to look at VLSM is in terms of BLOCK sizes and hosts/subnets required. Remember that the
39. 38 | P a g e
BLOCK is always the lowest bit that belongs to the subnet bits. It can also be calculated by subtracting the subnet mask
value from 256. Example:
27
26
25
24
23
22
21
20
Subnet
Mask
BLOCK
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0 .192 64
1 1 1 0 0 0 0 0 .224 32
1 1 1 1 0 0 0 0 .240 16
1 1 1 1 1 0 0 0 .248 8
1 1 1 1 1 1 0 0 .252 4
Or, if you prefer:
256 – 192 = 64
256 – 224 = 32
256 – 240 = 16
40. 39 | P a g e
256 – 248 = 8
256 – 252 = 4
You can see the BLOCKs as they are associated with each subnet mask above. Using this information, we can construct
a table that will assist us when using VLSM. To apply VLSM to a class C network, we would start with a /24 due to the
subnet mask of 255.255.255.0. We would then simply continue adding subnet bits to /24 like so:
CIDR Subnet Mask Subnets Hosts BLOCK
/26 .192 2 62 64
/27 .224 6 30 32
/28 .240 14 14 16
/29 .248 30 6 8
/30 .252 62 2 4
*Notice the inverse relationship between the subnets and hosts columns.
Suppose we had a network, 192.168.20.x, and we needed 8 subnets for that network. If the number of hosts needed for
each subnet is in the range from 30 hosts – 2 hosts, we would be forced into using only 6 subnets, since we would need 5
41. 40 | P a g e
bits for hosts. The only way we could get 8 subnets out of a single class C network address, and still allow for up to 30
hosts on a subnet, is if we use VLSM.
The goal is to continuously use the smallest BLOCK size possible to accommodate the number of hosts. Example:
Subnet Hosts Needed
CIDR
Subnet
Mask BLOCK
Hosts Provided
N1 11 /28 .240 16 14
N2 19 /27 .224 32 30
N3 23 /27 .224 32 30
N4 5 /29 .248 8 6
N5 2 /30 .252 4 2
N6 2 /30 .252 4 2
N7 2 /30 .252 4 2
N8 2 /30 .252 4 2
42. 41 | P a g e
*Notice the interesting minus two relationship between the BLOCK and the number of hosts provided. Subtract two from
the block and that is the # hosts.
Once we have our BLOCK table figured out, we need to decide where to place our BLOCKed subnets in the range of
available addresses 1-254. The rule to follow here is that, we must either start from “0”, or else an increment of the
current BLOCK. In other words, if we started with a BLOCK value of 64, we would have to start with 0, 64, 128, or 192. If
we had other BLOCK values of 32, we would have to squeeze them in between the 64 BLOCK ranges, and where we
squeeze them would have to be an increment of 32. The same could be said for any other BLOCK sizes such as 16, 8 or
4.
It’s usually easiest to start with the largest BLOCKs, fit them in, then move to the smaller BLOCKs. Remember that you
must START with the block size or a multiple thereof, so if the block size were 32, you would start at 32 and then 64 and
so on. Here, we will therefore start with the two 32-sized BLOCKs above. We can place one 32-sized BLOCK between
32-64, and another 32-sized BLOCK between 64-96. That takes care of those two. Now the next largest BLOCK is 16.
Where can we place that? We might place it between 16-32, since it has not yet been used. We could place the 8
BLOCK between 8-16, since it has not been used, and the remaining 4 BLOCKs will be easy to place at the end since
they are so small. We could place them respectively between 96-100, 100-104, 104-108, and 108-112.
As an illustrated example:
Class C IP Address Range Table
46. 45 | P a g e
Chapter5:- Routing Protocols
A. RIP
Stands for “Routing Information Protocol”. It is a generic protocol supported by many platforms, vendors, hardware and
operating systems. RIPv1 is classful (can not do dis-contiguous networks, does not transmit subnet information). Only
supports IP routing.
1. Distance Vector Protocol – uses a “hop count”, judges distance. Uses
a simple metric, sends the entire routing table to directly connected
47. 46 | P a g e
neighbors. Called “routing by rumor”. Uses broadcasts that send the
complete routing table out every 30 seconds.
2. AD = 120 (highest)
3. Pinhole Congestion – RIP is prone to pinhole congestion since it uses
only a simple metric. If there are two links with the same hop count
but one link is much slower than the other, RIP will not take
advantage of the faster link.
4. Convergence time = slow.
5. Maximum Hop Count = 15. A hop count of “16” is considered down or
unreachable.
6. RIPv1 vs. RIPv2 – RIPv1 does classful routing, it does not send any
subnet information, so all devices on the network must use the same
subnet mask. RIPv2 does classless routing (prefix routing), it will
transmit subnet information so all devices on the network need not
have the same subnet mask.
7. Timers:
48. 47 | P a g e
Route Update – interval between routing updates (30 seconds default)
Route Invalid – interval for route to be determined as invalid
(180 seconds default)
Route Holddown – time during which routing information is
suppressed (180 seconds default)
Route Flush – interval for route to become invalid and be removed
from the table (240 seconds default)
8. passive-interface – command prevents RIP broadcasts from being
transmitted out the specified interface, thought RIP broadcasts may
still be received. Example:
Example:
MrRouter> enable
MrRouter# config t
MrRouter# router rip
MrRouter# network 192.168.10.0
MrRouter# passive-interface s0/0
B. OSPF
49. 48 | P a g e
Stands for “Open Shortest Path First”. It is a generic protocol supported by many platforms, vendors, hardware and
operating systems. Only supports IP routing. Only supports IP routing.
1. Link State Protocol – uses a link state database instead of a hop
count. Creates 3 separate tables: 1 = neighbors, 2 = topology, 3 =
routing table.
2. AD = 110
3. Dijkstra – algorithm constructs the shortest path tree which populates
the routing table. Next to EIGRP, OSPF has the fasted convergence
time.
4. link – network/router interface assigned to given network. The link
will have a state (up or down) as well as an IP address assigned to it.
5. Router ID – highest IP address of all interfaces on the router, used to
identify the router itself.
6. Neighbors – two or more routers that have interfaces in common on
the same network.
50. 49 | P a g e
7. Adjacency – relationship between two OSPF routers that permits the
exchange of routing updates.
8. Neighborship database – list of all OSPF routers for which “Hello”
packets have been sent.
9. LSA packets – Links State Advertisements are only exchanged
between OSPF routers that have adjacencies.
10. Topology database – information from all LSA (Link State
Advertisement) packets that have been received for a particular
area.
11. Designated Router (DR) – use to minimize the number of adjacencies
required. The DR receives and disseminates information from routers
on the broadcast network/link to synchronize their topology tables.
It is selected by the router with the highest priority. If the priorities
are the same, the router with the highest ID is selected.
12. Backup Designated Router (BDR) – hot standby for DR.
13. OSPF Area – group of contiguous networks and routers. Area IDs can
51. 50 | P a g e
be different for each interface on a router since a router can connect
different networks with different Area numbers. All routers in the
same “Area” will have the same Area ID. For routers to establish
adjacencies they must be in the same area.
14. SPF – (Shortest Path First) algorithm that calculates the shortest
path to every network in the same Area (sharing the same Area ID).
A separate tree is constructed for each area, so if a router is a
member of more than one area, it will have multiple trees. It uses
cost (QSPF) to calculate the best path as its metric. This is different
for different vendors. For CISCO it is (108
/bandwidth) represented in
millions. So a 10 Mbps link will have a higher cost of 10
(100,000,000/10 = 10,000,000) and a 100Mbps link will have a lower
cost of (100,000,000/100 = 1,000,000).
Note: the “router ospf 1” refers to a process ID and not the Area. Areas are specified with
the “network” command and the “area” option.
Example:
MrRouter> enable
MrRouter# config t
52. 51 | P a g e
MrRouter# router ospf 1
MrRouter# network 192.168.10.0 255.255.255.0 area 51
Diagnostics:
sh ip route
sh ip ospf = stats, LSA
sh ip ospf database = topology
sh ip ospf interface = RID, PID, priority, DR and BDR
sh ip ospf neighbor = neighbors and adjacency states
Loopback interfaces
When using OSPF, one should configure a loopback. Loopbacks will never go down since they are virtual, not real. If you
don’t use a loopback, the RID (Router ID) will be set to the highest IP address of the router. The problem with this is that if
the interface goes down, a re-election must take place to choose a DR and BDR based on the new highest IP. If this
happens with a flapping link the routers will never converge and this could bring the entire network down. Loopbacks
never go down and so are safer to use for a router ID. Example:
Router_A(config)# int loopback 0
Router_A(config-if)# ip address 192.168.90.1 255.255.255.0
Router_A(config-if)# no shut
53. 52 | P a g e
C. IGRP
Stands for “Internet Gateway Routing Protocol”. It is a proprietary protocol that can only be used on Cisco routers and
equipment. Classful (does not include the subnet in it route, can not do dis-contiguous networks.) Only supports IP
routing.
1. Distance Vector Protocol – uses a composite metric composed of
combinations of bandwidth, delay of the line, MTU, link reliability and
load. This is more complex that RIP’s simple hop count, so it allows
IGRP to take advantage of faster links where the hop count would be
the same.
2. AD = 100
3. Maximum Hop Count = 255. The default is 100. This makes IGRP
better suited to larger networks than those that use RIP.
4. AS number – all routers using IGRP must be within the same autonomous system and use
the same autonomous system number in order to communicate. Example: router igrp 10.
5. Timers:
54. 53 | P a g e
Update – interval between routing updates (90 seconds default)
Invalid – interval for route to be determined as invalid
(default = 3x update timer)
Holddown – time during which routing information is
suppressed (default = 3x update timer + 10)
Flush – interval for route to become invalid and be removed
from the table (default = 7x update timer)
Example:
MrRouter> enable
MrRouter# config t
MrRouter# router igrp 10
MrRouter# network 192.168.10.0
D. EIGRP
Stands for “Enhanced IGRP”. It is a proprietary protocol that can only be used on Cisco routers and equipment. It is
classless (transmits subnet information). Supports multiple protocols – IP, IPX and Appletalk. Uses Cisco’s proprietary
RTP (Reliable Transport Protocol). Supports VLSM and dis-contiguous subnets.
55. 54 | P a g e
1. Hybrid Protocol – uses a combination of link state data and hop count
in its metric. Uses “Hello” messages to establish neighbors. Uses
“routing by rumor”. It also uses bandwidth, delay, load and
reliability.
2. AD = 90 (lowest)
3. Maximum Hop Count = 255.
4. AS number – all routers using IGRP must be within the same autonomous system and use
the same autonomous system number in order to communicate. Only routers with the
same AS number share routes. Routes within the same AS are internal EIGRP routes and
have as AD of 90. Routes outside the same AS are external EIGRP routes and have an AD
of 170.
5. Hello – Hello messages composed of Hello packets form adjacencies
(neighbor associations) between neighbors.
6. RTP – Uses multicast traffic over 224.0.0.10 and creates/maintains a
list of replies as “neighbors”.
7. DUAL – Diffusing Update Algorithm. Gives EIGRP the fastest
56. 55 | P a g e
convergence time among all routing protocols. Allows VLSM. Route
recoveries and backup routes.
8. Commands:
show ip eigrp topology – show topology table
show ip eigrp neighbor – show neighbor table
Example:
MrRouter> enable
MrRouter# config t
MrRouter# router eigrp 80
MrRouter# network 192.168.50.0
E. Definitions
AD = Administrative Distance. It rates the trustworthiness of routing information. The lower the AD value, the more
trustworthy routing information is considered to be. If a router receives several updates from different routing protocols,
the one with the lowest AD value will be utilized in place of anything with a higher value. If the AD value is the same,
57. 56 | P a g e
routing protocol metrics will be used to decide routing table entries. If the AD and the metric are the same, the routers will
load balance updates in round robin fashion.
convergence – when dynamic routing protocols have updated all routers with all routes.
Split horizon – Keeps routing information from being sent back in the direction from which it was received. Prevents
routing loops.
Route Poisoning – When a network goes down, its hop count is advertised as 16 (unreachable), regardless of what its
true hop count may be.
Holddowns – prevents a route that is going up and down frequently (flapping) from bring down an entire network. If
flapping were allowed indefinitely, routers could never converge and this could affect the entire network. Holddowns
prevent routes from changing too rapidly by pausing and causing routers to wait a specified interval before updating to
allow a router that has gone down to come back up or an alternate route to be selected.
sh protocols = displays routed protocols and the interface on which they are enabled
sh ip protocols = display routing protocols configured on router
sh ip route = display routing table with static and dynamic routes
58. 57 | P a g e
sh run = display dynamic routes and advertised routes
debug ip rip = sends router updates as they are sent/received
debug ip igrp events = displays protocol events as they are sent/received
debug ip igrp transactions = displays protocol transactions as they are sent/received
undebug all = turns off debugging (un all)
59. 58 | P a g e
Chapter6:- Switches
A. Overview
Hubs = layer 1 devices. Do not filter, merely propagates signal. Does not create
separate collision domains between hosts.
Active = serves as a repeater, amplifies signal, extends range lost to
attenuation
Passive = does not amplify signal, limited by specified attenuation length of
media (100 meters for Cat5e)
Bridges – Layer 2 device, splits a network into 2 collision domains.
Switches = Layer 2 devices, contain a MAC table and filter frames based on MAC
address. Place connections between any two hosts in a separate collision
domain. They use ASICS (Application Specific Integrated Circuits) to build
and maintain the MAC tables.
60. 59 | P a g e
Routers = Layer 3 devices, contain a routing table to route traffic between networks,
places networks in different broadcast domains.
Layer 3 Switches – A (layer 2/layer 3) combination device. It can be used as a switch
to place hosts in separate collision domains. When used with a
router and sub-interfaces, it can place hosts into VLANs, thus
separating them into different broadcast domains.
Switches have 3 Layer 2 Functions:
1. Address Learning – learns MAC address of all connected hosts
2. Forward/Filter Decisions – filters by MAC using ASICs
3. Loop Avoidance – prevents redundant links from creating loops. Switches need redundant connection
in case connections fail, but loops from these redundant connections must be avoided. If not, a
broadcast strom will result where broadcasts are endlessly propagated and flood the network.
B. STP
STP - (Spanning Tree Protocol) stops network loops from occurring on layer 2 switches. It uses the STA (Spanning Tree
61. 60 | P a g e
Algorithm) to create a topology database of all connected switches, then it removes redundant links. Frames will then only
be forwarded on STP chosen ports. Convergence using STP takes approximately 50 seconds, at which point ports can
go from blocking to forwarding mode.
Root Bridge – bridge (switch) elected with the best root ID. All decisions concerning whether ports are blocked or placed
into forwarding mode are made by this bridge.
BPDU – (Bridge Protocol Data Unit) exchanged between switches to select the root bridge through comparison with
neighbors.
Bridge ID – The switches ID. STP uses this to keep track of all the switches on a
network. It is determined by combining the priority with the MAC address of the switch. Priorities may be a value between
1 and 32,768, with 32,768 as the default for all switches. The bridge with the lowest ID is elected the root bridge. If
switches all use the same default priority, then the switch with the lowest MAC address will win.
Root port – the port that presents shortest path to the root bridge. If more than one port exists, bandwidth is used to
determine cost.
Designated port – port with the lowest cost, it will be set to forward.
Non-designated Port – port with higher cost than designated port, placed in blocking mode.
Forwarding port – always forwards frames (lowest cost and closest to root bridge)
62. 61 | P a g e
Blocking port – listens to BPDUs, but does not forward frames (blocks them).
STP States:
1. Blocking – frames not forwarded, just listens to BPDUs
2. Listening – listens to BPDUs to avoid loops
3. Learning – listens to BPDUs, populates MAC table, does not forward frames
4. Forwarding – frames forwarded
5. Disabled – unused
C. Switching Types
1. Cut-through – (FastForward) only waits for destination MAC address to forward
frame.
2. FragmentFree – 1st
64 bytes of frame buffered and checked for fragmentation, then
forwarded if everything is o.k. This blocks fragments (runts) caused
63. 62 | P a g e
by collisions.
3. Store-and-Forward – complete data frame is loaded into switch’s buffer, a CRC is
calculated to make sure it is error free, and only then is the
destination looked up in the switch’s MAC table and the frame
forwarded.
D. Cisco Switch Models
1900 Catalyst – Cisco’s basic model, consisting of the 1912 (12 10 BaseT ports) and 1924 (24 1o BaseT ports). Each
switch has two 100Mbps uplinks consisting of UTP or fiber.
2950 Catalyst – Cisco’s deluxe model, many varieties from 10Mbps to 1Gbps, offers advanced features for data, video,
voice and data.
E. 1900 Setup
1. Press “K”.
Passwords
ZSwitch> enable
64. 63 | P a g e
ZSwitch# config t
ZSwitch(config)# enable password level 1 superfunyay (user password)
ZSwitch(config)# enable password level 15 DrewBerrymore (enable password)
ZSwitch (config)# enable secret SandraBullock (secret password)
ZSwitch# sh run
ZSwitch(config)#hostname ZSwitch
IP Addressing
ZSwitch# sh ip (display IP address)
ZSwitch# config t
ZSwitch(config)# ip address 172.16.10.16 255.255.255.0
ZSwitch(config)# ip default-gateway 172.16.10.1
ZSwitch(config)# exit
Configuring Ports (1900 has only one slot “0”)
ZSwitch(config)# int ethernet 0/? (display # ports you can configure)
ZSwitch(config)# int ethernet 0/1 (selects a port to configure)
ZSwitch (config)# int fastethernet 0/26
ZSwitch# sh int e0/1 (selects a port to display)
65. 64 | P a g e
ZSwitch# sh int f0/26
ZSwitch# int e0/1
ZSwitch# description Finance_VLAN (notice no abbreviation)
Configuring Full Duplex (Only available on fast-ethernet ports 26/27)
ZSwitch(config)# int f0/26
ZSwitch(config-if)# duplex full
Diagnostic Commands
ZSwitch# ping 172.16.10.1
ZSwitch# telnet 172.16.10.1
Erasing (since switches save to NVRAM automatically)
ZSwitch# delete nvram
F. 2950 Setup
Passwords
ZSwitch> enable
66. 65 | P a g e
ZSwitch# config t
ZSwitch(config)# enable password scoobydoo
ZSwitch(config)# enable secret cisco
ZSwitch(config)#line console 0
ZSwitch(config-line)# password console
ZSwitch(config-line)#login
ZSwitch(config)#line vty 0 15
ZSwitch(config-line)#password telnet
ZSwitch(config-line)#login
ZSwitch(config-line)#cntrl+z
IP Addressing (must select the administrative “vlan1”)
ZSwitch# config t
ZSwitch(config)# interface vlan1
ZSwitch(config-if)# ip address 172.16.10.17 255.255.255.0
(Note: We have to exit interface config to global to configure gateway)
ZSwitch(config-if)#exit
ZSwitch(config)#ip default-gateway 172.16.10.1
ZSwitch(config)#exit
67. 66 | P a g e
Viewing Slots (only 1, so only 0 is valid)
ZSwitch(config)# interface fastEthernet ?
<0-2> FastEthernet interface number
ZSwitch(config)# interface fastEthernet 0?
ZSwitch(config)# interface fastEthernet 0/?
<0-12> FastEthernet interface number
Configuring a Port
ZSwitch(config)# interface fastEthernet 0/1
ZSwitch(config)# int fa0/1
ZSwitch(config-if)# duplex full
ZSwitch(config-if)# speed 100
ZSwitch(config-if)#description VIPPA_VLAN (can us abbreviation on 2950)
ZSwitch# sh int fa 0/1 (selects a port to display)
Configuring Portfast (causes port not to wait 50 seconds for STP)
ZSwitch(config-if)# spanning-tree portfast (be careful not to have any loops if turngin this on)
68. 67 | P a g e
Erasing and Saving
ZSwitch# erase startup-config
ZSwitch# copy run start
Chapter7:- VLANs
A. Introduction
VLANs allow a Layer 2 device such as a switch to perform some Layer 3 functions by separating hosts connected to
different ports into subnets. These VLANs must be coupled with sub-interfaces on a router, and they can span many
different switches across the network, combining them into groups of VLANs that may run throughout a building.
Why VLANs?
1. Separating Broadcast domains for limiting traffic
69. 68 | P a g e
2. Security (only hosts in the same VLAN may access resources, access lists)
3. Grouping of hosts irrespective of location
There are 2 types of VLANs:
1. static – configured by an administrator
2. dynamic – automatically configured. Uses a VLAN Management Policy Server
(VMPS) to set up a database mapping MAC addresses to VLANs. In this way, if
a host moves around the network, the switch will assign them to the correct
VLAN automatically.
B. VLAN Links
Access Links – part of one VLAN, attached devices are unaware of VLAN membership, the switch removes the VLAN
information from the frame before it’s sent to the device connected to the access link.
Trunk Links – a 100Mbps to 1000Mbps direct point-to-point link between two switches, a switch and router, or a switch
and a server. They may carry the traffic of multiple VLANs from 1 to 1005. Without a trunk link, only VLAN1 information
(the administrative VLAN) will be transmitted from switch to switch.
70. 69 | P a g e
Frame Tagging – VLAN information is added to frames as they enter a switch based on the port’s VLAN membership.
The VLAN information is then removed from the frame when it arrives at its destination.
C. VLAN Router Settings and Sub-Interfaces
80/20 – keep 80 % of the traffic on the local network, and 20% traversing a router.
ISL – (Inter-Switch Link) is a proprietary Cisco routing protocol. Follows 80/20 rule. Requires all Cisco routers.
IEEE 802.1Q – inserts a field into the frame to identify the VLAN. A non-proprietary IEEE standard. Mix and Match.
VTP – (VLAN Trunking Protocol) allow remote management, addition, deletion and administration of VLANs.
VTP Domain – switched in the same VTP domain share VLAN information.
VTP Server – switch that acts as the VTP server and configure VLAN information.
VTP Client – switches that are configured to get their VLAN information from A VTP
server.
VTP Transparent – switches that are not part of a VTP domain, but they will forward
VTP information through their trunk links
VTP Pruning – reduces traffic to switches by sending VTP broadcast information ONLY to the switches that truly need it.
71. 70 | P a g e
D. 1900 VLAN Configuration
Configuring VLANs
ZSwitch# config t
ZSwitch(config)# hostname ZSwitch
ZSwitch(config)# vlan 2 name sales
ZSwitch(config)# vlan 3 name marketing
ZSwitch(config)# vlan 4 name mis
ZSwitch(config)# exit
ZSwitch# sh vlan (display VLAN database)
ZSwitch(config)# int e0/2
ZSwitch(config-if)# vlan-membership static 2
ZSwitch(config-if)# int e0/4
ZSwitch(config-if)# vlan-membership static 3
ZSwitch(config-if)# int e0/5
ZSwitch(config-if)# vlan-membership static 4
ZSwitch(config-if)# CTRL + Z
ZSwitch# sh vlan-membership
Configuring Trunk Ports (remember only last 2 ports)
72. 71 | P a g e
ZSwitch(config)# int f0/26
ZSwitch(config-if# trunk on
ZSwitch(config)# sh trunk a (a or b, shows trunk ports and enacpsulatoin type)
VTP Server Configuration
ZSwitch(config)#vtp server
ZSwitch(config)#vtp domain SuperFun
ZSwitch# sh vtp
ZSwitch# delete vtp
E. 2950 VLAN Configuration
Configuring VLANs
ZSwitch#vlan database
ZSwitch(vlan)# vlan 2 name Sales
ZSwitch(vlan)# vlan 3 name Marketing
Setting Ports as VLAN Members
ZSwitch(config)#int f0/2
73. 72 | P a g e
ZSwitch(config-if)#switchport access vlan 2
ZSwitch(config-if)#switchport mode access
ZSwitch(config-if)#int f0/3
ZSwitch(config-if)#switchport access vlan 3
ZSwitch(config-if)#switchport mode access
ZSwitch(config-if)#exit
ZSwitch# sh vlan
Configuring Trunk Ports
For all VLANs to be allowed to traffic over this link:
ZSwitch(config)# int f0/12
ZSwitch(config-if)#switchport mode trunk
To limit VLAN traffic over this link:
ZSwitch(config)# int f0/12
ZSwitch(config-if)# switchport trunk allowed vlan except 2
VTP Server Configuration
ZSwitch(config)#vtp server
ZSwitch(config)#vtp domain SuperFun
74. 73 | P a g e
ZSwitch# sh vtp status
ZSwitch# sh vtp counters
F. Router VLAN Configuration
Sub-Interfaces and Encapsulation
ZRouter#config t
ZRouter(config)#int f0/0
ZRouter(config-if)#no ip address
ZRouter(config-if)#int f0/0.1
ZRouter(config-subif)#
ZRouter(config-subif)#encapsulation isl 1
ZRouter(config-subif)#ip address 172.16.10.1 255.255.255.0
G. LAB Application (VLANS + Sub-interface Routing)
75. 74 | P a g e
1. Connect into Switch1900A switch and set the hostname, passwords, interface descriptions, IP address, subnet mask
and default-gateway information. The IP address of the switch will be 172.16.40.2/24, with a default gateway of
172.16.40.1. When the configuration is complete, verify the configuration by pinging the default gateway.
76. 75 | P a g e
>enable
#config t
(config)#hostname Switch1900A
Switch1900A(config)#enable password level 1 kitty
Switch1900A(config)#enable password level 15 kitty1
Switch1900A(config)#enable secret kitty
Switch1900A(config)#ip address 172.16.40.2 255.255.255.0
Switch1900A(config)#ip default-gateway 172.16.40.1
Switch1900A(config)#interface fastethernet 0/26
Switch1900A(config-if)#description Link_to_2600A
Switch1900A(config-if)#interface fastethernet 0/27
Switch1900A(config-if)#description Link_to_HostE
Switch1900A(config-if)#exit
Switch1900A(config)#exit
Switch1900A#ping 172.16.40.1
2. Connect into Switch1900B switch and set the hostname, passwords, interface descriptions, IP address, subnet mask
and default-gateway information. The IP address of the switch will be 172.16.50.2/24, with a default gateway of
172.16.50.1. When the configuration is complete, verify the configuration by pinging the default gateway.
77. 76 | P a g e
>enable
#config t
(config)#hostname Switch1900B
Switch1900B(config)#enable password level 1 kitty
Switch1900B(config)#enable password level 15 kitty1
Switch1900B(config)#enable secret kitty
Switch1900B(config)#ip address 172.16.50.2 255.255.255.0
Switch1900B(config)#ip default-gateway 172.16.50.1
Switch1900B(config)#interface fastethernet 0/26
Switch1900B(config-if)#description Link_to_2600B
Switch1900B(config-if)#interface fastethernet 0/27
Switch1900B(config-if)#description Link_to_HostF
Switch1900B(config-if)#exit
Switch1900B(config)#exit
Switch1900B#ping 172.16.50.1
3. Connect into Switch2950A switch and set the hostname, passwords, interface descriptions, IP address, subnet mask
and default-gateway information. The IP address of the switch will be 172.16.10.3/24, with a default gateway of
172.16.10.1. When the configuration is complete, verify the configuration by pinging the default gateway.
Switch>enable
Switch#config t
78. 77 | P a g e
Switch(config)#hostname Switch2950A
Switch2950A(config)#enable password kitty
Switch2950A(config)#enable secret fluffy
2905A(config)#line console 0
Switch2950A(config-line)#password console
Switch2950A(config-line)#login
Switch2950A(config-line)#line vty 0 15
Switch2950A(config-line)#password console
Switch2950A(config-line)#login
Switch2950A(config-line)#exit
Switch2950A(config)#ip default-gateway 172.16.10.1
Switch2950A(config)#interface VLAN 1
Switch2950A(config-if)#ip address 172.16.10.3 255.255.255.0
Switch2950A(config-if)#interface fastethernet 0/3
Switch2950A(config-if)#description Trunk Link to Switch2950B
Switch2950A(config-if)#switchport mode trunk
Switch2950A(config-if)#speed 100
Switch2950A(config-if)#duplex full
Switch2950A(config-if)#exit
Switch2950A(config)#exit
Switch2950A#ping 172.16.10.1
79. 78 | P a g e
This ping will not work until you delete ip address for interface f0/0.1 on the Router2600C.
4. Create a VTP domain of SuperFun and leave the 2950 switch as a VTP server.
Switch2950A#config t
Switch2950A(config)#vtp domain SuperFun
5. Connect to the Switch2950B switch and set the hostname, passwords, interface descriptions, IP address, subnet
mask and default-gateway information. The IP address of the switch will be 172.16.10.4/24, with a default gateway of
172.16.10.1. When the configuration is complete, verify the configuration by pinging the default gateway.
>enable
#config t
(config)#hostname Switch2950B
Switch2950B(config)#enable password kitty
Switch2950B(config)#enable secret fluffy
Switch2950B(config)#line console 0
Switch2950B(config-line)#password console
Switch2950B(config-line)#login
Switch2950B(config-line)#line vty 0 15
Switch2950B(config-line)#password console
Switch2950B(config-line)#login
80. 79 | P a g e
Switch2950B(config-line)#exit
Switch2950B(config)#ip default-gateway 172.16.10.1
Switch2950B(config)#interface vlan1
Switch2950B(config-if)#ip address 172.16.10.4 255.255.255.0
Switch2950B(config-if)#interface fastethernet 0/3
Switch2950B(config-if)#description Trunk_Link_to_Switch2950A
Switch2950B(config-if)#switchport mode trunk
Switch2950B(config-if)#speed 100
Switch2950B(config-if)#duplex full
Switch2950B(config-if)#exit
Switch2950B(config)#exit
Switch2950B#ping 172.16.10.1
6. Configure the Switch2950B switch to be a member of the VTP domain SuperFun and configure the Switch2950B
switch as a VTP client.
Switch2950B#config t
Switch2950B(config)#vtp domain SuperFun
Switch2950B(config)#vtp mode client
7. Create two VLANs on Switch2950A switch called Sales and Marketing.
81. 80 | P a g e
Switch2950A#vlan database
Switch2950A(vlan)#vlan 2 name Sales
Switch2950A(vlan)#vlan 3 name Marketing
Notice we created the two VLANs using 2 and 3. VLAN 1 is configured by default on all switches and cannot be
changed or deleted.
8. Go to the Switch2950B switch and type in show VLAN to verify the VLAN information was propagated with VTP.
Switch2950B(config)#exit
Switch2950B#show vlan
You should see three VLANs, 1-3, that were propagated via VTP from the Switch2950A switch.
9. HostA and HostC will be in VLAN 2, Sales, which has a subnet address of 172.16.2.0/24. HostA will be 172.16.2.2 and
HostC will be 172.16.2.3. The default gateway will be 172.16.2.1, which we will configure on the 2600 in a minute.
Connect to the Switch2950A switch and make port f0/1 a member of VLAN 2.
Switch2950A#config t
Switch2950A(config)#interface fastethernet 0/1
Switch2950A(config-if)#switchport access vlan 2
Switch2950A(config-if)#switchport mode access
82. 81 | P a g e
10. Connect to the Switch2950B switch and make port f0/1 a member of VLAN 2.
Switch2950B#config t
Switch2950B(config)#interface fastethernet 0/1
Switch2950B(config-if)#switchport access vlan 2
Switch2950B(config-if)#switchport mode access
11. Configure HostA and HostC. From HostA, configure an IP address of 172.16.2.2/24, with a default gateway of
172.16.2.1. From HostC, configure an IP address of 172.16.2.3/24 with a default gateway of 172.16.2.1.
12. Verify you have set up the VLANs correctly by pinging from HostA to HostC.
>ping 172.16.2.3
Once you can ping, you know you have configured at least one VLAN correctly. At this time, HostA and HostC cannot
ping anything else in the network except each other.
13. Configure HostB and HostD to be in VLAN3. From the Switch2950A switch, configure port F0/2 to be a member of
VLAN3.
Switch2950A#config t
Switch2950A(config)#interface fastethernet 0/2
Switch2950A(config-if)#switchport access vlan 3
Switch2950A(config-if)#switchport mode access
83. 82 | P a g e
14. Connect to the Switch2950B switch and make port F0/2 a member of VLAN 3
Switch2950B#config t
Switch2950B(config)#interface fastethernet 0/2
Switch2950B(config-if)#switchport access vlan 3
Switch2950B(config-if)#switchport mode access
15. Configure HostB with an IP Address of 172.16.3.2/24, with a default gateway of 172.16.3.1.
16. Configure HostD with an IP Address of 172.16.3.3/24, with a default gateway of 172.16.3.1.
17. Verify that you can ping HostD from HostB.
>ping 172.16.3.3
18. To have the hosts ping outside their own VLAN, you must setup some type of routing. Use the Router2600C router
Fastethernet 0/0 interface and create 802.1q routing. Create three subinterfaces, one for each VLAN.
Router2600C>enable
Router2600C#config t
Router2600C(config)#interface fastethernet 0/0
Router2600C(config-if)#no ip address
Router2600C(config-if)#interface fastethernet 0/0.1
Router2600C(config-subif)#encapsulation dot1q 1
84. 83 | P a g e
Router2600C(config-subif)#ip address 172.16.10.1 255.255.255.0
Router2600C(config-subif)# interface fastethernet 0/0.2
Router2600C(config-subif)#encapsulation dot1q 2
Router2600C(config-subif)#ip address 172.16.2.1 255.255.255.0
Router2600C(config-subif)# interface fastethernet 0/0.3
Router2600C(config-subif)#encapsulation dot1q 3
Router2600C(config-subif)#ip address 172.16.3.1 255.255.255.0
Chapter8:- Access Lists
access-list ? = displays numerical ranges for types of access lists. 0-99 = a standard access list, whereas 100-199 = an
extended access list.
sh access-list = display all access lists and their rules
sh access-list 149 = show specific access list
sh ip access-list = show ip access lists configured on the router
sh ip interface = show which interfaces have access lists
85. 84 | P a g e
sh run = display the running configuration. This will list all configured interfaces and
their access lists.
Inbound Access List – applies to inbound packets
Outbound Access List – applies to outbound packets
Introduction: Access lists are Cisco’s way of doing security. It can be compared to Linux’s IPtables firewall and IP chains.
A Cisco access list is a list of conditions that categorize packets. Different access lists may be used for both inbound and
outbound traffic on the same interface. Access lists are created in global configuration mode. Each access list can contain
multiple rules. They must then be applied using the “access-group” command to specific interfaces. There are three types:
A. Standard Access Lists
Their range is 0-99, they use only the source ip address field in a packet for the condition. Use the command “access-list”
and name the list with a number. Options are “permit” and “deny”. Then specify the host source IP address or “any”.
Example:
Creating a Standard Access List
MrsRouter# config t
86. 85 | P a g e
MrsRouter(config)# access-list 10 deny host 172.16.50.3
MrsRouter(config)# access-list 10 permit any
Applying An Access List
MrsRouter(config)#interface serial 0/0
MrsRouter(config-if)#ip access-group 10 in
To List Access-List Information
MrsRouter# show access-list 10
MrsRouter# show ip interface
MrsRouter# show running-config
To Remove An Access List
MrsRouter# config t
MrsRouter(config)# no access-list 10
Wildcard Masking
Used to specify a range of hosts, subnets or networks. Cisco flips these around to be the opposite of normal masking.
As such, a 0 means it must match the corresponding octet exactly and a 255 means it can be anything. Any other
values will be 1 less than the corresponding block for that subnet, so to obtain the block value just add 1. Examples:
87. 86 | P a g e
access-list 3 permit 0.0.0.0 255.255.255.255 = the same as saying:
access-list 3 permit any
access-list 10 deny 192.168.20.0 0.0.0.255 = deny all hosts on network 192.168.20.0, math the 1st
3 octets exactly
and the 4th
can be anything.
access-list 12 deny 129.130.0.0 0.0.255.255 = deny all hosts on network 129.13.0.0, match the 1st
2 octets exactly
and the last 2 can be anything.
access-list 27 permit 137.136.0.0 0.0.3.255 = permit only hosts on subnets 137.136.4.0, 137.136.5.0, 137.136.6.0,
137.136.7.0 , this is obtained by adding 1 to the 3 and getting a block value of 4. 4-8 = 4 subnets.
access-list 13 permit 137.136.0.0 0.0.7.255 = permit only hosts on subnets 137.136.8.0, 137.136.9.0, 137.136.10.0,
137.136.11.0, 137.136.12.0, 137.136.13.0, 137.136.14.0, 137.136.15.0, 137.136.16.0, 137.136.17.0 , this is obtained
by adding 1 to the 7 and getting a block value of 8. 8-15 = 8 subnets.
access-list 19 deny 137.136.0.0 0.0.31.255 = add 1, block = 32.
access-list 5 deny 137.136.0.0 0.0.63.255 = add 1, block = 64.
Catch-alls: Each access list can contain multiple rules. In order to allow other traffic when denying certain hosts or
ports with an access list, you must supply a “catch-all” rule that permits traffic. If you do not, by default traffic will not be
permitted once you apply an access list to an interface using the “access-group” command. Example:
88. 87 | P a g e
MrRouter(config)# access-list 12 deny 192.168.20.0 0.0.0.255
MrRouter(config)# access-list 12 permit any
MrRouter(config)# int f0/0
MrRouter(config)# access-group 12 in
B. Extended Access Lists
Their range is 100-199, they may use source and destination ip address, as well as many other fields of the packet in
layers 3 and 4.
eq = port, specified at the end of the access list
source = specified first in the access list
destination = specified after the source in the access list
Creating A Standard Access List
MissRouter# config t
MissRouter(config)# access-list 110 deny tcp host 172.16.50.3 172.16.40.0 0.0.0.255 eq telnet
MissRouter(config)# access-list 110 permit ip any any
89. 88 | P a g e
Apply the Access List
MissRouter(config)# interface serial 0/0
MissRouter(config-if)# ip access-group 110 in
MissRouter(config-if)# ^z
MissRouter#
To List Access-List Information
MissRouter# show access-list 10
MissRouter# show ip interface
MissRouter# show running-config
access-list 150 deny tcp any host 192.168.20.200 eq 23 = deny telnet
access-list 150 permit ip any any = catch all
access-list 170 deny tcp any host 192.168.20.101 eq 21 = deny FTP
access-list 170 permit ip any any = catch all
Multi-Rule Extended Access List
MrRouter(config)# access-list 194 deny tcp any host 192.168.20.200 eq 80
MrRouter(config)# access-list 194 deny tcp any host 192.168.20.200 eq 21
MrRouter(config)# access-list 194 deny tcp any host 192.168.20.200 eq 23
MrRouter(config)# access-list 194 permit ip any any
90. 89 | P a g e
MrRouter(config)# int f0/0
MrRouter(config-if)# access-group 194 in
C. Named Access Lists
This is a standard or extended access list that has been named. It uses the command “ip access-list” instead of “access-
list” and “access-group”. It can utilize a string identifier that may make it less cryptic than its numerical counterparts.
When entering rules for a names access list, you will go into a configuration mode and you must exit it from it when your
are done. Syntax:
“ip access-list” + “extended” or “standard” + TheStringName
Example: Creating and Applying a Named Standard Access List
MrRouter(config)# ip access-list standard RoboSuits
MrRouter(config-std-nacl)# deny 192.168.20.0 0.0.0.255
MrRouter(config-std-nacl)# permit any
MrRouter(config-std-nacl)# exit
MrRouter(config)# int f0/0
MrRouter(config-if)# ip access-group RoboSuits in
Example: Creating and Applying a Named Extended Access List
MrRouter(config)# ip access-list extended ColdFusion
91. 90 | P a g e
MrRouter(config-ext-nacl)# deny tcp any host 192.168.20.200 eq 23
MrRouter(config-ext-nacl)# permit ip any any
MrRouter(config-std-nacl)# exit
MrRouter(config)# int f0/0
MrRouter(config-if)# ip access-group ColdFusion in
D. Telnet Access Lists
MrRouter# config t
MrRouter(config)# access-list 11 deny host 172.16.50.3
MrRouter(config)# access-list 11 permit any
Applying An Access List To VTY Lines
To apply an access list to the terminal (vty 0 4), you will need to use the access list number and the “access-class”
command instead of the access-group” command. Example:
MrsRouter(config)# line vty 0 4
MrsRouter(config-line)# access-class 11 out
92. 91 | P a g e
Chapter9:- WAN Protocols
HDLC = Data Link layer protocol, High-Level Data-Link Control Protocol is a generic, non-proprietary ISO standardized
protocol that specifies the encapsulation method for data on synchronous serial data links. It is point to point over leased
93. 92 | P a g e
lines, and as such, can not accommodate authentication. It is the default encapsulation used by Cisco routers over
synchronous serial links.
CISCO HDLC = Cisco’s version of the HDLC is proprietary to Cisco, it does not communicate with any other vendor’s
HDLC implementation.
MSCP = Microsoft Callback Control Protocol, proprietary Microsoft call back protocol.
LCP = Link Control Protocol, used by PPP to build and maintain connections. Options related to LCP include:
1. Authentication = devices can prove who they are and handshake
2. Compression = data is compressed
3. Error Detection = CRC checksum
4. Multilink = allows several connections to be combined into one logical pipe
of bandwidth.
5. PPP Callback = router calls, hangs up, the other router calls it back.
A. PPP
94. 93 | P a g e
(Point To Point Protocol) Data Link layer protocol. Can be used by asynchronous serial (dial up) or synchronous serial
(ISDN). Uses LCP to build and maintain connections. Its primary purpose is to transport layer 3 packets across a layer 2
link. As such it has 4 main components:
1. EIA/TIA-232-C, V.24, V.35 and ISDN = physical layer standard for serial
communication.
2. HDLC = encapsulates datagrams over serial links
3. LCP = establishes, maintains and configures PPP connections
4. NCP = Network Control Protocol
PPP Authentication
PAP = Password Authentication Protocol, clear text passwords, no encryption.
CHAP = Challenge Handshake Authentication Protocol, encrypted using hash.
PPP Encapsulation Commands
MrRouter# config t
MrRouter(config)# int s0/0
MrRouter(config-if)# encapsulation ppp
95. 94 | P a g e
PPP Authentication Commands
Note: You must set the router’s hostname and username password.
MrRouter(config)# hostname MrRouter
MrRouter(config)# username MrRouter password cowpatty
MrRouter(config)# int s0/0
MrRouter(config-if)# ppp authentication chap pap
MrRouter(config-if)# exit
MrRouter(config)# exit
To See the Encapsulation Method On a Particular Interface
MrRouter# sh int s0/0
B. Frame Relay
Uses a frame relay cloud. Like a time share condo, subscribers in a frame relay cloud share bandwidth that they do not all
use at the same time. Allows users to communicate between two DTE (Data Terminal Equipment) devices, usually
routers, by using DCE (Data Communication Equipment) devices.
CSU/DSU = Channel Service Unit/Data Service Unit
96. 95 | P a g e
CIR = Committed Information Rate (the amount of bandwidth a subscriber is guaranteed)
virtual circuits = link devices connected to a frame relay provider’s cloud.
encapsulation = 1. ietf – generic, non-proprietary. 2. cisco – the default, proprietary, can only connect to othe Cisco
equipment.
Router Commands (to connect to a non-cisco frame-relay device)
MissRouter(config)# int s0/0
MissRouter(config-if)# encapsulation frame-relay ietf
Router Commands (to connect to a Cisco frame-relay device – the default)
MissRouter(config)# int s0/0
MissRouter(config-if)# encapsulation frame-relay
PVC = Permanent Virtual Circuit, more common, telephone company creates
mappings in their equipment.
97. 96 | P a g e
SVC = Switched virtual Circuit, established on the fly, as needed, and removed when
data transfer is complete.
There are three states for virtual circuits:
1. Active State = both routers are up.
2. Inactive State = only one router us up, remote router is down.
3. Deleted State = no LMI information is being received on the interface.
Point-to-Point = a single virtual circuit connects one router to another.
Multipoint = router is the center of a star of virtual circuits.
DLCIs = Data Link Connection Identifiers, they identify PVCs to DTE devices.
LMI = Local Management Interface, a signaling standard used between the router and
the first frame relay switch it is connected to. It communicates information
about keepalives, multicasting, global addressing, and the status of virtual
circuits. There are three standards:
98. 97 | P a g e
1. Cisco = defiend by the “Gang of Four”, developed by Cisco in 1990.
2. ANSI
3. ITU-T
Congestion Control
1. DE – Discard Eligibibility, marks packets exceeding CIR. Tehse packets are
removed if the network is congested.
2. FECN – Forward explicit Congestion Notification, notifies DTE of congestion
3. BECN – Backward explicit Congestion Notification, notifies DCE of
congestion.
Single Interface Commands
MrRouter(config)# int s0/0
MrRouter(config-if)# encapsulation frame-relay
MrRouter(config-if)# ip address 192.168.20.1 255.255.255.0
MrRouter(config-if)# frame-relay lmi-type ansi
MrRouter(config-if)# frame-relay interface-dlci 101
subinterfaces – multiple virtual circuits can be carried on a single serial interface, as with subinterfaces and VLANs.
99. 98 | P a g e
Subinterface Commands (may be multipoint or point to point)
MrRouter(config)# int s0
MrRouter(config-if)# encapsulation frame-relay
MrRouter(config-if)# int s0.1 point-to-point
Frame Relay Monitoring Commands
sh frame ? = shows show frames
sh frame LMI = shows LMI traffic statistics
sh frame pvc = shows all configured PVCs and DLCI numbers
sh frame map = shows LMI traffic
debug frame-relay LMI = shows output on router consoles
C. ISDN
Integrated Services Digital Network.
BRI = Basic Rate Interface, 2 B channels of 64 kbps each and 1 16kbps data channel, total bit rate = 128 kbps. Interfaces
are selected as “bri0”, “bri1”, etc.
PRI = Primary Rate Interface, 23 B channels of 64kbps each and 1 64 kbps data channel, total bit rate = 1.544 Mbps.
100. 99 | P a g e
ISDN Commands (SPID + numbers)
MrRouter(config)# isdn switch-type basic-ni
MrRouter(config)# int bri0
MrRouter(config-if)# encap ppp
MrRouter(config-if)# isdn spid1 123456789321 3861238975
MrRouter(config-if)# isdn spid1 123456789322 3861238976
D. DDR
Dial On Demand routing, saves connection expense by only initiating a connection when necessary.
1. The first step in configuring DDR is configuring static routes between remote interfaces:
MrRouter(config)# ip route 65.0.0.0 255.0.0.0 65.0.0.1
MrRouter(config)# ip route 66.0.0.0 255.0.0.0 66.0.0.2
2. Specify “Interesting Traffic”. Interesting traffic is traffic that will bring up the ISDN connection. To do this, use the
“dialer-list command”, and to apply it, select an ISDN interface use the Cisco “dialer-group” command.
MrRouter(config)# dialer-list 1 protocol ip permit
MrRouter(config)# int bri0
MrRouter(config-if)# dialer-group 1
101. 100 | P a g e
3. Configure dialer information:
MrRouter(config)# int bri0
MrRouter(config-if)# ip address 65.12.13.5 255.0.0.0
MrRouter(config-if)# no shut
MrRouter(config-if)# encapsulation ppp
MrRouter(config-if)# dialer-group 1
MrRouter(config-if)# dialer string 4569875
Note: You may use a dialer map in place of a dialer string. Example:
MrRouter(config-if)# dialer map 65.12.13.5 name RoboSuitOffice 4569875
5 Dialer Map Steps
1. Dialer
2. Map
3. Protocol
4. Next Hop
5. Dial String
Example:
MrRouter(config-if)# dialer map tcp 65.12.13.5 name RoboSuitOffice 4569875
102. 101 | P a g e
DDR and Access Lists
Use the dialer-list command to associate an access-list.
MrRouter(config)# dialer-list 1 protocol ip list 110
MrRouter(config)# access-list 110 permit tcp any any eq smtp
MrRouter(config)# access-list 110 permit tcp any any eq telnet
MrRouter(config)# int bri0
MrRouter(config-if)# dialer-group 1
DDR Commands (SPID + numbers)
MrRouter(config)# isdn switch-type basic-ni
MrRouter(config)# isdn dialer map ip 65.13.12.41 name RoboSuitOffice 3864567893
MrRouter(config-if)# ip address 65.46.13.56 255.0.0.0
E. Diagnostics
show dialer = dialer diagnostic information
show isdn active = show number called when call is in progress
show isdn status = show if SPIDs are valid
103. 102 | P a g e
show isdn q921 = see layer 2 information
show isdn q931 = see layer 3 information
debug dialer = displays set-up and tear-down activity
isdn disconnect = drops connection and clears interface
Router Configuration
A. Password Recovery
sh version – (sh ver) shows current value of configuration register and CISCO IOS.
There are two bit values you need to be familiar with:
0x2102 = normal booting, reads startup file from nvram
0x2142 = bit 6, tells the router to ignore (bypass) nvram contents.
Commands:
confreg = change register within rom monitor mode.
config-register = change register within global configuration mode.
reset = reboots router in rom monitor mode.
reload = reboots router in priveledged mode.
104. 103 | P a g e
Password Recovery Process
1. Reboot the router with the command “reload” or by power off/on.
2. Hold down “CTRL + break” to interrupt the boot sequence.
3. At the ROM monitor prompt, “rommon 1>”, type “confreg 0x2142”, turns on bit 6.
4. Reload the router with by typing “reset”. The router will reboot bypassing the
nvram contents and not ask you for a password.
5. Type “enable” to enter privileged mode. This means we will be past the point of
needing a password when we copy the nvram configuration to the running
configuration.
6. Type “copy start run” to copy the contents of nvram to the running configuration.
7. Type “config t” just as you normally would to go to global. Type “enable secret
ThePassword” to change the password to one that you know.
8. Change the configuration register back to load the contents of nvram at boot. Do
this by going to global (“config t”) and then typing “config-register 0x2102”.
9. Save the configuration to nvram with “copy run start”.
105. 104 | P a g e
10. Reboot the router with “reload”.
B. Backup and Restoration of the IOS
sh flash = shows contents of flash memory
copy = To backup or restore nvram or memory contents use the copy command and tftp. It has the following syntax:
copy + (What You Want To Copy) + (Where to Copy it To)
Examples:
copy flash tftp = copies a file in nvram to a tftp server
copy tftp flash = copies a file on a tftp server to nvram
copy start tftp = copies the startup file from nvram to a tftp server
copy tftp start = copies a start up file from a tftp server to nvram
copy run tftp = copies the running configuration from the router to a tftp server
copy tftp run = copies the running configuration from a tftp server to the router
C. Cisco Discovery Protocol (CDP)
106. 105 | P a g e
CDP – Proprietary protocol that collects information on local and remotely attached Cisco devices. It allows the gathering
of protocol and hardware information on neighboring devices.
sh cdp = show cdp values
sh cdp neighbors = (sh cdp nei) displays neighboring devices detected via CDP.
sh cdp entry * = same as show neighbors
sh cdp traffic = displays cdp traffic statistics
sh cdp interface = (sh cdp int) displays info about each interface using CDP.
cdp timer = configures timer (rate at which CDP packets are sent). Use in global.
cdp holdtime = configures holdtime (hold in seconds). Use in global config mode.
D. Telnet
telnet = command to initiate a telnet session
sh sessions = displays connected telnet session from privileged mode
sh users = list active consoles and vty ports
disconnect = disconnects a telnet connection. Example: disconnect 1.
exit = disconnects a telnet connection.
107. 106 | P a g e
clear line = end session of device connected to your current device.
Argument is a user displayed by: “sh users”. Example: clear line 3.
CTRL + SHIFT + 6, then press “x” = return to a router while still engaged in a telnet session, leaving the telnet session
open.
ENTER + ENTER = resume a telnet session from which you switched using CTRL + SHIFT + 6, then press “x”.
E. Host Tables
sh hosts = displays host table.
ip host = adds an entry to the host table. Example:
ip host MrRouter 192.168.20.2
F. DNS
ip domain-lookup = enables DNS name resolution, turned on by default.
no ip domain-lookup = turns off DNS name resolution.
ip name-server = specifies DNS server. Example: ip name-server 192.168.20.5
108. 107 | P a g e
ip domain-name = specifies a domain name. Example: ip domain-name NWTRADERS
G. Diagnostics
ping
traceroute (“trace” for short)
