Ccna

Download as pdf or txt
Download as pdf or txt
You are on page 1of 324

12/15/2010

Created by R.D.Ray

Cisco Learning World


CCIE R&S , Security, Voice..
CCNP,CCSP,CCVP,CCIP,CCDP

CCNA CCDA CCENT

12/15/2010

Created by R.D.Ray

Cisco Certified Network Associate


ICND 1 640-822 - Interconnecting Cisco Networking Devices Part 1 ICND 2 640-816 - Interconnecting Cisco Networking Devices Part 2 COMPOSITE EXAM FOR CCNA 640-802

12/15/2010

Created by R.D.Ray

CCNA EXAM
Exam Number - 640-802 Questions - 50-55 Duration 90 Minutes Total Marks - 1000 Passing score 849 Multiple Choice Simulations Drag and Drop

12/15/2010

Created by R.D.Ray

CCNA TOPICS
NETWORK FUNDAMENTALS OSI LAYERS TCP / IP LAYER DATA ENCAPSULATION IP ADDRESSING & SUBNETTING ROUTER CONFIGURATION & USER-INTERFACE MANAGING A CISCO INTERNETWORK ROUTING PROTOCOLS

12/15/2010

Created by R.D.Ray

CCNA TOPICS
MANAGING CISCO DEVICES ACCESS CONTROL LIST NAT/PAT/DHCP LAN SWICHING STP ETHERCHANNEL VLAN VTP INTER-VLAN ROUTING SWITCH SECURITY

Contd..

12/15/2010

Created by R.D.Ray

CCNA TOPICS
WAN

Contd..

TYPES OF CONNECTION
IPV6 SDM /SSH WIRELESS

12/15/2010

Created by R.D.Ray

12/15/2010

Created by R.D.Ray

About Network:A network is a connection between more than one device over dedicated connections. For configuring a network certain network components are required. The network components are :-

1. 2. 3.

Network Model Design and Topology Devices

Network Model:Network Model tells about the distance and the structure of a network. There are 3 core network models

1. LAN (Local Area Network)


2. MAN (Metro-Politan Area Network) 3. WAN (Wide Area Network)
12/15/2010 Created by R.D.Ray 9

Local Area Network (LAN):As the name suggest Local means it is confined to a small area .. For example a office, home , building, etc. The maximum distance it can cover is 200 meter . In LAN you can not have more than one type of cable media. Either co-axial or twisted pair. Other wise speed mismatch will happen.
Metropolitan Area Network (MAN):As the name suggest Metropolitan .. It operates within a city limit and can have different types of cable media. The maximum distance it can cover is 100 km. Wide Area Network (WAN):-

As the name suggest it covers the entire geographical area. A WAN consists of multiple LANs, MANs. It is divided into 2 parts.
12/15/2010 Created by R.D.Ray 10

Global WAN:No security . Example Internet Enterprise WAN:Secured organization based

Design:tells about the structure of the network. There are 2 designs --1. 2. Server Client Peet-to-Peer

12/15/2010

Created by R.D.Ray

11

Server Client 1. 2. 3. Centralized administration Highly secured Authentication, password permission, user creation are all done on the Server Client request for the services from the server Found in organizations
SWITCH/HUB

4. 5.

12/15/2010

Created by R.D.Ray

12

Peer-to-Peer 1. 2. 3. 4. 5. Connection between more than one device No centralized administration Individual administration Used at home Used for file sharing

12/15/2010

Created by R.D.Ray

13

Topology Tells about the physical placement of the devices in a network. There are 5 types of topologies available :1. 2. 3. 4. 5. BUS STAR RING MESH CELLULAR/WIRELESS

12/15/2010

Created by R.D.Ray

14

BUS Topology

Trunk Link

T Connector

Terminator

12/15/2010

Created by R.D.Ray

15

In a bus topology all the devices are connected to single line of cable called as backbone or a trunk
This link is called as back bone as all the devices depend on this link. If this link fails entire network goes down Devices are attached to this link through T connectors or drop cables Both the ends of this link are closed down with Terminators Terminators are used to remove unwanted data from the link

Data passes bi-directionally over the link When data reaches the end of the link in the event of no one picks up the data, terminator removes the data from the link
The cable that is used is co-axial cable

12/15/2010

Created by R.D.Ray

16

Star Topology This is the most typical and practical network setup. In a star network, each node maintains an individual connection to a switch, where all other nodes are connected. Traffic between two known nodes, therefore, only goes through the switch and not through other nodes. This increases the redundancy of the network (one computer faltering will not cause the network to fail), increases data privacy (unicast traffic does not travel through all nodes), and is a relatively easy-to-use setup. Disadvantages include reliance on the switch (a fail-point) and the amount of wiring necessary.
Created by R.D.Ray 17

Switch

12/15/2010

RING TOPOLOGY
1. In this topology all the devices are connected to a single loop of cable 2. Data passes unidirectional passing through all the devices 3. The device that wants to send data has to acquire a token 4. Therefore, it is called as token passing mechanism 5. This topology is called as active topology as the devices used to regenerate the data passing through them 6. Adding and removing of device makes the entire network fail

DATA

12/15/2010

Created by R.D.Ray

18

MESH TOPOLOGY

12/15/2010

Created by R.D.Ray

19

1. This topology is a true pointto-point topology as each device is connected with other device. 2. Mesh topology is divided into two parts full mesh and partial mesh 3. In full mesh all the devices are connected with each other 4. In partial mesh some of the links are not connected 5. Maximum speed :- 1000 mbps

Advantages Provides redundant paths between devices


Disadvantages Requires more cable than the other LAN topologies. implementation.

Complicated

12/15/2010

Created by R.D.Ray

20

Cellular / wireless Topology

12/15/2010

Created by R.D.Ray

21

1. This topology divides the geographical locations into smaller location. 2. It is considered to be a point-to-point as well as point-to-multipoint topology 3. Within a location a centralized device operates with whom other devices communicate 4. Centralized devices are connected with each other point-to-point basis through satellite or microwave NetworkingDevices
The devices are divided into 3 groups :1. Communication devices : MODEM , CSU/DSU , MULTIPLEXER 2. Network devices : HUB, REPEATER, NIC , SWITCH

3. Internetwork devices

: ROUTER

12/15/2010

Created by R.D.Ray

22

Communication Devices
These devices are used to communicate with pc over the network through telephone line.

MODEM :- ( Modulation/Demodulation)
It is used to convert the digital signal in to analog signal at the source end (modulation) and again convert the analog signal to digital signal at the receiving end (demodulation).
Digital SIGNAL

analog signal
ISP

Digital SIGNAL

modulation
12/15/2010 Created by R.D.Ray

demodulation

23

CSU/DSU
A CSU/DSU (Channel Service Unit/Data Service Unit) is a digital-interface device used to connect a Data Terminal Equipment device or DTE, such as a router, to a digital circuit (for example a T1 or T3 line). The CSU provides termination for the digital signal and ensures connection integrity through error correction and line monitoring. The DSU converts the data encoded in the digital circuit into synchronous serial data for connection to a DTE device.

12/15/2010

Created by R.D.Ray

24

Multiplexer
a multiplexer is a device that combines several input information signals into one output signal, which carries several communication channels, by means of some multiplex technique.

12/15/2010

Created by R.D.Ray

25

Network devices

Network Interface Card


A Network card, Network Adapter, LAN Card or NIC (network interface card) is a piece of computer hardware designed to allow computers to communicate over a computer network .

12/15/2010

Created by R.D.Ray

26

Hub
A common connection point for devices in a network. Hubs are commonly used to connect end devices. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets

12/15/2010

Created by R.D.Ray

27

Switch
A common connection point for devices in a network. Switch are commonly used to connect end devices. A switch contains multiple ports. When a packet arrives at one port it determines the out going interface to forward it, it forwards the frame to that particular destination port.

12/15/2010

Created by R.D.Ray

28

Repeater
A repeater is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium. Repeaters overcome the attenuation caused by free-space electromagnetic-field divergence or cable loss. A series of repeaters make possible the extension of a signal over a distance. Repeaters remove the unwanted noise in an incoming signal. Unlike an analog signal, the original digital signal, even if weak or distorted, can be clearly perceived and restored.

12/15/2010

Created by R.D.Ray

29

INTERNETWORK DEVICES
ROUTER
Path Selection Switching Segmenting networks into subnets to reduce broadcast Interconnecting WAN links Interconnecting different types of networks. Filtering traffic

12/15/2010

Created by R.D.Ray

30

Network Media

Coaxial Cables Twisted pair Shielded Twisted Pair Unshielded Twisted Pair Fiber optic

12/15/2010

Created by R.D.Ray

31

Coaxial Cable

12/15/2010

Created by R.D.Ray

32

Advantages: Requires fewer repeaters than twisted pair Less expensive than fiber It has been used for many years for many types of data communication, including cable television Disadvantages: More expensive and more difficult to install than twisted pair Needs more room in wiring ducts than twisted pair

12/15/2010

Created by R.D.Ray

33

Shielded Twisted Pair (STP)

12/15/2010

Created by R.D.Ray

34

Shielded twisted-pair cable (STP) combines the techniques of shielding, cancellation, and twisting of wires. Each pair of wires is wrapped in metallic foil. The four pairs of wires are wrapped in an overall metallic braid or foil. A new hybrid of UTP with traditional STP is Screened UTP (ScTP), also known as Foil Twisted Pair (FTP). ScTP is essentially UTP wrapped in a metallic foil shield, or screen.

Greater protection from all types of external and internal interference than UTP. Reduces electrical noise within the cable such as pair to pair coupling and crosstalk. Reduces electronic noise from outside the cable, for example electromagnetic interference (EMI) and radio frequency interference (RFI). More expensive and difficult to install than UTP. Needs to be grounded at both ends

12/15/2010

Created by R.D.Ray

35

Unshielded Twisted Pair (UTP)

Unshielded twisted-pair cable (UTP) is a four-pair wire medium used in a variety of networks. TIA/EIA-568-A contains specifications governing cable performance. RJ-45 connector When communication occurs, the signal that is transmitted by the source needs to be understood by the destination. The transmitted signal needs to be properly received by the circuit connection designed to receive signals. The transmit pin of the source needs to ultimately connect to the receiving pin of the destination.
12/15/2010 Created by R.D.Ray 36

Fiber optic
An optical fiber (or fibre) is a glass or plastic fiber that carries light along its length. Optical fibers are widely used in fiber-optic communications, which permits transmission over longer distances and at higher bandwidths (data rates) than other forms of communications. Fibers are used instead of metal wires because signals travel along them with less loss, and they are also immune to electromagnetic interference. SPEED: Fiber optic networks operate at high speeds - up into the gigabits BANDWIDTH: large carrying capacity DISTANCE: Signals can be transmitted further without needing to be "refreshed" or strengthened. RESISTANCE: Greater resistance to electromagnetic noise such as radios, motors or other nearby cables. MAINTENANCE: Fiber optic cables costs much less to maintain.

12/15/2010

Created by R.D.Ray

37

12/15/2010

Created by R.D.Ray

38

The core is the light transmission element at the center of the optical fiber. All the light signals travel through the core. Cladding is also made of silica but with a lower index of refraction than the core. Light rays traveling through the fiber core reflect off this core-tocladding interface as they move through the fiber by total internal reflection. Surrounding the cladding is a buffer material that is usually plastic. The buffer material helps shield the core and cladding from damage. The strength material surrounds the buffer, preventing the fiber cable from being stretched when installers pull it. The material used is often Kevlar, the same material used to produce bulletproof vests. The outer jacket surrounds the cable to protect the fiber against abrasion, solvents, and other contaminants.

12/15/2010

Created by R.D.Ray

39

12/15/2010

Created by R.D.Ray

40

OSI ( Open System Interconnect )


Developed by International Organization for Standardization in late 1970s The OSI model describes how data and network information are communicated from an application on one computer through the network media to an application on another computer. it consists of 7 layers

Advantages: it divides the network communication process into smaller and simpler components it allows multiple-vendor development through standardization of network components it allows various types of network hardware and software to communicate it prevents changes in one layer from affecting other layers, so it does not hamper development
12/15/2010 Created by R.D.Ray 41

Upper Layer

Defines how the applications within the end stations will communicate with each other and with users

Bottom Layer

Defines how data is transmitted end to end.

12/15/2010

Created by R.D.Ray

42

Application Layer (OSI Layer 7)


Also called as User interface provides the user or operating system access to the network services. It interacts with software applications by identifying communication resources, determining network availability, and distributing information services. It also provides synchronization between the peer applications that reside on separate systems.
Examples of application layer specifications are the following: Telnet File Transfer Protocol (FTP) Simple Mail Transfer Protocol (SMTP) Simple Network Management Protocol (SNMP) Network File System (NFS)

12/15/2010

Created by R.D.Ray

43

Presentation Layer (OSI Layer 6)


Also called as OSI translator
The presentation layer provides data representation with a variety of coding and conversion functions.

These functions ensure that data sent from a sending application on one
system is readable by the application layer on another system. This layer provides the conversion of character representation formats, data

compression schemes, and encryption schemes.


Voice coding schemes are specified at this layer.

12/15/2010

Created by R.D.Ray

44

Examples of specifications that operate at the presentation layer are the following:
Abstract Syntax Notation 1 (ASN.1)

ASCII EBCDIC
Motion Picture Experts Group (MPEG) Graphics Interchange Format (GIF) Joint Photographic Experts Group (JPEG) Tagged Image File Format (TIFF)

G.711, G.729a, G.726, G.728


12/15/2010 Created by R.D.Ray 45

Session Layer (OSI Layer 5)


provides a control structure for communication between applications. It establishes, manages, and terminates communication connections called

sessions.
Communication sessions consist of service requests and responses that occur between applications on different devices.

The management of sessions involves the synchronization of dialog control


by using checkpoints in the data stream.

12/15/2010

Created by R.D.Ray

46

Transport Layer (OSI Layer 4)


The transport layer provides reliable, transparent transport of data segments
from upper layers. It provides end-to-end error checking and recovery, multiplexing, virtual

circuit management, and flow control.


Messages are assigned a sequence number at the transmission end. At the receiving end the packets are reassembled, checked for errors, and

acknowledged.
Examples of transport layer specifications are the following: Transmission Control Protocol (TCP) Real-Time Transport Protocol (RTP) Sequenced Packet Exchange (SPX) AppleTalks Transaction Protocol (ATP) User Datagram Protocol (UDP) (provides unreliable transport at this layer with less overhead than TCP)
12/15/2010 Created by R.D.Ray 47

Network Layer (OSI Layer 3)


The network layer is concerned with the routing of information and methods to determine paths to a destination. Information at this layer is called packets. Specifications include routing protocols, logical network addressing, and packet fragmentation.
Examples of network layer specifications are the following: Internet Protocol (IP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Enhanced Interior Gateway Routing Protocol (EIGRP) Internetwork Packet Exchange (IPX) Connectionless Network Protocol (CLNP)

12/15/2010

Created by R.D.Ray

48

Data-Link Layer (OSI Layer 2)


This layer is concerned with the reliable transport of data across a physical link. Data at this layer is formatted into frames. Data-link specifications include the following: sequencing of frames, flow control, synchronization, error notification, physical network topology, and physical addressing. This layer converts frames into bits when sending information and converts bits into frames when receiving information from the physical media. data-link layer is divided into two sub-layers The upper layer is the Logical Link Control (LLC) sublayer, which manages the communications between devices. The lower layer is the Media Access Control (MAC) sublayer, which manages protocol access to the physical media.

12/15/2010

Created by R.D.Ray

49

Examples of data-link layer technologies are the following: Frame Relay Asynchronous Transport Mode (ATM) Synchronous Data Link Control (SDLC) High-level data-link control (HDLC) IEEE 802.3z and IEEE 802.3ab (Gigabit Ethernet) IEEE 802.3u (Fast Ethernet) Ethernet version 2 Integrated Services Digital Network (ISDN) Point-to-Point Protocol (PPP) Token Ring Spanning-Tree Protocol (STP)

12/15/2010

Created by R.D.Ray

50

Physical Layer (OSI Layer 1)


describes the transportation of raw bits over the physical media. It defines signaling specifications and cable types and interfaces. describes voltage levels, physical data rates, and maximum transmission distances. deals with the electrical, mechanical, functional, and procedural specifications for physical links between networked systems. Examples of physical layer specifications are the following: EIA/TIA-232 EIA/TIA-449 V.35 RJ-45 Maximum cable distances of the Ethernet family, Token Ring, and FDDI

12/15/2010

Created by R.D.Ray

51

Data Encapsulation

12/15/2010

Created by R.D.Ray

52

12/15/2010

Created by R.D.Ray

53

TCP/IP Model
The TCP/IP suite was created by the Department of Defense (DoD) to ensure and preserve data integrity, as well as maintain communications in the event of catastrophic war. It has 4 layers It is a condensed format of OSI layer

12/15/2010

Created by R.D.Ray

54

12/15/2010

Created by R.D.Ray

55

TCP / IP PROTOCOL SUITE

12/15/2010

Created by R.D.Ray

56

The Process/Application Layer Protocols


Telnet Allows a user on a remote client machine called the Telnet client, to access the resources of another machine, the telnet server.

Used to transfer file between any two machines. It also allows for access to both directories and files and can accomplish certain types of directory operations such as relocating into different ones.

Can be used only to send and receive files. It doesnt have any directory browsing capabilities.

12/15/2010

Created by R.D.Ray

57

Allows two different types of file systems to interoperate. Example NT with Unix.

Used to send mails.

Used for printer sharing. It along with the Line Printer program allows print jobs to be spooled and sent to the networks printer using TCP/IP.

Designed for client/server operations. It defines a protocol for writing client/server applications based on a graphical user interface. The idea is to allow client to run on one computer and have it display things through a window server on another computer.
12/15/2010 Created by R.D.Ray 58

It collects and manipulates valuable network information. It gathers data by polling the devices on the network from a management station at fixed or random intervals, requiring them to disclose certain information. It also notifies any sudden turn of events.

The Host-to-Host Layer Protocols


It is a connection oriented protocol provides reliable communication segments the data Retransmits the data if not received properly at the destination

12/15/2010

Created by R.D.Ray

59

3 way Hand Shaking


Host A Host B

Send SYN SYN Received

2
SYN Received

Established

12/15/2010

Created by R.D.Ray

60

RELIABLE SERVICE

Sender
Send 1 Receive ACK 2 Send 2
Receive ACK 3 Send 3 Receive ACK 4

Receiver
Receive 1
Send ACK 2

Receive 2

Send ACK 3 Receive 3

12/15/2010

Created by R.D.Ray

61

When the Internet layer receives the data stream, it routes the segment as packets through an internetwork. The segments are handed to the receiving hosts Host-to-Host layer protocol, which rebuilds the data stream to hand to the upper-layer applications or protocols.

12/15/2010

Created by R.D.Ray

62

The TCP header is 20 bytes long, or up to 24 bytes with options. Source Port :the port number of the application on the host sending the data.
Destination Port:the port number of the application requested to the destination host. Sequence Number :A number used by TCP that puts the data back in the correct order or retransmits missing or damaged data, a process called sequencing. Acknowledgement Number :The TCP octet that is expected next.

Header Length :The number of 32-bit words in the TCP header. This indicated where the data begins. The TCP header(even one including options) is an integral number of 32 bits in length.
12/15/2010 Created by R.D.Ray 63

Reserved :always set to zero

Code Bits:control functions used to set up and terminate a session


Window :the window size the sender is willing to accept, in octets. Checksum :the cyclic redundancy check (CRC), because TCP doesnt trust the lower layers and checks everything. The CRC checks the header and data fields.

Urgent :a valid field only if the Urgent pointer in the code bits is set. If so, this value indicates the offset from the current sequence number, in octets, where the first segment of non-urgent data begins.
12/15/2010 Created by R.D.Ray 64

Options :may be 0 or a multiple of 32 bits, if any. What this means is that no options have to be present (option size of 0). However, if any options are used that do not cause the option field to total a multiple of 32 bits, padding of 0s must be used to make sure the data begins on a 32-bit boundary. Data :-

handed down to the TCP protocol at the transport layer, which includes the upper-layer headers.

12/15/2010

Created by R.D.Ray

65

12/15/2010

Created by R.D.Ray

66

UDP
Connection Less Un-Reliable Faster than TCP

12/15/2010

Created by R.D.Ray

67

12/15/2010

Created by R.D.Ray

68

12/15/2010

Created by R.D.Ray

69

TCP and UDP must use port numbers to communicate with the upper layers because theyre what keep track of different conversations crossing the network simultaneously. Originating source port numbers are dynamically assigned by the source host and will equal some number starting at 1024, 1023 and below defined port numbers (well-known port numbers). Virtual circuits that dont use an application with a well-known port number are assigned port numbers randomly from a specific range instead. These port numbers identify the source and destination application or process in the TCP segment.

12/15/2010

Created by R.D.Ray

70

Numbers below 1024 are considered well-known port numbers\ Numbers 1024 and above are used by upper layers to set up sessions with other hosts and by TCP to use as source and destination addresses in the TCP segment

12/15/2010

Created by R.D.Ray

71

INTERNET LAYER PROTOCOLS


Internet Protocol (IP)
A connectionless protocol Used for mapping logical address with physical address Used for choosing the best path to reach the destination

12/15/2010

Created by R.D.Ray

72

Version:IP version number


Header Length:Header length (HLEN) in 32-bit words Priority and Type of Service:Type of Service tells how the datagram should be handled. The first 3 bits are the priority bits.

Total length :Length of the packet including header and data


Identification :Unique IP-packet value Flags :-

specifies whether fragmentation should occur Fragment offset:provides fragmentation and reassembly if the packet is too large to put in a frame. It also allows different maximum transmissions units (MTUs) on the internet.
12/15/2010 Created by R.D.Ray 73

Time to Live:TTL is set into a packet when it is originally generated. If it doesnt get to where it wants to go before the TTL expires--- its gone. This stops IP packets from continuously circling the network looking for a home. Protocol :Port of upper-layer protocol. Also supports Network layer protocols, like ARP and ICMP. Can be called Type field in some analyzers.

Header checksum :CRC on header only Source IP address :32-bit IP address of sending station
Destination IP address :32-bit IP address of the station this packet is destined for Options :Used for network testing, debugging, security, etc.
12/15/2010 Created by R.D.Ray 74

12/15/2010

Created by R.D.Ray

75

Its a management protocol and messaging service provider for IP. Its messages are carried as IP datagrams Provides hosts with information about network problems They are encapsulated within IP datagrams

Common events and Messages


Destination Unreachable:If a router cant send an IP datagram any further, it uses ICMP to send a message back to the sender, advising it of the situation.

12/15/2010

Created by R.D.Ray

76

12/15/2010

Created by R.D.Ray

77

Buffer full:if a routers memory buffer for receiving incoming datagrams is full, it will use ICMP to send out this message until the congestion abates. Hops :Each IP datagram is allotted a certain number of routers, called hops, to pass through. If it reaches its limit of hops before arriving at its destination, the last router to receive that datagram deletes it. The executioner router then uses ICMP to send obituary message, informing the sending machine of the demise of its datagram. Ping :-

Packet Internet Groper uses ICMP echo request and reply message to check the physical and logical connectivity of machines on an internetwork.
Traceroute :using ICMP time-outs, Traceroute is used to discover the path a packet takes as it traverses an internetwork.
12/15/2010 Created by R.D.Ray 78

Address Resolution Protocol (ARP):Finds the hardware address of a host from a known IP address.

12/15/2010

Created by R.D.Ray

79

When an IP machine happens to be a diskless machine, it has no way of initially knowing its IP address. But it does know its MAC address.
RARP discovers the identity of the IP address for diskless machines by sending out a packet that includes its MAC address and a request for the IP address assigned to that MAC address. A designated machine, called a RARP server, responds with the

answer.
RARP uses the information it does know about the machines MAC address to learn its IP address and complete the machines ID portrait.

12/15/2010

Created by R.D.Ray

80

12/15/2010

Created by R.D.Ray

81

The Internet Assigned Numbers Authority (IANA) is the entity that oversees global IP address allocation, AS number allocation, root zone management for the Domain Name System (DNS), media types, and other Internet Protocol related assignments. It is operated by the Internet Corporation for Assigned Names and Numbers, better known as ICANN. Prior to the establishment of ICANN for this purpose, IANA was administered primarily by Jon Postel at the Information Sciences Institute at the University of Southern California, under a contract USC/ISI had with the United States Department of Defense, until ICANN was created to assume the responsibility under a United States Department of Commerce contract.

12/15/2010

Created by R.D.Ray

82

IP addressing
An IP address is a numeric identifier assigned to each machine on an IP network. It designates the specific location of a device on the network. An IP address is a software address, not a hardware address
IP addressing was designed to allow hosts on one network to communicate with a host on a different network. IANA is one of the Internet's oldest institutions, with its activities dating back to the 1970s. Today it is operated by the Internet Corporation for Assigned Names and Numbers, an internationally-organised non-profit organisation set up by the Internet community to help coordinate IANA's areas of responsibilities.

Bit :-

a bit is one digit, either a 1 or a 0

Byte :- a byte is 7 or 8 bits, depending on whether parity is used Octet :- an octet, made up of 8 bits, is just an ordinary 8-bit binary number.

Network address :- this is the designation used in routing to send packets to a remote network
12/15/2010 Created by R.D.Ray 83

Broadcast address :the address used by applications and hosts to send information to all nodes on a network .
An IP address consists of 32 bits information, divided into 4 sections, referred to as octets or bytes, each containing 1 byte (8 bits), separated by dots. Therefore, it is also called as dotted decimal.

Classes of IP address

12/15/2010

Created by R.D.Ray

84

Binary number values


If it is

00000000=0 If it is
1 1 1 1 1 1 1 1 = 255

128
2^7 1

64
2^6 1

32
2^5 1

16
2^4 1

8
2^3 1

4
2^2 1

2
2^1 1

1
2^0 1

12/15/2010

Created by R.D.Ray

85

Class A Addressing
IANA specifies that in Class A addressing the 1st bit should start with 0 . So based on that the range for class A address is : 0 -127 00000000=01111111
0 64 32 16 8 4 2 1 = 127

2^7
0

2^6
1

2^5
1

2^4
1

2^3
1

2^2
1

2^1
1

2^0
1

0 is reserved for default routing and 127 is reserved for loop back testing . Therefore, the range is 1 126.

12/15/2010

Created by R.D.Ray

86

Class B Addressing
IANA specifies that in Class B addressing the 1st 2 bits should start with 1 & 0 . So based on that the range for class B address is : 128 -191 10000000=10111111
128 0 0 0 0 0 0 0 = 128

2^7
1

2^6
0

2^5
0

2^4
0

2^3
0

2^2
0

2^1
0

2^0
0

128
2^7 1

0
2^6 0

32
2^5 1

16
2^4 1

8
2^3 1

4
2^2 1

2
2^1 1

1
2^0 1

= 191

12/15/2010

Created by R.D.Ray

87

Class C Addressing
IANA specifies that in Class C addressing the 1st 3 bits should start with 1, 1 & 0 . So based on that the range for class C address is : 192 - 223 11000000=11011111
128 64 0 0 0 0 0 0 = 192

2^7
1

2^6
1

2^5
0

2^4
0

2^3
0

2^2
0

2^1
0

2^0
0

128
2^7 1

64
2^6 1

0
2^5 0

16
2^4 1

8
2^3 1

4
2^2 1

2
2^1 1

1
2^0 1

= 223

12/15/2010

Created by R.D.Ray

88

Class D Addressing
IANA specifies that in Class D addressing the 1st 4 bits should start with 1, 1, 1 & 0 . So based on that the range for class D address is : 224 - 239 11100000=11101111
128 64 32 0 0 0 0 0 = 224

2^7
1

2^6
1

2^5
1

2^4
0

2^3
0

2^2
0

2^1
0

2^0
0

128
2^7 1

64
2^6 1

32
2^5 1

0
2^4 0

8
2^3 1

4
2^2 1

2
2^1 1

1
2^0 1

= 239

12/15/2010

Created by R.D.Ray

89

Class E Addressing
IANA specifies that in Class E addressing the 1st 4 bits should start with 1, 1, 1, 1 & 0 . So based on that the range for class D address is : 240 - 247 11110000=11110111
128 64 32 16 0 0 0 0 = 240

2^7
1

2^6
1

2^5
1

2^4
1

2^3
0

2^2
0

2^1
0

2^0
0

128
2^7 1

64
2^6 1

32
2^5 1

16
2^4 1

0
2^3 0

4
2^2 1

2
2^1 1

1
2^0 1

= 247

12/15/2010

Created by R.D.Ray

90

No.of Network and hosts in classes


Class A

12/15/2010

Created by R.D.Ray

91

Subnetting
Subnetting is the process of breaking down an IP network into smaller subnetworks called "subnets." Each subnet is a non-physical description (or ID) for a physical sub-network (usually a switched network of host containing a single router in a multi-router network).

Subnet
A subnet is a logical organization of network address ranges used to separate hosts and network devices from each other to serve a design purpose.

Subnetmask
It is a 32 bit value that allows the recipient of IP packets to distinguish the network ID portion of the IP address from the host ID portion of the IP address.

12/15/2010

Created by R.D.Ray

92

Classless Inter Domain Routing (CIDR)


Its a method used by the ISPs to allocate IP addresses to a company. They provide IP addresses in certain block sizes.

12/15/2010

Created by R.D.Ray

93

12/15/2010

Created by R.D.Ray

94

12/15/2010

Created by R.D.Ray

95

How to do subnetting --- Class C address


Cidr /25 Subnet mask 255.255.255.128 Block size 128 No.of networks 2 No. of hosts 126

/26 /27
/28 /29 /30

255.255.255.192 255.255.255.224
255.255.255.240 255.255.255.248 255.255.255.252

64 32
16 8 4

4 8
16 32 64

62 30
14 6 2

Break Down:The given IP address = 192.168.10.0/24 The given subnet mask = 255.255.255.0
12/15/2010 Created by R.D.Ray 96

CIDR /25 = To make /25 borrow a bit from the host bit.

(network bit represents 1 host bit represents 0)


192.168.10.0 0 0 0 0 0 0 0 8bit 8bit 8bit 1bit borrowed = 8+8+8+1 =25 192 . 128 . 10 . 1 0 0 0 0 0 0 0

SUBNETMASK 192 . 168 . 10 . 0 255 . 255 .255 .128 = the value of the borrowed bit
Block Size 256 128 = 128
12/15/2010 Created by R.D.Ray 97

Number of Networks possible The formula to find the number of networks === 2 ^ M where M is the number of 1 bits borrowed.
2^1 = 2

Number of Hosts possible The formula to find the number of hosts === (2 ^ N) -2 where N is the number of 0 bits left.
(2 ^ 7) 2 =128 2 = 126

12/15/2010

Created by R.D.Ray

98

How to do subnetting --- Class B address


Cidr /17 Subnet mask 255.255.128.0 Block size 128 No.of networks 2 No. of hosts 32,766

/18 /19
/20 /21 /22 /23

255.255.192.0 255.255.224.0
255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0

64 32
16 8 4 2

4 8
16 32 64 128

16,382 8,192
4,096 2,048 1,024 510

Break Down:The given IP address = 172.16.0.0/16 The given subnet mask = 255.255.0.0

12/15/2010

Created by R.D.Ray

99

CIDR /17 = To make /17 borrow a bit from the host bit.

(network bit represents 1 host bit represents 0)


172.16.0 0 0 0 0 0 0 0.0 8bit 8bit 1bit borrowed = 8+8+1 =17 172.16. 1 0 0 0 0 0 0 0.0

SUBNETMASK 172.16. 0 . 0 255 . 255 . 128.0 = the value of the borrowed bit
Block Size 256 128 = 128
12/15/2010 Created by R.D.Ray 100

Number of Networks possible The formula to find the number of networks === 2 ^ M where M is the number of 1 bits borrowed.
2^1 = 2

Number of Hosts possible The formula to find the number of hosts === (2 ^ N) -2 where N is the number of 0 bits left.
(2 ^ 15) 2 = 32768-2 = 32766

12/15/2010

Created by R.D.Ray

101

CIDR /17 = To make /17 borrow a bit from the host bit.

(network bit represents 1 host bit represents 0)


172.16.0 0 0 0 0 0 0 0.0 8bit 8bit 1bit borrowed = 8+8+1 =17 172.16. 1 0 0 0 0 0 0 0.0

SUBNETMASK 172.16. 0 . 0 255 . 255 . 128.0 = the value of the borrowed bit
Block Size 256 128 = 128
12/15/2010 Created by R.D.Ray 102

Practice Example #2B: 255.255.192.0 (/18) 172.16.0.0 = Network address 255.255.192.0 = Subnet mask Subnets? 22 = 4. Hosts? 214 2 = 16,382 (6 bits in the third octet, and 8 in the fourth). Valid subnets? 256 192 = 64. 0, 64, 128, 192. Remember that the subnetting is performed in the third octet, so the subnet numbers are really 0. 0, 64.0, 128.0, and 192.0, as shown in the next table. Broadcast address for each subnet? Valid hosts?

12/15/2010

Created by R.D.Ray

103

Practice Example #3B: 255.255.240.0 (/20) 172.16.0.0 = Network address 255.255.240.0 = Subnet mask Subnets? 24 = 16. Hosts? 212 2 = 4094. Valid subnets? 256 240 = 0, 16, 32, 48, etc., up to 240. Notice that these are the same numbers as a Class C 240 mask we just put them in the third octet and add a 0 and 255 in the fourth octet. Broadcast address for each subnet? Valid hosts?
12/15/2010 Created by R.D.Ray 104

Practice Example #4B: 255.255.254.0 (/23) 172.16.0.0 = Network address 255.255.254.0 = Subnet mask Subnets? 27 = 128. Hosts? 29 2 = 510. Valid subnets? 256 254 = 0, 2, 4, 6, 8, etc., up to 254. Broadcast address for each subnet? Valid hosts?

12/15/2010

Created by R.D.Ray

105

Practice Example #5B: 255.255.255.0 (/24) Contrary to popular belief, 255.255.255.0 used with a Class B network address is not called a Class B network with a Class C subnet mask. This is a Class B subnet mask with 8 bits of subnettingits considerably different from a Class C mask. Subnetting this address is fairly simple: 172.16.0.0 = Network address 255.255.255.0 = Subnet mask Subnets? 28 = 256. Hosts? 28 2 = 254. Valid subnets? 256 255 = 1. 0, 1, 2, 3, etc., all the way to 255. Broadcast address for each subnet? Valid hosts?
12/15/2010 Created by R.D.Ray 106

Practice Example #6B: 255.255.255.128 (/25) 172.16.0.0 = Network address 255.255.255.128 = Subnet mask Subnets? 29 = 512. Hosts? 27 2 = 126.
Valid subnets? Okay, now for the tricky part. 256 255 = 1. 0, 1, 2, 3, etc. for the third octet. But you cant forget the one subnet bit used in the fourth octet. Remember when I showed you how to figure one subnet bit with a Class C mask? You figure this the same way. (Now you know why I showed you the 1-bit subnet mask in the Class C section to make this part easier.) You actually get two subnets for each third octet value, hence the 512 subnets. For example, if the third octet is showing subnet 3, the two subnets would actually be 3.0 and 3.128. Broadcast address for each subnet? Valid hosts?

12/15/2010

Created by R.D.Ray

107

12/15/2010

Created by R.D.Ray

108

Practice Example #7B: 255.255.255.192 (/26) Now, this is where Class B subnetting gets easy. Since the third octet has a 255 in the mask section, whatever number is listed in the third octet is a subnet number. However, now that we have a subnet number in the fourth octet, we can subnet this octet just as we did with Class C subnetting. Lets try it out: 172.16.0.0 = Network address 255.255.255.192 = Subnet mask

12/15/2010

Created by R.D.Ray

109

Subnetting Practice Examples: Class A Addresses


Practice Example #1A: 255.255.0.0 (/16) Class A addresses use a default mask of 255.0.0.0, which leaves 22 bits for subnetting since you must leave 2 bits for host addressing. The 255.255.0.0 mask with a Class A address is using 8 subnet bits. Subnets? 28 = 256. Hosts? 216 2 = 65,534. Valid subnets? What is the interesting octet? 256 255 = 1. 0, 1, 2, 3, etc. (all in the second octet). The subnets would be 10.0.0.0, 10.1.0.0, 10.2.0.0, 10.3.0.0, etc., up to 10.255.0.0.

12/15/2010

Created by R.D.Ray

110

Variable Length Subnet Mask


A Variable Length Subnet Mask (VLSM) is a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule.
Network D 30 hosts
r1

Network C 20 hosts
r4

192.168.10.0/24
r2 r3

Configure the given address accordingly so that all the new networks will have desired hosts

Network A 6 hosts

Network B 14 hosts

12/15/2010

Created by R.D.Ray

111

Solution:For Network A == 6 hosts 192.168.10.0 === 192.168.10. 0 0 0 0 0 0 0 0 Formula === for calculating host portion calculate from right to left So for 6 host 3 bits are needed.

192.168.10. 0 0 0 0 0 0 0 0 Make the rest of the 0 bits as 1 192.168.10. 1 1 1 1 1 0 0 0 == /29 === 8 + 8 + 8 + 5


Subnet mask ==255.255.255.248 = adding the 1 bits value Block size == 256 248 = 8

12/15/2010

Created by R.D.Ray

112

Network possible are :192.168.10.0/29 192.168.10.8/29 192.168.10.16/29 | | 192.168.10.248/29

12/15/2010

Created by R.D.Ray

113

12/15/2010

Created by R.D.Ray

114

Cisco Router IOS


The Cisco IOS is a proprietary kernel that provides routing, switching, internetworking, and telecommunication features. This is responsible for :-

Carrying network protocols and functions Connecting high-speed traffic between devices Adding security to control access and stop unauthorized network use Providing scalability for ease of network growth and redundancy Supplying network reliability for connecting to network resources
Cisco IOS can be accessed through the console port of a router, from a modem into the auxiliary port or even through telnet. Access to the IOS command line is called an EXEC session.

12/15/2010

Created by R.D.Ray

115

Cisco Router
As per the manufacturing cisco routers can be divided into two parts :1. 2. Fixed :- pre built connecting ports Modular :- ports can be added to the router

Cisco 2600 series router

12/15/2010

Created by R.D.Ray

116

Cisco 2800 series router

Cisco 1800 series router

12/15/2010

Created by R.D.Ray

117

Cables and Connections


Connecting a Rollover Cable to Your Router or Switch

12/15/2010

Created by R.D.Ray

118

Terminal Settings
the settings that you should configure to have your PC connect to a router or switch.

1. 2. 3. 4. 5.

Start Program Accessories Communication HyperTerminal

12/15/2010

Created by R.D.Ray

119

LAN Connections

12/15/2010

Created by R.D.Ray

120

Serial Cable Types


Serial Cable (2500) Smart Serial Cable (1700, 1800, 2600, 2800)

12/15/2010

Created by R.D.Ray

121

V.35 DTE and DCE Cables

12/15/2010

Created by R.D.Ray

122

USB-to-Serial Connector for Laptops

12/15/2010

Created by R.D.Ray

123

Determining Which Cables to Use When Wiring Devices Together

12/15/2010

Created by R.D.Ray

124

568A Versus 568B Cables


There are two different standards released by the EIA/TIA group about UTP wiring: 568A and 568B. Although 568B is newer and is the recommended standard, either one can be used. The difference between these two standards is pin assignments, not in the use of the different colors. The 568A standard is more compatible with voice connections and the Universal Service Order Codes (USOC) standard for telephone infrastructure in the United States. In both 568A and USOC standards, the blue and orange pairs are now on the center four pins; therefore, the colors match more closely with 568A than with the 568B standard.

12/15/2010

Created by R.D.Ray

125

UTP Wiring Standards

12/15/2010

Created by R.D.Ray

126

Pinouts for Different Cables

12/15/2010

Created by R.D.Ray

127

Cisco Router Boot Process


POST

When first powered up, a router will carry out a power-on self-test (POST). Recall that the POST is used to check whether the CPU and router interfaces are capable of functioning correctly.
Execute bootstrap to load IOS. After a successful POST, the router will execute the Bootstrap program from ROM. The bootstrap is used to search Flash memory for a valid Cisco IOS image. If one is present, the image is loaded. If an image cannot be found, the router will boot the RxBoot limited IOS version found in ROM. IOS loads configuration file. Once the IOS image is loaded, it will search for a valid startup configuration in NVRAM. If a valid startup configuration file cannot be found, the router will load the System Configuration Dialog, or what is sometimes called setup mode. This mode allows you to perform the initial configuration of the router.

12/15/2010

Created by R.D.Ray

128

Command Line Interface (CLI)


Shortcuts for entering commands Using the key to enter complete commands Using the question mark (?) for help enable command exit command disable command logout command Setup mode Keyboard help History commands show commands

12/15/2010

Created by R.D.Ray

129

Using the Question Mark for Help

12/15/2010

Created by R.D.Ray

130

enable Command

exit Command

12/15/2010

Created by R.D.Ray

131

Key board help

12/15/2010

Created by R.D.Ray

132

12/15/2010

Created by R.D.Ray

133

12/15/2010

Created by R.D.Ray

134

History Commands

12/15/2010

Created by R.D.Ray

135

show Commands

router# show ip interface brief


router# show run router# show ip route

Lists the interfaces information


Shows the running configuration Shows the routing table information

router# show ip protocol

Shows the configured routing protocol

12/15/2010

Created by R.D.Ray

136

r1

r2

r3

12/15/2010

Created by R.D.Ray

137

Router> en Router# conf t Router()# hostname r1 or host r1 to change the router name Protecting Router through Password R1()#enable password cisco set enable password (unencrypted) R1()#enable secret cisco1 set the secret password (it overrides the enable password command and also provides security by encrypting the password)

R1()# line console 0 enters console line mode R1(config-line)#password console sets the console line password to console R1(config-line)#login enables password checking at login R1()# line vty 0 4 enters vty line mode for all 5 vty line (used for telnetting) R1(config-line)#password telnet sets the vty line password to telnet R1(config-line)#login enables password checking at login after telnetting to another router
12/15/2010 Created by R.D.Ray 138

R1()# line aux 0 enters auxiliary line mode R1(config-line)#password backdoor sets auxiliary password to backdoor R1(config-line)#login enables password checking at login

Password Encryption
R1()# service-password-encryption applies a weak encryption to passwords like enable password , line console password, etc.

Configuring Interfaces
R1()# interface s0/0 Ip address 200.200.200.1 255.255.255.0 Clock rate 64000 No shut

12/15/2010

Created by R.D.Ray

139

R1()# interface fa0/0 Ip address 192.168.10.100 255.255.255.0 No shut

R2()# Interface s0/0 Ip add 200.200.200.2 255.255.255.0 Cl ra 64000 No sh


Int fa0/0 Ip add 200.200.201.2 255.255.255.0 No sh Int fa0/1 ip add 192.168.20.100 255.255.255.0 No sh
12/15/2010 Created by R.D.Ray 140

R3()# Int fa0/0 Ip add 200.200.201.3 255.255.255.0 No sh

Int fa0/1 ip add 192.168.30.100 255.255.255.0 No sh On R1, R2, R3


# show ip route === used to show the routing table

12/15/2010

Created by R.D.Ray

141

Creating Banner
Banner is used to display the information. There are different types of banners available :-

Message of the Day (MOTD) banner Login Banner


Router(config)#banner motd # Building Power will be interrupted next Tuesday evening from 8 10 PM. # # is known as a delimiting character. The delimiting character must surround the banner message and can be any character so long as it is not a character used within the body of the message. TIP: The MOTD banner is displayed on all terminals and is useful for sending messages that affect all users. Use the no banner motd command to disable the MOTD banner. The MOTD banner displays before the login prompt and the login banner, if one has been created.
12/15/2010 Created by R.D.Ray 142

Router(config)# banner login # Authorized Personnel Only! Please enter your username and password. #

TIP: The login banner displays before the username and password login prompts. Use the no banner login command to disable the login banner. The MOTD banner displays before the login banner.

Saving Configurations
Router#copy running-config startup-config Router#copy running-config tftp

Erasing Configurations
Router#erase startup-config

12/15/2010

Created by R.D.Ray

143

12/15/2010

Created by R.D.Ray

144

The term routing is used for taking a packet from one device and sending it through the network to another device on a different network.

Routing is done through Protocols. There are 2 types of protocols : - Routing Protocol and Routed Protocol

Routing Protocol
It is a set of rules that describe how routing devices send updates between each other about the available network. If more than one path exists to the remote network, the protocol also determines how the best path or route is selected.

Routed Protocol
It is the layer 3 protocol used to transfer data from one end device to another across the network. It carries the application data as well as the upper layer information. The protocols are IP, IPXVINES, DECNET TV, etc.
12/15/2010 Created by R.D.Ray 145

Routing
Routing can be done in 3 ways :1. 2. 3. Default routing Static routing Dynamic routing

Default Routing When the administrator doesnt have any knowledge about the other networks at that time default routing can be used. Configuring Default Routing
Syntax:Router()# ip route 0.0.0.0 0.0.0.0 <next-hop address> or <exit interface name>

12/15/2010

Created by R.D.Ray

146

r1

r2

r3

R1()# Ip route 0.0.0.0 0.0.0.0 s0/0


R2()# ip route 0.0.0.0 0.0.0.0 s0/0 R2()# ip route 0.0.0.0 0.0.0.0 fa0/0

R3()# ip route 0.0.0.0 0.0.0.0 fa0/0


# sh ip route on all the routers #ping the routers
12/15/2010 Created by R.D.Ray 147

Static routing:when the administrator manually adds the destination networks into the routing table.
Benefits of Static Routing:There is no overhead on the router CPU There is no bandwidth usage between routers It adds security as the administrator can choose to allow routing access to certain networks only

Disadvantages of Static Routing:The administrator must really understand the internetwork and how each router is connected in order to configure routes correctly
If a network is added to the internetwork, the administrator has to add a route to it on all routers --- by hand
12/15/2010 Created by R.D.Ray 148

Syntax: Router()# ip route <dest.nw.add> <sm> <next-hop add> or <exit int. name>
Loop back 0 192.168.10.0 Loop back 0 192.168.20.0 Loop back 0 192.168.30.0

r1

r2

r3

R1()# Ip route 192.168.20.0 255.255.255.0 s0/0 Ip route 192.168.30.0 255.255.255.0 s0/0 Ip route 200.200.201.0 255.255.255.0 s0/0 R2()# Ip route 192.168.10.0 255.255.255.0 s0/0 Ip route 192.168.30.0 255.255.255.0 fa0/0

R3()# Ip route 192.168.20.0 255.255.255.0 fa0/0 Ip route 192.168.10.0 255.255.255.0 fa0/0 Ip route 200.200.200.0 255.255.255.0 fa0/0
12/15/2010 Created by R.D.Ray 149

The permanent Keyword (Optional)


Without the permanent keyword in a static route statement, a static route will be removed if an interface goes down. A downed interface will cause the directly connected network and any associated static routes to be removed from the routing table. If the interface comes back up, the routes are returned.

Adding the permanent keyword to a static route statement will keep the static routes in the routing table even if the interface goes down and the directly connected networks are removed. You cannot get to these routesthe interface is downbut the routes remain in the table.
The advantage to this is that when the interface comes back up, the static routes do not need to be reprocessed and placed back into the routing table, thus saving time and processing power.

When a static route is added or deleted, this route, along with all other static routes, is processed in one second. Before Cisco IOS Software Release 12.0, this processing time was five seconds.
The routing table processes static routes every minute to install or remove static routes according to the changing routing table.

12/15/2010

Created by R.D.Ray

150

To specify that the route will not be removed, even if the interface shuts down, enter the following command, for example: R1()# Ip route 192.168.20.0 255.255.255.0 s0/0 permanent

Static Routes and Administrative Distance (Optional)


By default, a static route is always used rather than a routing protocol. By adding an AD number to your ip route statement, however, you can effectively create a backup route to your routing protocol. If your network is using EIGRP, and you need a backup route, add a static route with an AD greater than 90. EIGRP will be used because its AD is better (lower) than the static route. If EIGRP goes down, however, the static route will be used in its place. This is known as a floating static route.

R1()# Ip route 192.168.20.0 255.255.255.0 200.200.200.2 200 --- AD value

12/15/2010

Created by R.D.Ray

151

Dynamic Routing

When the router learns about the other networks from its neighbor. Dynamic routing has 2 different types of protocol:1. 2. IGP (interior gateway protocol) EGP (exterior gateway protocol)

IGP:works within an autonomous system (AS). An AS is a collection of networks under a common administrative domain, which means that all routers sharing the same routing table are within the same AS.
EGP:works between 2 ASs. Administrative Distance (AD):Tells about the trustworthiness of a routing protocol. The lowest the number the higher trustiness.
12/15/2010 Created by R.D.Ray 152

Routing protocol /Route source


Connected interface Static route

Default Distance Values


0 1 5 20

Enhanced Interior Gateway Routing Protocol (EIGRP) summary route


External Border Gateway Protocol (eBGP)

Internal EIGRP
IGRP

90
100

OSPF
Intermediate System-to-Intermediate System (IS-IS) Routing Information Protocol (RIP) Exterior Gateway Protocol (EGP) On Demand Routing (ODR) External EIGRP Internal BGP Unknown

110
115 120 140 160 170 200 255

Routing Protocols
There are 3 classes of routing protocols 1. 2. 3. Distance vector Hybrid Link state
12/15/2010 Created by R.D.Ray 153

Distance Vector routing Protocol


Sends its entire routing table at periodic intervals out of all interfaces. Also sends triggered updates to reflect changes in the network
Uses broadcast to send updates to everyone on the network Uses metric based on how distant the remote network is to the router Has knowledge of the network based on information learned from its neighbor Includes a routing table that is a database viewed from the prospective of each router

Uses Bellman Ford algorithm for calculating the best path Involves slower convergence because information of changes must come from the entire network
12/15/2010 Created by R.D.Ray 154

Link State Routing Protocol


Doesnt send periodical updates rather sends incremental updates when
a change is detected Typically involves, updates sent to those routers participating in the

routing protocol domain, via, a multicast address


Has a topological database that is same for every router in the area The routing table built from this database is unique to each other Uses Dijkstra algorithm

Involves quick convergence

12/15/2010

Created by R.D.Ray

155

Distance Vector Metric Hop Count

Rip Hop Count 15

Rip Version 2 Hop Count 15

IGRP Bandwidth 255

Periodic Updates
Hold down timer Flush down timer

30 sec
180 sec 240 sec

30 sec
180 sec 240 sec

120 sec
280 sec 630 sec

Administrative Distance Class


VLSM Convergence

120 Full
No Slow

120 Less
Yes Slow

100 Full
No Slow

12/15/2010

Created by R.D.Ray

156

Routing Loop
Distance-vector routing protocols keep track of any changes to the internetwork by broadcasting periodic routing updates out all active interfaces. This broadcast includes the complete routing table. This works just fine, but its expensive in terms of CPU process and link bandwidth. And if a network outage happens, real problems can occur. Plus, the slow convergence of distancevector routing protocols can result in inconsistent routing tables and routing loops. Routing loops can occur because every router isnt updated simultaneously, or even close to it.

12/15/2010

Created by R.D.Ray

157

When Network 5 fails, RouterE tells RouterC. This causes RouterC to stop routing to Network 5 through RouterE. But routers A, B, and D dont know about Network 5 yet, so they keep sending out update information. RouterC will eventually send out its update and cause B to stop routing to Network 5, but routers A and D are still not updated. To them, it appears that Network 5 is still available through RouterB with a metric of 3. The problem occurs when RouterA sends out its regular 30-second Hello, Im still here these are the links I know about message, which includes the ability to reach Network 5, and now routers B and D receive the wonderful news that Network 5 can be reached from RouterA, so routers B and D then send out the information that Network 5 is available. Any packet destined for Network 5 will go to RouterA, to RouterB, and then back to RouterA. This is a routing loophow do you stop it? The routing loop problem just described is called counting to infinity, and its caused by gossip (broadcasts) and wrong information being communicated and propagated throughout the internetwork. Without some form of intervention, the hop count increases indefinitely each time a packet passes through a router.

12/15/2010

Created by R.D.Ray

158

Maximum Hop Count One way of solving this problem is to define a maximum hop count. RIP permits a hop count of up to 15, so anything that requires 16 hops is deemed unreachable. In other words, after a loop of 15 hops, Network 5 will be considered down. Thus, the maximum hop count will control how long it takes for a routing table entry to become invalid or questionable.
Split Horizon

Another solution to the routing loop problem is called split horizon. This reduces incorrect routing information and routing overhead in a distancevector network by enforcing the rule that routing information cannot be sent back in the direction from which it was received.
In other words, the routing protocol differentiates which interface a network route was learned on, and once this is determined, it wont advertise the route back out that same interface. This would have prevented RouterA from sending the updated information it received from RouterB back to RouterB.

12/15/2010

Created by R.D.Ray

159

Route Poisoning
Another way to avoid problems caused by inconsistent updates and stop network loops is route poisoning. For example, when Network 5 goes down, RouterE initiates route poisoning by advertising Network 5 as 16, or unreachable (sometimes referred to as infinite). This poisoning of the route to Network 5 keeps RouterC from being susceptible to incorrect updates about the route to Network 5. When RouterC receives a route poisoning from RouterE, it sends an update, called a poison reverse, back to RouterE. This ensures that all routes on the segment have received the poisoned route information.

Holddowns
A holddown prevents regular update messages from reinstating a route that is going up and down (called flapping). Typically, this happens on a serial link thats losing connectivity and then coming back up. Holddowns prevent routes from changing too rapidly by allowing time for either the downed route to come back up or the network to stabilize somewhat before changing to the next best route. These also tell routers to restrict, for a specific time period, changes that might affect recently removed routes. This prevents inoperative routes from being prematurely restored to other routers tables.
12/15/2010 Created by R.D.Ray 160

Routing Information Protocol (RIP)


The Routing Information Protocol (RIP) was originally designed for the Xerox Network Systems (XNS) protocol suite. Developed at the Xerox Palo Alto Research Center (PARC), RIP was initially named GWINFO (the Gateway Information Protocol). In 1982, RIP was introduced to the TCP/IP suite of protocols in the Berkeley Software Distribution (BSD) of Unix. RIP is supported by almost every major manufacturer of network equipment, as well as popular network operating systems such as Windows NT.
12/15/2010 Created by R.D.Ray 161

Is a distance vector routing protocol used to exchange routing information among routers and hosts It is widely used in medium sized networks. It uses 2 packet types to convey information : - update and request It broadcast updates in every 30 seconds to all directly connected neighbors Request messages are used by the router to discover other rip enabled devices It uses hop count as the metric to measure the distance to a network There are 3 types of rip based on versions:Rip default, Rip version 1, Rip version 2
12/15/2010 Created by R.D.Ray 162

RIP Timers
Route update timer Sets the interval (typically 30 seconds) between periodic routing updates in which the router sends a complete copy of its routing table out to all neighbors.

Route invalid timer Determines the length of time that must elapse (180 seconds) before a router determines that a route has become invalid. It will come to this conclusion if it hasnt heard any updates about a particular route for that period. When that happens, the router will send out updates to all its neighbors letting them know that the route is invalid.
Holddown timer This sets the amount of time during which routing information is suppressed. Routes will enter into the holddown state when an update packet is received that indicated the route is unreachable. This continues either until an update packet is received with a better metric or until the holddown timer expires. The default is 180 seconds. Route flush timer Sets the time between a route becoming invalid and its removal from the routing table (240 seconds). Before its removed from the table, the router notifies its neighbors of that routes impending demise. The value of the route invalid timer must be less than that of the route flush timer. This gives the router enough time to tell its neighbors about the invalid route before the local routing table is updated.
12/15/2010 Created by R.D.Ray 163

RIP Default :sends version 1 information and receives both version RIP version 1 :Sends and receives version 1 information only RIP version 2 :Sends and receives version 2 information only

12/15/2010

Created by R.D.Ray

164

Configure R1 with RIP version 1 Configure R2 with RIP version 2 Configure R1 with RIP default
RIP version 1
R1 Router rip Ver 1 net 192.168.10.0 net 192.168.11.0 net 200.200.200.0

RIP version 2
R2 Router rip Ver 2 no auto-summary net 200.200.200.0 net 200.200.201.0 net 172.168.20.0

RIP default
R3 Router rip net 200.200.201.0 net 152.168.30.0

Communicating between different versions of RIP


R2 Int s0/0 Ip rip receive version 1 Int s0/1 Ip rip receive version 1
12/15/2010 Created by R.D.Ray 165

R1 Int s0/0 Ip rip receive version 2

Configuring RIP Timers


There are 4 configurable RIP timers Update , Invalid , Hold down , Flush Down Update timer control the rate in seconds that routing updates are sent. The three other RIP timers are all dependent on the value of the update timer The invalid timer should be at least 3 times the value of update timer The hold down timer should be at least 3 times the value of update timer The flush down timer must be at least the sum of invalid and hold down timer

R1()# router rip # timers basic 5 15 R1()#service timestamps R1# debug ip routing R1# debug ip rip

15 30

12/15/2010

Created by R.D.Ray

166

12/15/2010

Created by R.D.Ray

167

Interior Gateway Routing Protocol (IGRP)


Interior Gateway Routing Protocol (IGRP) is a Cisco-proprietary distance-vector routing protocol. This means that to use IGRP in your network, all your routers must be Cisco routers. Cisco created this routing protocol to overcome the problems associated with RIP.

Enhanced Interior Gateway Routing Protocol (EIGRP)


Its a Cisco proprietary advanced distance vector routing protocol, released in 1994. It is a class less protocol that directly interfaces to IP as protocol 88. Eigrp uses the multicast address of 224.0.0.10 for hellos and routing updates.

12/15/2010

Created by R.D.Ray

168

Features:. Rapid convergence . 100% loop-free classless routing

. Easy configuration
. Incremental updates . Load balancing across equal and unequal-cost pathways . Flexible network design . Multicast and unicast instead of broadcast address

. Support for VLSM and discontiguous subnets


. Manual summarization at any point in the internetwork . Support for multiple network-layer protocols

12/15/2010

Created by R.D.Ray

169

EIGRP characteristics:Rapid convergence: EIGRP uses DUAL to achieve rapid convergence. A router using EIGRP stores all available backup routes for destinations so that it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternate route. EIGRP transmits these queries until it finds an alternate route.

Reduced bandwidth usage: EIGRP does not make periodic updates. Instead, it sends partial updates when the path or the metric changes for that route. When path information changes, DUAL sends an update about only that link rather than the entire table. DUAL sends the information only to the routers that require it, in contrast to link-state protocols, in which an update is transmitted to all link-state routers within an area. Multiple network-layer support: EIGRP supports AppleTalk, IP, and Novell NetWare through the use of protocoldependent modules (PDMs). PDMs are responsible for protocol requirements specific to the network layer.
12/15/2010 Created by R.D.Ray 170

EIGRP Neighbor ship establishment


Hello / Acknowledgement receive Same autonomous number (AS) Identical K values

For establishing neighbor ship AS number and K values should match


K = metric for EIGRP

EIGRP Metrics:The EIGRP metric is a 32 bit number, which is calculated using : Bandwidth = k1 Load = k2 Delay = k3 Reliability = k4 MTU (maximum transmission unit) = k5 (not used in path calculation) By default EIGRP uses only bandwidth and delay for cost calculation.
12/15/2010 Created by R.D.Ray 171

Reliable Transport Protocol (RTP)


EIGRP uses a proprietary protocol called Reliable Transport Protocol (RTP) to manage the communication of messages between EIGRP-speaking routers. And as the name suggests, reliability is a key concern of this protocol. Cisco has designed a mechanism that leverages multicasts and unicasts to deliver updates quickly and to track the receipt of the data.

When EIGRP sends multicast traffic, it uses the Class D address 224.0.0.10. As I said, each EIGRP router is aware of who its neighbors are, and for each multicast it sends out, it maintains a list of the neighbors who have replied. If EIGRP doesnt get a reply from a neighbor, it will switch to using unicasts to resend the same data. If it still doesnt get a reply after 16 unicast attempts, the neighbor is declared dead. People often refer to this process as reliable multicast.
Routers keep track of the information they send by assigning a sequence number to each packet. With this technique, its possible for them to detect the arrival of old, redundant, or out-of-sequence information.

Being able to do these things is highly important because EIGRP is a quiet protocol. It depends upon its ability to synchronize routing databases at startup time and then maintain the consistency of databases over time by only communicating any changes. So the permanent loss of any packets, or the out-oforder execution of packets, can result in corruption of the routing database.
12/15/2010 Created by R.D.Ray 172

EIGRP Terminology
Neighbor Table:lists adjacent routers. EIGRP keeps a neighbor table for each network protocol supported such as IP, IPX & AppleTalk. When newly discovered neighbors are learned the address and the interface of the neighbor is recorded. This information is stored in the neighbor data structure. The neighbor table includes the following information: The Layer 3 address of the neighbor.

The interface through which the neighbor's Hello was heard.


The holdtime, or how long the neighbor table waits without hearing a Hello from a neighbor, before declaring the neighbor unavailable and purging the database. Holdtime is three times the value of the Hello timer by default. The uptime, or period since the router first heard from the neighbor. The sequence number. The neighbor table tracks all the packets sent between the neighbors. It tracks both the last sequence number sent to the neighbor and the last sequence number received from the neighbor.
12/15/2010 Created by R.D.Ray 173

Retransmission timeout (RTO), which is the time the router will wait on a connection-oriented protocol without an acknowledgment before retransmitting the packet.

Smooth Round Trip Time (SRTT), which calculates the RTO. SRTT is the time (in milliseconds) that it takes a packet to be sent to a neighbor and a reply to be received.
The number of packets in a queue, which is a means by which administrators can monitor congestion on the network

Topology Table:is populated by the PDMs and acted upon by DUAL. It contains all destinations advertised by neighboring routers. Associated with each entry is the destination address and a list of neighbors that have advertised the destination. For each neighbor the advertised metric is recorded.
The topology table includes the following information: Whether the route is passive or active.
12/15/2010 Created by R.D.Ray 174

Whether an update has been sent to the neighbor.

Whether a query packet has been sent to the neighbor. If this field is positive, at least one route will be marked as active. Whether a query packet has been sent; if so, another field will track whether any replies have been received from the neighbor. That a reply packet has been sent in response to a query packet received from a neighbor. Prefixes, masks, interface, next-hop, and feasible and advertised distances for remote networks.
Routing Table: contains the best route to reach the destination.

Diffusing Update Algorithm (DUAL)


is used by EIGRP to maintain the network database. It selects the shortest path to a destination and then maintains a back up path if available. In EIGRP successor is the best path to a destination. The successor is chosen by DUAL from all of the known paths to the end destination.

12/15/2010

Created by R.D.Ray

175

EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best path to each remote network. This algorithm allows for the following: Backup route determination if one is available

Support of VLSMs
Dynamic route recoveries

Queries for an alternate route if no route can be found Distance:


is the total distance from source to the destination based on cost calculation. Feasible distance :is the best distance among all the distances Reported distance:is the distance advertised by the neighbor router for the destination. Feasible Successor:is the path whose reported distance is less than equal to feasible distance. Successor :is the best path to reach a particular destination
12/15/2010 Created by R.D.Ray 176

12/15/2010

Created by R.D.Ray

177

Configuring Eigrp
R1 Router eigrp 100 No auto-summary Net 200.200.200.0 Net 200.200.201.0 Net 200.200.202.0

*** configure other routers accordingly Sh ip route -----------shows the routing table . Eigrp routes marked with D

Sh ip eigrp neighbors ----- shows the neighbor adjancency Ship eigrp topology -------- show the topology table . Feasible Distance / Feasible successor Reported Distance

12/15/2010

Created by R.D.Ray

178

Configuring Delays :R1 R2 ==== delay 10 R1 R3 ==== delay 15 R1 R4 ==== delay 20


R2 r5 ==== delay 5 R3 r5 ==== delay 10 R4 r5 ==== delay 25 Configure the delay on router interfaces. R1()# int s0/0 #delay 10 . Configure accordingly on all the router interfaces R1()# router eigrp 10 TOS K1 K2 K3 K4 K5 # metric weights 0 0 0 1 0 0 TOS=== Type Of Service . What type of service we are using here we are using delay as the value is 1

12/15/2010

Created by R.D.Ray

179

Configuring unequal load balancing


EIGRP supports up to 4 equal cost load balancing and up to 6 unequal cost load balancing. In load balancing EIGRP sends the packets through all the available port.

Equal Cost Load balancing :If multiple paths have same cost to reach the destination then EIGRP uses all the available paths for sending packets.
Un-Equal cost load balancing :EIGRP can use paths whose cost are different from each other to reach the destination. NOTE:-

By default EIGRP supports equal cost load balancing and by using VARIANCE it uses unequal cost load balancing. VARIANCE:command controls the load balancing over multiple EIGRP paths. This command allows the administrator to load balance across multiple paths even if the metrics of the pats are different.
R1()# router eigrp 10 # variance 2

12/15/2010

Created by R.D.Ray

180

Configuring Eigrp Authentication


Authenticate the link between r1 and r2 R1()# key chain cisco ----- from where the key should get #key 1 #key-string hbf ---- password

R1()#int s0/0 #ip authentication mode eigrp 100 md5 # ip authentication key-chain 100 cisco **** do the same int r2s link to r1

12/15/2010

Created by R.D.Ray

181

12/15/2010

Created by R.D.Ray

182

Open Shortest Path First (OSPF)


It is a link-state routing protocol developed for IP networks to be used within a single AS to distribute routing information . It was created to :Decrease routing overhead Speed up convergence Confirm network stability to single areas of network Characteristics of OSPF:Consists of Areas and AS Minimizes routing update traffic Allows scalability Supports VLSM and CIDR Has unlimited hop count Finds the best path by applying dijkstra Responds quickly to network change Sends triggered update Sends periodic update in every 30 minutes

12/15/2010

Created by R.D.Ray

183

OSPF Terminology
Link A link is a network or router interface assigned to any given network. When an interface is added to the OSPF process, its considered by OSPF to be a link. This link, or interface, will have state information associated with it (up or down) as well as one or more IP addresses. Router ID The Router ID (RID) is an IP address used to identify the router. Cisco chooses the Router ID by using the highest IP address of all configured loopback interfaces. If no loopback interfaces are configured with addresses, OSPF will choose the highest IP address of all active physical interfaces. Neighbor Neighbors are two or more routers that have an interface on a common network, such as two routers connected on a point-to-point serial link. Adjacency An adjacency is a relationship between two OSPF routers that permits the direct exchange of route updates. OSPF is really picky about sharing routing informationunlike EIGRP, which directly shares routes with all of its neighbors. Instead, OSPF directly shares routes only with neighbors that have also established adjacencies. And not all neighbors will become adjacent this depends upon both the type of network and the configuration of the routers.
12/15/2010 Created by R.D.Ray 184

Hello protocol The OSPF Hello protocol provides dynamic neighbor discovery and maintains neighbor relationships. Hello packets and Link State Advertisements (LSAs) build and maintain the topological database. Hello packets are addressed to 224.0.0.5.

Neighborship database The neighbor ship database is a list of all OSPF routers for which Hello packets have been seen. A variety of details, including the Router ID and state, are maintained on each router in the neighborship database. Topological database The topological database contains information from all of the Link State Advertisement packets that have been received for an area. The router uses the information from the topology database as input into the Dijkstra algorithm that computes the shortest path to every network.

12/15/2010

Created by R.D.Ray

185

Link State Advertisement

A Link State Advertisement (LSA) is an OSPF data packet containing link-state and routing information thats shared among OSPF routers. There are different types of LSA packets. An OSPF router will exchange LSA packets only with routers to which it has established adjacencies. Designated router A Designated Router (DR) is elected whenever OSPF routers are connected to the same multi-access network. To minimize the number of adjacencies formed, a DR is chosen (elected) to disseminate/receive routing information to/from the remaining routers on the broadcast network or link. This ensures that their topology tables are synchronized. All routers on the shared network will establish adjacencies with the DR and backup designated router
The election is won by the router with the highest priority, and the Router ID is used as a tiebreaker if the priority of more than one router turns out to be the same.

12/15/2010

Created by R.D.Ray

186

Backup designated router A Backup Designated Router (BDR) is a hot standby for the DR on multiaccess links (remember that Cisco sometimes likes to call these broadcast networks). The BDR receives all routing updates from OSPF adjacent routers but doesnt flood LSA updates. OSPF areas An OSPF area is a grouping of contiguous networks and routers. All routers in the same area share a common Area ID. Because a router can be a member of more than one area at a time, the Area ID is associated with specific interfaces on the router. This would allow some interfaces to belong to area 1 while the remaining interfaces can belong to area 0. All of the routers within the same area have the same topology table.

12/15/2010

Created by R.D.Ray

187

Configuring OSPF in a single Area

R1 Router ospf 10 ---- process-id Netw 200.200.200.0 0.0.0.255 area 0 Net 192.168.10.0 0.0.0.255 area 0 Net 192.168.11.0 0.0.0.255 area 0
Configure other routers accordingly

12/15/2010

Created by R.D.Ray

188

12/15/2010

Created by R.D.Ray

189

The Internal Components of a Cisco Router

12/15/2010

Created by R.D.Ray

190

12/15/2010

Created by R.D.Ray

191

Managing Configuration Register


All Cisco routers have a 16-bit software register thats written into NVRAM. By default, the configuration register is set to load the Cisco IOS from flash memory and to look for and load the startup-config file from NVRAM. The 16 bits (2 bytes) of the configuration register are read from 15 to 0, from left to right. The default configuration setting on Cisco routers is 0x2102.

12/15/2010

Created by R.D.Ray

192

The boot field, which consists of bits 03 in the configuration register, controls the router boot sequence.

Checking the Current Configuration Register Value Router# sh version

12/15/2010

Created by R.D.Ray

193

Changing the Configuration Register


To force the system into the ROM monitor mode To select a boot source and default boot filename To enable or disable the Break function To control broadcast addresses

To set the console terminal baud rate To load operating software from ROM
To enable booting from a Trivial File Transfer Protocol (TFTP) server

12/15/2010

Created by R.D.Ray

194

Recovering Passwords
The default configuration register value is 0x2102, meaning that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6. Doing this will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142. Here are the main steps to password recovery:

1. Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROM monitor mode. 2. Change the configuration register to turn on bit 6 (with the value 0x2142). 3. Reload the router. 4. Enter privileged mode. 5. Copy the startup-config file to running-config.

6. Change the password.


7. Reset the configuration register to the default value. 8. Save the router configuration.

9. Reload the router (optional).

12/15/2010

Created by R.D.Ray

195

Cisco ISR/2600 Series Commands


rommon 1 >confreg 0x2142 You must reset or power cycle for new config to take effect rommon 2 >reset Cisco 2500 Series Commands >o/r 0x2142

Boot System Commands


Configuring router to boot another IOS if the flash is corrupted? Router(config)#boot ? bootstrap config host network system Bootstrap image file Configuration file Router-specific config file Network-wide config file System image file

12/15/2010

Created by R.D.Ray

196

Router(config)#boot system flash c2800nm-advsecurityk9-mz.124-12.bin


The above command configures the router to boot the IOS listed in it. This is a helpful command for when you load a new IOS into flash and want to test it, or even when you want to totally change which IOS is loading by default.

Router(config)#boot system tftp c2800nm-advsecurityk9-mz.124-12.bin 1.1.1.2

Router(config)#boot system rom


The Cisco IOS File System
NOTE: The Cisco IOS File System (IFS) provides a single interface to all the file systems available on a routing device, including the flash memory file system; network file systems such as TFTP, Remote Copy Protocol (RCP), and File Transfer Protocol (FTP); and any other endpoint for reading and writing data, such as NVRAM, or the running configuration.

The Cisco IFS minimizes the required prompting for many commands. Instead of entering in an EXEC-level copy command and then having the system prompt you for more information, you can enter a single command on one line with all necessary information.

12/15/2010

Created by R.D.Ray

197

dir Same as with Windows, this command lets you view files in a directory. Type dir, hit Enter, and by default you get the contents of the flash:/ directory output.

copy This is one popular command, often used to upgrade, restore, or back up an IOS. more Same as with Unix, this will give you a text file and let you look at it on a card. You can use it to check out your configuration file or your backup configuration file.
show file This command will give you the skinny on a specified file or file system, but its kind of obscure because people dont use it a lot. delete it deletes stuff. But with some types of routers, not as well as youd think. Thats because even though it whacks the file, it doesnt always free up the space it was using. To actually get the space back, you have to use something called the squeeze command too.

12/15/2010

Created by R.D.Ray

198

erase/format Use these with caremake sure that when youre copying files, you say no to the dialog that asks you if you want to erase the file system! The type of memory youre using determines if you can nix the flash drive or not. cd/pwd Same as with Unix and DOS, cd is the command you use to change directories. Use the pwd command to print (show) the working directory. mkdir/rmdir Use these commands on certain routers and switches to create and delete directoriesthe mkdir command for creation and the rmdir command for deletion. Use the cd and pwd commands to change into these directories.

12/15/2010

Created by R.D.Ray

199

Using the Cisco IFS to Upgrade an IOS


start with the pwd command to verify our default directory and then use the dir command to verify the contents of the default directory (flash:/):

12/15/2010

Created by R.D.Ray

200

R1#show file info flash:c1841-ipbase-mz.124-1c.bin

flash:c1841-ipbase-mz.124-1c.bin: type is image (elf) [] file size is 13937472 bytes, run size is 14103140 bytes Runnable image, entry point 0x8000F000, run from ram R1#delete flash:c1841-ipbase-mz.124-1c.bin
R1#copy tftp://1.1.1.2//c1841-advipservicesk9-mz.124-12.bin/ flash:/ c1841-advipservicesk9-mz.124-12.bin

12/15/2010

Created by R.D.Ray

201

Backing Up the Cisco IOS Software to a TFTP Server


copy flash tftp

12/15/2010

Created by R.D.Ray

202

Restoring/Upgrading the Cisco IOS Software from a TFTP Server


copy tftp flash

Using Cisco Discovery Protocol (CDP)


Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. By using CDP, you can gather hardware and protocol information about neighbor devices, which is useful info for troubleshooting and documenting the network. Getting CDP Timers and Holdtime Information #sh cdp

Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled
12/15/2010 Created by R.D.Ray 203

CDP timer is how often CDP packets are transmitted out all active interfaces. CDP holdtime is the amount of time that the device will hold packets received from neighbor devices.

12/15/2010

Created by R.D.Ray

204

12/15/2010

Created by R.D.Ray

205

12/15/2010

Created by R.D.Ray

206

Using Telnet
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make connections to remote devices, gather information, and run programs. TELecommunication NETwork is a network protocol which is mostly used to connect to remote machines over a local area network or the internet.

Configuring TELNET

R1() Line vty 0 4 Password telnet ---- it will ask for the pass word Login Do the same in rest of the routers R1# telnet 200.200.200.2
12/15/2010 Created by R.D.Ray 207

R1() Line vty 0 4 No login ---- no password required direct access Do the same in rest of the routers

R1# telnet 200.200.200.2

Checking Telnet Connections #sh sessions


To see the connections made from your router to a remote device,

See that asterisk (*) next to connection 2? It means that session 2 was your last session. You can return to your last session by pressing Enter twice.

Checking Telnet Users


#sh users Building a Host Table
A host table provides name resolution only on the router that it was built upon. The command to build a host table on a router is as follows:

ip host host_name tcp_port_number ip_address


12/15/2010 Created by R.D.Ray 208

R1()# Ip host r2 200.200.200.2 Ip host r3 200.200.201.3

#ping r2 #ping r3 # telnet r2 # telnet r3

12/15/2010

Created by R.D.Ray

209

12/15/2010

Created by R.D.Ray

210

Restoring the Cisco IOS Software from ROM Monitor Mode Using Xmodem

12/15/2010

Created by R.D.Ray

211

12/15/2010

Created by R.D.Ray

212

12/15/2010

Created by R.D.Ray

213

12/15/2010

Created by R.D.Ray

214

12/15/2010

Created by R.D.Ray

215

12/15/2010

Created by R.D.Ray

216

Restoring the Cisco IOS Software Using the ROM Monitor Environmental Variables and tftpdnld Command

12/15/2010

Created by R.D.Ray

217

Configuring the Secure Shell Protocol (SSH)


To work, SSH requires a local username database, a local IP domain, and an RSA key to be generated. The Cisco implementation of SSH requires Cisco IOS Software to support Rivest- Shamir-Adleman (RSA) authentication and minimum Data Encryption Standard (DES) encryptiona cryptographic software image.

12/15/2010

Created by R.D.Ray

218

ICMP Redirect Messages

The ping Command

12/15/2010

Created by R.D.Ray

219

Configuring SNMP

NOTE: A community string is like a password. In the case of the first command, the community string grants you access to SNMP.

12/15/2010

Created by R.D.Ray

220

Configuring Syslog

12/15/2010

Created by R.D.Ray

221

Setting a level means you will get that level and everything below it. Level 6 means you will receive level 6 and 7 messages. Level 4 means you will get levels 4 through 7.

12/15/2010

Created by R.D.Ray

222

12/15/2010

Created by R.D.Ray

223

Introduction to Access Lists


An access list is essentially a list of conditions that categorize packets. It is used to either deny or permit packets.
There are a few important rules that a packet follows when its being compared with an access list: Its always compared with each line of the access list in sequential orderthat is, itll always start with the first line of the access list, then go to line 2, then line 3, and so on.

Its compared with lines of the access list only until a match is made. Once the packet matches the condition on a line of the access list, the packet is acted upon and no further comparisons take place.
There is an implicit deny at the end of each access listthis means that if a packet doesnt match the condition on any of the lines in the access list, the packet will be discarded.

12/15/2010

Created by R.D.Ray

224

There are two main types of access lists: Standard access lists
These use only the source IP address in an IP packet as the condition test. All decisions are made based on the source IP address. This means that standard access lists basically permit or deny an entire suite of protocols. They dont distinguish between any of the many types of IP traffic such as web, Telnet, UDP, and so on.

Extended access lists


Extended access lists can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet. They can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header.

Inbound access lists


When an access list is applied to inbound packets on an interface, those packets are processed through the access list before being routed to the outbound interface. Any packets that are denied wont be routed because theyre discarded before the routing process is invoked.

Outbound access lists


When an access list is applied to outbound packets on an interface, those packets are routed to the outbound interface and then processed through the access list before being queued.

12/15/2010

Created by R.D.Ray

225

Standard Access Lists


Standard IP access lists filter network traffic by examining the source IP address in a packet. You create a standard IP access list by using the access-list numbers 199 or 13001999 (expanded range). Access-list types are generally differentiated using a number. Based on the number used when the access list is created, the router knows which type of syntax to expect as the list is entered. By using numbers 199 or 13001999, youre telling the router that you want to create a standard IP access list, so the router will expect syntax specifying only the source IP address in the test lines.

ACL Keywords

any
Used in place of 0.0.0.0 255.255.255.255, will match any address that it is compared against

host
Used in place of 0.0.0.0 in the wildcard mask, will match only one specific address

12/15/2010

Created by R.D.Ray

226

12/15/2010

Created by R.D.Ray

227

12/15/2010

Created by R.D.Ray

228

12/15/2010

Created by R.D.Ray

229

12/15/2010

Created by R.D.Ray

230

Controlling VTY (Telnet) Access Lab_A(config)#access-list 50 permit 172.16.10.3 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in Extended Access Lists
Extended access lists allow you to specify source and destination address as well as the protocol and port number that identify the upper-layer protocol or application. By using extended access lists, you can effectively allow users access to a physical LAN and stop them from accessing specific hostsor even specific services on those hosts.

12/15/2010

Created by R.D.Ray

231

12/15/2010

Created by R.D.Ray

232

12/15/2010

Created by R.D.Ray

233

12/15/2010

Created by R.D.Ray

234

12/15/2010

Created by R.D.Ray

235

12/15/2010

Created by R.D.Ray

236

12/15/2010

Created by R.D.Ray

237

Network Address Translation (NAT) When Do We Use NAT?


You need to connect to the Internet and your hosts dont have globally unique IP addresses.

You change to a new ISP that requires you to renumber your network.
You need to merge two intranets with duplicate addresses.

12/15/2010

Created by R.D.Ray

238

Types of Network Address Translation

Static NAT This type of NAT is designed to allow one-to-one mapping between local and global addresses. Keep in mind that the static version requires you to have one real Internet IP address for every host on your network. Dynamic NAT This version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. You dont have to statically configure your router to map an inside to an outside address as you would using static NAT, but you do have to have enough real, bona-fide IP addresses for everyone whos going to be sending packets to and receiving them from the Internet. Overloading This is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP addressmany-to-oneby using different ports.

12/15/2010

Created by R.D.Ray

239

NAT Names

Addresses used after NAT translations are called global addresses. These are usually the public addresses used on the Internet, but remember, you dont need public addresses if you arent going on the Internet. Local addresses are the ones we use before NAT translation. So, the inside local address is actually the private address of the sending host thats trying to get to the Internet, while the outside local address is the address of the destination host. The latter is usually a public address (web address, mail server, etc.) and is how the packet begins its journey. After translation, the inside local address is then called the inside global address and the outside global address then becomes the name of the destination host.
12/15/2010 Created by R.D.Ray 240

How NAT Works

Basic NAT translation

12/15/2010

Created by R.D.Ray

241

NAT overloading example (PAT)

PAT allows us to use the Transport layer to identify the hosts, which in turn allows us to use (theoretically) up to 65,000 hosts with one real IP address.
12/15/2010 Created by R.D.Ray 242

Static NAT Configuration ip nat inside source static 10.1.1.1 170.46.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside

12/15/2010

Created by R.D.Ray

243

Dynamic NAT Configuration access-list 1 permit 10.1.1.0 0.0.0.255 ! ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool todd ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside

12/15/2010

Created by R.D.Ray

244

PAT (Overloading) Configuration

access-list 1 permit 10.1.1.0 0.0.0.255 ! ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0 ip nat inside source list 1 pool globalnet overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside
Simple Verification of NAT

# show ip nat translation #debug ip nat

12/15/2010

Created by R.D.Ray

245

Configuring DHCP

r1

r2

200.200.200.0/24

R1()# Ip dhcp pool dev Network 192.168.10.0 255.255.255.0 Default router 192.168.10.100 Netbios-name-server 192.168.10.1 Dns-server 192.168.10.2 Lease 12 14 30 or infinite

R1()# Ip dhcp excluded-address 192.168.10.1 192.168.10.5

12/15/2010

Copy right Protected Created by R.D.Ray

246

12/15/2010

Created by R.D.Ray

247

Why Do We Need IPv6?


IPV4 is limited by its 32 bits, which causes problems for the long term growth of the internet.

Parts of IPV4 address scheme like class D and class E are reserved for special use
IPV4 has a limitation upto 4 billion users Explosion of new IP enabled devices, growth of undeveloped region, etc.

IPV6 Features
IPV6 addresses are 128 bits. The usable address is 5 * (10 ^ 28) per user The total number of IPv4 addresses is 232 (or 4 * 109); when reserved addresses are considered, approximately two billion (2 * 109) usable addresses remain. IPv6 also includes a simplified packet header which provides better routing efficiency for performance and forwarding rate scalability. Provides support for mobility and security by the use of IPSEC which is by default present in IPV6 addressing

12/15/2010

Created by R.D.Ray

248

IPv6 Address Notation


IPv6 addresses are 128 bits long, compared to 32 bits long for IPv4. In other

words, IPv6 addresses are 296 times more numerous than IPv4 addresses. IPv6 addresses are represented in hexadecimal rather than decimal and use colon-separated fields of 16 bits each, rather than decimal points between 8-bit fields, as in IPv4.

Globally unique IPv6 addresses can be configured automatically by a router using the built-in auto configuration process without the assistance of protocols such as DHCP.
IPv6 uses built-in neighbor discovery, by which an IPv6 node can discover its neighbors and any IPv6 routers on a segment, as well as whether any routers present are willing to serve as a default gateway for hosts. In IPV6, 128 bits are divided into 16 bit boundaries and each 16 bit boundary is converted to a 4 digit hexadecimal number. Each set of 4 digit hexadecimal numbers are separated by colons ( : ) . Therefore, it is also called as colon-hexa.

12/15/2010

Created by R.D.Ray

249

Example:2035:0001:0000:0000:0000:2bc5:000a:bc0f Compressing Zeros


leading zeros in each 16-bit field may be omitted once, and only once, in an address, sequential zeros can be replaced with a pair of colons (::) only one pair of colons can be used within an IPv6 address. This is because the number of missing 0s is calculated by separating the two parts of the address and filling in 0s, until there are a total of 128 bits. 2035:1::2bc5:a:bc0f

Types of IPv6 Addresses IPv6 supports three types of addresses:


Unicast for sending to a single interface. The two currently defined types of unicast addresses are global-aggregatable unicast (also known as global unicast) and link local unicast. Multicastfor sending to all of the interfaces in a group. An IPv6 multicast address identifies a set of interfaces on different devices.
12/15/2010 Created by R.D.Ray 250

Anycast for sending to the nearest interface in a group. An IPv6 anycast address also identifies a set of interfaces on different devices; however, a packet sent to an anycast address goes only to the nearest interface, as determined by the routing protocol in use. Therefore, all nodes with the same anycast address should provide the same service.

IPv6 Interface Identifiers


Interface identifiers (IDs) in IPv6 addresses are used to identify a unique interface on a link and are sometimes referred to as the "host portion" of the IPv6 address. Interface IDs must be unique on a link. They are always 64-bits long and can be dynamically created, based on the data-link layer address. For Ethernet, the interface ID is based on the media access control (MAC) address of the interface, in a format called the extended universal identifier 64-bit (EUI64) format. The EUI-64 format interface ID is derived from the 48-bit MAC address by inserting the hexadecimal number FFFE between the organizationally unique identifier (OUI) field (the upper three bytes) and the vendor code (the lower three bytes) of the MAC address.

The seventh bit in the first byte of the resulting interface ID, corresponding to the Universal/Local (U/L) bit, is set to binary 1.
12/15/2010 Created by R.D.Ray 251

The U/L bit indicates whether the interface ID is locally unique (on the link only) or universally (globally) unique; IDs derived from universally unique MAC addresses are assumed to be globally unique.
The eighth bit in the first byte of the interface ID is the individual/group (I/G) bit for managing multicast groups; it is not changed. note
12/15/2010 Created by R.D.Ray 252

IPV6 Global Unicast Address


Consists of a 48-bit global routing prefix, a 16-bit subnet ID and a 64-bit Interface ID (EUI-64 format)

/48 global prefix /16 subnet ID

/64 Interface ID

The first 48 bits of the IPv6 global unicast address are used for global routing at the Internet service provider (ISP) level

The next 16 bits are the subnet ID, allowing an enterprise to subdivide their network.
The final 64 bits are the interface ID, typically in EUI-64 format The Internet Assigned Numbers Authority (IANA) is currently assigning addresses that start with the binary value 001, which is 2000::/3, for IPv6 global unicast addresses. This is one-eighth of the total IPv6 address space.

The IANA is currently allocating address space in the 2001::/16 ranges to the registries. Registries typically have a /23 range, and allocate /32 ranges to ISPs.

12/15/2010

Created by R.D.Ray

253

IPv6 Link-Local Unicast Addresses


Link-local unicast addresses allow devices on the same local network to communicate, without requiring them to have global unicast addresses. Link-local addresses are used by routing and discovery protocols and are auto configured using the FE80::/10 prefix and the EUI-64 format interface ID.

IPv6 Routing Protocols RIPng (RIP next generation)


The Routing Information Protocol next generation (RIPng) is an interior gateway protocol (IGP) that uses a distance-vector algorithm to determine the best route to a destination, using the hop count as the metric.
RIPng is a routing protocol that exchanges routing information used to compute routes and is intended for Internet Protocol version 6 (IPv6)-based networks. The RIPng IGP uses the Bellman-Ford distance-vector algorithm to determine the best route to a destination. RIPng uses the hop count as the metric. RIPng allows hosts and routers to exchange information for computing routes through an IP-based network. RIPng is intended to act as an IGP for moderatelysized autonomous systems (ASs).
12/15/2010 Created by R.D.Ray 254

12/15/2010

Created by R.D.Ray

255

EIGRP for IPv6


EIGRP for IPv6 is directly configured on the interfaces over which it runs. This feature allows EIGRP for IPv6 to be configured without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
In per-interface configuration at system startup, if EIGRP has been configured on an interface, then the EIGRP protocol may start running before any EIGRP router mode commands have been executed.

An EIGRP for IPv6 protocol instance requires a router ID before it can start running.
EIGRP for IPv6 has a shutdown feature. The routing process should be in "no shutdown" mode in order to start running. When a user uses passive-interface configuration, EIGRP for IPv6 does not need to be configured on the interface that is made passive. EIGRP for IPv6 provides route filtering using the distribute-list prefix-list command. Use of the route-map command is not supported for route filtering with a distribute list.

12/15/2010

Created by R.D.Ray

256

12/15/2010

Created by R.D.Ray

257

OSPF V3 For IPV6


OSPFV3 is a new protocol implementation for IPV6. Based on OSPFv2, with enhancements

Distributes IPv6 prefixes


Runs directly over IPv6

Ships-in-the-night with OSPFv2


In OSPFV3 the IPV6 features that are included are :-

every ospf v2 IPV4 specific semantic is removed uses 128 bit IPV6 address Uses link-local based address as the source address supports authentication using IPSec runs over a link rather than a subnet

Basic packet types Hello, DBD, LSR, LSU, LSA Mechanisms for neighbor discovery and adjacency formation Interface types P2P, P2MP, Broadcast, NBMA, Virtual LSA flooding and aging Nearly identical LSA types
12/15/2010 Created by R.D.Ray 258

12/15/2010

Created by R.D.Ray

259

Migrating to IPv6
The transition from IPV4 to IPV6 does not require upgrades. The Methods that are
used are:

1. 2.

DUAL STACK TUNNELLING

DUAL STACK
It is an integration method where a router has connectivity to both IPV4 and IPV6.

CONFIGURE RIP V2 AND RIPNG ON BOTH THE ROUTERS

12/15/2010

Created by R.D.Ray

260

TUNNELING
It is an integration method in which an IPV6 packet is encapsulated within another protocol, such as IPV4. tunneling IPV6 inside of IPV4 uses IPV4 protocol 41. While tunneling an IPV6 packet over an IPV4 network, one edge router encapsulates the IPV6 packet inside an IPV4 packet and the router at the other end and the router at the other end de-capsulates it.

IPV6 TUNNELLING

12/15/2010

Created by R.D.Ray

261

Configure the routers accordingly


R1()# Int tunnel 0 Ipv6 add 2001:0:0:2::1/64 Tunnel source s0/0 Tunnel destination 200.200.201.3 Tunnel mode ipv6ip Ipv6 rip ccnp enable R3()# Int tunnel 0 Ipv6 add 2001:0:0:2::2/64 Tunnel source s0/1 Tunnel destination 200.200.200.1 Tunnel mode ipv6ip Ipv6 rip ccnp enable

Sh int tunnel Clear counters tunnel


The command IPV6IP specifies that manual IPV6 tunnel has IPV6 as the passenger protocol and IPV4 as both the encapsulation & transparent protocol

12/15/2010

Created by R.D.Ray

262

12/15/2010

Created by R.D.Ray

263

CSU/DSU

CSU/DSU

12/15/2010

Created by R.D.Ray

264

WAN Terms
Customer premises equipment (CPE) Is the equipment thats owned by the subscriber and located on the subscribers premises. Demarcation point is the precise spot where the service providers responsibility ends and the CPE begins. Its generally a device in a telecommunications closet owned and installed by the telecommunications company (telco). Its your responsibility to cable (extended demarc) from this box to the CPE, which is usually a connection to a CSU/DSU or ISDN interface. Local loop connects the demarc to the closest switching office, which is called a central office.

Central office (CO) This point connects the customers network to the providers switching network and is sometimes referred to as a point of presence (POP) .

12/15/2010

Created by R.D.Ray

265

WAN Connection Types

12/15/2010

Created by R.D.Ray

266

Leased lines These are usually referred to as a point-to-point or dedicated connection. A leased line is a pre-established WAN communications path that goes from the CPE through the DCE switch, then over to the CPE of the remote site. The CPE enables DTE networks to communicate at any time with no cumbersome setup procedures to muddle through before transmitting data.

it uses synchronous serial lines up to 45Mbps.


HDLC and PPP encapsulations are frequently used on leased lines

12/15/2010

Created by R.D.Ray

267

Circuit switching When you hear the term circuit switching , think phone call. The big advantage is costyou only pay for the time you actually use. No data can transfer before an end-to-end connection is established. Circuit switching uses dial-up modems or ISDN and is used for low-bandwidth data transfers. some people do have ISDN and it still is viable (and I do suppose someone does use a modem now and then), but circuit switching can be used in some of the newer WAN technologies as well. Packet switching This is a WAN switching method that allows you to share bandwidth with other companies to save money. Packet switching can be thought of as a network thats designed to look like a leased line yet charges you more like circuit switching. But less cost isnt always better theres definitely a downside: If you need to transfer data constantly, just forget about this option. Instead, get yourself a leased line. Packet switching will only work for you if your data transfers are the bursty typenot continuous. Frame Relay and X.25 are packet-switching technologies with speeds that can range from 56Kbps up to T3 (45Mbps).
12/15/2010 Created by R.D.Ray 268

WAN protocols Frame Relay A packet-switched technology that made its debut in the early 1990s, Frame Relay is a high-performance Data Link and Physical layer specification. Its pretty much a successor to X.25, except that much of the technology in X.25 used to compensate for physical errors (noisy lines) has been eliminated. An upside to Frame Relay is that it can be more cost effective than point-to-point links, plus it typically runs at speeds of 64Kbps up to 45Mbps (T3). Another Frame Relay benefit is that it provides features for dynamic bandwidth allocation and congestion control. ISDN
Integrated Services Digital Network (ISDN) is a set of digital services that transmit voice and data over existing phone lines. ISDN offers a cost-effective solution for remote users who need a higher-speed connection than analog dial-up links can give them, and its also a good choice to use as a backup link for other types of links like Frame Relay or T1 connections.

12/15/2010

Created by R.D.Ray

269

LAPB

Link Access Procedure, Balanced (LAPB) was created to be a connection-oriented protocol at the Data Link layer for use with X.25, but it can also be used as a simple data link transport. A not-so-good characteristic of LAPB is that it tends to create a tremendous amount of overhead due to its strict time-out and windowing techniques.
LAPD Link Access Procedure, D-Channel (LAPD) is used with ISDN at the Data Link layer (layer 2) as a protocol for the D (signaling) channel. LAPD was derived from the Link Access Procedure, Balanced (LAPB) protocol and is designed primarily to satisfy the signaling requirements of ISDN basic access. HDLC High-Level Data-Link Control (HDLC) was derived from Synchronous Data Link Control (SDLC), which was created by IBM as a Data Link connection protocol. HDLC works at the Data Link layer and creates very little overhead compared to LAPB.
12/15/2010 Created by R.D.Ray 270

It wasnt intended to encapsulate multiple Network layer protocols across the same linkthe HDLC header doesnt contain any identification about the type of protocol being carried inside the HDLC encapsulation. Because of this, each vendor that uses HDLC has its own way of identifying the Network layer protocol, meaning each vendors HDLC is proprietary with regard to its specific equipment. PPP

Point-to-Point Protocol (PPP) is a pretty famous, industry-standard protocol. Because all multiprotocol versions of HDLC are proprietary, PPP can be used to create point-to-point links between different vendors equipment. It uses a Network Control Protocol field in the Data Link header to identify the Network layer protocol and allows authentication and multilink connections to be run over asynchronous and synchronous links.

12/15/2010

Created by R.D.Ray

271

High-Level Data-Link Control (HDLC) Protocol

The High-Level Data-Link Control (HDLC) protocol is a popular ISOstandard, bit-oriented, Data Link layer protocol. It specifies an encapsulation method for data on synchronous serial data links using frame characters and checksums. HDLC is a point-to-point protocol used on leased lines. No authentication can be used with HDLC.
In byte-oriented protocols, control information is encoded using entire bytes. On the other hand, bit-oriented protocols use single bits to represent the control information. Some common bit-oriented protocols include SDLC, LLC, HDLC, TCP, and IP. HDLC is the default encapsulation used by Cisco routers over synchronous serial links. And Ciscos HDLC is proprietaryit wont communicate with any other vendors HDLC implementation.

12/15/2010

Created by R.D.Ray

272

12/15/2010

Created by R.D.Ray

273

Point-to-Point Protocol (PPP)

PPP contains four main components: EIA/TIA-232-C, V.24, V.35, and ISDN A Physical layer international standard for serial communication. HDLC A method for encapsulating datagrams over serial links.

LCP A method of establishing, configuring, maintaining, and terminating the point-topoint connection.
NCP A method of establishing and configuring different Network layer protocols. NCP is designed to allow the simultaneous use of multiple Network layer protocols.

12/15/2010

Created by R.D.Ray

274

12/15/2010

Created by R.D.Ray

275

Link Control Protocol (LCP) Configuration Options Link Control Protocol (LCP) offers different PPP encapsulation options, including the following: Authentication This option tells the calling side of the link to send information that can identify the user. The two methods are PAP and CHAP.
Compression This is used to increase the throughput of PPP connections by compressing the data or payload prior to transmission. PPP decompresses the data frame on the receiving end. Error detection PPP uses Quality and Magic Number options to ensure a reliable, loop-free data link. Multilink Starting with IOS version 11.1, multilink is supported on PPP links with Cisco routers. This option makes several separate physical paths appear to be one logical path at layer 3. For example, two T1s running multilink PPP would show up as a single 3Mbps path to a layer 3 routing protocol.
12/15/2010 Created by R.D.Ray 276

PPP callback PPP can be configured to call back after successful authentication. PPP callback can be a good thing for you because you can keep track of usage based upon access charges, for accounting records, and a bunch of other reasons. With callback enabled, a calling router (client) will contact a remote router (server) and authenticate as I described earlier. (Know that both routers have to be configured for the callback feature for this to work.) Once authentication is completed, the remote router will terminate the connection and then re-initiate a connection to the calling router from the remote router. PPP Session Establishment

When PPP connections are started, the links go through three phases of session establishment

12/15/2010

Created by R.D.Ray

277

Link-establishment phase LCP packets are sent by each PPP device to configure and test the link. These packets contain a field called the Configuration Option that allows each device to see the size of the data, compression, and authentication. If no Configuration Option field is present, then the default configurations will be used. Authentication phase If required, either CHAP or PAP can be used to authenticate a link. Authentication takes place before Network layer protocol information is read. And its possible that link-quality determination will occur simultaneously.

Network layer protocol phase PPP uses the Network Control Protocol (NCP) to allow multiple Network layer protocols to be encapsulated and sent over a PPP data link. Each Network layer protocol (e.g., IP, IPX, AppleTalk, which are routed protocols) establishes a service with NCP.

12/15/2010

Created by R.D.Ray

278

PPP Authentication Methods

There are two methods of authentication that can be used with PPP links:
Password Authentication Protocol (PAP) The Password Authentication Protocol (PAP) is the less secure of the two methods. Passwords are sent in clear text, and PAP is only performed upon the initial link establishment. When the PPP link is first established, the remote node sends the username and password back to the originating router until authentication is acknowledged. Not exactly Fort Knox! Challenge Handshake Authentication Protocol (CHAP) The Challenge Handshake Authentication Protocol (CHAP) is used at the initial startup of a link and at periodic checkups on the link to make sure the router is still communicating with the same host. After PPP finishes its initial linkestablishment phase, the local router sends a challenge request to the remote device. The remote device sends a value calculated using a one-way hash function called MD5. The local router checks this hash value to make sure it matches. If the values dont match, the link is immediately terminated.

12/15/2010

Created by R.D.Ray

279

Configuring PPP

On both r1 and r2 serial link:

()# int s0/0 encapsulation ppp


Configuring PPP Authentication Create a host name for the router if it is not present as it is necessary Set the username and password for the remote router The password on both routers must be same (password name is case sensitive) The username is the host name of the remote router

12/15/2010

Created by R.D.Ray

280

Router()# Host name r1 r1()#username r2 password cisco

Router()# Host name r2 r2()#username r1 password cisco

r1()#int s0/0 ppp authentication chap pap


Verifying PPP Encapsulation #sh int s0/0

r2()#int s0/0 ppp authentication chap pap

Debugging PPP Authentication


To display the CHAP authentication process as it occurs between two routers in the network, just use the command

#debug ppp authentication

12/15/2010

Created by R.D.Ray

281

Frame Relay A packet switching technology Derived from the earlier deployment of x.25 technology
Operates on a single subnet By default frame-relay is Non-broadcast-Multiaccess (NBMA) Works on Serial link

There are 2 types of bandwidth specifications for frame-relay 1. Access rate The maximum speed at which the Frame Relay interface can transmit.
2. CIR The maximum bandwidth of data guaranteed to be delivered. In reality, its the average amount that the service provider will allow you to transmit.

12/15/2010

Created by R.D.Ray

282

Virtual Circuits Frame Relay operates using virtual circuits as opposed to the actual circuits that leased lines use. These virtual circuits are what link together the thousands of devices connected to the providers cloud. Frame Relay provides a virtual circuit between your two DTE devices, making them appear to be connected via a circuit when in reality, theyre dumping their frames into a large, shared infrastructure. There are 2 types of VCs used by Frame-relay 1. Permanent VC works like a leased line which is always up. 2. Switched VC works like a dial-up connection. When data passes at that time it is up else it is down. Data Link Connection Identifiers (DLCIs) Frame Relay PVCs are identified to DTE end devices by Data Link Connection Identifiers (DLCIs). A Frame Relay service provider typically assigns DLCI values, which are used on Frame Relay interfaces to distinguish between different virtual circuits.
12/15/2010 Created by R.D.Ray 283

12/15/2010

Created by R.D.Ray

284

Local Management Interface (LMI) Local Management Interface (LMI) is a signaling standard used between your router and the first Frame Relay switch its connected to. It allows for passing information about the operation and status of the virtual circuit between the providers network and the DTE (your router). It communicates information about the following:
Keepalives These verify that data is flowing. Multicasting This is an optional extension of the LMI specification that allows, for example, the efficient distribution of routing information and ARP requests over a Frame Relay network. Multicasting uses the reserved DLCIs from 1019 through 1022. Global addressing This provides global significance to DLCIs, allowing the Frame Relay cloud to work exactly like a LAN. Status of virtual circuits This provides DLCI status. The status inquiries and messages are used as keepalives when there is no regular LMI traffic to send.

12/15/2010

Created by R.D.Ray

285

Configuring Frame-Relay

Rip v2

router()# hostname frsw frsw()# frame-relay switching ---- it enables frame-relay switching capability on the router ()# int s0/0 Encapsulation frame-relay Frame-relay intf-type dce Clock rate 64000 Frame-relay route 102 int s0/1 201 No sh ()# int s0/1 Encapsulation frame-relay Frame-relay intf-type dce Clock rate 64000 Frame-relay route 201 int s0/0 102 No sh

12/15/2010

Created by R.D.Ray

286

HQ()# int s0/0 Ip add 200.200.200.1 255.255.255.0 Encapsulation frame-relay Frame-relay intf-type dte bandwidth 64 Frame-relay interface-dlci 102 No sh ()# Router rip Ver 2 No auto Net 200.200.200.0 Net 192.168.10.0

BR1()# int s0/0 Ip add 200.200.200.2 255.255.255.0 Encapsulation frame-relay Frame-relay intf-type dte bandwidth 64 Frame-relay interface-dlci 102 No sh ()# Router rip Ver 2 No auto Net 200.200.200.0 Net 192.168.20.0

Verirying:On HQ and BR1 #show frame-relay map #Show frame-relay pvc

On FRSW #show frame-relay route


12/15/2010 Created by R.D.Ray 287

12/15/2010

Created by R.D.Ray

288

Switch Operation
When you power on the switch it does 3 things :Address learning Layer 2 switches and bridges remember the source hardware address of each frame received on an interface, and they enter this information into a MAC database called a forward/filter table. Forwarding and Filtering When a frame is received on an interface, the switch looks at the destination hardware address and finds the exit interface in the MAC database. The frame is only forwarded out the specified destination port.

Loop avoidance If multiple connections between switches are created for redundancy purposes, network loops can occur. Spanning Tree Protocol (STP) is used to stop network loops while still permitting redundancy.
If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm. A device can receive multiple copies of the same frame since that frame can arrive from different segments at the same time.

12/15/2010

Created by R.D.Ray

289

The MAC address filter table could be totally confused about the devices location because the switch can receive the frame from more than one link. And whats more, the bewildered switch could get so caught up in constantly updating the MAC filter table with source hardware address locations that it will fail to forward a frame! This is called thrashing the MAC table.

Spanning Tree Protocol (STP)


Once upon a time a company called Digital Equipment Corporation (DEC) was purchased and renamed Compaq. DEC created the original version of Spanning Tree Protocol, or STP. The IEEE later created its own version of STP called 802.1D. By default, Cisco switches run the IEEE 802.1D version of STP, which isnt compatible with the DEC version. STPs main task is to stop network loops from occurring on your layer 2 network (bridges or switches). It monitors the network to find all links, making sure that no loops occur by shutting down any redundant links. STP uses the spanning-tree algorithm (STA) to first create a topology database and then search out and destroy redundant links. With STP running, frames will be forwarded only on STP-picked links.

Spanning Tree Terms


Data messages are exchanged in the form of Bridge Protocol Data Units (BPDU). A switch sends a BPDU frame out a port, using the unique MAC address of the port itself as a source address. The switch is unaware of the other switches around it, so BPDU frames are sent with a destination address of the well-known STP multicast address 01-80-c2-00-00-00.

12/15/2010

Created by R.D.Ray

290

By default, BPDUs are sent out all switch ports every 2 seconds so that current topology information is exchanged and loops are identified quickly. It contains:Protocol ID Version Message Type Flags Root Bridge ID Root Path Cost Sender Bridge ID Port ID Message Age (in 256ths of a second) Maximum Age (in 256ths of a second) Hello Time (in 256ths of a second) Forward Delay (in 256ths of a second)

Two types of BPDU exist: Configuration BPDU, used for spanning-tree computation Topology Change Notification (TCN) BPDU, used to announce changes in the network topology

Bridge ID The bridge ID is how STP keeps track of all the switches in the network. It is determined by a combination of the bridge priority (32,768 by default on all Cisco switches) and the base MAC address. The bridge with the lowest bridge ID becomes the root bridge in the network.
Bridge Priority (2 bytes)The priority or weight of a switch in relation to all other switches. The priority field can have a value of 0 to 65,535 and defaults to 32,768 (or 0x8000) on every Catalyst switch.

MAC Address (6 bytes)The MAC address used by a switch can come from the Supervisor module, the backplane, or a pool of 1,024 addresses that are assigned to every Supervisor or backplane, depending on the switch model. In any event, this address is hardcoded and unique, and the user cannot change it.
12/15/2010 Created by R.D.Ray 291

Root Bridge
For all switches in a network to agree on a loop-free topology, a common frame of reference must exist to use as a guide. This reference point is called the Root Bridge.

Election of Root Bridge

The election of Root Bridge is based on priority value. If the priority is same then the switch with the lowest mac address becomes the root bridge.
Designated Ports By default all the ports of a Root Bridge are Designated Ports and they are always in forwarding state. On a Non-Root-Bridge the port which is not the Root Port and has the lowest path cost to reach the destination.
Port cost Port cost determines the best path when multiple links are used between two switches and none of the links is a root port. The cost of a link is determined by the bandwidth of a link.
12/15/2010 Created by R.D.Ray 292

Root Ports On a Non-Root Bridge the port which is either directly connected to the RB or has the lowest path cost to reach the RB is called as Root Port.

12/15/2010

Created by R.D.Ray

293

Root Port Election

1.If a switch has multiple ports connected to reach the RB then the port with the lowest path cost becomes the RP.
2. If a switch has multiple ports with same cost to reach the RB then the port with the lowest port number becomes the RP.

12/15/2010

Created by R.D.Ray

294

12/15/2010

Created by R.D.Ray

295

Spanning-Tree Port States


Blocking A blocked port wont forward frames; it just listens to BPDUs. The purpose of the blocking state is to prevent the use of looped paths. All ports are in blocking state by default when the switch is powered up.

Listening The port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table.
Learning The switch port listens to BPDUs and learns all the paths in the switched network. A port in learning state populates the MAC address table but doesnt forward data frames. Forward delay means the time it takes to transition a port from listening to learning mode, which is set to 15 seconds by default and can be seen in the show spanning-tree output. Forwarding The port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters the forwarding state.

Disabled A port in the disabled state (administratively) does not participate in the frame forwarding or STP. A port in the disabled state is virtually nonoperational.
A port takes about 50 seconds to be fully active.
12/15/2010 Created by R.D.Ray 296

Virtual LANs (VLANs)


A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. Characteristics of VLAN 1. 2. 3. All devices in a vlan are member of the same broadcast domain. The broadcast is filtered from all ports or devices that are not members of same vlan. Vlan membership is always associated with a switch port.

Benefits of VLAN

1. 2. 3.

Efficient use of Bandwidth utilization Security Active redundant path

12/15/2010

Created by R.D.Ray

297

There are 2 types of VLAN. Static VLAN:are created manually by the administrator. Each port receives a port vlan id that associates it with a vlan numbering. The ports on a single switch can be assigned and grouped into many vlans.
Dynamic VLAN:provides the membership based on the MAC address of an enduser device. When a device is connected to a switch-port, the switch must query a database to establish VLAN membership. The administrator must assign users MAC address to a vlan in the database of a vlan membership policy server (VMPS). with cisco switches dynamic vlans are created and managed using network management tools, cisco works 2000. There are 2 types of links used with VLAN 1. access-link 2. Trunk link
12/15/2010 Created by R.D.Ray 298

Access-Link:Its a link between a switch and pc , switch and hub. No vlan information passes through access-link. Trunk Link:Its a link between a switch to switch , switch to router. Multiple vlan information passes through this link. Trunking Methods:There are 3 types of trunking Methods available ; 1. ISL (Inter Switch Link) 2. IEEE802.1q 3. DTP (Dynamic Trunking Protocol)

Inter Switch Link:Its a cisco proprietary protocol that supports multiprotocol like ethernet token ring , FDDI. It supports 1000 vlans and PVST. It performs frame identification in layer 2 by encapsulating each frame between a header and trailer. When a frame is sent out to another switch ISL adds a 26 byte header and a 4 byte trailer to the fame. The trailer contains a CRC value to ensure the data integrity of the frame.
12/15/2010 Created by R.D.Ray 299

IEEE802.1Q :An IEEE standard method for identifying vlans by inserting a vlan identifier into the frame header. This process is called frame tagging. It supports ethernet and token ring and upto 4096 vlans. It also supports enhanced stp like PVST, MST, RSTP. Dynamic Trunking Protocol (DTP):It is a cisco proprietary point-to-point protocol that negotiates a common trunking mode between two switches. The negotiation covers the encapsulation (ISL or DOT1Q) and whether the link becomes a trunk at all. VLAN Trunking Protocol (VTP) its a protocol used to distribute and synchronize information about vlans configured throughout a switched network. It maintains consistency by managing addition, deletion and name changes of vlans within a vtp domain.

A vtp domain is one switch or several interconnected switches sharing the same vtp environment.

12/15/2010

Created by R.D.Ray

300

VTP modes
VTP operates in one of the three modes :1. Server 2.Client 3. Transparent

Server Mode :Create, delete, modify vlans Forwards advertisements to other switches Synchronizes vlan configuration with latest information received from other switches Saves vlan configuration in NVRAM Client Mode:Can not create, delete, change vlans Forwards advertisements to other vlans Does not save vlan configuration in NVRAM Acts as a VTP relay
Transparent Mode :Doesnt participate in VTP doesnt advertise its own vlan configuration Doesnt synchronize its vlan database with received advertisements Vtp version 2 transparent switches forward received vtp advertisements out of their trunk port acting as vtp relays.

12/15/2010

Created by R.D.Ray

301

VTP Operation

Vtp advertisements are sent as multicast frames


Vtp servers and clients are synchronized to the latest revision number Vtp advertisements are sent in every 5 minutes or when there is a change

Vtp switches use an index called the vtp configuration revision number to keep track of the most recent information
The vtp advertisement process always starts with configuration revision number 0 VTP Prunning Uses vlan advertisements to determine when a trunk connection is flooding traffic needlessly. It increases the available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, vtp pruning is disabled. Switch ()# vtp prunning
12/15/2010 Created by R.D.Ray 302

192.168.10.0 Dg - 192.168.10.100

192.168.20.0 Dg - 192.168.20.100

Configuring VLAN
SW()# VLAN 2 # NAME HR

SW()# VLAN 3 # NAME SALE


Sw # show vlan
12/15/2010 Created by R.D.Ray 303

Adding Port to Vlan / configuring access port


Sw()# int fa0/1 # switchport mode access # switchport access vlan 2 Sw()# int range fa0/2 - 4 # switchport mode access # switchport access vlan 2

Sw()# int range fa0/5 - 8 # switchport mode access # switchport access vlan 3 Sw# show vlan

12/15/2010

Created by R.D.Ray

304

Configuring Trunk port


For 2950 switch SW()# int fa0/9 # switchport mode trunk
For 3550/3560 switch

SW()# int fa0/9 # switchport trunk encapsulation {isl : dot1q} # switchport mode trunk

Configuring Router for Inter-vlanning


Router()# int fa0/0 No ip address No shut
12/15/2010 Created by R.D.Ray 305

Router()# int fa0/0.1 Encapsulation dot1q 2 vlan 2 ip address 192.168.10.100 255.255.255.0


Router()# int fa0/0.2 Encapsulation dot1q 3 vlan 3 ip address 192.168.20.100 255.255.255.0 Pc1:\>ping 192.168.20.1 Pc2:\>ping 192.168.10.1

12/15/2010

Created by R.D.Ray

306

Configuring the Switch Priority of a VLAN


Switch(config)#spanning-tree vlan 5 priority 12288
NOTE: With the priority keyword, the range is 0 to 61440 in increments of 4096. The default is 32768. The lower the priority, the more likely the switch will be chosen as the root switch. Only the following numbers can be used as a priority value: 0 4096 8192 12288

16384
32768 49152

20480
36864 53248

25576
40960 57344

28672
45056 61440

12/15/2010

Created by R.D.Ray

307

Redundant Link Convergence


PortFast Enables fast connectivity to be established on access-layer switch ports to workstations that are booting up by-passing listening and learning state. By default, PortFast is disabled on all switch ports. You can configure PortFast as a global default, affecting all switch ports with a single command. All ports that are configured for access mode (non-trunking) will have PortFast automatically enabled.
Switch(config)# spanning-tree portfast default Switch(config)#int fa0/10 Switch(config-if)# spanning-tree portfast Switch# show spanning-tree interface fastethernet 0/1 portfast UplinkFast Enables fast-uplink failover on an access-layer switch when dual uplinks are connected into the distribution layer. When UplinkFast is enabled, it is enabled for the entire switch and all VLANs. UplinkFast works by keeping track of possible paths to the Root Bridge. Therefore, the command is not allowed on the Root Bridge switch.
12/15/2010 Created by R.D.Ray 308

Switch(config)# spanning-tree uplinkfast Switch(config)# spanning-tree uplinkfast [max-update-rate pkts-per-second]


This limits the amount of bandwidth used for the dummy multicasts if the CAM table is quite large. The default is 150 packets per second (pps), but the rate can range from 0 to 65,535 pps. Switch# show spanning-tree uplinkfast BackboneFast Enables fast convergence in the network backbone (core) after a spanning-tree topology change occurs.

BackboneFast works by having a switch actively determine whether alternative paths exist to the Root Bridge, in case the switch detects an indirect link failure. Indirect link failures occur when a link that is not directly connected to a switch fails.

12/15/2010

Created by R.D.Ray

309

A switch detects an indirect link failure when it receives inferior BPDUs from its designated bridge on either its Root Port or a blocked port. (Inferior BPDUs are sent from a designated bridge that has lost its connection to the Root Bridge, making it announce itself as the new Root.) Normally, a switch must wait for the Max Age timer to expire before responding to the inferior BPDUs. However, BackboneFast begins to determine whether other alternative paths to the Root Bridge exist according to the following port types that received the inferior BPDU: If the inferior BPDU arrives on a port in the Blocking state, the switch considers the Root Port and all other blocked ports to be alternate paths to the Root Bridge.

If the inferior BPDU arrives on the Root Port itself, the switch considers all blocked ports to be alternate paths to the Root Bridge.
If the inferior BPDU arrives on the Root Port and no ports are blocked, however, the switch assumes that it has lost connectivity with the Root Bridge. In this case, the switch assumes that it has become the Root Bridge, and BackboneFast allows it to do so before the Max Age timer expires.
12/15/2010 Created by R.D.Ray 310

When used, BackboneFast should be enabled on all switches in the network .

Switch(config)# spanning-tree backbonefast Switch# show spanning-tree backbonefast

Troubleshooting STP
Because the STP running in a network uses several timers, costs, and dynamic calculations, predicting the current state is difficult. You can use a network diagram and work out the STP topology by hand, but any change on the network could produce an entirely different outcome.

12/15/2010

Created by R.D.Ray

311

12/15/2010

Created by R.D.Ray

312

12/15/2010

Created by R.D.Ray

313

Protecting the Spanning Tree Protocol Topology


This chapter discusses two basic conditions that can occur to disrupt the loop-free topology (even while STP is running):
On a port that has not been receiving BPDUs, BPDUs are not expected. When BPDUs suddenly appear for some reason, the STP topology can re-converge to give unexpected results. On a port that normally receives BPDUs, BPDUs always are expected. When BPDUs suddenly disappear for some reason, a switch can make incorrect assumptions about the topology and unintentionally create loops. Protecting Against Unexpected BPDUs BPDU guard BPDU filter

12/15/2010

Created by R.D.Ray

314

BPDU Guard
The BPDU guard feature was developed to further protect the integrity of switch ports that have PortFast enabled. If any BPDU (whether superior to the current root or not) is received on a port where BPDU guard is enabled, that port immediately is put into the errdisable state. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function. By default, BPDU guard is disabled on all switch ports.
Portfast enabled

RB switch

client switch
Errdisable state

hub

New switch
BPDU with superior information

Switch(config)# spanning-tree portfast bpduguard default Switch(config-if)# spanning-tree bpduguard enable

12/15/2010

Created by R.D.Ray

315

BPDU Filtering
Is another way of preventing Root Bridge placement in the network. It can be configured globally and also on interface. In global mode if a portfast interface receives any BPDUs it is taken out of Portfast status.

In interface mode it prevents the port from sending and receiving BPDUs.
Switch(config)# spanning-tree portfast bpdufilter default Switch(config-if)# spanning-tree bpdufilter enable

12/15/2010

Created by R.D.Ray

316

RSTP (802.1w)

RSTP is designed to speed up the re-calculation of the Spanning-Tree when a L2 network topology changes. The characteristics of RSTP are :They are integrated into protocol at a low level

They are transparent


Do not require additional configuration Performs better than STP configuration RSTP achieves its rapid nature by letting each switch interact with its neighbors through each port. This interaction is based on a ports role.
Switch(config)# spanning-tree mode rapid-pvst

12/15/2010

Created by R.D.Ray

317

Switch Port Aggregation with Ether-Channel


Aggregation means bundling, which is done through ether channel or Port channel. Ether channel or port channel bundles individual ethernet links into a single logical link that provides up-to 1600 Mbps between 2 catalyst switches.
2 to 8 links of wither FE, GE, or 10-GE are bundled as one logical link of fast ether channel, GEC, 10GEC. This bundle provides a full-duplex bandwidth upto 1600 mbps, 16gbps. Ether channel uses 2 protocols :1. Port Aggregation Protocol (PAGP) 2. Link Aggregation Control Protocol (LACP)

PAGP
Its a cisco proprietary protocol that learns the capabilities of interface groups dynamically and informs other interfaces. After identifying correctly matched ethernet links it groups the links into an ether channel.
12/15/2010 Created by R.D.Ray 318

PAGP has two modes auto and desirable which are grouped as :Desirable-desirable auto desirable By default, PAGP operates in silent sub-mode with the desirable and auto mode and allows ports to be added to an ether channel even if the other end of the link is silent and never transmit PAGP packets. LACP

Its an open standard IEEE protocol. In LACP the switch with the lowest system priority is allowed to make decisions about what ports are actively participating in the ether channel at a given time. To create a channel in lacp the links must be set to :Active active Active passive

12/15/2010

Created by R.D.Ray

319

Interface Modes in Ether Channel

Mode ON

Protocol ---

Description

AUTO

PAgP

Desirable

PAgP

12/15/2010

Created by R.D.Ray

320

Mode Active

Protocol LACP

Description places the interface into an active state

Passive

LACP

places the interface into a passive negotiation

There are 2 types of ether-channel . 1. Layer 2 2. Layer 3 As ports are configured to be members of an Ether-Channel, the switch automatically creates a logical port-channel interface. This interface represents the channel as a whole. Guidelines that apply to the switch ports that will be grouped into an EtherChannel: All ports should be assigned to the same VLAN or configured for trunking (an EtherChannel can be used as a trunk link).

12/15/2010

Created by R.D.Ray

321

If the EtherChannel will be a trunk link, all ports should have the same trunk mode and should carry the same VLANs over the trunk. All ports should be configured for the same speed and duplex mode. Do not configure the ports as dynamic VLAN ports. All ports should be enabled; a disabled port will be seen as a failed link, forcing its traffic to be moved to the next available link in the bundle.

Configuring Etherchannel
4 5 6

sw2

1 2 3

1 2 3

4 5 6

12/15/2010

Created by R.D.Ray

322

Configuring PAgP mode


4 5 6 1 2 3 1 2 3 4 5 6

sw2

Both switch 1 and switch 2 should initiate negotiation via PAgP

. On both sw1 and sw2 ------()# int rang fa0/1 3 Channel-group 1 mode desirable
()# Int port-channel 1 Switchport mode dynamic desirable

12/15/2010

Created by R.D.Ray

323

Securing Switch Access

12/15/2010

Created by R.D.Ray

324

You might also like