Network Administrator Presentation

Data Networks
Sharing data through the use of floppy disks is not an efficient or

cost-effective manner in which to operate businesses.
Businesses needed a solution that would successfully address the

following three problems:
• How to avoid duplication of equipment and resources
• How to communicate efficiently
• How to set up and manage a network
Businesses realized that networking technology could increase

productivity while saving money.
Networking Devices
Equipment that connects directly to a network segment is referred
to as a device.
These devices are broken up into two classifications.

• end-user devices
• network devices
End-user devices include computers, printers, scanners, and other

devices that provide services directly to the user.
Network devices include all the devices that connect the end-user
devices together to allow them to communicate.
Network Interface Card
A network interface card (NIC) is a printed circuit board that
provides network communication capabilities to and from a
personal computer. Also called a LAN adapter.
Networking Device Icons
Repeater
A repeater is a network device used to regenerate a signal.
Repeaters regenerate analog or digital signals distorted by
transmission loss due to attenuation. A repeater does not perform
intelligent routing.
Hub
Hubs concentrate connections.
In other words, they take a
group of hosts and allow the
network to see them as a
single unit.
This is done passively, without

any other effect on the data
transmission.
Active hubs not only

concentrate hosts, but they
also regenerate signals.
Bridge
Bridges convert network transmission data formats as well as
perform basic data transmission management. Bridges, as the
name implies, provide connections between LANs. Not only do
bridges connect LANs, but they also perform a check on the data to
determine whether it should cross the bridge or not. This makes
each part of the network more efficient.
Workgroup Switch
Workgroup switches add more

intelligence to data transfer
management.
Switches can determine

whether data should remain on
a LAN or not, and they can
transfer the data to the
connection that needs that
data.
Router
Routers have all capabilities of the previous devices. Routers can
regenerate signals, concentrate multiple connections, convert data
transmission formats, and manage data transfers.They can also
connect to a WAN, which allows them to connect LANs that are
separated by great distances.
“The Cloud”
The cloud is used in diagrams to represent where the connection to
the internet is.
It also represents all of the devices on the internet.
Network Topologies
Network topology defines the structure of the network.
One part of the topology definition is the physical topology, which is

the actual layout of the wire or media.
The other part is the logical topology,which defines how the media
is accessed by the hosts for sending data.
Physical Topologies
Bus Topology
A bus topology uses a single backbone cable that is terminated at
both ends.
All the hosts connect directly to this backbone.

Ring Topology
A ring topology connects one host to the next and the last host to
the first.
This creates a physical ring of cable.

Star Topology
A star topology connects all cables to a central point of
concentration.
Extended Star Topology
An extended star topology links individual stars together by
connecting the hubs and/or switches.This topology can extend the
scope and coverage of the network.
Hierarchical Topology
A hierarchical topology is similar to an extended star.

Mesh Topology
A mesh topology is implemented to provide as much
protection as possible from interruption of service.
Each host has its own connections to all other hosts.
Although the Internet has multiple paths to any one location,
it does not adopt the full mesh topology.
LANs, MANs, & WANs
One early solution was the creation of local-area network (LAN)

standards which provided an open set of guidelines for creating
network hardware and software, making equipment from different
companies compatible.
What was needed was a way for information to move efficiently and
quickly, not only within a company, but also from one business to
another.
The solution was the creation of metropolitan-area networks

(MANs) and wide-area networks (WANs).
Examples of Data Networks
LANs
Wireless LAN Organizations and
Standards
In cabled networks, IEEE is the prime issuer of standards for wireless
networks. The standards have been created within the framework of
the regulations created by the Federal Communications Commission
(FCC).
A key technology contained within the 802.11 standard is Direct

Sequence Spread Spectrum (DSSS).
Cellular Topology for Wireless
WANs
SANs
A SAN is a dedicated, high-

performance network used to
move data between servers and
storage resources.
Because it is a separate,
dedicated network, it avoids any
traffic conflict between clients
and servers.
Virtual Private Network
A VPN is a private network that is constructed within a public network
infrastructure such as the global Internet. Using VPN, a telecommuter can
access the network of the company headquarters through the Internet by
building a secure tunnel between the telecommuter’s PC and a VPN router in
the headquarters.
Bandwidth
Measuring Bandwidth
OSI MODEL
Why do we need the OSI Model?
To address the problem of networks increasing in size and

in number, the International Organization for
Standardization (ISO) researched many network schemes
and recognized that there was a need to create a network
model that would help network builders implement
networks that could communicate and work together and
therefore, released the OSI reference model in 1984.
Don’t Get Confused.
ISO - International Organization for Standardization
OSI - Open System Interconnection
IOS - Internetwork Operating System
The ISO created the OSI to make the IOS more efficient.
The “ISO” acronym is correct as shown.
To avoid confusion, some people say “International

Standard Organization.”
The OSI Reference Model
7 Application The OSI Model will be
used throughout your
6 Presentation
entire networking career!
5 Session
4 Transport
3 Network
Memorize it!
2 Data Link
1 Physical
Layer 7 - The Application Layer
7 Application This layer deal with
networking applications.
6 Presentation
5 Session Examples:
4 Transport  Email
 Web browsers
3 Network
2 Data Link PDU - User Data
1 Physical
Layer 6 - The Presentation Layer
7 Application This layer is responsible for
presenting the data in the
6 Presentation
required format which may
5 Session include:
4 Transport  Encryption
 Compression
3 Network
2 Data Link PDU - Formatted Data
1 Physical
Layer 5 - The Session Layer
7 Application This layer establishes,
manages, and terminates
6 Presentation
sessions between two
5 Session communicating hosts.
4 Transport
Example:
3 Network  Client Software
2 Data Link ( Used for logging in)
1 Physical PDU - Formatted Data

Layer 4 - The Transport Layer
7 Application This layer breaks up the data
from the sending host and then
6 Presentation
reassembles it in the receiver.
5 Session
4 Transport It also is used to insure reliable
data transport across the
3 Network network.
2 Data Link
PDU - Segments
1 Physical
Layer 3 - The Network Layer
7 Application Sometimes referred to as the
“Cisco Layer”.
6 Presentation
5 Session Makes “Best Path
4 Transport Determination” decisions
based on logical addresses
3 Network (usually IP addresses).
2 Data Link
PDU - Packets
1 Physical
Layer 2 - The Data Link Layer
7 Application This layer provides reliable
transit of data across a
6 Presentation
physical link.
5 Session
4 Transport Makes decisions based on
physical addresses (usually
3 Network MAC addresses).
2 Data Link
PDU - Frames
1 Physical
Layer 1 - The Physical Layer
This is the physical media
7 Application through which the data,
6 Presentation represented as electronic
signals, is sent from the
5 Session
source host to the destination
4 Transport host.
3 Network
Examples:
2 Data Link  CAT5 (what we have)
1 Physical  Coaxial (like cable TV)
 Fiber optic
PDU - Bits
Host Layers
7 Application These layers only
exist in the
6 Presentation
source and
5 Session destination host
4 Transport computers.
3 Network
2 Data Link
1 Physical
Media Layers
7 Application
6 Presentation
5 Session
4 Transport
These layers manage the
3 Network
information out in the
2 Data Link LAN or WAN between
1 Physical the source and
destination hosts.
Data Flow Through a Network
THE NETWORKING
MEDIA
LAN Physical Layer
Various symbols are used to represent media types.
The function of media is to carry a flow of information

through a LAN.Networking media are considered Layer 1,
or physical layer, components of LANs.
Each media has advantages and disadvantages.

Some of the advantage or disadvantage comparisons
concern:
• Cable length
• Cost
• Ease of installation
• Susceptibility to interference
Coaxial cable, optical fiber, and even free space can carry
network signals. However, the principal medium that will
be studied is Category 5 unshielded twisted-pair cable
(Cat 5 UTP)
Unshielded Twisted Pair (UTP) Cable
UTP Implementation
EIA/TIA specifies an RJ-45 connector for UTP cable.
The RJ-45 transparent end connector shows eight colored wires.
Four of the wires carry the voltage and are considered “tip” (T1 through T4).
The other four wires are grounded and are called “ring” (R1 through R4).
The wires in the first pair in a cable or a connector are designated as T1 & R1
Connection Media
The registered jack (RJ-45) connector and jack are the most
common.
In some cases the type of connector on a network interface card

(NIC) does not match the media that it needs to connect to.
The attachment unit interface (AUI) connector allows different

media to connect when used with the appropriate transceiver.
A transceiver is an adapter that converts one type of connection to

another.
Ethernet Standards
The Ethernet standard specifies that each of the pins on an RJ-45

connector have a particular purpose. A NIC transmits signals on
pins 1 & 2, and it receives signals on pins 3 & 6.
Remember…
A straight-thru cable has T568B on both ends. A crossover (or cross-

connect) cable has T568B on one end and T568A on the other. A
console cable had T568B on one end and reverse T568B on the other,
which is why it is also called a rollover cable.
Straight-Thru or Crossover
Use straight-through cables for the following cabling:

• Switch to router
• Switch to PC or server
• Hub to PC or server
Use crossover cables for the following cabling:
• Switch to switch
• Switch to hub
• Hub to hub
• Router to router
• PC to PC
• Router to PC
Sources of Noise on Copper Media
Noise is any electrical energy on the transmission

cable that makes it difficult for a receiver to interpret
the data sent from the transmitter. TIA/EIA-568-B
certification of a cable now requires testing for a
variety of types of noise.Twisted-pair cable is
designed to take advantage of the effects of
crosstalk in order to minimize noise. In twisted-pair
cable, a pair of wires is used to transmit one
signal.The wire pair is twisted so that each wire
experiences similar crosstalk. Because a noise
signal on one wire will appear identically on the other
wire, this noise be easily detected and filtered at
receiver.Twisting one pair of wires in a cable also
helps to reduce crosstalk of data or noise signals
from adjacent wires.
Shielded Twisted Pair (STP) Cable
Coaxial Cable
Fiber Optic Cable
Fiber Optic Connectors
Connectors are attached to the fiber ends so that the fibers can be
connected to the ports on the transmitter and receiver.
The type of connector most commonly used with multimode fiber is
the Subscriber Connector (SC connector).On single-mode fiber, the
Straight Tip (ST) connector is frequently used
Fiber Optic Patch Panels
Fiber patch panels similar to the patch panels used with copper cable.
Cable Specifications
10BASE-T
The T stands for twisted pair.
10BASE5
The 5 represents the fact that a signal can travel for approximately 500
meters 10BASE5 is often referred to as Thicknet.
10BASE2
The 2 represents the fact that a signal can travel for approximately 200
meters 10BASE2 is often referred to as Thinnet.
All 3 of these specifications refer to the speed of transmission at 10 Mbps

and a type of transmission that is baseband, or digitally interpreted. Thinnet
and Thicknet are actually a type of networks, while 10BASE2 & 10BASE5
are the types of cabling used in these networks.
Ethernet Media Connector Requirements
LAN Physical Layer Implementation
Ethernet in the Campus
WAN Physical Layer
WAN Serial Connection Options
Serial Implementation of DTE & DCE
When connecting directly to a service provider, or to a device
such as a CSU/DSU that will perform signal clocking, the router
is a DTE and needs a DTE serial cable.
This is typically the case for routers.
Back-to-Back Serial Connection
When performing
a back-to-back
router scenario in
a test
environment, one
of the routers will
be a DTE and the
other will be a
DCE.
Repeater
A repeater is a network device used to regenerate a signal.
Repeaters regenerate analog or digital signals distorted by
transmission loss due to attenuation.Repeater is a Physical Layer
device
The 4 Repeater Rule
The Four Repeater Rule for 10-Mbps Ethernet should be used as a
standard when extending LAN segments.
This rule states that no more than four repeaters can

be used between hosts on a LAN.
This rule is used to limit latency added to frame travel by each

repeater.
Hub
Hubs concentrate
connections.In other words,
they take a group of hosts and
allow the network to see them
as a single unit.
Hub is a physical layer
device.
Network Interface Card
The function of a NIC is to connect a host device to the network medium.
A NIC is a printed circuit board that fits into the expansion slot on the motherboard or
peripheral device of a computer. The NIC is also referred to as a network adapter.
NICs are considered Data Link Layer devices because each NIC carries a unique code
called a MAC address.
MAC Address
MAC address is 48 bits in length and expressed as twelve hexadecimal
digits.MAC addresses are sometimes referred to as burned-in addresses (BIA)
because they are burned into read-only memory (ROM) and are copied into
random-access memory (RAM) when the NIC initializes.
Bridge
Bridges are Data Link layer devices.Connected host
addresses are learned and stored on a MAC address
table.Each bridge port has a unique MAC address
Bridges
Bridging Graphic
Switch
Switches are Data Link

layer devices.
Each Switch port has a

unique MAC address.
Connected host MAC

addresses are learned and
stored on a MAC address
table.
Switching Modes
cut-through
A switch starts to transfer the frame as soon as the destination MAC address is
received. No error checking is available.
Must use synchronous switching.
store-and-forward
At the other extreme, the switch can receive the entire frame before sending it
out the destination port. This gives the switch software an opportunity to verify
the Frame Check Sum (FCS) to ensure that the frame was reliably received
before sending it to the destination.
Must be used with asynchronous switching.
fragment-free
A compromise between the cut-through and store-and-forward modes.
Fragment-free reads the first 64 bytes, which includes the frame header, and
switching begins before the entire data field and checksum are read.
Full Duplex
Another capability emerges when only two nodes are connected. In a network that uses
twisted-pair cabling, one pair is used to carry the transmitted signal from one node to the
other node. A separate pair is used for the return or received signal. It is possible for signals
to pass through both pairs simultaneously. The capability of communication in both directions
at once is known as full duplex.
Switches – MAC Tables
Switches – Parallel Communication
Microsegmentation
A switch is simply a bridge with many ports. When only one node is connected to a switch
port, the collision domain on the shared media contains only two nodes. The two nodes in
this small segment, or collision domain, consist of the switch port and the host connected
to it. These small physical segments are called micro segments.
Peer-to-Peer Network
In a peer-to-peer network, networked computers act as equal partners, or peers.
As peers, each computer can take on the client function or the server function.
At one time, computer A may make a request for a file from computer B, which responds
by serving the file to computer A. Computer A functions as client, while B functions as the
server. At a later time, computers A and B can reverse roles.
In a peer-to-peer network, individual users control their own resources. Peer-to-peer
networks are relatively easy to install and operate. As networks grow, peer-to-peer
relationships become increasingly difficult to coordinate.
Client/Server Network
In a client/server arrangement, network services are located on a dedicated computer
called a server.
The server responds to the requests of clients.
The server is a central computer that is continuously available to respond to requests from
clients for file, print, application, and other services.
Most network operating systems adopt the form of a client/server relationship.

THE TCP/IP MODEL
Why Another Model?
Although the OSI reference model is universally
recognized, the historical and technical open standard of
the Internet is Transmission Control Protocol / Internet
Protocol (TCP/IP).
The TCP/IP reference model and the TCP/IP protocol stack

make data communication possible between any two
computers, anywhere in the world, at nearly the speed of
light.
The U.S. Department of Defense (DoD) created the TCP/IP

reference model because it wanted a network that could
survive any conditions, even a nuclear war.
Don’t Confuse the Models
7 Application
6 Presentation Application
5 Session
4 Transport Transport
3 Network Internet
2 Data Link Network Access
1 Physical
2 Models
Side-By-Side
7 Application
6 Presentation Application
5 Session
4 Transport Transport
3 Network Internet
2 Data Link Network Access
1 Physical
The Application Layer
The application
layer of the
TCP/IP model
handles high-
level protocols,
issues of
representation,
encoding, and
dialog control.
The Transport Layer
The transport layer provides transport services from the

source host to the destination host. It constitutes a
logical connection between these endpoints of the
network. Transport protocols segment and reassemble
upper-layer applications into the same data stream
between endpoints.
The transport layer data stream provides end-to-end
transport services.
The Internet Layer
The purpose of the Internet layer is to select
the best path through the network for packets
to travel. The main protocol that functions at
this layer is the Internet Protocol (IP). Best path
determination and packet switching occur at
this layer.
The Network Access Layer
The network access layer is also called the host-to-network
layer. It the layer that is concerned with all of the issues that
an IP packet requires to actually make a physical link to the
network media. It includes LAN and WAN details, and all the
details contained in the OSI physical and data-link layers.
NOTE: ARP & RARP work at both the Internet and Network
Access Layers.
Comparing TCP/IP & OSI Models
NOTE: TCP/IP transport layer using UDP does not always guarantee reliable
delivery of packets as the transport layer in the OSI model does.
Introduction to the Transport Layer
The primary duties of the transport layer, Layer 4 of the OSI model,
are to transport and regulate the flow of information from the source to
the destination, reliably and accurately.
End-to-end control and reliability are provided by sliding windows,

sequencing numbers, and acknowledgments.
More on The Transport Layer
The transport layer provides transport services from the source

host to the destination host.
It establishes a logical connection between the endpoints of the

network.
• Transport services include the following basic services:
• Segmentation of upper-layer application data
• Establishment of end-to-end operations
• Transport of segments from one end host to another
end host
• Flow control provided by sliding windows
• Reliability provided by sequence numbers and
acknowledgments
Flow Control
As the transport layer sends data segments, it tries to ensure that data is not lost.
A receiving host that is unable to process data as quickly as it arrives could be a cause
of data loss.
Flow control avoids the problem of a transmitting host overflowing the buffers in the
receiving host.
3-Way Handshake
TCP requires connection establishment before data transfer begins.
For a connection to be established or initialized, the two hosts must
synchronize their Initial Sequence Numbers (ISNs).
Basic Windowing
Data packets must be
delivered to the
recipient in the same
order in which they
were transmitted to
have a reliable,
connection-oriented
data transfer.
The protocol fails if any
data packets are lost,
damaged, duplicated, or
received in a different
order.
An easy solution is to
have a recipient
acknowledge the receipt
of each packet before
the next packet is sent.
Sliding Window
Sliding Window
with Different Window Sizes
TCP Sequence & Acknowledgement
TCP
Transmission Control Protocol (TCP) is a connection-oriented Layer 4 protocol
that provides reliable full-duplex data transmission.
TCP is part of the TCP/IP protocol stack. In a connection-oriented

environment, a connection is established between both ends before the
transfer of information can begin.
TCP is responsible for breaking messages into segments, reassembling them
at the destination station, resending anything that is not received, and
reassembling messages from the segments.TCP supplies a virtual circuit
between end-user applications.
The protocols that use TCP include:

• FTP (File Transfer Protocol)
• HTTP (Hypertext Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• Telnet
TCP Segment Format
UDP
User Datagram Protocol (UDP) is the connectionless transport protocol in the
TCP/IP protocol stack.
UDP is a simple protocol that exchanges datagrams, without

acknowledgments or guaranteed delivery. Error processing and retransmission
must be handled by higher layer protocols.
UDP uses no windowing or acknowledgments so reliability, if needed, is

provided by application layer protocols. UDP is designed for applications that
do not need to put sequences of segments together.
The protocols that use UDP include:

• TFTP (Trivial File Transfer Protocol)
• SNMP (Simple Network Management Protocol)
• DHCP (Dynamic Host Control Protocol)
• DNS (Domain Name System)
UDP Segment Format
Well Known Port Numbers
The following port numbers should be memorized:
NOTE:
The curriculum forgot to mention one of the most important port numbers.
Port 80 is used for HTTP or WWW protocols. (Essentially access to the internet.)
URL
SNMP – Managed Network
TCP/IP MATH
Base 2 Number System
101102 = (1 x 24 = 16) + (0 x 23 = 0) + (1 x 22 = 4) +
(1 x 21 = 2) + (0 x 20 = 0) = 22
Converting Decimal to Binary
Convert 20110 to binary:

201 / 2 = 100 remainder 1
100 / 2 = 50 remainder 0
50 / 2 = 25 remainder 0
25 / 2 = 12 remainder 1
12 / 2 = 6 remainder 0
When the quotient is 0, take all the remainders in reverse
order for your answer: 20110 = 110010012
IP ADDRESSING
Network and Host Addressing
Using the IP address of the
destination network, a router can
deliver a packet to the correct
network.
When the packet arrives at a router

connected to the destination
network, the router uses the IP
address to locate the particular
computer connected to that network.
Accordingly, every IP address has
two parts.
Network Layer Communication Path
A router forwards packets from the originating network to the

destination network using the IP protocol. The packets must include an
identifier for both the source and destination networks.
Internet Addresses
IP Addressing is a hierarchical structure.An IP address combines two
identifiers into one number. This number must be a unique number,
because duplicate addresses would make routing impossible.The first part
identifies the system's network address.The second part, called the host
part, identifies which particular machine it is on the network.
IP Address Classes
IP addresses are divided into classes to define the large, medium,

and small networks.
Class A addresses are assigned to larger networks.

Class B addresses are used for medium-sized networks, &
Class C for small networks.
Identifying Address Classes
Address Class Prefixes
To accommodate different size networks and aid in classifying these networks, IP
addresses are divided into groups called classes.This is classful addressing.
Network and Host Division
Each complete 32-bit IP address is broken down into a network part and a
host part. A bit or bit sequence at the start of each address determines
the class of the address. There are 5 IP address classes.
Class A Addresses
The Class A address was designed to support extremely large
networks, with more than 16 million host addresses available. Class
A IP addresses use only the first octet to indicate the network
address. The remaining three octets provide for host addresses.
Class B Addresses
The Class B address was designed to support the needs of
moderate to large-sized networks.A Class B IP address uses the first
two of the four octets to indicate the network address. The other two
octets specify host addresses.
Class C Addresses
The Class C address space is the most commonly used of the

original address classes.This address space was intended to support
small networks with a maximum of 254 hosts.
Class D Addresses
The Class D address class was created to enable multicasting in an IP

address. A multicast address is a unique network address that directs
packets with that destination address to predefined groups of IP
addresses. Therefore, a single station can simultaneously transmit a single
stream of data to multiple recipients.
Class E Addresses
A Class E address has been defined. However, the Internet
Engineering Task Force (IETF) reserves these addresses for its own
research. Therefore, no Class E addresses have been released for
use in the Internet.
IP Address Ranges
The graphic below shows the IP address range of the first octet both
in decimal and binary for each IP address class.
IPv4
As early as 1992, the Internet Engineering Task
Force (IETF) identified two specific concerns:
Exhaustion of the remaining, unassigned IPv4
network addresses and the increase in the size of
Internet routing tables.
Over the past two decades, numerous extensions

to IPv4 have been developed. Two of the more
important of these are subnet masks and
classless interdomain routing (CIDR).
Finding the Network Address with ANDing
By ANDing the Host address of 192.168.10.2 with 255.255.255.0
(its network mask) we obtain the network address of 192.168.10.0
Network Address
Broadcast Address
Network/Broadcast Addresses
at the Binary Level
An IP address that has binary 0s in all host bit positions is reserved
for the network address, which identifies the network. An IP address
that has binary 1s in all host bit positions is reserved for the
broadcast address, which is used to send data to all hosts on the
network. Here are some examples:
Class Network Address Broadcast Address
A 100.0.0.0 100.255.255.255
B 150.75.0.0 150.75.255.255
C 200.100.50.0 200.100.50.255
Public IP Addresses
Unique addresses are required for each device on a network.
Originally, an organization known as the Internet Network Information Center

(InterNIC) handled this procedure.
InterNIC no longer exists and has been succeeded by the Internet Assigned
Numbers Authority (IANA).
No two machines that connect to a public network can have the same IP address
because public IP addresses are global and standardized.
All machines connected to the Internet agree to conform to the system.
Public IP addresses must be obtained from an Internet service provider (ISP) or a

registry at some expense.
Private IP Addresses
Private IP addresses are another solution to the problem of the impending

exhaustion of public IP addresses.As mentioned, public networks require
hosts to have unique IP addresses.
However, private networks that are not connected to the Internet may use
any host addresses, as long as each host within the private network is
unique.
Mixing Public and
Private IP Addresses
Private IP addresses can be intermixed, as shown in the graphic, with public IP
addresses.This will conserve the number of addresses used for internal
connections. Connecting a network using private addresses to the Internet
requires translation of the private addresses to public addresses. This
translation process is referred to as Network Address Translation (NAT).
Introduction to Subnetting
Subnetting a network means to use the subnet mask to divide the network
and break a large network up into smaller, more efficient and manageable
segments, or subnets.
With subnetting, the network is not limited to the default Class A, B, or C

network masks and there is more flexibility in the network design.
Subnet addresses include the network portion, plus a subnet field and a host
field.The ability to decide how to divide the original host portion into the new
subnet and host fields provides addressing flexibility for the network
administrator.
The 32-Bit
Binary IP Address
Numbers That Show Up In Subnet
Masks (Memorize Them!)
Addressing with Subnetworks
Obtaining an Internet Address
Static Assignment of an IP Address
Static assignment works

best on small networks.
The administrator
manually assigns and
tracks IP addresses for
each computer, printer,
or server on the intranet.
Network printers,
application servers, and
routers should be
assigned static IP
addresses.
ARP
(Address Resolution Protocol)
Host A
ARP Request - Broadcast to all hosts
SIEMENS
NIXDORF
„What is the hardware address for IP address 128.0.10.4?“
ARP Reply
SIEMENS
NIXDORF
SIEMENS
NIXDORF
Host B
IP Address: 128.0.10.4
HW Address: 080020021545
Fig. 32 How does ARP work? (TI1332EU02TI_0004 The Network Layer, 47)
Fig. 33 The ARP command (TI1332EU02TI_0004 The Network Layer, 47)
1 Network = 1 Broadcast Domain
A B host B would reply
Broadcast: ARP request
2 Networks = 2 Broadcast Domains
A B no one would reply

Router
Broadcast: ARP request
Fig. 34 Proxy-ARP concept (TI1332EU02TI_0004 The Network Layer, 49)

A
A
B
Router R
I take care, to forward

IP packets to B
Broadcast Message to all:

If your IP address matches “B” Yes, I know the destination
then please tell me your network, let me give you my
Ethernet address Ethernet address
RARP
Reverse Address Resolution Protocol (RARP) associates a known MAC addresses with an IP
addresses.
A network device, such as a diskless workstation, might know its MAC address but not its IP
address. RARP allows the device to make a request to learn its IP address.
Devices using RARP require that a RARP server be present on the network to answer RARP
requests.
BootP
The bootstrap protocol (BOOTP) operates in a client-server environment and only
requires a single packet exchange to obtain IP information.
However, unlike RARP, BOOTP packets can include the IP address, as well as the
address of a router, the address of a server, and vendor-specific information.
One problem with BOOTP, however, is that it was not designed to provide dynamic
address assignment. With BOOTP, a network administrator creates a configuration file
that specifies the parameters for each device.The administrator must add hosts and
maintain the BOOTP database.
Even though the addresses are dynamically assigned, there is still a one to one
relationship between the number of IP addresses and the number of hosts.
This means that for every host on the network there must be a BOOTP profile with an IP
address assignment in it. No two profiles can have the same IP address.
DHCP
Dynamic host configuration protocol (DHCP) is the successor to BOOTP.
Unlike BOOTP, DHCP allows a host to obtain an IP address dynamically without the network
administrator having to set up an individual profile for each device.
All that is required when using DHCP is a defined range of IP addresses on a DHCP server.As
hosts come online, they contact the DHCP server and request an address.
The DHCP server chooses an address and leases it to that host.
With DHCP, the entire network configuration of a computer can be obtained in one message.
This includes all of the data supplied by the BOOTP message, plus a leased IP address and a
subnet mask.
The major advantage that DHCP has over BOOTP is that it allows users to be mobile.
Introduction to Routers
A router is a special type of computer. It has the same basic components as a standard
desktop PC. However, routers are designed to perform some very specific functions. Just as
computers need operating systems to run software applications, routers need the
Internetwork Operating System software (IOS) to run configuration files. These configuration
files contain the instructions and parameters that control the flow of traffic in and out of the
routers. The many parts of a router are shown below:
RAM
Random Access Memory, also called dynamic RAM (DRAM)
RAM has the following characteristics and functions:
• Stores routing tables

• Holds ARP cache
• Holds fast-switching cache
• Performs packet buffering (shared RAM)
• Maintains packet-hold queues
• Provides temporary memory for the configuration file of
the router while the router is powered on
• Loses content when router is powered down or restarted
NVRAM
Non-Volatile RAM
NVRAM has the following characteristics and functions:
• Provides storage for the startup configuration file

• Retains content when router is powered down or
restarted
Flash
Flash memory has the following characteristics and
functions:
• Holds the operating system image (IOS)

• Allows software to be updated without removing
and replacing chips on the processor
• Retains content when router is powered down
or restarted
• Can store multiple versions of IOS software
Is a type of electronically erasable, programmable ROM

(EEPROM)
ROM
Read-Only Memory
ROM has the following characteristics and functions:
• Maintains instructions for power-on self test

(POST) diagnostics
• Stores bootstrap program and basic operating
system software
• Requires replacing pluggable chips on the
motherboard for software upgrades
Interfaces
Interfaces have the following characteristics and functions:
• Connect router to network for frame entry and exit

• Can be on the motherboard or on a separate module
Types of interfaces:
• Ethernet
• Fast Ethernet
• Serial
• Token ring
• ISDN BRI
• Loopback
• Console
• Aux
Internal Components of a 2600 Router
External Components of a 2600 Router
External Connections
Fixed Interfaces
When cabling routers for serial connectivity, the routers will either have fixed
or modular ports. The type of port being used will affect the syntax used later
to configure each interface. Interfaces on routers with fixed serial ports are
labeled for port type and port number.
Modular Serial Port Interfaces
Interfaces on routers with modular serial ports are labeled for port type, slot, and port number.The
slot is the location of the module.To configure a port on a modular card, it is necessary to specify the
interface using the syntax “port type slot number/port number.” Use the label “serial 0/1,” when the
interface is serial, the slot number where the module is installed is slot 0, and the port that is being
referenced is port 1.
Routers & DSL Connections
The Cisco 827 ADSL router has one asymmetric digital subscriber
line (ADSL) interface. To connect a router for DSL service, use a
phone cable with RJ-11 connectors. DSL works over standard
telephone lines using pins 3 and 4 on a standard RJ-11 connector.
Computer/Terminal Console Connection
Modem Connection to Console/Aux Port
HyperTerminal Session Properties
Establishing a
HyperTerminal Session
Take the following steps to
connect a terminal to the
console port on the router:
First, connect the terminal

using the RJ-45 to RJ-45
rollover cable and an RJ-45
to DB-9 or RJ-45 to DB-25
adapter.
Then, configure the

terminal or PC terminal
emulation software for
9600 baud, 8 data bits, no
parity, 1 stop bit, and no
flow control.
Cisco IOS
Cisco technology is built around the Cisco Internetwork
Operating System (IOS), which is the software that
controls the routing and switching functions of
internetworking devices.
A solid understanding of the IOS is essential for a network

administrator.
The Purpose of Cisco IOS
As with a computer, a router or switch cannot function without an
operating system. Cisco calls its operating system the Cisco
Internetwork Operating System or Cisco IOS.
It is the embedded software architecture in all of the Cisco routers

and is also the operating system of the Catalyst switches.
Without an operating system, the hardware does not have any

capabilities.
The Cisco IOS provides the following network services:

• Basic routing and switching functions
• Reliable and secure access to networked resources
• Network scalability
Router Command Line Interface
Setup Mode
Setup is not intended as the mode for entering complex protocol features in the router. The
purpose of the setup mode is to permit the administrator to install a minimal configuration
for a router, unable to locate a configuration from another source.
In the setup mode, default answers appear in square brackets [ ] following the question.
Press the Enter key to use these defaults.
During the setup process, Ctrl-C can be pressed at any time to terminate the process.
When setup is terminated using Ctrl-C, all interfaces will be administratively shutdown.
When the configuration process is completed in setup mode, the following options will be
displayed:
[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]:
Operation of Cisco IOS Software
The Cisco IOS devices have three distinct operating environments or modes:
• ROM monitor
• Boot ROM
• Cisco IOS
The startup process of the router normally loads into RAM and executes one of
these operating environments. The configuration register setting can be used by
the system administrator to control the default start up mode for the router.
To see the IOS image and version that is running, use the show version
command, which also indicates the configuration register setting.
IOS File System Overview
Initial Startup of Cisco Routers
A router initializes by loading the bootstrap, the operating system, and a
configuration file.
If the router cannot find a configuration file, it enters setup mode.
Upon completion of the setup mode a backup copy of the configuration file may
be saved to nonvolatile RAM (NVRAM).
The goal of the startup routines for Cisco IOS software is to start the router
operations. To do this, the startup routines must accomplish the following:
• Make sure that the router hardware is tested and functional.
• Find and load the Cisco IOS software.
• Find and apply the startup configuration file or enter the setup mode.
When a Cisco router powers up, it performs a power-on self test (POST). During
this self test, the router executes diagnostics from ROM on all hardware modules.
After the Post…
After the POST, the following events occur as the router initializes:
Step 1
The generic bootstrap loader in ROM executes. A bootstrap is a simple set of instructions
that tests hardware and initializes the IOS for operation.
Step 2
The IOS can be found in several places. The boot field of the configuration register
determines the location to be used in loading the IOS. If the boot field indicates a flash or
network load, boot system commands in the configuration file indicate the exact name and
location of the image.
Step 3
The operating system image is loaded.
Step 4
The configuration file saved in NVRAM is loaded into main memory and executed one line
at a time. The configuration commands start routing processes, supply addresses for
interfaces, and define other operating characteristics of the router.
Step 5
If no valid configuration file exists in NVRAM, the operating system searches for an
available TFTP server. If no TFTP server is found, the setup dialog is initiated.
Step in Router Initialization
Router LED Indicators
Cisco routers use LED indicators to provide status information. Depending
upon the Cisco router model, the LED indicators will vary. An interface
LED indicates the activity of the corresponding interface. If an LED is off
when the interface is active and the interface is correctly connected, a
problem may be indicated. If an interface is extremely busy, its LED will
always be on. The green OK LED to the right of the AUX port will be on
after the system initializes correctly.
Enhanced
Cisco IOS Commands
The show version Command
The show version command displays information about the Cisco IOS software
version that is currently running on the router. This includes the configuration
register and the boot field settings.
The following information is available from the show version command:

IOS version and descriptive information
• Bootstrap ROM version
• Boot ROM version
• Router up time
• Last restart method
• System image file and location
• Router platform
• Configuration register setting
Use the show version command to identify router IOS image and boot source. To
find out the amount of flash memory, issue the show flash command.
Router User Interface Modes
The Cisco command-line interface (CLI) uses a hierarchical structure. This
structure requires entry into different modes to accomplish particular tasks.
Each configuration mode is indicated with a distinctive prompt and allows only
commands that are appropriate for that mode.
As a security feature the Cisco IOS software separates sessions into two access
levels, user EXEC mode and privileged EXEC mode. The privileged EXEC mode
is also known as enable mode.
Overview of Router Modes
Router Modes
User Mode Commands
Privileged Mode Commands
NOTE:
There are
many more
commands
available in
privileged
mode.
Specific Configuration Modes
CLI Command Modes
All command-line interface (CLI) configuration changes to a Cisco router are
made from the global configuration mode. Other more specific modes are entered
depending upon the configuration change that is required.
Global configuration mode commands are used in a router to apply configuration

statements that affect the system as a whole.
The following command moves the router into global configuration mode
Router#configure terminal (or config t)

Router(config)#
When specific configuration modes are entered, the router prompt changes to
indicate the current configuration mode.
Typing exit from one of these specific configuration modes will return the router to
global configuration mode. Pressing Ctrl-Z returns the router to all the way back
privileged EXEC mode.
Configuring a Router’s Name
A router should be given a unique name as one of the first
configuration tasks.
This task is accomplished in global configuration mode

using the following commands:
Router(config)#hostname Tokyo
Tokyo(config)#
As soon as the Enter key is pressed, the prompt changes

from the default host name (Router) to the newly
configured host name (which is Tokyo in the example
above).
Setting
the Clock
with Help
Message Of The Day (MOTD)
A message-of-the-day (MOTD) banner can be displayed on all connected
terminals.
Enter global configuration mode by using the command config t
Enter the command

banner motd # The message of the day goes here #.
Save changes by issuing the command copy run start

Configuring a Console Password
Passwords restrict access to routers.
Passwords should always be configured for virtual terminal lines and
the console line.
Passwords are also used to control access to privileged EXEC

mode so that only authorized users may make changes to the
configuration file.
The following commands are used to set an optional but

recommended password on the console line:
Router(config)#line console 0
Router(config-line)#password <password>
Router(config-line)#login
Configuring a Modem Password
If configuring a router via a modem you are most likely connected to
the aux port.
The method for configuring the aux port is very similar to configuring
the console port.
Router(config)#line aux 0
Configuring Interfaces
An interface needs an IP Address and a Subnet Mask to be configured.
All interfaces are “shutdown” by default.
The DCE end of a serial interface needs a clock rate.
Router#config t
Router(config)#interface serial 0/1
Router(config-if)#ip address 200.100.50.75 255.255.255.240
Router(config-if)#clock rate 56000 (required for serial DCE only)
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip address 150.100.50.25 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#
On older routers, Serial 0/1 would be just Serial 1 and f0/0 would be e0.
s = serial e = Ethernet f = fast Ethernet
Configuring a Telnet Password
A password must be set on one or more of the virtual terminal (VTY)
lines for users to gain remote access to the router using Telnet.
Typically Cisco routers support five VTY lines numbered 0 through

4.
The following commands are used to set the same password on all
of the VTY lines:
Router(config)#line vty 0 4
Examining the show Commands
There are many show commands that can be used to examine the contents of files in the
router and for troubleshooting. In both privileged EXEC and user EXEC modes, the
command show ? provides a list of available show commands. The list is considerably
longer in privileged EXEC mode than it is in user EXEC mode.
show interfaces – Displays all the statistics for all the interfaces on the router. show int
s0/1 – Displays statistics for interface Serial 0/1
show controllers serial – Displays information-specific to the interface hardware
show clock – Shows the time set in the router
show hosts – Displays a cached list of host names and addresses
show users – Displays all users who are connected to the router
show history – Displays a history of commands that have been entered
show flash – Displays info about flash memory and what IOS files are stored there
show version – Displays info about the router and the IOS that is running in RAM
show ARP – Displays the ARP table of the router
show start – Displays the saved configuration located in NVRAM
show run – Displays the configuration currently running in RAM
show protocol – Displays the global and interface specific status of any configured
Layer 3 protocols
Ethernet Overview
Ethernet is now the dominant LAN technology in the world.
Ethernet is not one technology but a family of LAN technologies.
All LANs must deal with the basic issue of how individual stations
(nodes) are named, and Ethernet is no exception.
Ethernet specifications support different media, bandwidths, and

other Layer 1 and 2 variations.
However, the basic frame format and addressing scheme is the

same for all varieties of Ethernet.
Ethernet and the OSI Model
Ethernet
operates in two
areas of the OSI
model, the lower
half of the data
link layer, known
as the MAC
sublayer and the
physical layer
Ethernet Technologies
Mapped to the OSI Model
Layer 2 Framing
Framing is the Layer 2 encapsulation process.
A frame is the Layer 2 protocol data unit.
The frame format diagram shows different groupings of bits (fields)

that perform other functions.
Ethernet and IEEE Frame
Formats are Very Similar
3 Common Layer 2 Technologies
Ethernet
Uses CSMA/CD logical bus topology
(information flow is on a linear bus) physical
star or extended star (wired as a star)
Token Ring
logical ring topology (information flow is
controlled in a ring) and a physical star
topology (in other words, it is wired as a
star)
FDDI
logical ring topology (information flow is
controlled in a ring) and physical dual-ring
topology(wired as a dual-ring)
Collision Domains
To move data between one Ethernet station and another,

the data often passes through a repeater.
All other stations in the same collision domain see traffic

that passes through a repeater.
A collision domain is then a shared resource. Problems

originating in one part of the collision domain will usually
impact the entire collision domain.
CSMA/CD Graphic
Backoff
After a collision occurs and all stations allow the cable to become
idle (each waits the full interframe spacing), then the stations that
collided must wait an additional and potentially progressively
longer period of time before attempting to retransmit the collided
frame.
The waiting period is intentionally designed to be random so that

two stations do not delay for the same amount of time before
retransmitting, which would result in more collisions.
Hierarchical Addressing Using
Variable-Length Subnet Masks
© 2003, Cisco Systems, Inc. All rights reserved. 202

Prefix Length and Network Mask
Range of Addresses: 192.168.1.64 through 192.168.1.79 Fourth Octet
• Have the first 28 bits in common, which is represented by a 64 01000000
/28 prefix length 65 01000001
• 28 bits in common can also be represented in dotted 66 01000010
decimal as 255.255.255.240 67 01000011
68 01000100
Binary ones in the network mask represent network bits in the 69 01000101
accompanying IP address; binary zeros represent host bits 70 01000110
11000000.10101000.00000001.0100xxxx IP Address 71 01000111
11111111.11111111.11111111.11110000 Network 72 01001000
Mask
73 01001001
In the IP network number that accompanies the network 74 01001010
mask, when the host bits of the IP network number are: 75 01001011
• All binary zeros – that address is the bottom of the address 76 01001100
range 77 01001101
• All binary ones – that address is the top of the address 78 01001110
range
79 01001111
Implementing VLSM
Range Of Addresses for VLSM
Breakdown Address Space for
Largest Subnet
Breakdown Address Space for
Ethernets at Remote Sites
Break Down Remaining Address
Space for Serial Subnets
Calculating VLSM: Binary
Route Summarization and Classless
Interdomain Routing

What Is Route Summarization?
Summarizing Within an Octet
Summarizing Addresses in a
VLSM-Designed Network
Classless Interdomain Routing
– CIDR is a mechanism developed to alleviate

exhaustion of addresses and reduce routing table
size.
– Block addresses can be summarized into single
entries without regard to the classful boundary of the
network number.
– Summarized blocks are installed in routing tables.
What Is CIDR?
• Addresses are the same as in the route summarization figure, except that
Class B network 172 has been replaced by Class C network 192.
CIDR Example
Anatomy of an IP Packet
IP packets consist of the data from upper layers plus an IP
header. The IP header consists of the following:
Administrative Distance
The administrative distance is an optional parameter that gives a measure of the
reliability of the route. The range of an AD is 0-255 where smaller numbers are
more desireable.
The default administrative distance when using next-hop address is 1, while the
default administrative distance when using the outgoing interface is 0. You can
statically assign an AD as follows:
Router(config)#ip route 172.16.3.0

255.255.255.0 172.16.4.1 130
Sometimes static routes are used for backup purposes. A static route can be
configured on a router that will only be used when the dynamically learned route
has failed. To use a static route in this manner, simply set the administrative
distance higher than that of the dynamic routing protocol being used.
Configuring Default Routes
Default routes are used to route packets with destinations that do not
match any of the other routes in the routing table.
A default route is actually a special static route that uses this format:
ip route 0.0.0.0 0.0.0.0 [next-hop-address | outgoing interface]
This is sometimes referred to as a “Quad-Zero” route.
Example using next hop address:
Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.4.1
Example using the exit interface:
Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0

Verifying Static
Route Configuration
After static routes are configured it is important to verify
that they are present in the routing table and that routing
is working as expected.
The command show running-config is used to view the

active configuration in RAM to verify that the static route
was entered correctly.
The show ip route command is used to make sure that

the static route is present in the routing table.
Path Determination Graphic
Routing Protocol
Router
Switch
Router Router
Router
Router
Switch
What is
an optimal
route ?
Routing Protocols
Routing protocols
includes the following:
processes for sharing

route information allows
routers to communicate
with other routers to
update and maintain the
routing tables
Examples of routing
protocols that support
the IP routed protocol
are:
RIP, IGRP,
OSPF, BGP,
and EIGRP.
Routed Protocols
Protocols used at the network layer that transfer data from one host to another across a router
are called routed or routable protocols. The Internet Protocol (IP) and Novell's Internetwork
Packet Exchange (IPX) are examples of routed protocols. Routers use routing protocols to
exchange routing tables and share routing information. In other words, routing protocols
enable routers to route routed protocols.
Autonomous System An Autonomous System (AS) is a group of IP networks, which has a
single and clearly defined external routing policy.
EGP
Exterior Gateway
Protocols are used
for routing between
Autonomous Systems
AS 1000 AS 3000
IGP
Interior Gateway Protocols are
used for routing decisions
AS 2000 within an Autonomous System.
Fig. 48 IGP and EGP (TI1332EU02TI_0004 The Network Layer, 67)

Interior Gateway Protocol Exterior Gateway Interior Gateway Protocol
(IGP) Protocol (EGP) (IGP)
AS 1000 AS 3000
EGP
EGP IGP
EGP
AS 2000
Fig. 49 The use of IGP and EGP protocols (TI1332EU02TI_0004 The Network Layer, 67)
IGP and EGP
An autonomous system is a network or set of networks under
common administrative control, such as the cisco.com domain.
Categories of Routing Protocols
Most routing algorithms can be classified into one of two categories:
• distance vector
• link-state
The distance vector routing approach determines the direction

(vector) and distance to any link in the internetwork.
The link-state approach, also called shortest path first, recreates the
exact topology of the entire internetwork.
Distance Vector
Routing Concepts
Distance Vector Routing (DVR)
Routing table contains the addresses
Destination Distance
of destinations and the distance
192.16.1.0 1 of the way to this destination.
192.16.5.0 1
192.16.7.0 2
2 Hops
1 Hop 1 Hop
Router A Router B Router C Router D
192.16.1.0 Flow of routing 192.16.7.0

information
192.16.5.0
Routing Tables Graphic
Distance Vector
Topology Changes
Router Metric Components
192.16.3.0
192.16.2.0 192.16.6.0
Router A Router B Router C Router D

192.16.4.0
192.16.1.0 192.16.7.0
192.16.5.0
192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L

192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L
192.16.4.0 0 L 192.16.6.0 0 L
192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L

192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L
192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C
192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C
192.16.5.0 1 C 192.16.2.0 1 B
L Locally connected 192.16.6.0 1 C 192.16.7.0 1 D

192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L

192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L
192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C
192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C

192.16.5.0 2 B 192.16.5.0 1 C 192.16.2.0 1 B 192.16.3.0 2 C
192.16.6.0 2 B 192.16.6.0 1 C 192.16.7.0 1 D 192.16.2.0 2 C
192.16.7.0 2 C 192.16.1.0 2 B
192.16.1.0 0 L 192.16.2.0 0 L 192.16.4.0 0 L 192.16.6.0 0 L

192.16.2.0 0 L 192.16.3.0 0 L 192.16.5.0 0 L 192.16.7.0 0 L
192.16.3.0 1 B 192.16.4.0 0 L 192.16.6.0 0 L 192.16.5.0 1 C
192.16.4.0 1 B 192.16.1.0 1 A 192.16.3.0 1 B 192.16.4.0 1 C

192.16.5.0 2 B 192.16.5.0 1 C 192.16.2.0 1 B 192.16.3.0 2 C
192.16.6.0 2 B 192.16.6.0 1 C 192.16.7.0 1 D 192.16.2.0 2 C
192.16.7.0 3 B 192.16.7.0 2 C 192.16.1.0 2 B 192.16.1.0 3 C
Fig. 53 Distribution of routing information with distance vector routing protocol (cont.) (TI1332EU02TI_0004 The Network Layer, 71)
RIPv1
Distance Vector Routing Protocol,
classful
Distribution of Routing Tables via broadcast

to adjacent routers
Fig. 59 Properties of RIPv1 (TI1332EU02TI_0004 The Network Layer, 81)

Only one kind of metric:
Number of Hops
Connections with different

bandwidth can not be weighted
Routing loops can occur

-> bad convergence in case of a failure
Count to infinity problem

(infinity = 16)
Maximum network size is limited

by the number of hops
RIP Characteristics
RIP-1 permits only a Single Subnet Mask
Port 1
130.24.13.1/24
130.24.13.0/24
RIP-1: 130.24.36.0 RIP-1: 130.24.36.0
130.24.25.0/24 Router A
RIP-1: 130.24.0.0
Port 2 200.14.13.0/24
130.24.36.0/24 200.14.13.2/24
Fig. 60 RIP-1 permits only a single subnet mask (TI1332EU02TI_0004 The Network Layer, 83)
Router Configuration
The router command starts a routing process.
The network command is required because it enables the routing

process to determine which interfaces participate in the sending and
receiving of routing updates.
An example of a routing configuration is:
GAD(config)#router rip
GAD(config-router)#network 172.16.0.0
The network numbers are based on the network class addresses,

not subnet addresses or individual host addresses.
Configuring RIP Example
Verifying RIP Configuration
The debug ip rip Command
Most of the RIP
configuration errors
involve an incorrect
network statement,
discontiguous
subnets, or split
horizons. One
highly effective
command for
finding RIP update
issues is the debug
ip rip command.
The debug ip rip
command displays
RIP routing updates
as they are sent
and received.
Routing loops
can occur when Problem: Routing Loops
inconsistent
routing tables
are not updated
due to slow
convergence in
a changing
network.
Problem: Counting to Infinity
Solution: Define a Maximum
Solution: Split Horizon
Route Poisoning
Route poisoning is used by various distance vector protocols in order to
overcome large routing loops and offer explicit information when a subnet or
network is not accessible. This is usually accomplished by setting the hop count
to one more than the maximum.
Triggered Updates
New routing tables are sent to neighboring routers on a regular basis.
For example, RIP updates occur every 30 seconds.
However a triggered update is sent immediately in response to some change in

the routing table.
The router that detects a topology change immediately sends an update message
to adjacent routers that, in turn, generate triggered updates notifying their
adjacent neighbors of the change.
When a route fails, an update is sent immediately rather than waiting on the
update timer to expire.
Triggered updates, used in conjunction with route poisoning, ensure that all
routers know of failed routes before any holddown timers can expire.
Triggered Updates Graphic
Solution: Holddown Timers
IGRP
Interior Gateway Routing Protocol (IGRP) is a proprietary
protocol developed by Cisco.
Some of the IGRP key design characteristics emphasize the

following:
• It is a distance vector routing protocol.
• Routing updates are broadcast every 90 seconds.
• Bandwidth, load, delay and reliability are used to
create a composite metric.
IGRP Stability Features
IGRP has a number of features that are designed to enhance its stability, such as:
• Holddowns
• Split horizons
• Poison reverse updates
Holddowns
Holddowns are used to prevent regular update messages from inappropriately reinstating a
route that may not be up.
Split horizons
Split horizons are derived from the premise that it is usually not useful to send information
about a route back in the direction from which it came.
Poison reverse updates

Split horizons prevent routing loops between adjacent routers, but poison reverse updates
are necessary to defeat larger routing loops.
Today, IGRP is showing its age, it lacks support for variable length subnet masks (VLSM).
Rather than develop an IGRP version 2 to correct this problem, Cisco has built upon
IGRP's legacy of success with Enhanced IGRP.
Configuring IGRP
Routing Metrics Graphics
Link State Concepts
Link State Topology Changes
Link State Routing (LSR)
LSP: LSP:
„My links to SPF „My links to R1 and R3 are up.
R2 and R4 are up“ My link to R2 is down.“
Routing
Table
Router 1 Router 4
Router 2 Router 3
LSP: „My links to LSP: „My links to

R1 and R3 are up, R2 and R4 are up.“
my link to R4 is down.“
LSP....link state packet

SPF... shortest path first
Link State Concerns
Link State Routing (LSR)
1
Router A Router C 4
2 2 Router E
1
4
Router B Router D
Link State Database

B-2 A-2 A-1 C-2 C-4
C-1 D-4 D-2 B-4 D-1
E-4 E-1
Router A Router B Router C Router D Router E
A B C D
B C A D D A E C B
D C E E B A
E
Link State Routing Features
Link-state algorithms are also known as Dijkstras algorithm or as SPF (shortest path first) algorithms.
Link-state routing algorithms maintain a complex database of topology information.
The distance vector algorithm are also known as Bellman-Ford algorithms. They have
nonspecific information about distant networks and no knowledge of distant routers.
A link-state routing algorithm maintains full knowledge of distant routers and how they interconnect.
Link-state routing uses:
• Link-state advertisements (LSAs)

A link-state advertisement (LSA) is a small packet of routing information
that is sent between routers.
• Topological database
A topological database is a collection of information gathered from LSAs.
• SPF algorithm
The shortest path first (SPF) algorithm is a calculation performed on the
database resulting in the SPF tree.
• Routing tables – A list of the known paths and interfaces.

Link State Routing
Comparing Routing Methods
OSPF (Open Shortest Path First)
Protocol

OSPF is a Link-State Routing
Protocols
– Link-state (LS) routers recognize much more information about
the network than their distance-vector counterparts,Consequently LS
routers tend to make more accurate decisions.
– Link-state routers keep track of the following:

• Their neighbours
• All routers within the same area
• Best paths toward a destination
Link-State Data Structures
– Neighbor table:
• Also known as the adjacency database
(list of recognized neighbors)
– Topology table:
• Typically referred to as LSDB
(routers and links in the area or network)
• All routers within an area have an identical LSDB
– Routing table:
• Commonly named a forwarding database
(list of best paths to destinations)
OSPF vs. RIP
RIP is limited to 15 hops, it converges slowly, and it sometimes chooses slow
routes because it ignores critical factors such as bandwidth in route
determination. OSPF overcomes these limitations and proves to be a robust
and scalable routing protocol suitable for the networks of today.
OSPF Terminology
The next several slides explain various OSPF terms -one
per slide.
OSPF Term: Link
OSPF Term: Link State
OSPF Term: Area
OSPF Term: Link Cost
OSPF Term: Forwarding Database
OSPF Term: Adjacencies Database
OSPF Terms: DR & BDR
Link-State Data Structure:
Network Hierarchy
•Link-state routing requires a hierachical
network structure that is enforced by OSPF.
•This two-level hierarchy consists of the
following:
• Transit area (backbone or area 0)
• Regular areas (nonbackbone areas)
OSPF Areas
Area Terminology
LS Data Structures: Adjacency
Database
– Routers discover neighbors by exchanging
hello packets.
– Routers declare neighbors to be up after checking
certain parameters or options in the hello packet.
– Point-to-point WAN links:
• Both neighbors become fully adjacent.
– LAN links:
• Neighbors form an adjacency with the DR and BDR.
• Maintain two-way state with the other routers (DROTHERs).
– Routing updates and topology information are only passed between
adjacent routers.
OSPF Adjacencies
Routers build logical adjacencies between each other using the

Hello Protocol. Once an adjacency is formed:
• LS database packets are exchanged to synchronize
each other’s LS databases.
• LSAs are flooded reliably throughout the area or network
using these adjacencies.
Open Shortest Path First
Calculation
•Routers find the best paths to destinations by applying
Dijkstra’s SPF algorithm to the link-state database as follows:
– Every router in an area has the identical
link-state database.
– Each router in the area places itself into
the root of the tree that is built.
– The best path is calculated with respect to the
lowest total cost of links to a specific destination.
– Best routes are put into the forwarding database.
OSPF Packet Types
OSPF Packet Header Format
Neighborship
Establishing Bidirectional
Communication
Communication (Cont.)
Communication (Cont.)
Communication
Discovering the Network Routes
Discovering the Network Routes
Adding the Link-State Entries
Adding the Link-State Entries (Cont.)
Adding the Link-State Entries
Maintaining Routing Information
• Router A notifies all OSPF DRs on 224.0.0.6

(Cont.)

• DR notifies others on 224.0.0.5
(Cont.)


Configuring Basic OSPF:
Single Area
Router(config)#
router ospf process-id
• Turns on one or more OSPF routing processes in the

IOS software.
Router(config-router)#
network address inverse-mask area [area-id]
• Router OSPF subordinate command that defines the

interfaces (by network number) that OSPF will run on.
Each network number must be defined to a specific
area.
Configuring OSPF on Internal
Routers of a Single Area
Verifying OSPF Operation
Router#
show ip protocols
• Verifies the configured IP routing protocol processes,

parameters and statistics
Router#
show ip route ospf
• Displays all OSPF routes learned by the router

Router#
show ip ospf interface
• Displays the OSPF router ID, area ID and adjacency

information
Verifying OSPF Operation
(Cont.)
Router#
show ip ospf
• Displays the OSPF router ID, timers, and statistics
Router#
show ip ospf neighbor [detail]
• Displays information about the OSPF neighbors,

including Designated Router (DR) and Backup
Designated Router (BDR) information on broadcast
networks
The show ip route ospf Command
RouterA# show ip route ospf
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,

B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EGP, i - IS-IS, L1 - IS-IS
level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is not set

10.0.0.0 255.255.255.0 is subnetted, 2 subnets
O 10.2.1.0 [110/10] via 10.64.0.2, 00:00:50, Ethernet0
The show ip ospf interface
Command
RouterA# show ip ospf interface e0
Ethernet0 is up, line protocol is up

Internet Address 10.64.0.1/24, Area 0
Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2
Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.64.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
The show ip ospf neighbor
Command
RouterB# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

10.64.1.1 1 FULL/BDR 00:00:31 10.64.1.1 Ethernet0
10.2.1.1 1 FULL/- 00:00:38 10.2.1.1 Serial0
show ip protocol
show ip route
show ip ospf neighbor detail
show ip ospf database

OSPF Network Types - 1
Point-to-Point Links
• Usually a serial interface running either PPP

or HDLC
• May also be a point-to-point subinterface
running Frame Relay or ATM
• No DR or BDR election required
• OSPF autodetects this interface type
• OSPF packets are sent using multicast 224.0.0.5
Multi-access Broadcast Network
• Generally LAN technologies like Ethernet and Token Ring

• DR and BDR selection required
• All neighbor routers form full adjacencies with the DR and
BDR only
• Packets to the DR use 224.0.0.6
• Packets from DR to all other routers use 224.0.0.5
Electing the DR and BDR
• Hello packets are exchanged via IP multicast.

• The router with the highest OSPF priority is
selected as the DR.
• Use the OSPF router ID as the tie breaker.
• The DR election is nonpreemptive.
Setting Priority for DR Election
Router(config-if)#
ip ospf priority number
• This interface configuration command assigns the

OSPF priority to an interface.
• Different interfaces on a router may be assigned
different values.
• The default priority is 1. The range is from 0 to 255.
• 0 means the router is a DROTHER; it can’t be the DR or
BDR.
OSPF Network Types - 2
Creation of Adjacencies
RouterA# debug ip ospf adj
Point-to-point interfaces coming up: No election

%LINK-3-UPDOWN: Interface Serial1, changed state to up
OSPF: Interface Serial1 going Up
OSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2
OSPF: End of hello processing
OSPF: Build router LSA for area 0, router ID 192.168.0.10
OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32 state
INIT
OSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAY
OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72
Creation of Adjacencies (Cont.)
RouterA# debug ip ospf adj
Ethernet interface coming up: Election

OSPF: 2 Way Communication to 192.168.0.10 on Ethernet0, state 2WAY
OSPF: end of Wait on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.12
OSPF: Elect DR 192.168.0.12
DR: 192.168.0.12 (Id) BDR: 192.168.0.12 (Id)
OSPF: Send DBD to 192.168.0.12 on Ethernet0 seq 0x546 opt 0x2 flag 0x7 len 32
<…>
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.11
OSPF: Elect DR 192.168.0.12
DR: 192.168.0.12 (Id) BDR: 192.168.0.11 (Id)
Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary
routing protocol based on Interior Gateway Routing Protocol (IGRP).
Unlike IGRP, which is a classful routing protocol, EIGRP supports CIDR and
VLSM.
Compared to IGRP, EIGRP boasts faster convergence times, improved

scalability, and superior handling of routing loops.
Furthermore, EIGRP can replace Novell Routing Information Protocol (RIP)

and AppleTalk Routing Table Maintenance Protocol (RTMP), serving both IPX
and AppleTalk networks with powerful efficiency.
EIGRP is often described as a hybrid routing protocol, offering the best of

distance vector and link-state algorithms.
Comparing EIGRP with IGRP
IGRP and EIGRP are compatible with each other.
EIGRP offers multiprotocol support, but IGRP does not.
EIGRP and IGRP use different metric calculations.
EIGRP scales the metric of IGRP by a factor of 256.
IGRP has a maximum hop count of 255.
EIGRP has a maximum hop count limit of 224.
Enabling dissimilar routing protocols such as OSPF and RIP to

share information requires advanced configuration. Redistribution,
the sharing of routes, is automatic between IGRP and EIGRP as
long as both processes use the same autonomous system (AS)
number.
EIGRP & IGRP Metric Calculation
EIGRP Concepts & Terminology
EIGRP routers keep route and topology information readily available
in RAM, so they can react quickly to changes.
Like OSPF, EIGRP saves this information in several tables and

databases.
EIGRP saves routes that are learned in specific ways.
Routes are given a particular status and can be tagged to provide

additional useful information.
EIGRP maintains three tables:

• Neighbor table
• Topology table
• Routing table
Neighbor Table
The neighbor table is the most important table in EIGRP.
Each EIGRP router maintains a neighbor table that lists adjacent routers.
This table is comparable to the adjacency database used by OSPF. There
is a neighbor table for each protocol that EIGRP supports.
When a neighbor sends a hello packet, it advertises a hold time. The hold
time is the amount of time a router treats a neighbor as reachable and
operational. In other words, if a hello packet is not heard within the hold
time, then the hold time expires.
When the hold time expires, the Diffusing Update Algorithm (DUAL), which
is the EIGRP distance vector algorithm, is informed of the topology change
and must recalculate the new topology.
Topology Table
The topology table is made up of all the EIGRP routing tables in the autonomous
system.
DUAL takes the information supplied in the neighbor table and the topology table
and calculates the lowest cost routes to each destination. By tracking this
information, EIGRP routers can identify and switch to alternate routes quickly.
The information that the router learns from the DUAL is used to determine the
successor route, which is the term used to identify the primary or best route.
A copy is also placed in the topology table.
Every EIGRP router maintains a topology table for each configured network
protocol. All learned routes to a destination are maintained in the topology table.
Routing Table
The EIGRP routing table holds the best routes to a destination. This information is
retrieved from the topology table. Each EIGRP router maintains a routing table for
each network protocol.
A successor is a route selected as the primary route to use to reach a

destination.DUAL identifies this route from the information contained in the
neighbor and topology tables and places it in the routing table.
There can be up to four successor routes for any particular route. These can be of
equal or unequal cost and are identified as the best loop-free paths to a given
destination.
A copy of the successor routes is also placed in the topology table.
A feasible successor (FS) is a backup route.These routes are identified at the

same time the successors are identified, but they are only kept in the topology
table. Multiple feasible successors for a destination can be retained in the
topology table although it is not mandatory.
EIGRP Data Structure
Like OSPF, EIGRP relies on different types of packets to maintain its various tables and
establish complex relationships with neighbor routers. The five EIGRP packet types are:
• Hello
• Acknowledgment
• Update
• Query
• Reply
EIGRP relies on hello packets to discover, verify, and rediscover neighbor routers.
Rediscovery occurs if EIGRP routers do not receive hellos from each other for a hold time
interval but then re-establish communication.
EIGRP routers send hellos at a fixed but configurable interval, called the hello interval. The
default hello interval depends on the bandwidth of the interface.
On IP networks, EIGRP routers send hellos to the multicast IP address 224.0.0.10.

Default Hello Intervals
and Hold Times for EIGRP
EIGRP Algorithm
The sophisticated DUAL algorithm results in the exceptionally fast convergence of
EIGRP.
Each router constructs a topology table that contains information about how to
route to a destination network.
Each topology table identifies the following:

• The routing protocol or EIGRP
• The lowest cost of the route, which is called Feasible Distance
• The cost of the route as advertised by the neighboring router, which is
called Reported Distance
The Topology heading identifies the preferred primary route, called the successor
route (Successor), and, where identified, the backup route, called the feasible
successor (FS). Note that it is not necessary to have an identified feasible
successor.
FS Route Selection Rules
DUAL Example
Configuring EIGRP
Verifying the EIGRP Configuration
To verify the EIGRP configuration a number of show and

debug commands are available.
These commands are shown on the next few slides.
show ip eigrp topology

[active | pending | successors]
all-links
show ip eigrp traffic

Administrative Distances
Classful and Classless
Routing Protocols
What are ACLs?
ACLs are lists of conditions that are applied to traffic traveling across a
router's interface. These lists tell the router what types of packets to
accept or deny. Acceptance and denial can be based on specified
conditions.
ACLs can be created for all routed network protocols, such as Internet
Protocol (IP) and Internetwork Packet Exchange (IPX).
ACLs can be configured at the router to control access to a network or

subnet.
Some ACL decision points are source and destination addresses,

protocols, and upper-layer port numbers.
ACLs must be defined on a per-protocol, per direction, or per port

basis.
Reasons to Create ACLs
The following are some of the primary reasons to create ACLs:
• Limit network traffic and increase network performance.

• Provide traffic flow control.
• Provide a basic level of security for network access.
• Decide which types of traffic are forwarded or blocked at
the router interfaces. For example: Permit e-mail traffic to
be routed, but block all telnet traffic.
Allow an administrator to control what areas a client can access on a

network.
If ACLs are not configured on the router, all packets passing through
the router will be allowed onto all parts of the network.
ACLs Filter Traffic Graphic
How ACLs Filter Traffic
One List per Port, per
Destination, per Protocol...
How ACLs work.
Creating ACLs
ACLs are created in the global configuration mode. There are many
different types of ACLs including standard, extended, IPX, AppleTalk, and
others. When configuring ACLs on a router, each ACL must be uniquely
identified by assigning a number to it. This number identifies the type of
access list created and must fall within the specific range of numbers that
is valid for that type of list.
Since IP is by far the most

popular routed protocol,
addition ACL numbers have
been added to newer router
IOSs.
Standard IP: 1300-1999
Extended IP: 2000-2699
The access-list command
The ip access-group command
{ in | out }
ACL Example
Basic Rules for ACLs
These basic rules should be followed when creating and applying access lists:
• One access list per protocol per direction.

• Standard IP access lists should be applied closest to the destination.
• Extended IP access lists should be applied closest to the source.
• Use the inbound or outbound interface reference as if looking at the port
from inside the router.
• Statements are processed sequentially from the top of list to the bottom until a
match is found, if no match is found then the packet is denied.
• There is an implicit deny at the end of all access lists. This will not appear
in the configuration listing.
• Access list entries should filter in the order from specific to general. Specific
hosts should be denied first, and groups or general filters should come last.
• Never work with an access list that is actively applied.
• New lines are always added to the end of the access list.
• A no access-list x command will remove the whole list. It is not possible
to selectively add and remove lines with numbered ACLs.
• Outbound filters do not affect traffic originating from the local router.
Wildcard Mask Examples
5 Examples follow that demonstrate how a wildcard mask can be used to
permit or deny certain IP addresses, or IP address ranges.
While subnet masks start with binary 1s and end with binary 0s, wildcard
masks are the reverse meaning they typically start with binary 0s and end
with binary 1s.
In the examples that follow Cisco has chosen to represent the binary 1s in
the wilcard masks with Xs to focus on the specific bits being shown in
each example.
You will see that while subnet masks were ANDed with ip addresses,
wildcard masks are ORed with IP addresses.
.
Wildcard Mask Example #1
Wildcard Mask Example #4 - Even IPs
Wildcard Mask Example #5 - Odd IP#s
The any and host Keywords
Verifying ACLs
There are many show commands that will verify the content and
placement of ACLs on the router.
The show ip interface command displays IP interface information

and indicates whether any ACLs are set.
The show access-lists command displays the contents of all ACLs

on the router.
show access-list 1 shows just access-list 1.
The show running-config command will also reveal the access

lists on a router and the interface assignment information.
Standard ACLs
Standard ACLs check the source address of IP packets that are routed.
The comparison will result in either permit or deny access for an entire protocol suite,
based on the network, subnet, and host addresses.
The standard version of the access-list global configuration command is used to define a
standard ACL with a number in the range of 1 to 99 (also from 1300 to 1999 in recent IOS).
If there is no wildcard mask. the default mask is used, which is 0.0.0.0.

(This only works with Standard ACLs and is the same thing as using host.)
The full syntax of the standard ACL command is:
Router(config)#access-list access-list-number {deny

| permit} source [source-wildcard ] [log]
The no form of this command is used to remove a standard ACL. This is the syntax:
Router(config)#no access-list access-list-number
Extended ACLs
Extended ACLs are used more often than standard ACLs because they provide a greater
range of control. Extended ACLs check the source and destination packet addresses as
well as being able to check for protocols and port numbers.
The syntax for the extended ACL statement can get very long and often will wrap in the
terminal window.
The wildcards also have the option of using the host or any keywords in the command.
At the end of the extended ACL statement, additional precision is gained from a field that
specifies the optional Transmission Control Protocol (TCP) or User Datagram Protocol
(UDP) port number.
Logical operations may be specified such as, equal (eq), not equal (neq), greater than (gt),
and less than (lt), that the extended ACL will perform on specific protocols.
Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000 to 2699
in recent IOS).
Extended ACL Syntax
Extended ACL Example
This extended ACL will allow people in network 200.100.50.0 to
surfing the internet, but not allow any other protocols like email, ftp,
etc.
access-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq 80

or
access-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq www
or
access-list 101 permit tcp 200.100.50.0 0.0.0.255 any eq http
NOTE: Just like all Standard ACLs end with an implicit "deny any",
all Extended ACLs end with an implicit "deny ip any any" which
means deny the entire internet from anywhere to anywhere.
ip access-group
The ip access-group command links an existing standard or
extended ACL to an interface.
Remember that only one ACL per interface, per direction, per
protocol is allowed.
The format of the command is:
Router(config-if)#ip access-group access-

list-number {in | out}
Named ACLs
IP named ACLs were introduced in Cisco IOS Software Release 11.2, allowing
standard and extended ACLs to be given names instead of numbers.
The advantages that a named access list provides are:

• Intuitively identify an ACL using an alphanumeric name.
• Eliminate the limit of 798 simple and 799 extended ACLs
• Named ACLs provide the ability to modify ACLs without deleting
them completely and then reconfiguring them.
Named ACLs are not compatible with Cisco IOS releases prior to Release 11.2.
The same name may not be used for multiple ACLs.

Named ACL Example
Placing ACLs
The general rule is to put the extended ACLs as close as possible to the source of
the traffic denied. Standard ACLs do not specify destination addresses, so they
should be placed as close to the destination as possible. For example, in the
graphic a standard ACL should be placed on Fa0/0 of Router D to prevent traffic
from Router A.
Permitting a Single Host
Router(config)# access-list 1 permit 200.100.50.23 0.0.0.0
or
Router(config)# access-list 1 permit host 200.100.50.23
or
Router(config)# access-list 1 permit 200.100.50.23
(The implicit “deny any” ensures that everyone else is denied.)
Router(config)# int e0
Router(config-if)# ip access-group 1 in
or
Router(config-if)# ip access-group 1 out
Denying a Single Host
Router(config)# access-list 1 deny 200.100.50.23 0.0.0.0
or
Router(config)# access-list 1 deny host 200.100.50.23
Router(config)# access-list 1 permit any
(The implicit “deny any” is still present, but totally irrelevant.)
or
Permitting a Single Network
Class C
or
Class B
or
Class A
or
Denying a Single Network
Class C
or
Class B
or
Class A

Permitting a Class C Subnet
Network Address/Subnet Mask: 200.100.50.0/28
Desired Subnet: 3rd
Process:
32-28=4 2^4 = 16
1st Usable Subnet address range it 200.100.50.16-31
2nd Usable Subnet address range it 200.100.50.32-47
3rd Usable Subnet address range it 200.100.50.48-63
Subnet Mask is 255.255.255.240 Inverse Mask is 0.0.0.15

or subtract 200.100.50.48 from 200.100.50.63 to get 0.0.0.15

Denying a Class C Subnet
Undesired Subnet: 2nd
Process:
32-27=5 2^5=32
1st Usable Subnet address range it 192.68.72.32-63
2nd Usable Subnet address range it 192.68.72.64-95



Permitting a Class B Subnet
Desired Subnet: 129th
Process:
Since exactly 8 bits are borrowed the 3rd octet will denote the
subnet number.
129th Usable Subnet address range it 150.75.129.0-255


Denying a Class B Subnet
Undesired Subnet: 50th
Process:
32-22=10 (more than 1 octet) 10-8=2 2^2=4
1st Usable Subnet address range it 160.88.4.0-160.88.7.255
2nd Usable Subnet address range it 160.88.8.0-160.88.11.255
50 * 4 = 200 50th subnet is 160.88.200.0-160.88.203.255


Permitting a Class A Subnet
Desired Subnet: 13th
Process:
32-12=20 20-16=4 2^4=16
1st Usable Subnet address range is 111.16.0.0-111.31.255.255
13*16=208
13th Usable Subnet address range is 111.208.0.0-111.223.255.255


Denying a Class A Subnet
Undesired Subnet: 500th
Process:
Since exactly 16 bits were borrowed the 2nd and 3rd octet will denote
the subnet.
1st Usable Subnet address range is 40.0.1.0-40.0.1.255

Router(config)# access-list 1 deny 40.1.244.0 0 0.0.0.255

Permit 200.100.50.24-100 Plan A
access-list 1 permit host 200.100.50.24
access-list 1 permit host 200.100.50.26 This
access-list 1 permit host 200.100.50.27 would get
access-list 1 permit host 200.100.50.28 very
: : : : : : : : tedious!
Permit 200.100.50.24-100 Plan B
access-list 1 permit 200.100.50.24 0.0.0.7 (24-31)
access-list 1 permit host 200.100.50.100 (100)

Permit 200.100.50.16-127 Plan A

Permit 200.100.50.16-127 Plan B
access-list 1 deny 200.100.50.0 0.0.0.15 (0-15)

First we make sure that addresses 0-15 are denied.
Then we can permit any address in the range 0-127.
Since only the first matching statement in an ACL is applied an

address in the range of 0-15 will be denied by the first statement
before it has a chance to be permitted by the second.

Permit 200.100.50.1,5,13,29,42,77
Sometimes a group of addresses has no pattern and the best way to

deal with them is individually.

Permit Source Network
access-list 101 permit ip 200.100.50.0 0.0.0.255 0.0.0.0
255.255.255.255
or
access-list 101 permit ip 200.100.50.0 0.0.0.255 any
Implicit deny ip any any

Deny Source Network
access-list 101 deny ip 200.100.50.0 0.0.0.255 0.0.0.0
255.255.255.255
255.255.255.255
or
access-list 101 deny ip 200.100.50.0 0.0.0.255 any

access-list 101 permit ip any any
Implicit deny ip any any is present but irrelevant.

Permit Destination Network
access-list 101 permit ip 0.0.0.0 255.255.255.255
200.100.50.0 0.0.0.255
or
access-list 101 permit ip any 200.100.50.0 0.0.0.255

Deny Destination Network
access-list 101 deny ip 0.0.0.0 255.255.255.255
200.100.50.0 0.0.0.255
255.255.255.255
or
access-list 101 deny ip any 200.100.50.0 0.0.0.255

Implicit deny ip any any is present but irrelevant.

Permit one Source Network to
another Destination Network
Assume the only traffic you want is traffic from network 200.100.50.0
to network 150.75.0.0

150.75.0.0 0.0.255.255
To allow 2 way traffic between the networks add this statement:

200.100.50.0 0.0.0.255
Deny one Source Network to
another Destination Network
Assume you want to allow all traffic EXCEPT from network
200.100.50.0 to network 150.75.0.0
access-list 101 deny ip 200.100.50.0 0.0.0.255 150.75.0.0

0.0.255.255
To deny 2 way traffic between the networks add this statement:
access-list 101 deny ip 150.75.0.0 0.0.255.255

200.100.50.0 0.0.0.255
Deny FTP
Assume you do not want anyone FTPing on the network.
access-list 101 deny tcp any any eq 21

or
access-list 101 deny tcp any any eq ftp

Deny Telnet
Assume you do not want anyone telnetting on the network.

or
access-list 101 deny tcp any any eq telnet

Deny Web Surfing
Assume you do not want anyone surfing the internet.

or
access-list 101 deny tcp any any eq www

You can also use http instead of www.

Complicated Example #1
Suppose you have the following conditions:
 No one from Network 200.100.50.0 is allowed to FTP anywhere
 Only hosts from network 150.75.0.0 may telnet to network 50.0.0.0
 Subnetwork 100.100.100.0/24 is not allowed to surf the internet
access-list 101 deny tcp 200.100.50.0 0.0.0.255 any eq 21
access-list 101 permit tcp 150.75.0.0 0.0.255.255 50.0.0.0

0.255.255.255 eq 23
access-list 101 deny tcp 100.100.100.0 0.0.0.255 any eq 80

Complicated Example #2
Suppose you are the admin of network 200.100.50.0. You want to permit Email
only between your network and network 150.75.0.0. You wish to place no
restriction on other protocols like web surfing, ftp, telnet, etc.
 Email server send/receive Protocol: SMTP, port 25
 User Check Email Protocol: POP3, port 110
This example assumes the your Email server is at addresses 200.100.50.25

0.0.255.255 eq 25
0.0.0.255 eq 25
access-list 101 permit tcp 200.100.50.0 0.0.0.255
200.100.50.0 0.0.0.255 eq 110
access-list 101 deny tcp any any smtp
access-list 101 deny tcp any any pop3
NAT
Network Address
Translator
Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)

New addressing concepts
Problems with IPv4

Shortage of IPv4 addresses
Allocation of the last IPv4 addresses is forecasted for the year 2005
Address classes were replaced by usage of CIDR, but this is not sufficient
Short term solution

NAT: Network Address Translator
Long term solution

IPv6 = IPng (IP next generation)
Provides an extended address range
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
Private Network Public Network

Uses private address range Uses public addresses
(local addresses)
Local addresses may not Public addresses are
be used externally globally unique
Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9)

realm with realm with
private addresses public addresses
translate reserve
To be pool
translated
map
NAT
exclude exclude
NAT Router
Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)

free
NAT
Pool
A timeout value (default 15 min) instructs NAT

how long to keep an association in an idle state before
returning the external IP address to the free NAT pool.
Fig. 8 How does NAT know when to return the public IP address to the pool? (TI1332EU02TI_0003 New Address Concepts, 15)
NAT Addressing Terms
• Inside Local
– The term “inside” refers to an address used for a host inside an
enterprise. It is the actual IP address assigned to a host in the
private enterprise network.
• Inside Global
– NAT uses an inside global address to represent the inside host
as the packet is sent through the outside network, typically the
Internet.
– A NAT router changes the source IP address of a packet sent
by an inside host from an inside local address to an inside
global address as the packet goes from the inside to the
outside network.
• Outside Global
– The term “outside” refers to an address used for a host
outside an enterprise, the Internet.
– An outside global is the actual IP address assigned to a
host that resides in the outside network, typically the
Internet.
• Outside Local
– NAT uses an outside local address to represent the
outside host as the packet is sent through the private
enterprise network.
– A NAT router changes a packet’s destination IP address,
sent from an outside global address to an inside host, as
the packet goes from the outside to the inside network.
WAN
Router
Router A with NAT

Router Router Router B
SA = 193.50.30.4
DA = 192.50.20.5
SA = 10.47.10.10 Router Router

DA = 192.50.20.5 Net B
192.50.20.0
LAN LAN
Net A
10.0.0.0
10.47.10.10 192.50.20.5
Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)

WAN
NAT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4 SA = 138.76.29.7
DA =138.76.29.7 DA = 138.76.28.4
Router
SA = 10.0.0.10 SA = 138.76.29.7
DA = 138.76.29.7 DA = 10.0.0.10
Net A
10.0.0.0/8
10.0.0.10
Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)

Types Of NAT
• There are different types of NAT that can be
used, which are
– Static NAT
– Dynamic NAT
– Overloading NAT with PAT (NAPT)
Static NAT
• With static NAT, the NAT router simply
configures a one-to-one mapping between the
private address and the registered address
that is used on its behalf.
Dynamic NAT
• Like static NAT, the NAT router creates a one-
to-one mapping between an inside local and
inside global address and changes the IP
addresses in packets as they exit and enter
the inside network.
• However, the mapping of an inside local

address to an inside global address happens
dynamically.
Dynamic NAT
• Dynamic NAT sets up a pool of possible inside global

addresses and defines criteria for the set of inside local IP
addresses whose traffic should be translated with NAT.
• The dynamic entry in the NAT table stays in there as long

as traffic flows occasionally.
• If a new packet arrives, and it needs a NAT entry, but all

the pooled IP addresses are in use, the router simply
discards the packet.
PAT
Port Address Translator
Fig. 9 NAPT (TI1332EU02TI_0003 New Address Concepts, 17)

WAN
NAPT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4, sport = 1024 SA = 138.76.29.7, spor t= 23

DA =138.76.29.7, dpor t= 23 DA = 138.76.28.4, dport = 1024
Router
SA = 10.0.0.10, sport = 3017 SA = 138.76.29.7, spor t= 23

DA = 138.76.29.7, dpor t= 23 DA = 10.0.0.10, dport = 3017
Net A
10.0.0.0/8
10.0.0.10

PAT with e.g. a single public IP address
single public
IP address
private IP network
WAN
(e.g. SOHO)
pool of TU port numbers
local IP @,
mapping registered IP @,
local TU port #
assigned TU port #
TU....TCP/UDP
NAT&PAT
Network Address Translation &
Port Address Transation
Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)

New addressing concepts
Problems with IPv4

Shortage of IPv4 addresses
Allocation of the last IPv4 addresses is forecasted for the year 2006
Address classes were replaced by usage of CIDR, but this is not sufficient
Short term solution

Long term solution

IPv6 = IPng (IP next generation)
Provides an extended address range
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
Private Network Public Network

Uses private address range Uses public addresses
(local addresses)
Local addresses may not Public addresses are
be used externally globally unique
Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9)

private addresses public addresses
translate reserve
To be pool
translated
map
NAT
exclude exclude
NAT Router
Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)

free
NAT
Pool
A timeout value (default 15 min) instructs NAT

how long to keep an association in an idle state before
returning the external IP address to the free NAT pool.
Fig. 8 How does NAT know when to return the public IP address to the pool? (TI1332EU02TI_0003 New Address Concepts, 15)
• Inside Local “Private address”
– The term “inside” refers to an address used for a host inside an
enterprise. It is the actual IP address assigned to a host in the
private enterprise network.
• Inside Global “Public address”

– NAT uses an inside global address to represent the inside host
as the packet is sent through the outside network, typically the
WAN.
– A NAT router changes the source IP address of a packet sent
by an inside host from an inside local address to an inside
global address as the packet goes from the inside to the
outside network.
WAN
Router
Router A with NAT

Router Router Router B
SA = 193.50.30.4
DA = 192.50.20.5
SA = 10.47.10.10 Router Router

DA = 192.50.20.5 Net B
192.50.20.0
LAN LAN
Net A
10.0.0.0
10.47.10.10 192.50.20.5
Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)

WAN
NAT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4 SA = 138.76.29.7
DA =138.76.29.7 DA = 138.76.28.4
Router
SA = 10.0.0.10 SA = 138.76.29.7
DA = 138.76.29.7 DA = 10.0.0.10
Net A
10.0.0.0/8
10.0.0.10

Types Of NAT
• There are different types of NAT that can be
used, which are
– Static NAT
– Dynamic NAT
– Overloading NAT with PAT (NAT Over PAT)
Static NAT
• With static NAT, the NAT router simply
configures a one-to-one mapping between the
private address and the registered address
that is used on its behalf.
Static NAT Configuration
• To form NAT table

Router(config)#IP Nat inside source static [inside local source
IP address] [inside global source IP address]
• Assign NAT to an Interface
Router(config)#Interface [Serial x/y]

Router(config-if)#IP NAT [Inside]
• See Example
Dynamic NAT
• Like static NAT, the NAT router creates a one-
to-one mapping between an inside local and
inside global address and changes the IP
addresses in packets as they exit and enter
the inside network.
• However, the mapping of an inside local

address to an inside global address happens
dynamically.
Dynamic NAT
• Dynamic NAT sets up a pool of possible inside global

addresses and defines criteria for the set of inside local IP
addresses whose traffic should be translated with NAT.
• The dynamic entry in the NAT table stays in there as long

as traffic flows occasionally.
• If a new packet arrives, and it needs a NAT entry, but all

the pooled IP addresses are in use, the router simply
discards the packet.
Dynamic NAT Configuration
• Specify inside addresses to be translated

Router(config)#IP Nat inside source list [standard Access List
number] pool [NAT Pool Name]
• Specify NAT pool

Router(config)#IP Nat pool [NAT Pool Name] [First inside global
address] [Last inside global address] netmask [subnet mask]
• Assign NAT to an Interface

• See Example
PAT
Port Address Translator

WAN
NAPT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4, sport = 1024 SA = 138.76.29.7, spor t= 23

DA =138.76.29.7, dpor t= 23 DA = 138.76.28.4, dport = 1024
Router
SA = 10.0.0.10, sport = 3017 SA = 138.76.29.7, spor t= 23

DA = 138.76.29.7, dpor t= 23 DA = 10.0.0.10, dport = 3017
Net A
10.0.0.0/8
10.0.0.10
PAT with e.g. a single public IP address
single public
IP address
private IP network
WAN
(e.g. SOHO)
pool of TU port numbers
local IP @,
mapping registered IP @,
local TU port #
assigned TU port #
TU....TCP/UDP
PAT Configuration
• Specify inside addresses to be translated

Router(config)#IP Nat inside source list [standard Access List
number] pool [NAT Pool Name] overload
• Specify PAT pool

Router(config)#IP Nat pool [NAT Pool Name] [First inside global
address] [Last inside global address] netmask [subnet mask]
• Assign PAT to an Interface

• See Example
Ethernet Access with Hubs
Ethernet Access with Bridges
Ethernet Access with Switches
Today's LAN
Full Duplex Transmitting
Full-duplex Ethernet allows the transmission of a packet and the reception of a different
packet at the same time.
This simultaneous transmission and reception requires the use of two pairs of wires in the
cable and a switched connection between each node. This connection is considered point-
to-point and is collision free.
The full-duplex Ethernet switch takes advantage of the two pairs of wires in the cable by
creating a direct connection between the transmit (TX) at one end of the circuit and the
receive (RX) at the other end.
Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth because of
collisions and latency. Full-duplex Ethernet offers 100% of the bandwidth in both directions.
This produces a potential 20 Mbps throughput.
Collision Domains
Segmentation with Bridges
Segmentation with Routers
Segmentation with Switches
Basic Operations of a Switch
Switching is a technology that decreases congestion in Ethernet, Token Ring, and
FDDI LANs. Switching accomplishes this by reducing traffic and increasing
bandwidth. LAN switches are often used to replace shared hubs and are
designed to work with existing cable infrastructures.
Switching equipment performs the following two basic operations:
• Switching data frames
• Maintaining switching operations
Switching Methods
1. Store-and-Forward
The entire frame is received before any forwarding takes place. Filters are applied
before the frame is forwarded. Most reliable and also most latency especially
when frames are large.
2. Cut-Through
The frame is forwarded through the switch before the entire frame is received. At
a minimum the frame destination address must be read before the frame can be
forwarded. This mode decreases the latency of the transmission, but also reduces
error detection.
3. Fragment-Free
Fragment-free switching filters out collision fragments before forwarding begins.
Collision fragments are the majority of packet errors. In a properly functioning
network, collision fragments must be smaller than 64 bytes. Anything > 64 bytes
is a valid packet and is usually received without error.
Frame Transmission Modes
Benefits of Switching
How Switches and Bridges
Learn Addresses
Bridges and switches learn in the following ways:
• Reading the source MAC address of each received

frame or datagram
• Recording the port on which the MAC address was

received.
In this way, the bridge or switch learns which addresses

belong to the devices connected to each port.
CAM
Content Addressable Memory
CAM is used in switch applications:
• To take out and process the address information from

incoming data packets
• To compare the destination address with a table of

addresses stored within it
The CAM stores host MAC addresses and associated port numbers.
The CAM compares the received destination MAC address against
the CAM table contents. If the comparison yields a match, the port is
provided, and switching control forwards the packet to the correct
port and address.
Shared vs. Dedicates Bandwidth
If a hub is used, bandwidth is shared. If a switch is used, then bandwidth is dedicated. If a
workstation or server is directly connected to a switch port, then the full bandwidth of the
connection to the switch is available to the connected computer. If a hub is connected to a
switch port, bandwidth is shared between all devices connected to the hub.
Microsegmentation of a Network
Microsegmentation
3 Methods of Communication
Switches & Broadcast Domains
When two switches are connected, the broadcast domain is increased.
The overall result is a reduction in available bandwidth. This happens because all devices
in the broadcast domain must receive and process the broadcast frame.
Routers are Layer 3 devices. Routers do not propagate broadcasts. Routers are used to
segment both collision and broadcast domains.
Broadcast Domain
Overview
To design reliable, manageable, and scalable networks, a network
designer must realize that each of the major components of a network has
distinct design requirements.
Good network design will improve performance and also reduce the
difficulties associated with network growth and evolution.
The design of larger LANs includes identifying the following:

• An access layer that connects end users into the LAN
• A distribution layer that provides policy-based connectivity
between end-user LANs
• A core layer that provides the fastest connection between the
distribution points
Each of these LAN design layers requires switches that are best suited for
specific tasks.
The Access Layer
The access layer is the entry point for user workstations and servers to the
network. In a campus LAN the device used at the access layer can be a
switch or a hub.
Access layer functions also include MAC layer filtering and

microsegmentation. Layer 2 switches are used in the access layer.
Access Layer Switches
Access layer switches operate at Layer 2 of the OSI model
The main purpose of an access layer switch is to allow end users

into the network.
An access layer switch should provide this functionality with low cost
and high port density.
The following Cisco switches are commonly used at the access

layer:
• Catalyst 1900 series
The Distribution Layer
The distribution layer of the network is between the access and core layers. Networks are
segmented into broadcast domains by this layer. Policies can be applied and access
control lists can filter packets.
The distribution layer isolates network problems to the workgroups in which they occur. The
distribution layer also prevents these problems from affecting the core layer. Switches in
this layer operate at Layer 2 and Layer 3.
Distribution Layer Switches
The distribution layer switch must have high performance.
The distribution layer switch is a point at which a broadcast domain is

delineated. It combines VLAN traffic and is a focal point for policy decisions
about traffic flow.
For these reasons distribution layer switches operate at both Layer 2 and
Layer 3 of the OSI model.
Switches in this layer are referred to as multilayer switches. These multilayer

switches combine the functions of a router and a switch in one device.
The following Cisco switches are suitable for the distribution layer:
• Catalyst 2926G
• Catalyst 5000 family
• Catalyst 6000 family
The Core Layer
The core layer is a high-speed switching backbone.
This layer of the network design should not perform any packet manipulation. Packet
manipulation, such as access list filtering, would slow down the process.
Providing a core infrastructure with redundant alternate paths gives stability to the network
in the event of a single device failure.
The core can be designed to use Layer 2 or Layer 3 switching. Asynchronous Transfer
Mode (ATM) or Ethernet switches can be used.
Core Layer Switches
The switches in this layer can make use of a number of Layer 2
technologies. Provided that the distance between the core layer switches
is not too great, the switches can use Ethernet technology.
In a network design, the core layer can be a routed, or Layer 3, core. Core
layer switches are designed to provide efficient Layer 3 functionality when
needed.
Factors such as need, cost, and performance should be considered before

a choice is made.
The following Cisco switches are suitable for the core layer:
• IGX 8400 series
• Lightstream 1010
Physical Startup of the Catalyst Switch
Switches are dedicated, specialized computers,
which contain a CPU, RAM, and an operating
system.
Switches usually have several ports for the

purpose of connecting hosts, as well as
specialized ports for the purpose of management.
A switch can be managed by connecting to the

console port to view and make changes to the
configuration.
Switches typically have no power switch to turn

them on and off. They simply connect or
disconnect from a power source.
Several switches from the Cisco Catalyst 2950

series are shown in graphic to the right.
Switch LED Indicators
The front panel of a switch has several lights to help monitor system activity and
performance. These lights are called light-emitting diodes (LEDs). The switch
has the following LEDs:
• System LED
• Remote Power Supply (RPS) LED
• Port Mode LED
• Port Status LEDs
The System LED shows whether the system is receiving power and functioning
correctly.
The RPS LED indicates whether or not the remote power supply is in use.
The Mode LEDs indicate the current state of the Mode button.
The Port Status LEDs have different meanings, depending on the current value
of the Mode LED.
Verifying Port LEDs During Switch POST
Once the power cable is connected, the switch initiates a series of
tests called the power-on self test (POST).
POST runs automatically to verify that the switch functions

correctly.
The System LED indicates the success or failure of POST.

Connecting a Switch to a Computer
Examining Help in the Switch CLI
The command-line interface (CLI) for Cisco switches is very similar
to the CLI for Cisco routers.
The help command is issued by entering a question mark (?).
When this command is entered at the system prompt, a list of

commands available for the current command mode is displayed.
The help command is very flexible and essentially functions the

same way it does in a router CLI.
This form of help is called command syntax help, because it

provides applicable keywords or arguments based on a partial
command.
Switch Command Modes
Switches have several command modes.
The default mode is User EXEC mode, which ends in a greater-

than character (>).
The commands available in User EXEC mode are limited to those

that change terminal settings, perform basic tests, and display
system information.
The enable command is used to change from User EXEC mode to

Privileged EXEC mode, which ends in a pound-sign character (#).
The configure command allows other command modes to be

accessed.
Show Commands in User-Exec Mode
Setting Switch Hostname
Setting Passwords on Lines
SPANNING-TREE
PROTOCOL
Overview
Redundancy in a network is extremely important because
redundancy allows networks to be fault tolerant.
Redundant topologies based on switches and bridges are

susceptible to broadcast storms, multiple frame transmissions,
and MAC address database instability.
Therefore network redundancy requires careful planning and

monitoring to function properly.
The Spanning-Tree Protocol is used in switched networks to

create a loop free logical topology from a physical topology
that has loops.
Redundant Switched Topologies
Networks with redundant paths and devices allow for more network uptime.
In the graphic, if Switch A fails, traffic can still flow from Segment 2 to Segment 1
and to the router through Switch B. If port 1 fails on Switch A then traffic can still
flow through port 1 on Switch B.
Switches learn the MAC addresses of devices on their ports so that data can be
properly forwarded to the destination. Switches will flood frames for unknown
destinations until they learn the MAC addresses of the devices.
A redundant switched topology may cause broadcast storms, multiple frame copies,
and MAC address table instability problems.
Broadcast Storms
Broadcasts and multicasts can cause problems in a switched network.
Multicasts are treated as broadcasts by the switches.
Broadcasts and multicasts frames are flooded out all ports, except the one on which
the frame was received.
The switches continue to propagate broadcast traffic over and over. This is called a
broadcast storm. This will continue until one of the switches is disconnected. The
network will appear to be down or extremely slow.
Multiple Frame Transmissions
In a redundant switched network it is possible for an end device to receive multiple
frames. Assume that the MAC address of Router Y has been timed out by both
switches. Also assume that Host X still has the MAC address of Router Y in its ARP
cache and sends a unicast frame to Router Y. The router receives the frame because
it is on the same segment as Host X. Switch A does not have the MAC address of
the Router Y and will therefore flood the frame out its ports. Switch B also does not
know which port Router Y is on. Switch B then floods the frame it received causing
Router Y to receive multiple copies of the same frame. This is a cause of
unnecessary processing in all devices.
MAC Database Instability
A switch can incorrectly learn that a MAC address is on one port, when it is actually
on a different port. In this example the MAC address of Router Y is not in the MAC
address table of either switch. Host X sends a frame directed to Router Y. Switches
A & B learn the MAC address of Host X on port 0. The frame to Router Y is flooded
on port 1 of both switches. Switches A and B see this information on port 1 and
incorrectly learn the MAC address of Host X on port 1. When Router Y sends a frame
to Host X, Switch A and Switch B will also receive the frame and will send it out port
1. This is unnecessary, but the switches have incorrectly learned that Host X is on
port 1.
Using Bridging Loops
for Redundancy
Logical Loop Free Topology
Created with STP
NOTE:
Don’t confuse Spanning Tree Protocol
(STP) with Shielded Twisted Pair (STP).
Spanning Tree Protocol - 1
Ethernet bridges
and switches can
implement the IEEE
802.1D Spanning-
Tree Protocol and
use the spanning-
tree algorithm to
construct a loop
free shortest path
network.
Shortest path is
based on
cumulative link
costs.
Link costs are
based on the speed
of the link.
Spanning Tree Protocol - 2
The Spanning-Tree Protocol establishes
a root node, called the root
bridge/switch.
The Spanning-Tree Protocol constructs

a topology that has one path for
reaching every network node. The
resulting tree originates from the root
bridge/switch.
The Spanning-Tree Protocol requires

network devices to exchange messages
to detect bridging loops. Links that will
cause a loop are put into a blocking
state.
The message that a switch sends,

allowing the formation of a loop free
logical topology, is called a Bridge
Protocol Data Unit (BPDU).
Selecting the Root Bridge
The first decision that all switches in the network make, is to identify the
root bridge. The position of the root bridge in a network will affect the traffic
flow.
When a switch is turned on, the spanning-tree algorithm is used to identify

the root bridge. BPDUs are sent out with the Bridge ID (BID).
The BID consists of a bridge priority that defaults to 32768 and the switch
base MAC address.
When a switch first starts up, it assumes it is the root switch and sends
BPDUs. These BPDUs contain the switch MAC address in both the root and
sender BID. As a switch receives a BPDU with a lower root BID it replaces
that in the BPDUs that are sent out. All bridges see these and decide that
the bridge with the smallest BID value will be the root bridge.
A network administrator may want to influence the decision by setting the

switch priority to a smaller value than the default.
BDPUs
BPDUs contain enough information so that all switches can do the
following:
• Select a single switch that will act as the root of the
spanning tree
• Calculate the shortest path from itself to the root switch
• Designate one of the switches as the closest one to the
root, for each LAN segment. This bridge is called the “designated
switch”. The designated switch handles all communication from
that LAN towards the root bridge.
• Each non-root switch choose one of its ports as its root
port, this is the interface that gives the best path to the
root switch.
• Select ports that are part of the spanning tree, the
designated ports. Non-designated ports are blocked.
Spanning Tree Operation
When the network has stabilized, it has converged and there is one spanning tree
per network. As a result, for every switched network the following elements exist:
• One root bridge per network
• One root port per non root bridge
• One designated port per segment
• Unused, non-designated ports
Root ports and designated ports are used for forwarding (F) data traffic.
Non-designated ports discard data traffic.
Non-designated ports are called blocking (B) or discarding ports.
Spanning Tree Port States
Spanning Tree Recalculation
A switched internetwork has converged when all the switch and bridge
ports are in either the forwarding or blocked state.
Forwarding ports send and receive data traffic and BPDUs.
Blocked ports will only receive BPDUs.
When the network topology changes, switches and bridges recompute

the Spanning Tree and cause a disruption of user traffic.
Convergence on a new spanning-tree topology using the IEEE 802.1D

standard can take up to 50 seconds.
This convergence is made up of the max-age of 20 seconds, plus the

listening forward delay of 15 seconds, and the learning forward delay of
15 seconds.
Rapid STP Designations
VLANs
VLAN implementation combines Layer 2 switching and Layer 3 routing
technologies to limit both collision domains and broadcast domains.
VLANs can also be used to provide security by creating the VLAN groups
according to function and by using routers to communicate between VLANs.
A physical port association is used to implement VLAN assignment.
Communication between VLANs can occur only through the router.
This limits the size of the broadcast domains and uses the router to determine
whether one VLAN can talk to another VLAN.
NOTE: This is the only way a switch can break up a broadcast domain!
Setting up VLAN Implementation
VLAN Communication
VLAN Membership Modes
• VLAN membership can either be static or dynamic.

Static VLANs
• All users attached to same switch port must be in the same VLAN.
Configuring VLANs in Global Mode
Switch#configure terminal
Switch(config)#vlan 3
Switch(config-vlan)#name Vlan3
Switch(config-vlan)#exit
Switch(config)#end
Configuring VLANs
in VLAN Database Mode
Switch#vlan database
Switch(vlan)#vlan 3
VLAN 3 added:
Name: VLAN0003
Switch(vlan)#exit
APPLY completed.
Exiting....
Deleting VLANs in Global Mode
Switch(config)#no vlan 3
Switch(config)#end
Deleting VLANs
in VLAN Database Mode
Switch#vlan database
Switch(vlan)#no vlan 3
VLAN 3 deleted:
Name: VLAN0003
Switch(vlan)#exit
APPLY completed.
Exiting....
Assigning Access Ports to a VLAN
Switch(config)#interface gigabitethernet 1/1
• Enters interface configuration mode
Switch(config-if)#switchport mode access
• Configures the interface as an access port
Switch(config-if)#switchport access vlan 3
• Assigns the access port to a VLAN

Verifying the VLAN
Configuration
Switch#show vlan [id | name] [vlan_num | vlan_name]
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/11, Fa0/12
Gi0/1, Gi0/2
2 VLAN0002 active
51 VLAN0051 active
52 VLAN0052 active
…
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
52 enet 100052 1500 - - - - - 0 0
…
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Verifying the VLAN Port
Configuration
Switch#show running-config interface {fastethernet |
gigabitethernet} slot/port
• Displays the running configuration of the interface
Switch#show interfaces [{fastethernet | gigabitethernet}

slot/port] switchport
• Displays the switch port configuration of the interface
Switch#show mac-address-table interface interface-id [vlan

vlan-id] [ | {begin | exclude | include} expression]
• Displays the MAC address table information for the specified interface
in the specified VLAN
Implementing VLAN Trunks
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-511

VLAN Trunking
Importance of Native VLANs
ISL Encapsulation
– Performed with ASIC

– Not intrusive to client stations;
client does not see the
header
– Effective between switches,
and between routers and
switches
ISL and Layer 2 Encapsulation
Configuring ISL Trunking
Switch(config)#interface fastethernet 2/1
• Enters interface configuration mode
Switch(config-if)#switchport mode trunk
• Configures the interface as a Layer 2 trunk
Switch(config-if)#switchport trunk encapsulation [isl|dot1q]
• Selects the encapsulation

Verifying ISL Trunking
Switch#show interfaces [fastethernet | gigabitethernet]

slot/port [ switchport | trunk ]
Switch#show interfaces fastethernet 2/1 trunk
Port Mode Encapsulation Status Native VLAN

Fa2/1 desirable isl trunking 1
Port VLANs allowed on trunk

Fa2/1 1-1005
Port VLANs allowed and active in management domain

Fa2/1 1-2,1002-1005
Port VLANs in spanning tree forwarding state and not pruned

Fa2/1 1-2,1002-1005
802.1Q Trunking
Configuring 802.1Q Trunking
Switch(config)#interface fastethernet 5/8

Switch(config-if)#shutdown
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport trunk allowed vlan 1,15,11,1002-1005
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport nonegotiate
Switch(config-if)#no shutdown
Verifying 802.1Q Trunking
Switch#show interfaces [fastethernet | gigabitethernet]

slot/port [ switchport | trunk ]
Switch#show interfaces gigabitEthernet 0/1 switchport

Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
. . .
Implementing VLAN Trunk Protocol
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-521

VTP Protocol Features
– Advertises VLAN configuration information
– Maintains VLAN configuration consistency throughout a common
administrative domain
– Sends advertisements on trunk ports only
VTP Modes
• Creates, modifies, and deletes
VLANs
• Sends and forwards
advertisements
• Synchronizes VLAN configurations
• Saves configuration in NVRAM
• Cannot create,
change, or delete • Creates, modifies, and
VLANs deletes VLANs locally only
• Forwards • Forwards
advertisements advertisements
• Synchronizes VLAN • Does not
configurations synchronize VLAN
• Does not save in configurations
NVRAM • Saves configuration in
NVRAM
VTP Operation
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest update identified revision
number.
• VTP advertisements are sent every 5 minutes or when there is a change.
VTP Pruning
• Increases available bandwidth by reducing unnecessary flooded traffic

• Example: Station A sends broadcast, and broadcast is flooded only toward any
switch with ports assigned to the red VLAN.
VTP Configuration Guidelines
– Configure the following:
• VTP domain name
• VTP mode (server mode is the default)
• VTP pruning
• VTP password
– Be cautious when adding a new switch into an existing

domain.
– Add a new switch in a Client mode to get the last up-to-date
information from the network then convert it to Server mode.
– Add all new configurations to switch in transparent mode and
check your configuration well then convert it to Server mode
to prevent the switch from propagating incorrect VLAN
information.
Configuring a VTP Server
Switch(config)#vtp server
• Configures VTP server mode
Switch(config)#vtp domain domain-name
• Specifies a domain name
Switch(config)#vtp password password
• Sets a VTP password
Switch(config)#vtp pruning
• Enables VTP pruning in the domain

Configuring a VTP Server (Cont.)
Switch(config)#vtp server
Setting device to VTP SERVER mode.

Switch(config)#vtp domain Lab_Network
Setting VTP domain name to Lab_Network

Switch(config)#end
Verifying the VTP Configuration
Switch#show vtp status
Switch#show vtp status
VTP Version : 2
Configuration Revision : 247
Maximum VLANs supported locally : 1005
Number of existing VLANs : 33
VTP Operating Mode : Client
VTP Domain Name : Lab_Network
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49
Switch#
Verifying the VTP Configuration
(Cont.)
Switch#show vtp counters
Switch#show vtp counters
VTP statistics:
Summary advertisements received : 7
Subset advertisements received : 5
Request advertisements received : 0
Summary advertisements transmitted : 997
Subset advertisements transmitted : 13
Request advertisements transmitted : 3
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:

Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Fa5/8 43071 42766 5
Contents
• Remote access overview
• WAN Connection Types
• Defining WAN Encapsulation Protocols
• Determining the WAN Type to Use
• OSI Layer-2 Point-to-Point WANs
– PPP
– HDLC
– Frame Relay
Remote Access Overview
• A WAN is a data communications network
covering a relatively broad geographical area.
• A network administrator designing a remote

network must weight issues concerning users
needs such as bandwidth and cost of the
variable available technologies.
WAN Connection Types
• Leased lines
– It is a pre-established WAN communications path from
the CPE, through the DCE switch, to the CPE of the
remote site, allowing DTE networks to communicate at
any time with no setup procedures before transmitting
data.
• Circuit switching
– Sets up line like a phone call. No data can transfer
before the end-to-end connection is established.
• Packet switching
– WAN switching method that allows you to share bandwidth
with other companies to save money. As long as you are
not constantly transmitting data and are instead using
bursty data transfers, packet switching can save you a lot
of money.
– However, if you have constant data transfers, then you will

need to get a leased line.
– Frame Relay and X.25 are packet switching technologies.
Defining WAN Encapsulation
Protocols
• Each WAN connection uses an encapsulation
protocol to encapsulate traffic while it crossing
the WAN link.
• The choice of the encapsulation protocol

depends on the underlying WAN technology
and the communicating equipment.
Defining WAN Encapsulation
Protocols
• Typical WAN encapsulation types include the
following:
– Point-to-Point Protocol (PPP)

– Serial Line Internet Protocol (SLIP)
– High-Level Data Link Control Protocol (HDLC)
– X.25 / Link Access Procedure Balanced (LAPB)
– Frame Relay
– Asynchronous Transfer Mode (ATM)
Determining the WAN Type to Use
• Availability
– Each type of service may be available in certain
geographical areas.
• Bandwidth
– Determining usage over the WAN is important to evaluate
the most cost-effective WAN service.
• Cost
– Making a compromise between the traffic you need to
transfer and the type of service with the available cost that
will suit you.
Determining the WAN Type to Use
• Ease of Management
– Connection management includes both the initial
start-up configuration and the outgoing
configuration of the normal operation.
• Application Traffic
– Traffic may be as small as during a terminal
session , or very large packets as during file
transfer.
Max. WAN Speeds for WAN
Connections
Maximum
WAN Type
Speed
Asynchronous Dial-Up 56-64 Kbps
X.25, ISDN – BRI 128 Kbps
ISDN – PRI E1 / T1
Leased Line / Frame Relay E3 / T3

OSI Layer-2 Point-to-Point WANs
• WAN protocols used on Point-to-Point serial
links provide the basic function of data
delivery across that one link.
• The two most popular data link protocols used

today are Point-to-Point Protocol (PPP) and
High-Level Data Link Control (HDLC).
HDLC
• HDLC performs OSI Layer-2 functions.
• It determines when it is appropriate to use the
physical medium.
• Ensures that the correct recipient receives and
processes the data that is sent.
• Determines whether the sent data was
received correctly or not (error detection).
HDLC
• HDLC Frame Format
• The original HDLC didn’t include any Protocol

Type field, every company (including Cisco)
added its own field, so it became a proprietary
protocol that can be used between only Cisco
routers.
Point-to-Point Protocol (PPP)
• PPP is a standard encapsulation protocol for the
transport of different Network Layer protocols
(including, but not limited to, IP).
• It has the following main functional components

– Link Control Protocol (LCP) that establishes, authenticates,
and tests the data link connection.
– Network Control Protocols (NCPs) that establishes and
configure different network layer protocols.
Point-to-Point Protocol (PPP)
• PPP discards frames that do not pass the
error check.
• PPP is a standard protocol, and so it can be
used with all types of routers (not Cisco
Proprietary).
PPP LCP Features
• Authentication
• Compression
• Multilink PPP
• Error Detection
• Looped Link Detection
Compression
• Compression enables higher data throughput across
the link.
• Different compression schemes are available:
– Predictor : checks if the data was already compressed.
– Stacker : it looks at the data stream and only sends each
type of data once with information about where the type
occurs and then the receiving side uses this information to
reassemble the data stream.
– MPPC (Microsoft Point-to-Point Compression) : allows
Cisco routers to compress data with Microsoft clients.
PPP Multilink
• PPP Multilink provides load balancing over
dialer interfaces-including ISDN, synchronous,
and asynchronous interfaces.
• This can improve throughput and reduce

latency between systems by splitting packets
and sending fragments over parallel circuits.
Error Detection
• PPP can take down a link based on the value
of what is called LQM (Link Quality Monitor)
as it gets the ratio of corrupted packets to the
total number of sent packets, and according to
a predetermined value, the link can be brought
down if it is thought that its performance is
beyond limits accepted.
Looped Link Detection
• PPP can detect looped links (that are
sometimes done by Teleco companies) using
what is called Magic Number.
• Every router will have a magic number, and if

packets were received having the same
router’s magic number, then the link is looped.
PPP Configuration Commands
• To enable PPP
– Router(config-if)#encapsulation ppp
• To configure PAP authentication

– Router(Config-if)#ppp authentication pap
– Router(Config-if)#ppp pap username .. password ..
• To configure Compression
– Router(Config-if)#compress [predictor|stack|mppc]
Frame Relay

Frame Relay
• Frame Relay networks use permanent virtual circuits (PVCs) or
switched virtual circuits (SVCs) but most nowadays Frame Relay
networks use permanent virtual circuits (PVCs).
• The logical path between each pair of routers is called a
Virtual Circuit (VC).
• VCs share the access link and the frame relay network.
• Each VC is committed to a CIR (Committed Information Rate)
which is a guarantee by the provider that a particular VC gets
at least this much of BW.
PVC
PC PVC
Port PVC
CPE
UNI SVC
SVC
Controller
Router ISDN dial-up connection
or Switch
direct connection
(V.35, E1, RS232)
PBX
Video
Desktop & LAN Network access Frame Relay

Network
Formats
packets
in frames
LMI and Encapsulation Types
• The LMI is a definition of the messages used between
the DTE and the DCE.
• The encapsulation defines the headers used by a DTE

to communicate some information to the DTE on the
other end of a VC.
• The switch and its connected router care about using

the same LMI; the switch does not care about the
encapsulation. The endpoint routers (DTEs) do care
about the encapsulation.
LMI
• The most important LMI message is the LMI status
inquiry message. Status messages perform two key
functions:
– Perform a keepalive function between the DTE and DCE. If

the access link has a problem, the absence of keepalive
messages implies that the link is down.
– Signal whether a PVC is active or inactive. Even though

each PVC is predefined, its status can change.
LAPF
• A Frame Relay-connected router encapsulates each
Layer 3 packet inside a Frame Relay header and
trailer before it is sent out an access link.
• The header and trailer are defined by the Link Access

Procedure Frame Bearer Services (LAPF)
specification.
• The LAPF framing provides error detection with an

FCS in the trailer, as well as the DLCI, DE, FECN, and
BECN fields in the header.
LAPF
• DTEs use and react to the fields specified by these
two types of encapsulation, but Frame Relay
switches ignore these fields. Because the frames
flow from DTE to DTE, both DTEs must agree to the
encapsulation used.
• However, each VC can use a different

encapsulation. In the configuration, the
encapsulation created by Cisco is called cisco, and
the other one is called ietf.
DLCI Addressing Details
• The logical path between a pair of DTEs is called a
virtual circuit (VC).
• The data-link connection identifier (DLCI) identifies each
individual PVC.
• When multiple VCs use the same access link, the Frame
Relay switches know how to forward the frames to the
correct remote sites.
The DLCI is the Frame Relay address describing a

Virtual Circuit
DLCI=17 B
DLCI=32
DLCI=32
DLCI=16
FR-network
R
DLCI=17
DLCI=16 DLCI=16
DLCI=21 R
Virtual circuit
R Router
B Bridge
Frame Relay switch

DLCI Addressing Details
• The difference between layer-2 addressing
and DLCI addressing is mainly because the
fact that the header has a single DLCI field,
not both Source and Destination DLCI fields.
Global DLCI Addressing
• Frame Relay DLCIs are locally significant; this
means that the addresses need to be unique only on
the local access link.
• Global addressing is simply a way of choosing DLCI
numbers when planning a Frame Relay network so
that working with DLCIs is much easier.
• Because local addressing is a fact, global addressing
does not change these rules. Global addressing just
makes DLCI assignment more obvious.
Global DLCI Addressing
• The final key to global addressing is that the Frame
Relay switches actually change the DLCI value
before delivering the frame.
• The sender treats the DLCI field as a destination
address, using the destination’s global DLCI in the
header.
• The receiver thinks of the DLCI field as the source
address, because it contains the global DLCI of the
frame’s sender.
Layer 3 Addressing
• Cisco’s Frame Relay implementation defines
three different options for assigning subnets
and IP addresses on Frame Relay interfaces:
– One subnet containing all Frame Relay DTEs
– One subnet per VC
– A hybrid of the first two options
One Subnet Containing All Frame Relay
DTEs
• The single-subnet option is typically used
when a full mesh of VCs exists.
• In a full mesh, each router has a VC to every

other router, meaning that each router can
send frames directly to every other router
One Subnet Per VC
• The single-subnet-per-VC alternative, works better with a
partially meshed Frame Relay network.
Hybrid Terminology
• Point-to-point subinterfaces are used when a single
VC is considered to be all that is in the group—for
instance, between Routers A and D and between
Routers A and E.
• Multipoint subinterfaces are used when more than

two routers are considered to be in the same group
— for instance, with Routers A, B, and C.
Frame Relay Address Mapping
• Mapping creates a correlation between a Layer-3
address (IP Address) and its corresponding Layer-2
address (DLCI in Frame Relay).
• It is used so that after the router receives the packet

with the intended IP address could be able to handle
it to the right Frame Relay switch (with the
appropriate DLCI)
Mapping Methods
• Mapping can be done either two ways:
• Dynamic Mapping
– Using the Inverse ARP that is enabled by default
on Cisco routers.
• Static Mapping
– Using the frame-relay map command but you
should first disable the inverse arp using the
command no frame-relay inverse-arp
Integrated Services Digital Network
(ISDN)

LAPD & PPP on D and B
Channels
• LAPD is used as a data-link protocol across an ISDN
D channel.
• Essentially, a router with an ISDN interface needs to

send and receive signaling messages to and from
the local ISDN switch to which it is connected.
• LAPD provides the data-link protocol that allows

delivery of messages across that D channel to the
local switch.
Channels
• The call setup and teardown messages
themselves are defined by the Q.931 protocol.
So, the local switch can receive a Q.931 call
setup request from a router over the LAPD-
controlled D channel, and it should react to
that Q.931 message by setting up a circuit
over the public network.
Channels
• An ISDN switch often requires some form of
authentication with the device connecting to it.
• Switches use a free-form decimal value, call the service

profile identifier (SPID), to perform authentication.
• In short, before any Q.931 call setup messages are

accepted, the switch asks for the configured SPID
values. If the values match what is configured in the
switch, call setup flows are accepted.
PRI Encoding and Framing
• ISDN PRI in North America is based on a digital T1
circuit. T1 circuits use two different encoding
schemes—Alternate Mark Inversion (AMI) and
Binary 8 with Zero Substitution (B8ZS).
• The two options for framing on T1s are to use either

Extended Super Frame (ESF) or the older option—
Super Frame (SF). In most cases today, new T1s
use ESF.
DDR (Dial On Demand Routing)
• You can configure DDR in several ways, including
Legacy DDR and DDR dialer profiles.
• The main difference between the two is that Legacy

DDR associates dial details with a physical interface,
whereas DDR dialer profiles disassociate the dial
configuration from a physical interface, allowing a
great deal of flexibility.
Legacy DDR Operation
1. Route packets out the interface to be dialed.
2. Determine the subset of the packets that trigger
the dialing process.
3. Dial (signal).
4. Determine when the connection is terminated.
DDR Step 1: Routing Packets Out the
Interface to Be Dialed
• DDR does not dial until some traffic is directed (routed)
out the dial interface.
• The router needs to route packets so that they are
queued to go out the dial interface. Cisco’s design for
DDR defines that the router receives some user-
generated traffic and, through normal routing processes,
decides to route the traffic out the interface to be dialed.
• The router (SanFrancisco) can receive a packet that
must be routed out BRI0; routing the packet out BRI0
triggers the Cisco IOS software, causing the dial to occur.
DDR Step 2:
Determining the Interesting Traffic
• Packets that are worthy of causing the device to dial
are called interesting packets.
• Two different methods can be used to define

interesting packets.
– In the first method, interesting is defined as all packets of
one or more Layer 3 protocols.
– The second method allows you to define packets as
interesting if they are permitted by an access list.
DDR Step 3:
Dialing (Signaling)
• Defining the phone number to be dialed.
• The command is dialer string , where string

is the phone number (used when dialing only
one site).
• The dialer map command maps the different

dialer numbers to the equivalent IP addresses
of the routers to be dialed.
Configuring SPIDs
• You might need to configure the Service Profile
Identifier (SPID) for one or both B channels,
depending on the switch’s expectations.
• When the telco switch has configured SPIDs, it might

not allow the BRI line to work unless the router
announces the correct SPID values to the switch.
SPIDs, when used, provide a basic authentication
feature.
ISDN PRI Configuration
1. Configure the type of ISDN switch to which this
router is connected.
2. Configure the T1 or E1 encoding and framing
options (controller configuration mode).
3. Configure the T1 or E1 channel range for the DS0
channels used on this PRI (controller configuration
mode).
4. Configure any interface settings (for example, PPP
encapsulation and IP address) on the interface
representing the D channel.
Configuring a T1 or E1 Controller
• Your service provider will tell you what
encoding and framing to configure on the
router. Also, in almost every case, you will use
all 24 DS0 channels in the PRI—23 B
channels and the D channel.
DDR With Dialer Profiles
• Dialer profiles pool the physical interfaces so
that the router uses any available B channel
on any of the BRIs or PRIs in the pool.
• Dialer profiles configuration moves most of the

DDR interface configuration to a virtual
interface called a dialer interface.

Network Administrator Presentation

Uploaded by

Copyright:

Available Formats

Network Administrator Presentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Administrator Presentation

Uploaded by

Copyright:

Available Formats

Data Networks

Sharing data through the use of floppy disks is not an efficient or

Businesses needed a solution that would successfully address the

Businesses realized that networking technology could increase

These devices are broken up into two classifications.

End-user devices include computers, printers, scanners, and other

This is done passively, without

Active hubs not only

Workgroup switches add more

Switches can determine

One part of the topology definition is the physical topology, which is

All the hosts connect directly to this backbone.

This creates a physical ring of cable.

A hierarchical topology is similar to an extended star.

One early solution was the creation of local-area network (LAN)

The solution was the creation of metropolitan-area networks

A key technology contained within the 802.11 standard is Direct

A SAN is a dedicated, high-

To address the problem of networks increasing in size and

ISO - International Organization for Standardization

OSI - Open System Interconnection

IOS - Internetwork Operating System

To avoid confusion, some people say “International

1 Physical PDU - Formatted Data

The function of media is to carry a flow of information

Each media has advantages and disadvantages.

In some cases the type of connector on a network interface card

The attachment unit interface (AUI) connector allows different

A transceiver is an adapter that converts one type of connection to

The Ethernet standard specifies that each of the pins on an RJ-45

A straight-thru cable has T568B on both ends. A crossover (or cross-

Use straight-through cables for the following cabling:

Noise is any electrical energy on the transmission

All 3 of these specifications refer to the speed of transmission at 10 Mbps

This rule states that no more than four repeaters can

This rule is used to limit latency added to frame travel by each

Switches are Data Link

Each Switch port has a

Connected host MAC

The server responds to the requests of clients.

Most network operating systems adopt the form of a client/server relationship.

The TCP/IP reference model and the TCP/IP protocol stack

The U.S. Department of Defense (DoD) created the TCP/IP

The transport layer provides transport services from the

End-to-end control and reliability are provided by sliding windows,

The transport layer provides transport services from the source

It establishes a logical connection between the endpoints of the

TCP is part of the TCP/IP protocol stack. In a connection-oriented

The protocols that use TCP include:

UDP is a simple protocol that exchanges datagrams, without

UDP uses no windowing or acknowledgments so reliability, if needed, is

The protocols that use UDP include:

Convert 20110 to binary:

When the packet arrives at a router

A router forwards packets from the originating network to the

IP addresses are divided into classes to define the large, medium,

Class A addresses are assigned to larger networks.

The Class C address space is the most commonly used of the

The Class D address class was created to enable multicasting in an IP

Over the past two decades, numerous extensions