Title : Cisco Certified Network Associate

CCNA
TABLE OF CONTENTS
List of Tables
Introduction
1. Networkin Funda!entals
1.1 T"e OSI #eference $odel
1.1.1 Interaction Between OSI La%ers
1.& TC'(I' and t"e OSI #eference $odel
1.&.1 T"e TC'(I' 'rotocol Arc"itecture
1.&.& TC'(I' )ata Enca*sulation
1.+ Networks
1.+.1 Network )efinitions
1.+.& T%*es of Networks
1.+.+ Network To*oloies
1.+., Network Tec"noloies
1.+.,.1 Et"ernet
1.+.,.& Fast Et"ernet
1.+.,.+ -iabit Et"ernet
1.+.,., Token #in
1.+.. Network Addressin
1.+./ Bridin
1.+.0 LAN Switc"in
1.+.1 2ireless Networks
1.+.1.1 2ireless Network Standards
1.+.1.& 2ireless Network $odes
1.+.1.+ Securit% Features
1., T"e Cisco IOS Software
1.,.1 T"e Cisco IOS Software Co!!and3Line Interface
1.,.1.1 T"e CLI 4el* Features
1.,.1.& S%slo $essaes and t"e debu Co!!and
1.,.& Confiurin Cisco IOS Software
1.,.&.1 $anain Confiuration Files
1.,.&.& 5*radin Cisco IOS Software
1.,.&.+ T"e Cisco IOS Software Boot Se6uence
1.. S*annin3Tree 'rotocol 7ST'8
1...1 #oot Bride Election
1...& #oot 'orts Election
1...+ )esinated 'orts Election
1..., ST' States
1.... ST' Ti!ers
1.../ O*tional ST' Features
1.../.1 Et"erC"annel
1.../.& 'ortFast
1.../.+ #a*id S*annin Tree 7IEEE 19&.1w8
&. :irtual LANs and Trunkin
&.1 :LAN $e!bers"i*
CCNA
&.& E;tent of :LANs
&.+ :LAN Trunkin
&.+.1 Inter3Switc" Link 7ISL8
&.+.& 19&.1<
&., :LAN Trunkin 'rotocol 7:T'8
&.,.1 :T' $odes
&.,.1.1 Ser=er $ode
&.,.1.& Client $ode
&.,.1.+ Trans*arent $ode
&.,.& :T' 'runin
&.,.+ :T' Confiuration
&.,.+.1 Confiurin a :T' $anae!ent )o!ain
&.,.+.& Confiurin t"e :T' $ode
&.,.+.+ Confiurin t"e :T' :ersion
+. I' Addressin and Subnettin
+.1 I' Addressin
+.1.1 Binar% For!at
+.1.& )otted )eci!al For!at
+.1.+ I' Address Classes
+.1., Classless Interdo!ain #outin 7CI)#8 Notation
+.1.. :ariable3Lent" Subnet $asks
+.& Subnetin
+.+ Su!!ari>ation
+.+.1 Auto!atic Su!!ari>ation
+.+.& $anual Su!!ari>ation
+., )eter!inin t"e Network I) usin t"e Loical AN) O*eration
,. #outin
,.1 #outin Tables
,.1.1 Static #outin
,.1.& )%na!ic #outin
,.1.+ #outin 5*dates
,.1., :erif%in #outin Tables
,.& #outin 'rotocols
,.&.1 )istance3:ector #outin
,.&.1.1 #oute 'oisonin
,.&.1.& S*lit 4ori>on
,.&.1.+ S*lit 4ori>on wit" 'oison #e=erse
,.&.1., 4old3)own Ti!er
,.&.1.. Triered 5*dates
,.&.& Link3State #outin
,.&.+ Classful #outin
,.&., Classless #outin
,.+ Basic Switc"in Functions
,., Con=erence
,.,.1 )istance3:ector #outin Con=erence
,.,.1.1 #I' and I-#' Con=erence
CCNA
,.,.1.& EI-#' Con=erence
,.,.& Link3State Con=erence
,.. Testin and Troubles"ootin #outes
,...1 T"e *in Co!!and
,...& T"e traceroute Co!!and
.. Link3State 'rotocols
..1 Buildin #outin Table on New OS'F3Confiured #outers
..& Stead%3State O*eration
..+ OS'F Areas
..+.1 OS'F Area T%*es
..+.& #outer #es*onsibilities
.., Balanced 4%brid #outin 'rotocol and EI-#'
..,.1 EI-#' Loo* A=oidance
... #outer Confiuration
....1 Confiurin OS'F
....& :erif%in t"e OS'F Confiuration
....+ Confiurin EI-#'
...., :erif%in t"e EI-#' Confiuration
/. Ad=anced TC'(I'
/.1 'ri=ate I' Addressin
/.& Network Address Translation 7NAT8
/.&.1 :ariations of NAT
/.&.1.1 Static NAT
/.&.1.& )%na!ic NAT
/.&.1.+ O=erloadin NAT wit" 'ort Address Translation
7'AT8
/.&.1., Translatin O=erla**in Addresses
/.&.& Confiurin NAT
/.&.&.1 Confiurin Static NAT
/.&.&.& Confiurin )%na!ic NAT
/.&.&.+ Confiurin NAT O=erload and 'AT
/.+ Internet Control $essae 'rotocol 7IC$'8
/., FT' and TFT'
/.. $T5 and Fra!entation
0. 2ide Area Networks 72ANs8
0.1 'oint3to3'oint Leased Lines
0.1.1 O=er=iew
0.1.& )ata3Link 'rotocols
0.1.+ Confiurin 4)LC and ''' Confiuration
0.& Interated Ser=ices )iital Network 7IS)N8
0.&.1 IS)N C"annels
0.&.& IS)N 'rotocols
0.&.+ IS)N La%ers
0.&.+.1 IS)N La%er 1
0.&.+.& IS)N La%er &
0.&.+.+ IS)N La%er +
CCNA
0.&., B#I Function -rou*s and #eference 'oints
0.&.. Encodin and Fra!in
0.&./ )ial3on3)e!and #outin 7))#8
0.&.0 IS)N Confiuration for ))#
0.&.0.1 Confiurin Leac% ))#
0.&.0.& Confiurin ))# wit" )ialer 'rofiles
0.&.1 $ultilink '''
0.+ Fra!e #ela%
0.+.1 :irtual Circuits
0.+.& L$I and Enca*sulation T%*es
0.+.+ )LCI Addressin
0.+., Fra!e #ela% Confiuration
0.+.,.1 )eter!inin t"e Interface
0.+.,.& Confiurin Fra!e #ela% Enca*sulation
0.+.,.+ Confiurin 'rotocol3S*ecific 'ara!eters
0.+.,., Confiurin Fra!e #ela% C"aracteristics
0.+.,.. :erif%in Fra!e #ela% Confiuration
1. I' Access Control List Securit%
1.1 Standard I' Access Control Lists
1.1.1 2ildcard $asks
1.1.& Standard I' Access List Confiuration
1.& E;tended I' Access Control Lists
1.+ Na!ed I' Access Lists
1., Controllin Telnet Access wit" ACLs
A**endi; A: )eci!al to Binar% Con=ersion Table
LIST OF TABLES
TABLE 1.1: T"e TC'(I' Arc"itectural $odel and 'rotocols
TABLE 1.&: Network )efinitions
TABLE 1.+: Coa;ial Cable for Et"ernet
TABLE 1.,: Twisted3'air and Fiber O*tic Cable for Et"ernet
TABLE 1..: Fast Et"ernet Cablin and )istance Li!itations
TABLE 1./: -iabit Et"ernet Cablin and )istance Li!itations
TABLE 1.0: T"e boot s%ste! Co!!ands
TABLE ,.1: 'ara!eters for t"e *in Co!!and
TABLE ,.&: 'ara!eters for t"e traceroute Co!!and
TABLE ..1: EI-#'? I-#' and OS'F Co!*ared
TABLE /.1: T"e 'ri=ate I' Address S*ace defined b% #FC 1@11
TABLE /.&: IC$' $essaes
LIST OF AC#ONA$S
AAA Aut"entication? Aut"ori>ation? and Accountin
AB# Area Border #outer
ACF Ad=anced Co!!unications Function
ACB Acknowled!ent bit 7in a TC' se!ent8
ACL Access Control List
ACS Access Control Ser=er
CCNA
A) Ad=ertised )istance
A)SL As%!!etric )iital Subscriber Line
ANSI A!erican National Standards Institute
A'I A**lication 'rora!!in Interface
A''C Ad=anced 'rora!3to3'rora! Co!!unications
A#A' A**leTalk #e!ote Access 'rotocol
A#E All #outes E;*lorer
A#' Address #esolution 'rotocol
A#'A Ad=anced #esearc" 'roCects Aenc%
A#'ANET Ad=anced #esearc" 'roCects Aenc% Network
AS Autono!ous S%ste!
ASA Ada*ti=e Securit% Alorit"!
ASB# Autono!ous S%ste! Boundar% #outer
ASCII A!erican Standard Code for Infor!ation Interc"ane
ASIC A**lication S*ecific Interated Circuits
AT$ As%nc"ronous Transfer $ode
A5I Attac"!ent 5nit Interface
Bc Co!!itted burst 7Fra!e #ela%8
B c"annel Bearer c"annel 7 IS)N8
B)# Backu* )esinated #outer
Be E;cess burst 7Fra!e #ela%8
BECN Backward E;*licit Conestion Notification 7Fra!e #ela%8
B-' Border -atewa% 'rotocol
B-'3, Border -atewa% 'rotocol =ersion ,
BIA Burned3in Address 7anot"er na!e for a $AC address8
BO) Bandwidt" on )e!and.
B')5 Bride 'rotocol )ata 5nit
#F Bride #ela% Function
B#I Basic #ate Interface 7IS)N8
BS) Berkele% Standard )istribution 75NID8
CBT Core Based Trees
CB2F< Class3Based 2ei"ted Fair <ueuin
CCITT Consultati=e Co!!ittee for International Telera*" and Tele*"one
CCO Cisco Connection Online
C))I Co**er )istribution )ata Interface
CEF Cisco E;*ress Forwardin
C4A' C"allene 4ands"ake Aut"entication 'rotocol
CI)# Classless Interdo!ain #outin
CI# Co!!itted Infor!ation #ate. 7Fra!e #ela%8
C-$' Cisco -rou* $anae!ent 'rotocol
CLI Co!!and3Line Interface
CLSC Cisco LAN Switc"in Confiuration
C'E Custo!er 're!ises E6ui*!ent
C'5 Central 'rocessin 5nit
C# Carriae #eturn.
C#C C%clic #edundanc% C"eck 7error8
CCNA
C#F Concentrator #ela% Function
CST Co!!on S*annin Tree
CS5 C"annel Ser=ice 5nit
)B )ata Bus 7connector8
)CE )ata Circuit3Ter!inatin E6ui*!ent
dCEF )istributed Cisco E;*ress Forwardin
))# )ial3on3)e!and #outin
)E )iscard Eliible Indicator
)ECnet )iital E6ui*!ent Cor*oration 'rotocols
)ES )ata Encr%*tion Standard
)4C' )%na!ic 4ost Control 'rotocol
)LCI )ata3Link Connection Identifier
)NIC )ata Network Identification Code. 7D.1&1addressin8
)NS )o!ain Na!e S%ste!
)o) )e*art!ent of )efense 75S8
)# )esinated #outer
)#i' )u*licate #in 'rotocol
)S )iital Sinal
)S9 )iital Sinal le=el 9
)S1 )iital Sinal le=el 1
)S+ )iital Sinal le=el +
)SL )iital Subscriber Line
)S5 )ata Ser=ice 5nit
)TE )ata Ter!inal E6ui*!ent
)T' )%na!ic Trunkin 'rotocol
)5AL )iffusin 5*date Alorit"!
):$#' )istance :ector $ulticast #outin 'rotocol
EBC Et"ernet Bundlin Controller
E-' E;terior -atewa% 'rotocol
EIA(TIA Electronic Industries Association(Teleco!!unications Industr% Association
EI-#' En"anced Interior -atewa% #outin 'rotocol
ESI End3S%ste! Identifier
FCC Federal Co!!unications Co!!ission
FCS Fra!e C"eck Se6uence
FC Feasible Condition 7#outin8
F) Feasible )istance 7#outin8
F))I Fiber )istributed )ata Interface
FEC Fast Et"erC"annel
FECN Forward E;*licit Conestion Notification
FIB Forwardin Infor!ation Base
FIFO First3In? First3Out 7<ueuin8
F# Fra!e #ela%
FS Feasible Successor 7#outin8
FSS#' Fast Si!*le Ser=er #edundanc% 'rotocol
FT' File Transfer 'rotocol
-BIC -iabit Interface Con=erters
CCNA
-EC -iabit Et"erC"annel
-S# -iabit Switc" #outer
4)LC 4i"3Le=el )ata Link Control
4)SL 4i" data3rate diital subscriber line
4S#' 4ot Standb% #outer 'rotocol
4SSI 4i"3S*eed Serial Interface
4TT' 4%*erte;t Transfer 'rotocol
I(O In*ut(Out*ut
IANA Internet Assined Nu!bers Aut"orit%
IC$' Internet Control $essae 'rotocol
I)N International )ata Nu!ber
IEEE Institute of Electrical and Electronic Enineers
IETF Internet Enineerin Task Force
I-' Interior -atewa% 'rotocol
I-#' Interior -atewa% #outin 'rotocol
IL$I Interated Local $anae!ent Interface
IOS Internetwork O*eratin S%ste!
I' Internet 'rotocol
I'Sec I' Securit%
I'=/ I' =ersion /
I'D Internetwork 'acket E;c"ane 7No=ell8
I#)' IC$' #outer )isco=er% 'rotocol
IS Infor!ation S%ste!s
IS3IS Inter!ediate S%ste!3to3Inter!ediate S%ste!
IS)N Interated Ser=ices )iital Network
ISL Inter3Switc" Link
ISO International Orani>ation for Standardi>ation
ISOC Internet Societ%
IS' Internet Ser=ice 'ro=ider
IT53T International Teleco!!unication 5nion3Teleco!!unication Standardi>ation Sector
kb*s kilobits *er second 7bandwidt"8
LAN Local Area Network
LANE LAN E!ulation
LA'B Link Access 'rocedure? Balanced
LA') Link Access 'rocedure on t"e ) c"annel
LEC LAN E!ulation Client
LECS LAN E!ulation Confiuration Ser=er
LE) Li"t E!ittin )iode
LES LAN E!ulation Ser=er
LLC Loic Link Control 7OSI La%er & subla%er8
LL< Low3Latenc% <ueuin
L$I Local $anae!ent Interface
LSA Link3State Ad=ertise!ent
$AC $edia Access Control 7OSI La%er & subla%er8
$AN $etro*olitan3Area Network
$). $essae )iest Alorit"! .
CCNA
$LS $ultila%er Switc"in
$LS3#' $ultila%er Switc"in #oute 'rocessor
$LS3SE $ultila%er Switc"in Switc" Enine
$LS' $ultila%er Switc"in 'rotocol
$OS'F $ulticast O*en S"ortest 'at" First
$SA5 $ultistation Access 5nit
$SFC $ultila%er Switc" Feature Card
$T5 $a;i!u! Trans!ission 5nit
NAB Neati=e Acknowled!ent
NAS Network Access Ser=er
NAT Network Address Translation
NB$A Nonbroadcast $ultiaccess
NetBE5I NetBIOS E;tended 5ser Interface
NetBIOS Network Basic In*ut(Out*ut S%ste!
NFFC NetFlow Feature Card
N$S Network $anae!ent S%ste!
NNI Network3to3Network Interface
NSA' Network Ser=ice Access 'oint
N:#A$ Non=olatile #ando! Access $e!or%
OC O*tical Carrier
O)BC O*en )atabase Connecti=it%
OLE ObCect Linkin and E!beddin
OSI O*en S%ste!s Interconnection 7$odel8
OS'F O*en S"ortest 'at" First
OT)# O*tical Ti!e )o!ain #eflecto!eter
O5I Orani>ationall% 5ni6ue Identifier
'A' 'ort Areation 'rotocol
'A' 'assword Aut"entication 'rotocol
'AT 'ort Address Translation
')N 'ublic )ata Network
')5 'rotocol )ata 5nit 7i.e.? a data *acket8
'I$ 'rotocol Inde*endent $ulticast
'I$ S$ 'rotocol Inde*endent $ulticast S*arse $ode
'I$)$ 'rotocol Inde*endent $ulticast $ode
'ID 'ri=ate Internet E;c"ane 7Cisco Firewall8
'NNI 'ri=ate Network3to3Network Interface
'O' 'oint of 'resence
'OTS 'lain Old Tele*"one Ser=ice
''' 'oint3to3'oint 'rotocol
'< 'riorit% <ueuin
'#I 'ri!ar% #ate Interface 7IS)N8
'STN 'ublic Switc"ed Tele*"one Network
'TT 'oste? Tele*"one? Telera!!e
':C 'er!anent :irtual Circuit 7AT$8
':ST 'er3:LAN S*annin Tree
':STE 'er3:LAN S*annin Tree 'lus
CCNA
<oS <ualit% of Ser=ice
#A)I5S #e!ote Aut"entication )ial3In 5ser Ser=ice
#AS #e!ote Access Ser=ice
#IF #outin Infor!ation Field
#I' #outin Infor!ation 'rotocol
#F #eistered Fack 7connector8
#$ON E!bedded #e!ote $onitorin
#' #ende>=ous 'oint
#'F #e=erse 'at" Forwardin
#SFC #oute Switc" Feature Card
#S$ #oute Switc" $odule
#S' #oute Switc" 'rocessor
#ST' #a*id S*annin Tree 'rotocol
#T' #eliable Trans*ort 'rotocol
#TO #etrans!ission Ti!eout
SA Source Address
SAI) Securit% Association Identifier
SA' Ser=ice Access 'ointG also Ser=ice Ad=ertisin 'rotocol 7No=ell8
SA'I Ser=ice Access 'oint Identifier
SA# Se!entation and #easse!bl%
S)LC S%nc"ronous )ata Link Control 7SNA8
SIA Stuck in Acti=e 7EI-#'8
SIN S"i*s3in3t"e3Ni"t 7#outin8
SLI' Serial Line Internet 'rotocol
S$)S Switc"ed $ulti!eabit )ata Ser=ice
S$T' Si!*le $ail Transfer 'rotocol
SNA S%ste!s Network Arc"itecture 7IB$8
SNA' Sub Network Access 'rotocol
SN$' Si!*le Network $anae!ent 'rotocol
SOF Start of Fra!e
SO4O S!all Office? 4o!e Office
SONET S%nc"ronous O*tical Network
SONET(S)4 S%nc"ronous O*tical Network(S%nc"ronous )iital 4ierarc"%
S'AN Switc"ed 'ort Anal%>er
S'F S"ortest 'at" First
S'I) Ser=ice 'rofile Identifier
S'' Se6uenced 'acket 'rotocol 7:ines8
S'D Se6uenced 'acket E;c"ane 7No=ell8
S<L Structured <uer% Lanuae
S#A$ Static #ando! Access $e!eor%
S#B Source3#oute Bride
S#T Source3#oute Trans*arent 7Bridin8
S#TT S!oot" #ound3Tri* Ti!er 7EI-#'8
SS0 Sinalin S%ste! 0
SSA' Source ser=ice access *oint 7LLC8
SSE Silicon Switc"in Enine.
CCNA
SS' Silicon Switc" 'rocessor
SS#' Si!*le Ser=er #edundanc% 'rotocol
STA S*annin3Tree Alorit"!
ST' S*annin3Tree 'rotocolG also S"ielded Twisted3'air 7cable8
S:C Switc"ed :irtual Circuit 7AT$8
SAN S%nc"roni>e 7TC' se!ent8
TA Ter!inal Ada*ter 7IS)N8
TAC Tec"nical Assistance Center 7Cisco8
TACACS Ter!inal Access Controller Access Control S%ste!
TCI Ta Control Infor!ation
TC' Trans!ission Control 'rotocol
TC'(I' Trans!ission Control 'rotocol(Internet 'rotocol
TCN To*olo% C"ane Notification
T)$ Ti!e3)i=ision $ulti*le;in
T)# Ti!e )o!ain #eflecto!eters
TFT' Tri=ial File Transfer 'rotocol
TIA Teleco!!unications Industr% Association
TL: T%*e3Lent"3:alue
ToS T%*e of Ser=ice
T'I) Ta 'rotocol Identifier
TrB#F Token #in Bride #ela% Function
TrC#F Token #in Concentrator #ela% Function
TTL Ti!e3To3Li=e
5)' 5ser )atara! 'rotocol
5NC 5ni=ersal Na!in Con=ention or 5nifor! Na!in Con=ention
5NI 5ser3Network Interface
5#L 5nifor! #esource Locator
5TC Coordinated 5ni=ersal Ti!e 7sa!e as -reenwic" $ean Ti!e8
5TL 5tili>ation
5T' 5ns"ielded Twisted3'air 7cable8
:B# :ariable Bit #ate
:C :irtual Circuit 7AT$8
:I) :LAN Identifier
:I' :ersatile Interface 'rocessor
:LAN :irtual Local Aare Network
:LS$ :ariable3Lent" Subnet $ask
:$'S :LAN $e!bers"i* 'olic% Ser=er
:'N :irtual 'ri=ate Network
:T' :LAN Trunkin 'rotocol
=t% :irtual ter!inal line
2AIS 2ide Area Infor!ation Ser=er
2AN 2ide Area Network
2F< 2ei"ted Fair <ueuin
2LAN 2ireless Local Area Network
222 2orld 2ide 2eb
DNS Dero; Network S%ste!s
CCNA
DO# E;clusi=e3O#
DOT D.&. o=er TC'
HI' Hone Infor!ation 'rotocol 7A**leTalk8
ICN) &.1 and INT#O
E;a! Code: CCNA
Certifications:
Cisco Certified Network Associate 7CCNA8 Core
'rere6uisites:
None
About T"is Stud% -uide
T"is Stud% -uide is based on t"e current *ool of e;a! 6uestions for t"e Cisco CCNA CCNA co!*osite
e;a!. As suc" it *ro=ides all t"e infor!ation re6uired to *ass t"e CCNA e;a! and is orani>ed around t"e
s*ecific skills t"at are tested in t"at e;a!. T"us? t"e infor!ation contained in t"is Stud% -uide is s*ecific to
t"e CCNA e;a! and does not re*resent a co!*lete reference work on t"e subCect of Interconnectin Cisco
Networkin )e=ices. To*ics co=ered in t"is Stud% -uide includes: )esinin or $odif%in a si!*le Local
Area Network 7LAN8 usin Cisco 'roductsG )esinin an I' Addressin Sc"e!eG Selectin A**ro*riate
#outin 'rotocolsG )esinin a si!*le Internetwork usin Cisco *roductsG )e=elo*in an Access List to
$eet 5ser S*ecificationsG C"oosin 2ide Area Network 72AN8 Ser=icesG $anain S%ste! I!ae and
)e=ice Confiuration Files 'erfor!in an Initial Confiuration on a Switc"G Confiurin #outin 'rotocolsG
Confiurin I' Addresses? Subnet $asks? and -atewa% Addresses on #outers and 4ostsG Confiurin a
#outer for Additional Ad!inistrati=e Functionalit%G Confiurin a Switc" wit" :irtual LANs 7:LANs8 and
Inter3switc" Co!!unicationG I!*le!entin a LANG Custo!i>in a Switc" ConfiurationG I!*le!entin
Access ListsG I!*le!entin Si!*le 2AN 'rotocolsG 5tili>in t"e OSI #eference $odel as a -uide for
S%ste!atic Network Troubles"ootinG 'erfor!in LAN and :LAN Troubles"ootinG Troubles"ootin
#outin 'rotocolsG Troubles"ootin I' Addressin and 4ost ConfiurationG Troubles"ootin a )e=ice as
'art of a 2orkin NetworkG Troubles"ootin an Access ListG 'erfor!in Si!*le 2AN Troubles"ootinG
5nderstandin Network Co!!unications based on La%ered $odelsG 5nderstandin t"e Co!*onents of
Network )e=icesG 5nderstandin t"e S*annin Tree 'rocessG E=aluatin t"e C"aracteristics of LAN
En=iron!entsG E=aluatin t"e TC'(I' Co!!unication 'rocess and its Associated 'rotocolsG E=aluatin t"e
C"aracteristics of #outin 'rotocolsG E=aluatin #ules for 'acket ControlG and E=aluatin Be%
C"aracteristics of 2ANs.
Intended Audience
T"is Stud% -uide is tareted s*ecificall% at *eo*le w"o wis" to take t"e Cisco CCNA CCNA Co!*osite e;a!.
T"is infor!ation in t"is Stud% -uide is s*ecific to t"e e;a!. It is not a co!*lete reference work.
Alt"ou" our Stud% -uides are ai!ed at new co!ers to t"e world of IT? t"e conce*ts dealt wit" in t"is Stud%
-uide are co!*le;. Bnowlede of Co!*TIAIs AE and NetworkE courses would be ad=antaeous.
Note: Because t"e CCNA e;a! is a co!*osite of t"e /,93111 and /,931&1
e;a!s? t"ere is a fair a!ount of o=erla* between t"is Stud% -uide and t"e /,93111
and /,931&1 Stud% -uides. 4owe=er? t"is Stud% -uide does not co!bine t"e /,93
111 and /,931&1 Stud% -uides but addresses t"e CCNA e;a! s*ecificall%. As
suc"? we would not ad=ise usin t"is Stud% -uide for t"e /,93111 e;a! and(or
t"e /,931&1 e;a!.
4ow To 5se T"is Stud% -uide
To benefit fro! t"is Stud% -uide we reco!!end t"at %ou:
J Stud% eac" c"a*ter carefull% until %ou full% understand t"e infor!ation. T"is will re6uire reular and
CCNA
disci*lined work. 2"ere *ossible? atte!*t to i!*le!ent t"e infor!ation in a lab setu*.
J Be sure t"at %ou "a=e studied and understand t"e entire Stud% -uide before %ou take t"e e;a!.
Note: #e!e!ber to *a% s*ecial attention to t"ese note bo;es as t"e% contain
i!*ortant additional infor!ation t"at is s*ecific to t"e e;a!.
-ood luckK
1. Networkin Funda!entals
1.1 T"e OSI #eference $odel
T"e OSI is t"e O*en S%ste! Interconnection reference !odel for co!!unications. As illustrated in Fiure
1.1? t"e OSI reference !odel consists of se=en la%ers? eac" of w"ic" can "a=e se=eral subla%ers. T"e u**er
la%ers of t"e OSI reference !odel define functions focused on t"e a**lication? w"ile t"e lower t"ree la%ers
define functions focused on end3to3end deli=er% of t"e data.
J T"e A**lication La%er 7La%er 08 refers to co!!unications ser=ices to a**lications and is t"e interface
between t"e network and t"e a**lication. E;a!*les include: Telnet? 4TT'? FT'? Internet browsers? NFS?
S$T' atewa%s? SN$'? D.,99 !ail? and FTA$.
J T"e 'resentation La%er 7La%er /8 definin data for!ats?
suc" as ASCII te;t? EBC)IC te;t? binar%? BC)? and F'E-.
Encr%*tion also is defined as a *resentation la%er ser=ice.
E;a!*les include: F'E-? ASCII? EBC)IC? TIFF? -IF? 'ICT?
encr%*tion? $'E-? and $I)I.
J T"e Session La%er 7La%er .8 defines "ow to start? control?
and end co!!unication sessions. T"is includes t"e control
and !anae!ent of !ulti*le bidirectional !essaes so t"at
t"e a**lication can be notified if onl% so!e of a series of
!essaes are co!*leted. T"is allows t"e *resentation la%er to
"a=e a sea!less =iew of an inco!in strea! of data. T"e
*resentation la%er can be *resented wit" data if all flows
occur in so!e cases. E;a!*les include: #'C? S<L? NFS?
NetBios na!es? A**leTalk AS'? and )ECnet SC'
FI-5#E 1.1: T"e OSI #eference $odel
J T"e Trans*ort La%er 7La%er ,8 defines se=eral functions?
includin t"e c"oice of *rotocols. T"e !ost i!*ortant La%er , functions are error reco=er% and flow
control. T"e trans*ort la%er !a% *ro=ide for retrans!ission? i.e.? error reco=er%? and !a% use flow
control to *re=ent unnecessar% conestion b% atte!*tin to send data at a rate t"at t"e network can
acco!!odate? or it !i"t not? de*endin on t"e c"oice of *rotocols. $ulti*le;in of inco!in data for
CCNA
different flows to a**lications on t"e sa!e "ost is also *erfor!ed. #eorderin of t"e inco!in data
strea! w"en *ackets arri=e out of order is included. E;a!*les include: TC'? 5)'? and S'D.
J T"e Network La%er 7La%er +8 defines end3to3end deli=er% of *ackets and defines loical addressin to
acco!*lis" t"is. It also defines "ow routin works and "ow routes are learnedG and "ow to fra!ent a
*acket into s!aller *ackets to acco!!odate !edia wit" s!aller !a;i!u! trans!ission unit si>es.
E;a!*les include: I'? I'D? A**leTalk ))'? and IC$'. Bot" I' and I'D define loical addressin?
routin? t"e learnin of routin infor!ation? and end3to3end deli=er% rules. T"e I' and I'D *rotocols !ost
closel% !atc" t"e OSI network la%er 7La%er +8 and are called La%er + *rotocols because t"eir
functions !ost closel% !atc" OSIIs La%er +.
J T"e )ata Link La%er 7La%er &8 is concerned wit" ettin data across one *articular link or !ediu!. T"e
data link *rotocols define deli=er% across an indi=idual link. T"ese *rotocols are necessaril% concerned
wit" t"e t%*e of !edia in use. E;a!*les include: IEEE 19&.+(19&.&? 4)LC? Fra!e #ela%? '''? F))I?
AT$? and IEEE 19&..(19&.&.
J T"e '"%sical La%er 7La%er 18 deals wit" t"e *"%sical c"aracteristics of t"e trans!ission !ediu!.
Connectors? *ins? use of *ins? electrical currents? encodin? and li"t !odulation are all *art of different
*"%sical la%er s*ecifications. E;a!*les includes: EIA(TIA3&+&? :.+.? EIA(TIA3,,@? :.&,? #F3,.?
Et"ernet? 19&.+? 19&..? F))I? N#HI? N#H? and B1HS.
T"e u**er la%ers of t"e OSI reference !odel? i.e.? t"e A**lication La%er 7La%er 08? t"e 'resentation La%er
7La%er /8? and t"e Session La%er 7La%er .8? define functions focused on t"e a**lication. T"e lower four
la%ers? i.e.? t"e Trans*ort La%er 7La%er ,8? t"e Network La%er 7La%er +8? t"e )ata Link La%er 7La%er &8? and
t"e '"%sical La%er 7La%er 18? define functions focused on end3to3end deli=er% of t"e data. As a Cisco
Certified Network Associate? %ou will deal !ainl% wit" t"e lower la%ers? *articularl% t"e data link la%er
7La%er &8 u*on w"ic" switc"in is based? and t"e network la%er 7La%er +8 u*on w"ic" routin is based.
1.1.1 Interaction Between OSI La%ers
2"en a "ost recei=es a data trans!ission fro! anot"er "ost on t"e network? t"at data is *rocessed at eac" of t"e
OSI la%ers to t"e ne;t "i"er la%er? in order to render t"e data trans!ission useful to t"e end3user. To facilitate
t"is *rocessin? "eaders and trailers are created b% t"e sendin "ostIs software or "ardware? t"at are *laced
before or after t"e data i=en to t"e ne;t "i"er la%er. T"us? eac" la%er "as a "eader and trailer?
t%*icall% in eac" data *acket t"at co!*rises t"e data flow. T"e se6uence of *rocessin at eac" OSI la%er? i.e.?
t"e *rocessin between adCacent OS5I la%ers? is as follows:
J T"e '"%sical La%er 7La%er 18 ensures bit s%nc"roni>ation and *laces t"e recei=ed binar% *attern into a
buffer. It notifies t"e )ata Link La%er 7La%er &8 t"at a fra!e "as been recei=ed after decodin t"e
inco!in sinal into a bit strea!. T"us? La%er 1 *ro=ides deli=er% of a strea! of bits across t"e !ediu!.
J T"e )ata Link La%er 7La%er &8 e;a!ines t"e fra!e c"eck se6uence 7FCS8 in t"e trailer to deter!ine
w"et"er errors occurred in trans!ission? *ro=idin error detection. If an error "as occurred? t"e fra!e is
discarded. T"e current "ost e;a!ines data link address is e;a!ined to deter!ine if t"e data is addressed to it
or w"et"er to *rocess t"e data furt"er. If t"e data is addressed to t"e "ost? t"e data between t"e La%er &
"eader and trailer is "anded o=er to t"e Network La%er 7La%er +8 software. T"us? t"e data link la%er
deli=ers data across t"e link.
J T"e Network La%er 7La%er +8 e;a!ines t"e destination address. If t"e address is t"e current "ostIs
address? *rocessin continues and t"e data after t"e La%er + "eader is "anded o=er to t"e Trans*ort La%er
7La%er ,8 software. T"us? La%er + *ro=ides end3to3end deli=er%.
J If error reco=er% was an o*tion c"osen for t"e Trans*ort La%er 7La%er ,8? t"e counters identif%in t"is *iece
of data are encoded in t"e La%er , "eader alon wit" acknowled!ent infor!ation? w"ic" is called error
reco=er%. After error reco=er% and reorderin of t"e inco!in data? t"e data is i=en to t"e
Session La%er 7La%er .8.
CCNA
J T"e Session La%er 7La%er .8 ensures t"at a series of !essaes is co!*leted. T"e La%er . "eader
includes fields sinif%in se6uence of t"e *acket in t"e data strea!? indicatin t"e *osition of t"e data
*acket in t"e flow. After t"e session la%er ensures t"at all flows are co!*leted? it *asses t"e data after t"e
La%er . "eader to t"e 'resentation La%er 7La%er /8 software.
J T"e 'resentation La%er 7La%er /8 defines and !ani*ulates t"e data for!at of t"e data trans!ission. It
con=erts t"e data to t"e *ro*er for!at s*ecified in t"e La%er / "eader. T%*icall%? t"is "eader is included
onl% for initiali>ation flows? not wit" e=er% data *acket bein trans!itted. After t"e data for!ats "a=e
been con=erted? t"e data after t"e La%er / "eader is *assed to t"e A**lication La%er 7La%er 08 software.
J T"e A**lication La%er 7La%er 08 *rocesses t"e final "eader and e;a!ines t"e end3user data. T"is "eader
sinifies aree!ent to o*eratin *ara!eters b% t"e a**lications on t"e two "osts. T"e "eaders are used to
sinal t"e =alues for all *ara!etersG t"erefore? t"e "eader t%*icall% is sent and recei=ed at a**lication
initiali>ation ti!e onl%.
In addition to *rocessin between adCacent OSI la%ers? t"e =arious la%ers !ust also interact wit" t"e sa!e la%er
on anot"er co!*uter to successfull% i!*le!ent its functions. To interact wit" t"e sa!e la%er on
anot"er co!*uter? eac" la%er defines additional data bits in t"e "eader and? in so!e cases? trailer t"at is
created b% t"e sendin "ostIs software or "ardware. T"e la%er on t"e recei=in "ost inter*rets t"e "eaders and
trailers created b% t"e corres*ondin la%er on t"e sendin "ost to deter!ine "ow t"at la%erIs *rocessin is
bein defined? and "ow to interact wit"in t"at fra!ework.
1.& TC'(I' and t"e OSI #eference $odel
As illustrated in Fiure 1.&? t"e TC'(I' !odel consists of four la%ers? eac" of w"ic" can "a=e se=eral
subla%ers. T"ese la%ers correlate rou"l% to la%ers in t"e OSI
reference !odel and define si!ilar functions. So!e of t"e
TC'(I' la%ers corres*ond directl% wit" la%ers in t"e OSI
reference !odel w"ile ot"er s*an se=eral OSI la%ers. T"e four
TC'(I' la%ers are:
FI-5#E 1.&: OSI? TC'(I' and Net2are
J T"e TC'(I' A**lication La%er refers to co!!unications
ser=ices to a**lications and is t"e interface between t"e
network and t"e a**lication. It is also res*onsible for
*resentation and controllin co!!unication sessions. It s*ans
t"e A**lication La%er? 'resentation La%er and Session La%er
of t"e OSI reference !odel. E;a!*les include: 4TT'? 'O'+?
and SN$'.
CCNA
J T"e TC'(I' Trans*ort La%er defines se=eral functions?
includin t"e c"oice of *rotocols? error reco=er% and flow
control. T"e trans*ort la%er !a% *ro=ide for retrans!ission?
i.e.? error reco=er%? and !a% use flow control to *re=ent
unnecessar% conestion b% atte!*tin to send data at a rate
t"at t"e network can acco!!odate? or it !i"t not? de*endin on t"e c"oice of *rotocols. $ulti*le;in
of inco!in data for different flows to a**lications on t"e sa!e "ost is also *erfor!ed. #eorderin of t"e
inco!in data strea! w"en *ackets arri=e out of order is included. It correlates wit" t"e Trans*ort La%er
of t"e OSI reference !odel. E;a!*les include: TC' and 5)'? w"ic" are called Trans*ort La%er? or
La%er ,? *rotocols.
J T"e TC'(I' Internetwork La%er defines end3to3end deli=er% of *ackets and defines loical addressin
to acco!*lis" t"is. It also defines "ow routin works and "ow routes are learnedG and "ow to fra!ent a
*acket into s!aller *ackets to acco!!odate !edia wit" s!aller !a;i!u! trans!ission unit si>es. It
correlates wit" t"e Network La%er of t"e OSI reference !odel. E;a!*les include: I' and IC$'.
J T"e TC'(I' Network Interface La%er is concerned wit" t"e *"%sical c"aracteristics of t"e trans!ission
!ediu! as well as ettin data across one *articular link or !ediu!. T"is la%er defines deli=er% across an
indi=idual link as well as t"e *"%sical la%er s*ecifications. It s*ans t"e )ata Link La%er and '"%sical La%er of
t"e OSI reference !odel. E;a!*les include: Et"ernet and Fra!e #ela%.
1.&.1 T"e TC'(I' 'rotocol Arc"itecture
TC'(I' defines a lare collection of *rotocols t"at allow co!*uters to co!!unicate. Table 1.1 outlines t"e
*rotocols and t"e TC'(I' arc"itectural la%er to w"ic" t"e% belon. TC'(I' defines t"e details of eac" of t"ese
*rotocols in #e6uests For Co!!ents 7#FC8 docu!ents. B% i!*le!entin t"e re6uired *rotocols
defined in TC'(I' #FCs? a co!*uter t"at i!*le!ents t"e standard networkin *rotocols defined b% TC'(I' can
co!!unicate wit" ot"er co!*uters t"at also use t"e TC'(I' standards.
TABLE 1.1: T"e TC'(I' Arc"itectural $odel and 'rotocols
TC'(I' Arc"itecture La%er 'rotocols
A**lication 4TT'? 'O'+? S$T'
Trans*ort TC'? 5)'
Inter network I'
Network interface Et"ernet? Fra!e #ela%
1.&.& TC'(I' )ata Enca*sulation
T"e ter! enca*sulation describes t"e *rocess of *uttin "eaders and trailers around so!e data. A co!*uter
t"at needs to send data enca*sulates t"e data in "eaders of t"e correct for!at so t"at t"e recei=in co!*uter
will know "ow to inter*ret t"e recei=ed data. )ata enca*sulation wit" TC'(I' consists of fi=e3ste*s:
Ste* 1: Create t"e a**lication data and "eaders.
Ste* &: 'ackae t"e data for trans*ort? w"ic" is *erfor!ed b% t"e trans*ort la%er 7TC' or 5)'8. T"e
Trans*ort La%er creates t"e trans*ort "eader and *laces t"e data be"ind it.
Ste* +: Add t"e destination and source network la%er addresses to t"e data? w"ic" is *erfor!ed b% t"e
Inter network La%er. T"e Internetwork La%er creates t"e network "eader? w"ic" includes t"e network la%er
addresses? and *laces t"e data be"ind it.
Ste* ,: Add t"e destination and source data link la%er addresses to t"e data? w"ic" is *erfor!ed b% t"e
Network Interface La%er. T"e Network Interface La%er creates t"e data link "eader? *laces t"e data be"ind
it? and *laces t"e data link trailer at t"e end.
Ste* .: Trans!it t"e bits? w"ic" is *erfor!ed b% t"e Network Interface La%er. T"e Network Interface La%er
encodes a sinal onto t"e !ediu! to trans!it t"e fra!e.
1.+ Networks
A network is defined as a rou* of two or !ore co!*uters linked toet"er for t"e *ur*ose of co!!unicatin
CCNA
and s"arin infor!ation and ot"er resources? suc" as *rinters and a**lications. $ost networks are
constructed around a cable connection t"at links t"e co!*uters? "owe=er? !odern wireless networks t"at use
radio wa=e or infrared connections are also beco!in 6uite *re=alent. T"ese connections *er!it t"e
co!*uters to co!!unicate =ia t"e wires in t"e cable? radio wa=e or infrared sinal. For a network to
function it !ust *ro=ide connections? co!!unications? and ser=ices.
J Connections are defined b% t"e "ardware or *"%sical co!*onents t"at are re6uired to connect a
co!*uter to t"e network. T"is includes t"e network !ediu!? w"ic" refers to t"e "ardware t"at
*"%sicall% connects one co!*uter to anot"er? i.e.? t"e network cable or a wireless connectionG and t"e
network interface? w"ic" refers to t"e "ardware t"at attac"es a co!*uter to t"e network !ediu! and is
usuall% a network interface card 7NIC8.
J Co!!unications refers to t"e network *rotocols t"at are used to establis" t"e rules o=ernin network
co!!unication between t"e networked co!*uters. Network *rotocols allow co!*uters runnin different
o*eratin s%ste!s and software to co!!unicate wit" eac".
J Ser=ices define t"e resources? suc" as files or *rinters? t"at a co!*uter s"ares wit" t"e rest of t"e
networked co!*uters.
1.+.1 Network )efinitions
Co!*uter networks can be classified and defined accordin to eora*"ical area t"at t"e network co=ers.
T"ere are four network definitions: a Local Area Network 7LAN8? a Ca!*us Area Network 7CAN8? a
$etro*olitan Area Network 7$AN8? and a 2ide Area Network 72AN8. T"ere are t"ree additional network
definitions? na!el% t"e Internet? an intranet and an Internetwork. T"ese network definitions are discussed in
Table 1.&.
TABLE 1.&: Network )efinitions
)efinition
Local Area Network 7LAN8
Ca!*us Area Network 7CAN8
$etro*olitan Area Network
7$AN8
2ide Area Network 72AN8
Internet
Intranet
Inter network
)escri*tion
A LAN is defined as a network t"at is contained wit"in a
closed en=iron!ent and does not e;ceed a distance of
1.&. !ile 7& k!8. Co!*uters and *eri*"erals on a LAN
are t%*icall% Coined b% a network cable or b% a wireless
network connection. A LAN t"at consists of wireless
connections is referred to as a 2ireless LAN 72LAN8.
A CAN is li!ited to a sinle eora*"ical area but !a%
e;ceed t"e si>e of a LAN
A $AN is defined as a network t"at co=ers t"e
eora*"ical area of a cit% t"at is less t"an 199 !iles.
A 2AN is defined as a network t"at e;ceeds 1.&. !iles.
A 2AN often consists of a nu!ber of LANs t"at "a=e
been Coined toet"er. A CAN and a $AN is also a 2AN.
2ANs t%*icall% connected nu!erous LANs t"rou" t"e
internet =ia tele*"one lines? T1 lines? Interated Ser=ices
)iital Network 7IS)N8 lines? radio wa=es? cable or
satellite links.
T"e Internet is a world wide web of networks t"at are
based on t"e TC'(I' *rotocol and is not own b% a sinle
co!*an% or orani>ation.
An intranet uses t"at sa!e tec"nolo% as t"e Internet but
is owned and !anaed b% a co!*an% or orani>ation. A
LAN or a 2AN s usuall% an intranet.
An inter network consists of a nu!ber of networks t"at
CCNA
are Coined b% routers. T"e Internet is t"e larest e;a!*le of
an inter network.
Of t"ese network definitions? t"e !ost co!!on are t"e Internet? t"e LAN and t"e 2AN.
1.+.& T%*es of Networks
T"ese network definitions can be di=ided into two t%*es of networks? based on "ow infor!ation is stored on t"e
network? "ow network securit% is "andled? and "ow t"e co!*uters on t"e network interact. T"ese two
t%*es are: 'eer3To3'eer 7'&'8 Networks and Ser=er(Client Networks. T"e latter is often also called
Ser=er networks.
J On a 'eer3To3'eer 7'&'8 Network? t"ere is no "ierarc"% of co!*utersG instead eac" co!*uter acts as
eit"er a ser=er w"ic" s"ares its data or ser=ices wit" ot"er co!*uters? or as a client w"ic" uses data or
ser=ices on anot"er co!*uter. Furt"er!ore? eac" user establis"es t"e securit% on t"eir own co!*uters and
deter!ines w"ic" of t"eir resources are !ade a=ailable to ot"er users. T"ese networks are t%*icall% li!ited
to between 1. and &9 co!*uters. $icrosoft 2indows for 2orkrou*s? 2indows @.? 2indows @1? 2indows
$E? 2indows NT 2orkstation? 2indows &999? No=ellIs Net2are? 5NID? and Linu; are so!e o*eratin
s%ste!s t"at su**ort *eer3to3*eer networkin.
J A Ser=er(Client Network consists of one or !ore dedicated co!*uters confiured as ser=ers. T"is
ser=er !anaes access to all s"ared files and *eri*"erals. T"e ser=er runs t"e network o*eratin s%ste!
7NOS8 !anaes securit% and ad!inisters access to resources. T"e client co!*uters or workstations
connect to t"e network and use t"e a=ailable resources. A!on t"e !ost co!!on network o*eratin
s%ste!s are $icrosoftIs 2indows NT Ser=er ,? 2indows &999 Ser=er? and No=ellIs Net2are. Before t"e
release of 2indows NT? !ost dedicated ser=ers worked onl% as "osts. 2indows NT allows t"ese ser=ers to
o*erate as an indi=idual workstation as well.
1.+.+ Network To*oloies
T"e la%out of a LAN desin is called its to*olo%. T"ere are t"ree
basic t%*es of to*oloies: t"e star to*olo%? t"e bus to*olo%? and t"e
rin to*olo%. 4%brid co!binations of t"ese to*oloies also e;ist.
FI-5#E 1.+: T"e Star To*olo%
J In a network based on t"e star to*olo%? all co!*uters and
de=ices are connected to a centrall% located "ub or switc". T"e
"ub or switc" collects and distributes t"e flow of data wit"in t"e
network. 2"en a "ub is used? data fro! t"e sendin "ost are sent
to t"e "ub and are t"en trans!itted to all "osts on t"e network
e;ce*t t"e sendin "ost. Switc"es can be t"ou"t of as intellient
"ubs. 2"en switc"es are used rat"er t"an "ubs? data fro! t"e
sendin "ost are sent to t"e switc" w"ic" trans!its t"e data to t"e
intended reci*ient rat"er t"an to all "osts on t"e network.
J In a network based on t"e bus to*olo%? all co!*uters and de=ices are connected in series to a sinle
CCNA
linear cable called a trunk. T"e trunk is also known as a backbone or a se!ent. Bot" ends of t"e trunk
!ust be ter!inated to sto* t"e sinal fro!
bouncin back u* t"e cable. Because a bus
network does not "a=e a central *oint? it is
!ore difficult to troubles"oot t"an a star
network. Furt"er!ore? a break or *roble! at
an% *oint alon t"e bus can cause t"e entire
network to o down.
FI-5#E 1.,: T"e Bus To*olo%
J In a network based on a rin to*olo%? all co!*uters and de=ices
are connected to cable t"at for!s a closed loo*. On suc" networks
t"ere are no ter!inatin endsG t"erefore? if one co!*uter fails? t"e
entire network will o down. Eac" co!*uter on suc" a network
acts like a re*eater and boosts t"e sinal before sendin it to t"e
ne;t station. T"is t%*e of network trans!its data b% *assin a
LtokenL around t"e network. If t"e token is free of data? a co!*uter
waitin to send data rabs it? attac"es t"e data and t"e electronic
address to t"e token? and sends it on its wa%. 2"en t"e token
reac"es its destination co!*uter? t"e data is re!o=ed and t"e token
is sent on. 4ence t"is t%*e of network is co!!onl% called a token
rin network.
Of t"ese t"ree network to*oloies? t"e star to*olo% is t"e !ost *redo!inant network t%*e and is based on
t"e Et"ernet standard.
FI- 1..: T"e #in To*olo%
1.+., Network Tec"noloies
:arious network tec"noloies can be used to establis" network connections? includin Et"ernet? Fiber
)istribution )ata Interface 7F))I8? Co**er )istribution )ata Interface 7C))I8? Token #in? and
As%nc"ronous Transfer $ode 7AT$8. Of t"ese? Et"ernet is t"e !ost *o*ular c"oice in installed networks
because of its low cost? a=ailabilit%? and scalabilit% to "i"er bandwidt"s.
1.+.,.1 Et"ernet
Et"ernet is based on t"e Institute of Electrical and Electronics Enineers 7IEEE8 19&.+ standard and offers a
bandwidt" of 19 $b*s between end users. Et"ernet is based on t"e carrier sense !ulti*le access collision
detect 7CS$A(C)8 tec"nolo%? w"ic" re6uires t"at trans!ittin stations back off for a rando! *eriod of ti!e
w"en a collision occurs.
Coa;ial cable was t"e first !edia s%ste! s*ecified in t"e Et"ernet standard. Coa;ial Et"ernet cable co!es in
CCNA
two !aCor cateories: T"icknet 719Base.8 and T"innet 719Base&8. T"ese cables differed in t"eir si>e and
t"eir lent" li!itation. Alt"ou" Et"ernet coa;ial cable lent"s can be 6uite lon? t"e% susce*tible to
electro!anetic interference 7E$I8 and ea=esdro**in.
TABLE 1.+: Coa;ial Cable for Et"ernet
Cable )ia!eter #esistance Bandwidt" Lent"
T"innet 719Base&8 19 !! .9 o"!s 19 $b*s 11. !
T"icknet 719Base.8 . !! .9 o"!s 19 $b*s .99 !
Toda% !ost wired networks use twisted3*air !edia for connections to t"e deskto*. Twisted3*air also co!es in
two !aCor cateories: 5ns"ielded twisted3*air 75T'8 and S"ielded twisted3*air 7ST'8. One *air of
insulated co**er wires twisted about eac" ot"er for!s a twisted3*air. T"e *airs are twisted to* reduce
interference and crosstalk. Bot" ST' and 5T' suffer fro! "i" attenuation? t"erefore t"ese lines are usuall%
restricted to an end3to3end distance of 199 !eters between acti=e de=ices. Furt"er!ore? t"ese cables are
sensiti=e to E$I and ea=es dro**in. $ost networks use 19BaseT 5'T cable.
An alternati=e to twisted3*air cable is fiber o*tic cable 719BaseFL8? w"ic" trans!its li"t sinals? enerated
eit"er b% li"t e!ittin diodes 7LE)s8 or laser diodes 7L)s8? instead of electrical sinals. T"ese cables
su**ort "i"er trans!ission s*eeds and loner distances but are !ore e;*ensi=e. Because t"e% do not carr%
electrical sinals? fiber o*tic cables are i!!une to E$I and ea=esdro**in. T"e% also "a=e low attenuation
w"ic" !eans t"e% can be used to connect acti=e de=ices t"at are u* to & k! a*art. 4owe=er? fiber o*tic
de=ices are not cost effecti=e w"ile cable installation is co!*le;.
TABLE 1.,: Twisted3'air and Fiber O*tic Cable for Et"ernet
Cable Tec"nolo% Bandwidt" Cable Lent"
Twisted3'air 719BaseT8 19 $b*s 199 !
Fiber O*tic 719BaseFL8 19 $b*s &?999 !
1.+.,.& Fast Et"ernet
Fast Et"ernet o*erates at 199 $b*s and is based on t"e IEEE 19&.+u standard. T"e Et"ernet cablin sc"e!es?
CS$A(C) o*eration? and all u**er3la%er *rotocol o*erations "a=e been !aintained wit" Fast Et"ernet. Fast
Et"ernet is also backward co!*atible wit" 19 $b*s Et"ernet. Co!*atibilit% is *ossible because t"e two
de=ices at eac" end of a network connection can auto!aticall% neotiate link ca*abilities so t"at t"e% bot"
can o*erate at a co!!on le=el. T"is neotiation in=ol=es t"e detection and selection of t"e "i"est a=ailable
bandwidt" and "alf3du*le; or full3du*le; o*eration. For t"is reason? Fast Et"ernet is also referred to as
19(199 $b*s Et"ernet.
Cablin for Fast Et"ernet can be eit"er 5T' or fiber o*tic. S*ecifications for t"ese cables are s"own in
Table 1...
TABLE 1..: Fast Et"ernet Cablin and )istance Li!itations
Tec"nolo% 2irin T%*e
199BaseTD EIA(TIA Cateor% . 5T'
199BaseT& EIA(TIA Cateor% +?,?. 5T'
199BaseT, EIA(TIA Cateor% +?,?. 5T'
199BaseFD $ulti!ode fiber 7$$F8 wit" /&..
!icron coreG 1+99 n! laser
Sinle3!ode fiber 7S$F8 wit" /&..
!icron coreG 1+99 n! laser
1.+.,.+ -iabit Et"ernet
'airs Cable Lent"
& 199 !
& 199 !
, 199 !
1 ,99 ! 7"alf3du*le;8
&?999 ! 7full3du*le;8
1 19?999 !
-iabit Et"ernet is an escalation of t"e Fast Et"ernet standard usin t"e sa!e IEEE 19&.+ Et"ernet fra!e
for!at. -iabit Et"ernet offers a t"rou"*ut of 1?999 $b*s 71 -b*s8. Like Fast Et"ernet? -iabit Et"ernet is
co!*atible wit" earlier Et"ernet standards. 4owe=er? t"e *"%sical la%er "as been !odified to increase data
trans!ission s*eeds: T"e IEEE 19&.+ Et"ernet standard and t"e A!erican National Standards Institute
CCNA
7ANSI8 D+T11 FibreC"annel. IEEE 19&.+ *ro=ided t"e foundation of fra!e for!at? CS$A(C)? full du*le;? and
ot"er c"aracteristics of Et"ernet. FibreC"annel *ro=ided a base of "i"3s*eed ASICs? o*tical
co!*onents? and encodin(decodin and seriali>ation !ec"anis!s. T"e resultin *rotocol is ter!ed IEEE
19&.+> -iabit Et"ernet.
-iabit Et"ernet su**orts se=eral cablin t%*es? referred to as 1999BaseD. Table 1./ lists t"e cablin
s*ecifications for eac" t%*e.
TABLE 1./: -iabit Et"ernet Cablin and )istance Li!itations
Tec"nolo% 2irin T%*e 'airs Cable Lent"
1999BaseCD S"ielded Twisted 'air 7ST'8 1 &. !
1999BaseT EIA(TIA Cateor% . 5T' , 199 !
1999BaseSD $ulti!ode fiber 7$$F8 wit" /&.. 1 &0. !
!icron coreG 1.9 n! laser
$ulti!ode fiber 7$$F8 wit" .9 1 ..9 !
!icron coreG 1+99 n! laser
1999BaseLD(L4 $ulti!ode fiber 7$$F8 wit" /&.. 1 ..9 !
!icron coreG 1+99 n! laser
Sinle3!ode fiber 7S$F8 wit" .9 1 ..9 !
!icron coreG 1+99 n! laser
Sinle3!ode fiber 7S$F8 wit" @ 1 19 k!
!icron coreG 1+99 n! laser
1999BaseHD Sinle3!ode fiber 7S$F8 wit" @ 1 09 k!
!icron coreG 1..9 n! laser
Sinle3!ode fiber 7S$F8 wit" 1 1 199 k!
!icron coreG 1..9 n! laser
1.+.,., Token #in
Like Et"ernet? Token #in is a LAN tec"nolo% t"at *ro=ides s"ared !edia access to !an% connected "osts.
Token #in "osts are arraned usin t"e rin to*olo%. A token is *assed fro! "ost to "ost around t"e rin?
i=in t"e current token "older *er!ission to trans!it a fra!e onto t"e rin. Once t"e fra!e is sent? it is
*assed around t"e rin until it is recei=ed aain b% t"e source. T"e sendin "ost is res*onsible for re!o=in t"e
fra!e fro! t"e rin and for introducin a new token to t"e ne;t nei"borin "ost. T"is !eans t"at onl% one
station can trans!it at a i=en ti!e? and *re=ents a Token #in network e;*eriencin collisions.
A Token #in network offers a bandwidt" of , $b*s or 1/ $b*s. At t"e "i"er rate? "osts are allowed to
introduce a new token as soon as t"e% finis" trans!ittin a fra!e. T"is earl% token release increases
efficienc% b% lettin !ore t"an one "ost trans!it a fra!e durin t"e oriinal tokenIs round tri*. One station is
elected to be t"e rin !onitor? to *ro=ide reco=er% fro! runawa% fra!es or tokens. T"e rin !onitor will re!o=e
fra!es t"at "a=e circled t"e rin once? if no ot"er station re!o=es t"e!.
Traditional Token #in networks use !ultistation access units 7$SA5s8 to *ro=ide connecti=it% between "osts.
$SA5s "a=e se=eral *orts t"at a "ost can connect to? wit" eit"er a B connector for T%*e & cablin or an #F3,.
connector for Cateor% . 5T' cablin. Internall%? t"e $SA5 *ro=ides "ost3to3"ost connections to for! a rin
se!ent. T"e #in3In and #in3Out connectors of a $SA5 can be c"ained to ot"er $SA5s to for! a
co!*lete rin to*olo%.
1.+.. Network Addressin
Network addressin identifies eit"er indi=idual de=ices or rou*s of de=ices on a LAN. A *air of network
de=ices t"at trans!it fra!es between eac" ot"er use a source and destination address field to identif% eac"
ot"er. T"ese addresses are called unicast addresses? or indi=idual addresses? because t"e% identif% an
indi=idual network interface card 7NIC8.
T"e IEEE defines t"e for!at and assin!ent of network addresses b% re6uirin !anufacturers to encode
CCNA
loball% uni6ue unicast $edia Access Control 7$AC8 addresses on all NICs. T"e first "alf of t"e $AC
address identifies t"e !anufacturer of t"e card and is called t"e orani>ationall% uni6ue identifier 7O5I8.
1.+./ Bridin
Bridin is used to connect two network se!ents. T"is alle=iates conestion *roble!s on a sinle Et"ernet
se!ent and e;tends allowed cablin distances because t"e se!ents on eac" side of t"e bride confor!ed
to t"e sa!e distance li!itation as a sinle se!ent. T"is bride is called Ltrans*arent bridinL because t"e
end3*oint de=ices do not need to know t"at t"e bride e;ists.
Trans*arent brides forward fra!es onl% w"en necessar% and? t"us? reduces network o=er"ead. To
acco!*lis" t"is? trans*arent brides learnin $AC addresses b% e;a!inin t"e source $AC address of eac"
fra!e recei=ed b% t"e brideG decides w"en to forward a fra!e or w"en to filter a fra!e? based on t"e
destination $AC addressG and creates a loo*3free en=iron!ent wit" ot"er brides b% usin t"e S*annin
Tree 'rotocol.
-enerall%? broadcasts and !ulticast fra!es are forwarded b% t"e bride in networks t"at use brides. In
addition? trans*arent brides *erfor! switc"in of fra!es usin La%er & "eaders and La%er & loic and are
La%er + *rotocol3inde*endent. Store3and3forward o*eration? w"ic" !eans t"at t"e entire fra!e is recei=ed
before t"e first bit of t"e fra!e is forwarded? is also t%*ical in trans*arent bridin de=ices. 4owe=er? t"e
trans*arent bride !ust *erfor! *rocessin on t"e fra!e? w"ic" also can increase latenc%.
A trans*arent bride o*erates in t"e followin !anner:
J T"e bride "as no initial knowlede of t"e location of an% end de=iceG t"erefore? t"e bride !ust listen to
fra!es co!in into eac" of its *orts to fiure out on w"ic" network a de=ice resides.
J T"e bride constantl% u*dates its bridin table u*on detectin t"e *resence of a new $AC address or
u*on detectin a $AC address t"at "as c"aned location fro! one bride *ort to anot"er. T"e bride is t"en
able to forward fra!es b% lookin at t"e destination address? lookin u* t"e address in t"e bride table? and
sendin t"e fra!e out t"e *ort w"ere t"e destination de=ice is located.
J If a fra!e arri=es wit" t"e broadcast address as t"e destination address? t"e bride !ust forward or flood
t"e fra!e out all a=ailable *orts. 4owe=er? t"e fra!e is not forwarded out t"e *ort t"at initiall% recei=ed t"e
fra!e. 4ence? broadcasts are able to reac" all a=ailable networks. A bride onl% se!ents collision do!ains
but does not se!ent broadcast do!ains.
J If a fra!e arri=es wit" a destination address t"at is not found in t"e bride table? t"e bride is unable
to deter!ine w"ic" *ort to forward t"e fra!e to for trans!ission. T"is is known as an unknown unicast.
In t"is case? t"e bride treats t"e fra!e as if it was a broadcast and forwards it out all re!ainin *orts.
After a re*l% to t"at fra!e is recei=ed? t"e bride will learn t"e location of t"e unknown station and add it to t"e
bride table.
J Fra!es t"at are forwarded across t"e bride cannot be !odified.
1.+.0 LAN Switc"in
An Et"ernet switc" uses t"e sa!e loic as a trans*arent bride? but *erfor!s !ore functions? "as !ore
features? and "as !ore *"%sical *orts. Switc"es use "ardware to learn $AC addresses and to !ake
forwardin and filterin decisions? w"ereas brides use software.
A switc" listens for fra!es t"at enter all its interfaces. After recei=in a fra!e? a switc" decides w"et"er to
forward a fra!e and out w"ic" *ort7s8. To *erfor! t"ese functions? switc"es *erfor! t"ree tasks:
J Learnin? w"ic" !eans t"at t"e switc" learns $AC addresses b% e;a!inin t"e source $AC address of
eac" fra!e t"e bride recei=es. Switc"es d%na!icall% learn t"e $AC addresses in t"e network to build
its $AC address table. 2it" a full? accurate $AC address table? t"e switc" can !ake accurate
forwardin and filterin decisions. Switc"es build t"e $AC address table b% listenin to inco!in
fra!es and e;a!inin t"e fra!eIs source $AC address. If a fra!e enters t"e switc"? and t"e source
$AC address is not in t"e address table? t"e switc" creates an entr% in t"e table. T"e $AC address is
CCNA
*laced in t"e table? alon wit" t"e interface in w"ic" t"e fra!e arri=ed. T"is allows t"e switc" to !ake
ood forwardin c"oices in t"e future. Switc"es also forward unknown unicast fra!es? w"ic" are fra!es
w"ose destination $AC addresses are not %et in t"e bridin table? out all *orts? w"ic" is called
floodin? wit" t"e "o*e t"at t"e unknown de=ice will be on so!e ot"er Et"ernet se!ent and will re*l%.
2"en t"e unknown de=ice does re*l%? t"e switc" will build an entr% for t"at de=ice in t"e address table.
J Forwardin or filterin? w"ic" !eans t"at t"e switc" decides w"en to forward a fra!e or w"en to filter
it? i.e.? not to forward it? based on t"e destination $AC address. Switc"es reduce network o=er"ead b%
forwardin traffic fro! one se!ent to anot"er onl% w"en necessar%. To decide w"et"er to forward a
fra!e? t"e switc" uses a d%na!icall% built table called a bride table or $AC address table. T"e
switc" looks at t"e *re=iousl% learned $AC addresses in an address table to decide w"ere to forward t"e
fra!es.
J Loo* *re=ention? w"ic" !eans t"at t"e switc" creates a loo*3free en=iron!ent wit" ot"er brides b%
usin S*annin Tree 'rotocol 7ST'8. 4a=in *"%sicall% redundant links "el*s LAN a=ailabilit%? and
ST' *re=ents t"e switc" loic fro! lettin fra!es loo* around t"e network indefinitel%? conestin t"e
LAN.
Fra!es sent to unicast addresses are destined for a sinle de=iceG fra!es sent to a broadcast address are sent
to all de=ices on t"e LAN. Fra!es sent to !ulticast addresses are !eant for all de=ices t"at care to recei=e
t"e fra!e. T"us? w"en a switc" recei=es a fra!e? it c"ecks if t"e address is a unicast address? a broadcast
address or a !ulticast address. If t"e address is unicast? and t"e address is in t"e address table? and if t"e
interface connectin t"e switc" to t"e destination de=ice is not t"e sa!e interface on w"ic" t"e fra!e arri=ed?
t"e switc" forwards t"e fra!e to t"e destination de=ice. If t"e address is not in t"e address table? t"e switc"
forwards t"e fra!e on all *orts. If t"e address is a broadcast or !ulticast address? t"e switc" also forwards
t"e fra!e on all *orts.
T"e internal *rocessin on a switc" can decrease latenc% for fra!es. Switc"es can use store3and3forward
*rocessin as well as cut3t"rou" *rocessin loic. 2it" cut3t"rou" *rocessin? t"e first bits of t"e fra!e are
sent out t"e outbound *ort before t"e last bit of t"e inco!in fra!e is recei=ed. 4owe=er? because t"e fra!e
c"eck se6uence 7FCS8 is in t"e Et"ernet trailer? a cut3t"rou" forwarded fra!e !i"t "a=e bit errors t"at t"e
switc" will not notice before sendin !ost of t"e fra!e.
1.+.1 2ireless Networks
Con=entional Et"ernet networks re6uire cables connected co!*uters =ia "ubs and switc"es. T"is "as t"e
effect of restrictin t"e co!*uterIs !obilit% and re6uires t"at e=en *ortable co!*uters be *"%sicall%
connected to a "ub or switc" to access t"e network. An alternati=e to cabled networkin is wireless
networkin. T"e first wireless network was de=elo*ed at t"e 5ni=ersit% of 4awaii in 1@01 to link co!*uters on four
islands wit"out usin tele*"one wires. 2ireless networkin entered t"e real! of *ersonal co!*utin in t"e 1@19s?
wit" t"e ad=ent to networkin co!*uters. 4owe=er? it was onl% in t"e earl% 1@@9s t"at wireless networks started
to ain !o!entu! w"en C'5 *rocessin *ower beca!e sufficient to !anae data
trans!itted and recei=ed o=er wireless connections.
2ireless networks use network cards? called 2ireless Network Ada*ters? t"at rel% radio sinals or infrared
7I#8 sinals to trans!it and recei=e data =ia a 2ireless Access 'oint 72A'8. T"e 2A' uses "as an #F3,.
*ort t"at can be attac"ed to attac" to a 19BASE3T or 19(199BASE3T Et"ernet "ub or switc" and contains a
radio transcei=er? encr%*tion? and co!!unications software. It translates con=entional Et"ernet sinals into
wireless Et"ernet sinals it broadcasts to wireless network ada*ters on t"e network and *erfor!s t"e sa!e
role in re=erse to transfer sinals fro! wireless network ada*ters to t"e con=entional Et"ernet network.
2A' de=ices co!e in !an% =ariations? wit" so!e *ro=idin t"e Cable $ode! #outer and Switc" functions in
addition to t"e wireless connecti=it%.
Note: Access *oints are not necessar% for direct *eer3to3*eer networkin?
CCNA
w"ic" is called ad "oc !ode? but t"e% are re6uired for a s"ared Internet
connection or a connection wit" anot"er network. 2"en access *oints are used?
t"e network is o*eratin in t"e infrastructure !ode.
1.+.1.1 2ireless Network Standards
In t"e absence of an industr% standard? t"e earl% for!s of wireless networkin were sinle3=endor
*ro*rietar% solutions t"at could not co!!unicate wit" wireless network *roducts fro! ot"er =endors. In
1@@0? t"e co!*uter industr% de=elo*ed t"e IEE 19&.11 wireless Et"ernet standard. 2ireless network
*roducts based on t"is standard are ca*able of !ulti=endor intero*erabilit%.
T"e IEEE 19&.11 wireless Et"ernet standard consists of t"e IEEE 19&.11b standard? t"e IEEE 19&.11a
standard? and t"e newer IEEE 19&.11 standard.
Note: T"e Bluetoot" standard for s"ort3rane wireless networkin is desined to
co!*le!ent? rat"er t"an ri=al? IEEE 19&.113based wireless networks.
J IEEE 19&.11 was t"e oriinal standard for wireless networks t"at was ratified in 1@@0. It o*erated at a
!a;i!u! s*eed of & $b*s and ensured intero*erabilit% been wireless *roducts fro! =arious =endors.
4owe=er? t"e standard "ad a few a!biuities allowed for *otential *roble!s wit" co!*atibilit% between
de=ices. To ensure co!*atibilit%? a rou* of co!*anies for!ed t"e 2ireless Et"ernet Co!*atibilit% Alliance
72ECA8? w"ic" "as co!e to be known as t"e 2i3Fi Alliance? to ensure t"at t"eir *roducts would work
toet"er. T"e ter! 2i3Fi is now used to refer to an% IEEE 19&.11 wireless network
*roducts t"at "a=e *assed t"e 2i3Fi Alliance certification tests.
J IEEE 19&.11b? w"ic" is also called 11 $b*s 2i3Fi? o*erates at a !a;i!u! s*eed of 11 $b*s and is
t"us sli"tl% faster t"an 19BASE3T Et"ernet. $ost IEEE 19&.11b "ardware is desined to o*erate at four
s*eeds? usin t"ree different data3encodin !et"ods de*endin on t"e s*eed rane. It o*erates at 11
$b*s usin 6uatener% *"ase3s"ift ke%in(co!*li!entar% code ke%in 7<'SB(CCB8G at ... $b*s also
usin <'SB(CCBG at & $b*s usin differential 6uaternar% *"ase3s"ift ke%in 7)<'SB8G and at 1 $b*s
usin differential binar% *"ase3s"ift ke%in 7)B'SB8. As distances c"ane and sinal strent" increases
or decreases? IEEE 19&.11b "ardware switc"es to t"e !ost suitable data3encodin !et"od.
2ireless networks runnin IEEE 19&.11b "ardware use t"e &., -4> radio fre6uenc% band t"at !an%
*ortable *"ones? wireless s*eakers? securit% de=ices? !icrowa=e o=ens? and t"e Bluetoot" s"ort3rane
networkin *roducts use. Alt"ou" t"e increasin use of t"ese *roducts is a *otential source of
interference? t"e s"ort rane of wireless networks 7indoor ranes u* to +99 feet and outdoor ranes u* to
1?.99 feet? =ar%in b% *roduct8 !ini!i>es t"e *ractical risks. $an% de=ices use a s*read3s*ectru!
!et"od of connectin wit" ot"er *roducts to !ini!i>e *otential interference.
IEEE 19&.11b networks can connect to wired Et"ernet networks or be used as inde*endent networks.
J IEEE 19&.11a uses t"e . -4> fre6uenc% band? w"ic" allows for !uc" "i"er s*eeds? reac"in a
!a;i!u! s*eed of ., $b*s. T"e . -4> fre6uenc% band also "el*s a=oid interference fro! de=ices t"at
cause interference wit" lower3fre6uenc% IEEE 19&.11b networks. IEEE 19&.11a "ardware !aintains
relati=el% "i" s*eeds at bot" s"ort and relati=el% lon distances.
Because IEEE 19&.11a uses t"e . -4> fre6uenc% band rat"er t"an t"e &., -4> fre6uenc% band used b%
IEEE 19&.11b? standard IEEE 19&.11a "ardware cannot co!!unicate wit" 19&.11b "ardware. A solution to
t"is co!*atibilit% *roble! is t"e use of dual3band "ardware. )ual3band "ardware can work wit" eit"er IEEE
19&.11a or IEEE 19&.11b networks? enablin %ou to !o=e fro! an IEEE 19&.11b wireless network at "o!e
or at Starbucks to a faster IEEE 19&.11a office network.
J IEEE 19&.11 is also known as 2ireless3- and co!bines co!*atibilit% wit" IEEE 19&.11b wit" t"e
s*eed of IEEE 19&.11a at loner distances. T"is standard was ratified in !id3&99+? "owe=er? !an%
network =endors were alread% sellin *roducts based on t"e draft IEEE 19&.11 standard before t"e final
standard was a**ro=ed. T"ese earl% IEEE 19&.11 "ardware was slower and less co!*atible t"an t"e
CCNA
s*ecification *ro!ises. In so!e cases? *roble!s wit" earl%3release IEEE 19&.11 "ardware can be
sol=ed t"rou" fir!ware u*rades.
1.+.1.& 2ireless Network $odes
2ireless networks work in one of two !odes t"at are also referred to as to*oloies. T"ese two !odes are
ad3"oc !ode and infrastructure !ode. T"e !ode %ou i!*le!ent de*ends on w"et"er %ou want %our
co!*uters to co!!unicate directl% wit" eac" ot"er? or =ia a 2A'.
J In ad3"oc !ode? data is transferred to and fro! wireless network ada*ters connected to t"e co!*uters.
T"is cuts out t"e need to *urc"ase a 2A'. T"rou"*ut rates between two wireless network ada*ters are
twice as fast as w"en %ou use a 2A'. 4owe=er? a network in ad3"oc !ode cannot connect to a wired
network as a 2A' is re6uired to *ro=ide connecti=it% to a wired network. An ad3"oc network is also
called a *eer3to3*eer network.
J In infrastructure !ode? data is transferred between co!*uters =ia a 2A'. Because a 2A' is used in
infrastructure !ode? it *ro=ides connecti=it% wit" a wired network? allowin %ou to e;*and a wired
network wit" wireless ca*abilit%. Aour wired and wirelessl% networked co!*uters can co!!unicate
wit" eac" ot"er. In addition? a 2A' can e;tend %our wireless networkIs rane as *lacin a 2A'
between two wireless network ada*ters doubles t"eir rane. Also? so!e 2A's "a=e a built3in router and
firewall. T"e router allows %ou to s"are Internet access between all %our co!*uters? and t"e firewall
"ides %our network. So!e of t"ese !ultifunction access *oints include a "ub wit" #F3,. *orts.
1.+.1.+ Securit% Features
Because wireless networks can be accessed b% an%one wit" a co!*atible wireless network ada*ter? !ost
!odels of wireless network ada*ters and 2A's *ro=ide for encr%*tion o*tions. So!e de=ices wit" t"is
feature enable %ou to set a securit% code known as an SSI) on t"e wireless de=ices on %our network. T"is
se=en3diit code *re=ents unaut"ori>ed users fro! accessin %our network and acts as an additional la%er of
securit% alon wit" %our nor!al network aut"entication !et"ods? suc" as user *asswords. Ot"er wireless
network ada*ters and 2A's use a list of aut"ori>ed $AC nu!bers to li!it access to aut"ori>ed de=ices
onl%.
All 2i3Fi *roducts su**ort at least ,93bit encr%*tion t"rou" t"e wired e6ui=alent *ri=ac% 72E'8
s*ecification? but t"e !ini!u! standard on newer *roducts is /,3bit 2E' encr%*tion. $an% =endors also
offer 1&13bit or &./3bit encr%*tion on so!e of t"eir *roducts. 4owe=er? t"e 2E' s*ecification is insecure. It is
=ulnerable to brute3force attacks at s"orter ke% lent"s? and it is also =ulnerable to differential
cr%*tanal%sis attacks? w"ic" is t"e *rocess of co!*arin an encr%*ted te;t wit" a known *ortion of t"e
*lain te;t and deri=in t"e ke% b% co!*utin t"e difference between t"e!. Because 2E' encr%*ts TC'
"eaders? "ackers know w"at t"e "eaders s"ould contain in !an% cases? and t"e% can atte!*t to find *atterns
in a lare bod% of collected 2E' co!!unications in order to decr%*t t"e ke%. T"e attack is co!*le; and
difficult to auto!ate? so it is unlikel% to occur for !ost networks? es*eciall% at ke% lent"s reater t"an 1&1
bits. Furt"er!ore? 2E' does not *re=ent an intruder fro! attac"in a "idden 2A' on t"e network and
usin it to e;*loit t"e network.
New network *roducts introduced in &99+ and be%ond now incor*orate a new securit% standard known as
2i3Fi 'rotected Access 72'A8. 2'A is deri=ed fro! t"e de=elo*in IEEE 19&.11i securit% standard? w"ic" will
not be co!*leted until !id3decade. 2'A3enabled "ardware works wit" e;istin 2E'3co!*liant
de=ices? and software u*rades !i"t be a=ailable for e;istin de=ices.
1., T"e Cisco IOS Software
Cisco routers run t"e Cisco Internetworkin O*eratin S%ste! 7IOS8 wit" a co!!and3line interface 7CLI8. T"e
IOS also runs on so!e Cisco switc" !odels? and it uses CLI. 4owe=er? in so!e cases? t"e IOS CLI on a switc"
is sli"tl% different t"an on a router. Furt"er!ore? t"e IOS on t"e 1@99 series switc"es is sli"tl%
different t"an on so!e ot"er Cisco IOS3based switc"es.
CCNA
1.,.1 T"e Cisco IOS Software Co!!and3Line Interface
T"e !aCorit% of Cisco routers run Cisco IOS Software wit" t"e co!!and3line interface 7CLI8. T"e CLI is
used to interface wit" t"e de=ice and send co!!ands to t"e de=ice. T"is is ac"ie=ed t"rou" t"e use of a
ter!inal? a ter!inal e!ulator? or a Telnet connection. So!e routin cards? suc" as t"e $ultila%er Switc"
Feature Card 7$SFC8 dau"ter card for t"e Catal%st /999 series LAN switc"es? also run Cisco IOS
Software. 5nderstandin t"e Cisco IOS Software CLI is as funda!ental to su**ortin routers.
T"ere are t"ree wa%s in w"ic" %ou can access t"e CLI: %ou access t"e router t"rou" t"e consoleG t"rou" a
dialu* de=ice t"rou" a !ode! attac"ed to t"e au;iliar% *ortG or b% usin a Telnet connection. 2"ic" e=er
!et"od %ou use? %ou enter user e;ec !ode first. 5ser e;ec !ode is one of t"ree co!!and e;ec !odes in
t"e IOS user interface. Enable !ode? also known as *ri=ileed !ode or 'ri=ileed e;ec !ode? and
co!!and !ode are t"e ot"ers. Enable !ode is so na!ed because t"e enable co!!and is used to reac" t"is
!ode. 5ser !ode allows co!!ands t"at are not disru*ti=e to be issued? wit" so!e infor!ation bein
dis*la%ed to t"e user. 'ri=ileed !ode su**orts a su*erset of co!!ands co!*ared to user !ode. 4owe=er?
none of t"e co!!ands in user !ode or *ri=ileed !ode c"anes t"e confiuration of t"e router.
'asswords are re6uired for Telnet and au;iliar% access as of Cisco IOS #elease 1&.; and later. 4owe=er?
t"ere are no *reconfiured *asswordsG t"erefore? %ou !ust confiure *asswords for Telnet and au;iliar%
access fro! t"e console first.
All Cisco routers "a=e a console *ort? and !ost "a=e an au;iliar% *ort. T"e console *ort is intended for local
ad!inistrati=e access fro! an ASCII ter!inal or a co!*uter usin a ter!inal e!ulator. T"e au;iliar% *ort is
intended for as%nc"ronous dial access fro! an ASCII ter!inal or ter!inal e!ulatorG t"e au;iliar% *ort is
often used for dial backu*.
1.,.1.1 T"e CLI 4el* Features
T%*in M in t"e console dis*la%s "el* for all co!!ands su**orted b% t"e CLI !ode. In ot"er words? t"e
infor!ation su**lied b% usin "el* de*ends on t"e CLI !ode. If M is t%*ed in user !ode? t"e co!!ands
allowed onl% in *ri=ileed e;ec !ode are not dis*la%ed. Also? "el* is a=ailable in confiuration !odeG onl%
confiuration co!!ands are dis*la%ed in t"at !ode of o*eration. IOS stores t"e co!!ands t"at %ou t%*e in a
"istor% buffer. T"e last ten co!!ands are stored b% default. Aou can c"ane t"e "istor% si>e wit" t"e
ter!inal "istor% si>e si>e co!!and? w"ere si>e is t"e nu!ber of IOS co!!ands for t"e CLI to
storeG t"is can be set to a =alue between 9 and &./. Aou can t"en retrie=e co!!ands so t"at %ou do not "a=e to
ret%*e t"e co!!ands.
1.,.1.& S%slo $essaes and t"e debu Co!!and
IOS creates !essaes? w"ic" are called s%slo !essaes? w"en different e=ents occur and? b% default? sends
t"e! to t"e console. T"e router also enerates !essaes t"at are treated like s%slo !essaes in res*onse to
so!e troubles"ootin tasks t"at %ou !i"t *erfor!. T"e debu co!!and is one of t"e ke% dianostic tools for
troubles"ootin *roble!s on a Cisco router. It enables !onitorin *oints in t"e IOS and enerates
!essaes t"at describe w"at t"e IOS is doin and seein. 2"en an% debu co!!and o*tion is enabled? t"e
router *rocesses t"e !essaes wit" t"e sa!e loic as ot"er s%slo !essaes.
T"e console *ort alwa%s recei=es s%slo !essaesG "owe=er? w"en %ou Telnet to t"e router no s%slo
!essaes are seen unless %ou issue t"e ter!inal !onitor co!!and. Anot"er alternati=e for =iewin
s%slo !essaes is to "a=e t"e IOS record t"e s%slo !essaes in a buffer in #A$ and t"en use t"e s"ow
loin co!!and to dis*la% t"e !essaes. For Telnet users? "a=in t"e !essaes buffered usin t"e lobal
confi co!!and loin buffered is *articularl% useful. Finall%? t"e loin s%nc"ronous lineconfiuration
subco!!and can be used for t"e console and =t%s to tell t"e router to wait until t"e last
co!!and out*ut is dis*la%ed before s"owin an% s%slo !essaes onscreen.
S%slo !essaes also can be sent to anot"er de=ice. Two alternati=es e;ist: sendin t"e !essaes to a s%slo
ser=er? and sendin t"e !essaes as SN$' tra*s to a !anae!ent station. T"e loin "ost co!!and?
CCNA
w"ere "ost is t"e I' address or "ost na!e of t"e s%slo ser=er? is used to enable sendin !essaes to t"e
e;ternal ser=er. After SN$' is confiured? t"e sn!*3ser=er enable tra*s co!!and tells t"e IOS to
forward tra*s? includin s%slo !essaes.
1.,.& Confiurin Cisco IOS Software
Confiuration !ode is one of t"e !odes for t"e Cisco CLI. It is si!ilar to user !ode and *ri=ileed !ode.
5ser !ode allows co!!ands t"at are not disru*ti=e to be issued? wit" so!e infor!ation bein dis*la%ed to
t"e user. 'ri=ileed !ode su**orts a su*erset of co!!ands co!*ared to user !ode. 4owe=er? none of t"e
co!!ands in user or *ri=ileed !ode c"anes t"e confiuration of t"e router. Confiuration !ode is
anot"er !ode in w"ic" confiuration co!!ands are t%*ed.
Co!!ands t%*ed in confiuration !ode u*date t"e acti=e confiuration file. T"ese c"anes to t"e
confiuration occur i!!ediatel% eac" ti!e %ou *ress t"e Enter ke% at t"e end of a co!!and. Confiuration
!ode itself contains a !ultitude of subco!!and !odes. T"e t%*e of co!!and %ou enter !o=es %ou fro! one
confiuration subco!!and !ode to w"ic" e=er subco!!and !ode is a**ro*riate. For e;a!*le? t"e
interface co!!and? w"ic" is t"e !ost co!!onl% used confiuration co!!and? would !o=e %ou to
interface confiuration !ode.
-enerall%? w"en !ulti*le instances of a *ara!eter can be set on a sinle router? t"e co!!and used to set t"e
*ara!eter is likel% a confiuration subco!!and. Ite!s t"at are set once for t"e entire router are likel% lobal
co!!ands. For e;a!*le? t"e "ostna!e co!!and is a lobal co!!and because t"ere is onl% one "ost na!e
*er router.
Aou can use CT#L E H fro! an% *art of confiuration !ode? or use t"e e;it co!!and fro! lobal
confiuration !ode? to e;it confiuration !ode and return to *ri=ileed e;ec !ode. T"e confiuration !ode
end co!!and also e;its fro! an% *oint in t"e confiuration !ode back to *ri=ileed e;ec !ode. T"e e;it
co!!ands fro! subco!!and !odes back u* one le=el toward lobal confiuration !ode.
1.,.&.1 $anain Confiuration Files
Aour confiuration co!!ands? as well as so!e default confiuration co!!ands are stored in t"e
confiuration file. No "ard disk or diskette storae e;ists on Cisco routers t"ereforeG t"e confiuration file is
stored in !e!or%. T"e confiuration files can also be stored as ASCII te;t files an%w"ere e;terior to t"e router
usin TFT' or FT'. Cisco routers su**ort a nu!ber of t%*es of !e!or%. T"is includes:
J #A$? w"ic" is so!eti!es called )#A$ for d%na!ic rando!3access !e!or%? is used b% t"e router in t"e
sa!e wa% it is used b% an% ot"er co!*uter: for storin data bein used b% t"e *rocessor. T"e acti=e
confiuration file? runnin3confi? w"ic" is t"e confiuration file t"at t"e router uses durin o*eration? is
stored in #A$.
J #O$? or read3onl% !e!or%? stores a bootable IOS i!ae? w"ic" is not t%*icall% used for nor!al
o*eration. It contains t"e code t"at is used to boot t"e router and allows t"e router to access t"e IOS i!ae.
J Flas" !e!or%? w"ic" can be eit"er an EE'#O$ or a 'C$CIA card? stores full% functional IOS i!aes and
is t"e default location w"ere t"e router accesses its IOS at boot ti!e. Flas" !e!or% also can be used to store
confiuration files on so!e Cisco routers.
J N:#A$? w"ic" is non=olatile #A$? stores t"e initial or startu* confiuration file? startu*3confi. All
t"ese t%*es of !e!or%? e;ce*t #A$? are *er!anent !e!or%.
2"en t"e router first co!es u*? t"e router co*ies t"e stored confiuration file fro! N:#A$ into #A$? so
t"e acti=e and startu* confiuration files are identical at t"at *oint. T"e s"ow runnin3confi and s"ow
startu*3confi co!!ands are used to =erif% t"e acti=e and startu* confiuration files res*ecti=el%. Aou
can use t"e co*% runnin3confi startu*3confi co!!and to o=erwrite t"e current startu*
confiuration file wit" t"e current acti=e confiuration file. T"e co*% co!!and can be used to co*% files in
a router? !ost t%*icall% a confiuration file? or a new =ersion of t"e IOS Software. T"e !ost basic !et"od
for !o=in confiuration files in and out of a router is b% usin a TFT' ser=er. T"e co*% co!!and is used
CCNA
to co*% confiuration files a!on #A$? N:#A$? and a TFT' ser=er. T"e s%nta; for co*% co!!and used to
co*% confiuration files a!on #A$? N:#A$? and a TFT' ser=er s*ecifies t"e source location and t"e
destination of t"e confiuration file as in:
co*% source destination
T"e source and t"e destination *ara!eters can be runnin3confi? startu*3confi? or tft* for
#A$? N:#A$? and a TFT' ser=er res*ecti=el%. 4owe=er? t"e source and t"e destination *ara!eters
cannot be t"e sa!e. T"us? t"e followin s%nta; co*ies t"e confiuration fro! #A$ to N:#A$?
o=erwritin t"e current startu* confiuration file wit" t"e acti=e confiuration file:
co*% runnin3confi startu*3confi
T"e co*% co!!and does not alwa%s re*lace t"e e;istin file t"at it is co*%in. An% co*% co!!and o*tion
!o=in a file into N:#A$ or a TFT' ser=er re*laces t"e e;istin file? "owe=er? an% co*% into #A$ works
b% addin t"e co!!ands to t"e acti=e confiuration file. T"us? if %ou c"ane t"e acti=e confiuration file
and t"en want to re=ert to t"e startu* confiuration file? %ou !ust use t"e reload co!!and? w"ic" reboots
t"e router.
Two co!!ands can be used to erase t"e contents of N:#A$. T"ese are t"e write erase co!!and? w"ic"
is t"e older co!!and? and t"e erase startu*3confi co!!and? w"ic" is t"e newer co!!and.
1.,.&.& 5*radin Cisco IOS Software
T%*icall%? a router "as one IOS i!ae and t"at is t"e IOS t"at is used. T"is IOS i!ae is t%*icall% stored in
Flas" !e!or%? w"ic" is a rewriteable? *er!anent for! of storae. T"e IOS i!ae can also be *laced on an
e;ternal TFT' ser=er? but t"is is t%*icall% done for testin. In t"e IOS u*rade *rocess %ou first !ust obtain t"e
IOS i!ae fro! Cisco. T"en %ou !ust *lace t"e IOS i!ae into t"e default director% of a TFT' ser=er. Finall%?
%ou !ust use t"e co*% tft* flas" co!!and fro! t"e router to co*% t"e files into Flas" !e!or%.
)urin t"is *rocess? t"e router will need to disco=er t"e I' address or "ost na!e of t"e TFT' ser=erG t"e
na!e of t"e fileG t"e s*ace a=ailable in Flas" !e!or% for t"is fileG and w"et"er %ou want to erase t"e old
files. T"e router will *ro!*t %ou for answers? as necessar%. Afterward? t"e router erases Flas" !e!or% as
needed? co*ies t"e file? and t"en =erifies t"at t"e c"ecksu! for t"e file s"ows t"at no errors occurred in
trans!ission. T"e s"ow flas" co!!and t"en can be used to =erif% t"e contents of Flas" !e!or%. Before
t"e new IOS is used? "owe=er? t"e router !ust be reloaded.
1.,.&.+ T"e Cisco IOS Software Boot Se6uence
T"e basic boot se6uence for a Cisco router is:
Ste* 1: T"e router *erfor!s a *ower3on self3test 7'OST8 to disco=er and =erif% t"e "ardware.
Ste* &: T"e router loads and runs bootstra* code fro! #O$.
Ste* +: T"e router finds t"e IOS or ot"er software and loads it.
Ste* ,: T"e router finds t"e confiuration file and loads it into runnin confi.
All routers atte!*t all four ste*s eac" ti!e t"at t"e router is *owered on or reloaded. T"e 'OST code and
functions cannot be c"aned b% t"e router ad!inistrator. T"e location of t"e bootstra* code? t"e IOS to load?
and t"e confiuration file can be c"aned b% t"e ad!inistrator3but %ou al!ost alwa%s use t"e default
location for t"e bootstra* code 7#O$8 and for t"e initial confiuration 7N:#A$8. So? t"e location of IOS or ot"er
software is t"e onl% *art t"at t%*icall% is c"aned.
T"ree cateories of o*eratin s%ste!s can be loaded into t"e router:
J T"e full3function IOS i!ae? w"ic" is t%*icall% located in Flas" !e!or% but can also be located on a TFT'
ser=er. T"is is t"e nor!al? full3feature IOS used in *roductionG
J A li!ited3function IOS t"at resides in #O$G and *ro=ides basic I' connecti=it% w"en Flas" !e!or% is fault%
and %ou need I' connecti=it% to co*% a new IOS into Flas" !e!or%. T"is li!ited3function IOS is called
#DBOOT !ode.
J A different non3IOS o*eratin s%ste! t"at is also stored in #O$. T"is o*eratin s%ste!? called #O$
$onitor 7#O$$ON8 !ode? is used for low3le=el debuin and for *assword reco=er%. 5nless %ou
CCNA
are *erfor!in *assword reco=er%? %ou would seldo! use #O$$ON !ode.
T"e confiuration reister tells t"e router w"et"er to use a full3featured IOS? #O$$ON? #DBOOT !ode.
T"e confiuration reister is a 1/3bit software reister in t"e router? and its =alue is set usin t"e confireister
lobal confiuration co!!and. T"e boot field is t"e na!e of t"e low3order , bits of t"e
confiuration reister. T"is field can be considered a ,3bit =alue? re*resented as a sinle "e;adeci!al diit. If t"e
boot field is "e; 9? #O$$ON is loaded. If t"e boot field is "e; 1? #DBOOT !ode is used. For
an%t"in else? it loads a full3featured IOS.
T"e second !et"od used to deter!ine w"ere t"e router tries to obtain an IOS i!ae is t"rou" t"e use of t"e
boot s%ste! confiuration co!!and. If t"e confiuration reister calls for a full3featured IOS? t"e router reads
t"e confiuration file for boot s%ste! co!!ands.
If t"ere are no boot s%ste! co!!ands? t"e router takes t"e default action? w"ic" is to load t"e first file in
Flas" !e!or%. Table 1.0 lists t"e confiuration reister and t"e boot s%ste! co!!and.
TABLE 1.0: T"e boot s%ste! Co!!ands
Boot Filed :alue Function
9;9 Loads #O$$ON and inores boot s%ste! co!!ands.
9;1 Loads IOS fro! #O$ and inores boot s%ste! co!!ands.
T"is is also known as #DBOOT !ode.
9;&39;F If used wit" t"e no boot co!!and? t"e first IOS file in Flas"
!e!or% is loadedG if t"at fails? t"e router broadcasts lookin for
an IOS on a TFT' ser=er. If t"at fails? IOS fro! #O$ is loaded.
9;&39;F If used wit" t"e boot s%ste! #O$ co!!and? IOS fro! #O$ is
loaded.
9;&39;F If used wit" t"e boot s%ste! flas" co!!and? t"e first file
fro! Flas" !e!or% is loaded.
9;&39;F If used wit" t"e boot s%ste! flas" fileNna!e co!!and?
IOS wit" t"e s*ecified fileNna!e is loaded fro! Flas" !e!or%.
9;&39;F If used wit" t"e boot s%ste! tft* fileNna!e 19.1.1.1
co!!and? IOS wit" t"e s*ecified fileNna!e is loaded fro! t"e
TFT' ser=er.
9;&39;F If used wit" !ulti*le boot s%ste! co!!ands? an atte!*t
occurs to load IOS based on t"e first boot co!!and in
confiuration. If t"at fails? t"e second boot co!!and is used? etc.?
until an IOS is loaded successfull%.
1.. S*annin3Tree 'rotocol 7ST'8
A La%er & switc"? w"ic" functions as a trans*arent bride? offers no additional links for redundanc%
*ur*oses. To add redundanc%? a second switc" !ust be added. Now two switc"es offer t"e trans*arent
bridin function in *arallel. LAN desins wit" redundant links introduce t"e *ossibilit% t"at fra!es !i"t
loo* around t"e network fore=er. T"ese loo*in fra!es would cause network *erfor!ance *roble!s. For
e;a!*le? w"en t"e switc"es recei=e an unknown unicast? bot" will flood t"e fra!e out all t"eir a=ailable
*orts? includin t"e *orts t"at link to t"e ot"er switc"? resultin in w"at is known as a bridin loo*? as t"e
fra!e is forwarded around and around between two switc"es. T"is occurs because *arallel switc"es are
unaware of eac" ot"er. T"e S*annin Tree 'rotocol 7ST'8? w"ic" allows t"e redundant LAN links to be
used w"ile *re=entin fra!es fro! loo*in around t"e LAN indefinitel% t"rou" t"ose redundant links? was
de=elo*ed to o=erco!e t"e *ossibilit% of bridin loo*s. It enables switc"es to beco!e aware of eac" ot"er
so t"at t"e% can neotiate a loo*3free *at" t"rou" t"e network. Loo*s are disco=ered before t"e% are o*ened
for use? and redundant links are s"ut down to *re=ent t"e loo*s fro! for!in. ST' is co!!unicated
between all connected switc"es on a network. Eac" switc" e;ecutes t"e S*annin3Tree Alorit"! 7STA8
CCNA
based on infor!ation recei=ed fro! ot"er nei"borin switc"es. T"e alorit"! c"ooses a reference *oint in
t"e network and calculates all t"e redundant *at"s to t"at reference *oint. 2"en redundant *at"s are found?
STA *icks one *at" to forward fra!es wit" and disables or blocks forwardin on t"e ot"er redundant *at"s.
ST' co!*utes a tree structure t"at s*ans all switc"es in a subnet or network. #edundant *at"s are *laced in a
blockin or standb% state to *re=ent fra!e forwardin. T"e switc"ed network is t"en in a loo*3free condition.
4owe=er? if a forwardin *ort fails or beco!es disconnected? t"e STA will run aain to reco!*ute t"e
S*annin3Tree to*olo% so t"at blocked links can be reacti=ated.
B% default? ST' is enabled on all *orts of a switc". ST' s"ould re!ain enabled in a network to *re=ent
bridin loo*s fro! for!in. 4owe=er? if ST' "as been disabled on a CLI3based switc"? it can be reenabled
wit" t"e followin co!!and:
Switc" 7enable8 set s*antree enable O all P !oduleNnu!ber(*ortNnu!ber Q
If ST' "as been disabled on an IOS3based switc"? it can be re3enabled wit" t"e followin co!!and:
Switc" 7confi8R s*antree =lanNlist
Aou can use t"e s"ow s*antree O =lan Q co!!and to =iew t"e status of ST' on eit"er a CLI3 or IOSbased
switc".
T"e STA *laces eac" bride(switc" *ort in eit"er a forwardin state or a blockin state. All t"e *orts in
forwardin state are considered to be in t"e current s*annin tree. T"e collecti=e set of forwardin *orts
creates a sinle *at" o=er w"ic" fra!es are sent between Et"ernet se!ents. Switc"es can forward fra!es
out *orts and recei=e fra!es in *orts t"at are in forwardin stateG switc"es do not forward fra!es out *orts and
recei=e fra!es in *orts t"at are in blockin state.
ST' uses t"ree criteria to c"oose w"et"er to *ut an interface in forwardin state or a blockin state:
J ST' elects a root bride and *uts all interfaces on t"e root bride in forwardin state.
J Eac" nonroot bride considers one of its *orts to "a=e t"e lowest ad!inistrati=e cost between itself and
t"e root bride. ST' *laces t"is lowest3root3cost interface? called t"at brideIs root *ort? in forwardin
state.
J $an% brides can attac" to t"e sa!e Et"ernet se!ent. T"e bride wit" t"e lowest ad!inistrati=e cost fro!
itself to t"e root bride? as co!*ared wit" t"e ot"er brides attac"ed to t"e sa!e se!ent? is *laced in
forwardin state. T"e lowest3cost bride on eac" se!ent is called t"e desinated bride? and t"at brideIs
interface? attac"ed to t"at se!ent? is called t"e desinated *ort.
All ot"er interfaces are *laced in blockin state.
1...1 #oot Bride Election
For all switc"es in a network to aree on a loo*3free to*olo%? a co!!on fra!e of reference !ust e;ist.
T"is reference *oint is called t"e #oot Bride. T"e #oot Bride is c"osen b% an election *rocess a!on all
connected switc"es. Eac" switc" "as a uni6ue Bride I) t"at it uses to identif% itself to ot"er switc"es. T"e
Bride I) is an 13b%te =alue. & b%tes of t"e Bride I) is used for a Bride 'riorit% field? w"ic" is t"e
*riorit% or wei"t of a switc" in relation to all ot"er switc"es. T"e ot"er / b%tes of t"e Bride I) is used for t"e
$AC Address field? w"ic" can co!e fro! t"e Su*er=isor !odule? t"e back*lane? or a *ool of 19&,
addresses t"at are assined to e=er% Su*er=isor or back*lane de*endin on t"e switc" !odel. T"is address is
"ardcoded? uni6ue? and cannot be c"aned.
T"e election *rocess beins wit" e=er% switc" sendin out B')5s wit" a #oot Bride I) e6ual to its own
Bride I) as well as a Sender Bride I). T"e latter is used to identif% t"e source of t"e B')5 !essae.
#ecei=ed B')5 !essaes are anal%>ed for a lower #oot Bride I) =alue. If t"e B')5 !essae "as a #oot
Bride I) of t"e lower =alue t"an t"e switc"Is own #oot Bride I)? it re*laces its own #oot Bride I) wit" t"e
#oot Bride I) announced in t"e B')5. If two Bride 'riorit% =alues are e6ual? t"en t"e lower $AC address
takes *reference. T"e switc" is t"en no!inates t"e new #oot Bride I) in its own B')5 !essaes alt"ou" it
will still identif% itself as t"e Sender Bride I). Once t"e *rocess "as con=ered? all switc"es will aree on t"e
#oot Bride until a new switc" is added.
CCNA
T"e #oot Bride election is based on t"e idea t"at one switc" is c"osen as a co!!on reference *oint? and all
ot"er switc"es c"oose *orts t"at are closest to t"e #oot. T"e #oot Bride election is also based on t"e idea
t"at t"e #oot Bride can beco!e a central "ub t"at interconnects ot"er les of t"e network. T"erefore? t"e
#oot Bride can be faced wit" "ea=% switc"in loads in its central location. If "ea=% loads of traffic are
e;*ected to *ass t"rou" t"e #oot Bride? t"e slowest switc" is not t"e ideal candidate. Furt"er!ore? onl%
one #oot Bride is elected. T"is is t"us not fault tolerant. To o=erco!e t"ese *roble!s? %ou s"ould set a
#oot Bride in a deter!ined fas"ion? and set a secondar% #oot Bride in case of *ri!ar% #oot Bride failure.
T"e #oot Bride and t"e secondar% #oot Bride s"ould be *laced near t"e center of t"e network.
To confiure a CLI3based Catal%st switc" to beco!e t"e #oot Bride? use t"e followin co!!and to !odif%
t"e Bride 'riorit% =alue so t"at a switc" can be i=en a lower Bride I) =alue to win a #oot Bride
election:
Switc" 7enable8 set s*antree *riorit% brideN*riorit% O =lan Q
Alternati=el%? %ou can use t"e followin co!!and:
Switc" 7enable8 set s*antree root O secondar% Q
O =lanNlist Q
O dia dia!eter Q O "ello "elloNti!e Q
T"is co!!and is a !acro t"at e;ecutes se=eral ot"er co!!ands. T"e result is a !ore direct and auto!atic
wa% to force one switc" to beco!e t"e #oot Bride. Actual Bride 'riorities are not i=en in t"e co!!and.
#at"er? t"e switc" will !odif% ST' =alues accordin to t"e current =alues in use wit"in t"e acti=e network.
To confiure an IOS3based Catal%st switc" to beco!e t"e #oot Bride? use t"e followin co!!and to
!odif% t"e Bride 'riorit% =alue so t"at a switc" can be i=en a lower Bride I) =alue to win a #oot Bride
election:
Switc" 7confi8R s*annin3tree O =lan =lanNlist Q
*riorit% brideN*riorit%
1...& #oot 'orts Election
Once a reference *oint "as been no!inated and elected for t"e entire switc"ed network? eac" non3root
switc" !ust find its relation to t"e #oot Bride. T"is action can be *erfor!ed b% selectin onl% one #oot
'ort on eac" non3root switc". ST' uses t"e #oot 'at" Cost to select a #oot 'ort. T"e #oot 'at" Cost is t"e
cu!ulati=e cost of all t"e links leadin to t"e #oot Bride. A *articular switc" link "as a cost associated
wit" it called t"e 'ort or 'at" Cost. T"is cost is in=ersel% *ro*ortional to t"e *ortIs bandwidt". As t"e 'at"
Cost tra=els alon? ot"er switc"es can !odif% its =alue to !ake it cu!ulati=e. T"e 'at" Cost is known onl%
to t"e local switc" w"ere t"e *ort or L*at"L to a nei"borin switc" resides as it is not contained in t"e
B')5. Onl% t"e #oot 'at" Cost is contained in t"e B')5. 'at" Costs are defined as a one3b%te =alue.
T"e #oot Bride sends out a B')5 wit" a #oot 'at" Cost =alue of >ero because its *orts sit directl% on t"e
#oot Bride. 2"en t"e ne;t closest nei"bor recei=es t"e B')5? it adds t"e 'at" Cost of its own *ort w"ere
t"e B')5 arri=ed. T"e nei"bor t"en sends out B')5s wit" t"is new cu!ulati=e =alue as t"e #oot 'at"
Cost. T"is =alue is incre!ented b% subse6uent switc" *ort 'at" Costs as t"e B')5 is recei=ed b% eac"
switc" on down t"e line. After incre!entin t"e #oot 'at" Cost? a switc" also records t"e =alue in its
!e!or%. 2"en a B')5 is recei=ed on anot"er *ort and t"e new #oot 'at" Cost is lower t"an t"e *re=iousl%
recorded =alue? t"is lower =alue beco!es t"e new #oot 'at" Cost. In addition? t"e lower cost tells t"e switc"
t"at t"e #oot Bride !ust be closer to t"is *ort t"an it was on ot"er *orts. T"e switc" "as now deter!ined
w"ic" of its *orts is t"e closest to t"e root3t"e #oot 'ort.
If desired? t"e cost of a *ort can be !odified fro! t"e default =alue. 4owe=er? c"anin one *ortIs cost !a%
influence ST' to c"oose t"at *ort as a #oot 'ort. T"erefore careful calculation is re6uired to ensure t"at t"e
desired *at" will be elected. On a CLI3based switc"? t"e *ort cost can be !odified b% usin one of t"e
followin co!!ands:
Switc" 7enable8 set s*antree *ortcost !oduleNnu!ber(*ortNnu!ber cost
or
Switc" 7enable8 set s*antree *ort=lancost !oduleNnu!ber(*ortNnu!ber
CCNA
O cost cost Q O =lanNlist Q
On an IOS3based switc"? t"e *ort cost for indi=idual :LANs can be !odified b% usin t"e followin
co!!and:
Switc" 7confi3if8R s*annin3tree O =lan =lanNlist Q cost cost
1...+ )esinated 'orts Election
Once t"e #oot 'at" Cost =alues "a=e been co!*uted? t"e #oot 'orts "a=e been identifiedG "owe=er? all ot"er
links are still connected and could be acti=e? lea=in bridin loo*s. To re!o=e t"e bridin loo*s? ST'
!akes a final co!*utation to identif% one )esinated 'ort on eac" network se!ent w"ic" would forward
traffic to and fro! t"at se!ent. Switc"es c"oose a )esinated 'ort based on t"e lowest cu!ulati=e #oot
'at" Cost to t"e #oot Bride. All *orts are still acti=e and bridin loo*s are still *ossible. ST' "as a set of
*roressi=e states t"at eac" *ort !ust o t"rou"? reardless of t"e t%*e or identification. T"ese states will
acti=el% *re=ent loo*s fro! for!in.
1..., ST' States
To *artici*ate in ST'? eac" *ort of a switc" !ust *roress t"rou" se=eral states. A *ort beins in a
)isabled state !o=in t"rou" se=eral *assi=e states and finall% into an acti=e state if allowed to forward
traffic. T"e ST' *ort states are: )isabled? Blockin? Listenin? Learnin? and Forwardin.
J 'orts t"at are ad!inistrati=el% s"ut down b% t"e network ad!inistrator or b% t"e s%ste! due to a fault
condition are in t"e )isabled state. T"is state is s*ecial and is not *art of t"e nor!al ST' *roression for
a *ort.
J After a *ort initiali>es? it beins in t"e Blockin state so t"at no bridin loo*s can for!. In t"e Blockin state? a
*ort cannot recei=e or trans!it data and cannot add $AC addresses to its address table. Instead? a *ort is onl%
allowed to recei=e B')5s. Also? *orts t"at are *ut into standb% !ode to re!o=e a bridin loo* enter t"e
Blockin state.
J T"e *ort will be !o=ed fro! t"e Blockin state to t"e Listenin state if t"e switc" t"inks t"at t"e *ort
can be selected as a #oot 'ort or )esinated 'ort. In t"e Listenin state? t"e *ort still cannot send or
recei=e data fra!es. 4owe=er? t"e *ort is allowed to recei=e and send B')5s so t"at it can acti=el%
*artici*ate in t"e S*annin3Tree to*olo% *rocess. 4ere t"e *ort is finall% allowed to beco!e a #oot 'ort
or )esinated 'ort because t"e switc" can ad=ertise t"e *ort b% sendin B')5s to ot"er switc"es.
S"ould t"e *ort lose its #oot 'ort or )esinated 'ort status? it is returned to t"e Blockin state.
J After a *eriod of ti!e called t"e Forward )ela% in t"e Listenin state? t"e *ort is allowed to !o=e into t"e
Learnin state. T"e *ort still sends and recei=es B')5s as before. In addition? t"e switc" can now learn
new $AC addresses to add into its address table.
J After anot"er Forward )ela% *eriod in t"e Learnin state? t"e *ort is allowed to !o=e into t"e
Forwardin state. T"e *ort can now send and recei=e data fra!es? collect $AC addresses into its
address table? and send and recei=e B')5s. T"e *ort is now a full% functionin switc" *ort wit"in t"e
S*annin3Tree to*olo%.
1.... ST' Ti!ers
ST' o*erates as switc"es send B')5s to eac" ot"er in an effort to for! a loo*3free to*olo%. T"e B')5s
take a finite a!ount of ti!e to tra=el fro! switc" to switc". In addition? news of a to*olo% c"ane suc" as a
link or #oot Bride failure can suffer fro! *ro*aation dela%s as t"e announce!ent tra=els fro! one side of
a network to t"e ot"er. Because of t"e *ossibilit% of t"ese dela%s? *re=entin t"e S*annin3Tree to*olo%
fro! con=erin until all switc"es "a=e "ad ti!e to recei=e accurate infor!ation is i!*ortant. ST' uses
t"ree ti!ers for t"is *ur*ose. T"ere are t"ree ti!ers: 4ello Ti!e? Forward )ela%? and $a; Ae.
J 4ello Ti!e is t"e ti!e inter=al between Confiuration B')5s sent b% t"e #oot Bride. T"e 4ello Ti!e
=alue confiured in t"e #oot Bride switc" will deter!ine t"e 4ello Ti!e for all non3root switc"es.
4owe=er? all switc"es "a=e a locall% confiured 4ello Ti!e t"at is used to ti!e To*olo% C"ane
Notification 7TCN8 B')5s w"en t"e% are retrans!itted. T"e IEEE 19&.1) standard s*ecifies a default
CCNA
4ello Ti!e =alue of two seconds.
J Forward )ela% is t"e ti!e inter=al t"at a switc" *ort s*ends in bot" t"e Listenin and Learnin states. T"e
default =alue is 1. seconds.
J $a; Ae is t"e ti!e inter=al t"at a switc" stores a B')5 before discardin it. 2"ile e;ecutin t"e ST'?
eac" switc" *ort kee*s a co*% of t"e LbestL B')5 t"at it "as "eard. If t"e source of t"e B')5 loses
contact wit" t"e switc" *ort? t"e switc" will notice t"at a to*olo% c"ane "as occurred after t"e $a;
Ae ti!e ela*ses and t"e B')5 is aed out. T"e default $a; Ae =alue is &9 seconds.
To announce a c"ane in t"e acti=e network to*olo%? switc"es send a To*olo% C"ane Notification 7TCN8
B')5. T"is occurs w"en a switc" eit"er !o=es a *ort into t"e Forwardin state or !o=es a *ort fro!
Forwardin or Learnin into t"e Blockin state. T"e switc" sends a TCN B')5 out its )esinated 'ort.
T"e TCN B')5 carries no data about t"e c"ane? but onl% infor!s reci*ients t"at a c"ane "as occurred.
4owe=er? t"e switc" will not send TCN B')5s if t"e *ort "as been confiured wit" 'ortFast enabled. T"e
switc" will continue sendin TCN B')5s e=er% 4ello Ti!e inter=al until it ets an acknowlede!ent fro!
an u*strea! nei"bor. As t"e u*strea! nei"bors recei=e t"e TCN B')5? t"e% will *ro*aate it on toward
t"e #oot Bride. 2"en t"e #oot Bride recei=es t"e B')5? t"e #oot Bride sends out an
acknowlede!ent. T"e #oot Bride also sends out t"e To*olo% C"ane fla in a Confiuration B')5 so
t"at all ot"er brides will s"orten t"eir bride table ain ti!es down fro! t"e default +99 seconds to t"e
Forward )ela% =alue. T"is condition causes t"e learned locations of $AC addresses to be flus"ed out
sooner t"an t"e% nor!all% would? easin t"e bride table corru*tion t"at !i"t occur due to t"e c"ane in
to*olo%. 4owe=er? an% stations t"at are acti=el% co!!unicatin durin t"is ti!e will be ke*t in t"e bride
table. T"is condition lasts for t"e su! of t"e Forward )ela% and t"e $a; Ae.
T"e t"ree ST' ti!ers can be adCusted. T"ese ti!ers need onl% be !odified on t"e #oot Bride and an%
secondar% or backu* #oot Brides because t"e #oot Bride *ro*aates all t"ree ti!er =alues t"rou"out t"e
network in t"e Confiuration B')5.
1.../ O*tional ST' Features
Cisco "as added se=eral *ro*rietar% en"ance!ents to ST' and to t"e loic used b% its switc"es. Also? t"e
IEEE? w"ic" owns t"e ST' s*ecifications? "as !ade ot"er en"ance!ents? so!e si!ilar to CiscoIs
*ro*rietar% en"ance!ents.
1.../.1 Et"erC"annel
Et"erC"annel co!bines fro! two to ei"t *arallel Et"ernet trunks between t"e sa!e *air of switc"es?
bundled into an Et"erC"annel. ST' treats an Et"erC"annel as a sinle link? so if at least one of t"e links is
u*? ST' con=erence does not "a=e to occur. 2it" eac" *air of Et"ernet links confiured as an
Et"erC"annel? ST' treats eac" Et"erC"annel as a sinle link. T"us? bot" links to t"e sa!e switc" !ust fail for a
switc" to need to cause ST' con=erence. 2it"out Et"erC"annel? if %ou "a=e !ulti*le *arallel links between
two switc"es? ST' blocks all t"e links e;ce*t one. 2it" Et"erC"annel? all t"e *arallel links can be u* and
workin at t"e sa!e ti!e? w"ile reducin t"e nu!ber of ti!es ST' !ust con=ere? w"ic" in turn
!akes t"e network !ore a=ailable.
Et"erC"annel also *ro=ides !ore network bandwidt". All trunks in an Et"erC"annel are eit"er forwardin
or blockin? because ST' treats all t"e trunks in t"e sa!e Et"erC"annel as one trunk. 2"en an
Et"erC"annel is in forwardin state? t"e switc"es forward traffic o=er all t"e trunks? *ro=idin !ore
bandwidt".
1.../.& 'ortFast
'ortFast allows a switc" to *lace a *ort in forwardin state i!!ediatel% w"en t"e *ort beco!es *"%sicall%
acti=e. 4owe=er? t"e onl% *orts on w"ic" %ou can safel% enable 'ortFast are *orts on w"ic" %ou know t"at
no brides? switc"es? or ot"er ST' de=ices are connected. T"us? 'ortFast is !ost a**ro*riate for connections
to end3user de=ices. If %ou turn on 'ortFast for end3user de=ices? w"en an end3user 'C boots? as soon as t"e
CCNA
Et"ernet card is acti=e? t"e switc" *ort can forward traffic. 2it"out 'ortFast? eac" *ort !ust wait $a;Ae
*lus twice Forwardin )ela%? w"ic" is .9 seconds wit" t"e default $a;Ae and Forward )ela% settins.
1.../.+ #a*id S*annin Tree 7IEEE 19&.1w8
T"e IEEE "as i!*ro=ed t"e 19&.1d *rotocol? w"ic" defines ST'? wit" t"e definition of #a*id S*annin
Tree 'rotocol 7#ST'8? as defined in standard 19&.1w. #ST' is si!ilar to ST' in t"at it elects t"e root
switc" usin t"e sa!e *ara!eters and tiebreakersG elects t"e root *ort on nonroot switc"es wit" t"e sa!e
rulesG elects desinated *orts on eac" LAN se!ent wit" t"e sa!e rulesG and *laces eac" *ort in eit"er a
forwardin state or a blockin state? wit" t"e latter bein called t"e discardin state instead of t"e blockin
state.
#ST' can be de*lo%ed alonside traditional ST' brides and switc"es? wit" #ST' features workin in
switc"es t"at su**ort it? and ST' features workin in t"e switc"es t"at su**ort onl% ST'.
T"e ad=antae #ST' "as o=er ST' is i!*ro=ed network con=erence w"en network to*olo% c"anes occur.
ST' con=erence "as essentiall% wait *eriods: a switc" !ust first cease to recei=e root B')5s for $a;Ae
seconds before it can bein to transition an% interfaces fro! blockin to forwardin. For an% interfaces t"at need
to transition fro! blockin to forwardin? t"e interface !ust endure Forward )ela% seconds in
listenin state and Forward )ela% !ore seconds in learnin state before bein *laced in forwardin state. B%
default? t"ese t"ree wait *eriods of are &9? 1.? and 1. seconds.
#ST' con=erence ti!es t%*icall% take less t"an 19 seconds. In so!e cases? t"e% can be as low as 1 to &
seconds.
&. :irtual LANs and Trunkin
A full% La%er & switc"ed network is referred to as a flat network to*olo%. A flat network is a sinle
broadcast do!ain in w"ic" e=er% connected de=ice sees e=er% broadcast *acket t"at is trans!itted. As t"e
nu!ber of "osts on t"e network increases? so does t"e nu!ber of broadcasts. )ue to t"e La%er & foundation?
flat networks cannot contain redundant *at"s for load balancin or fault tolerance. 4owe=er? a switc"ed
network en=iron!ent offers t"e tec"nolo% to o=erco!e flat network li!itations. Switc"ed networks can be
subdi=ided into =irtual LANs 7:LANs8? eac" of w"ic" is a sinle
broadcast do!ain. All de=ices connected to t"e :LAN recei=e
broadcasts fro! ot"er :LAN !e!bers. 4owe=er? de=ices
connected to a different :LAN will not recei=e t"ose sa!e
broadcasts because is !ade u* of defined !e!bers
co!!unicatin as a loical network se!ent. A :LAN can "a=e
connected !e!bers located an%w"ere in t"e ca!*us network? as
lon as :LAN connecti=it% is *ro=ided between all !e!bers.
La%er & switc"es are confiured wit" a :LAN !a**in and
NIC is
*ro=ide t"e loical connecti=it% between t"e :LAN !e!bers.
&.1 :LAN $e!bers"i*
Collision )o!ains
A collision do!ain is a set of network
interface cards 7NICs8 for w"ic" a fra!e
sent b% one NIC could result in a collision
wit" a fra!e sent b% an% ot"er NIC in t"e
sa!e collision do!ain.
Broadcast )o!ains
A broadcast do!ain is a set of NICs for
w"ic" a broadcast fra!e sent b% one
recei=ed b% all ot"er NICs in t"e sa!e
broadcast do!ain.
2"en a :LAN is *ro=ided at an access la%er switc"? an end user !ust be able to ain !e!bers"i* to it.
Two !e!bers"i* !et"ods e;ist on Cisco Catal%st switc"es: static :LANs and d%na!ic :LANs.
J Static :LANs offer *ort3based !e!bers"i*? w"ere switc" *orts are assined to s*ecific :LANs. End
user de=ices beco!e !e!bers in a :LAN based on w"ic" *"%sical switc" *ort t"e% are connected to.
No "ands"akin or uni6ue :LAN !e!bers"i* *rotocol is needed for t"e end de=icesG t"e% auto!aticall%
assu!e :LAN connecti=it% w"en t"e% connect to a *ort. T"e static *ort3to3:LAN !e!bers"i* is
nor!all% "andled in "ardware wit" a**lication s*ecific interated circuits 7ASICs8 in t"e switc". T"is
!e!bers"i* *ro=ides ood *erfor!ance because all *ort !a**ins are done at t"e "ardware le=el wit"
CCNA
no co!*le; table looku*s needed.
J )%na!ic :LANs are used to *ro=ide !e!bers"i* based on t"e $AC address of an end user de=ice. 2"en
a de=ice is connected to a switc" *ort? t"e switc" !ust 6uer% a database to establis" :LAN
!e!bers"i*. A network ad!inistrator !ust assin t"e userIs $AC address to a :LAN in t"e database of a
:LAN $e!bers"i* 'olic% Ser=er 7:$'S8. 2it" Cisco switc"es? d%na!ic :LANs are created and !anaed
t"rou" t"e use of network !anae!ent tools like Cisco2orks &999 or Cisco2orks for
Switc"ed Internetworks 7C2SI8. )%na!ic :LANs allow a reat deal of fle;ibilit% and !obilit% for end users?
but re6uire !ore ad!inistrati=e o=er"ead.
&.& E;tent of :LANs
T"e nu!ber of :LANs t"at will be i!*le!ented on a network is de*endent on traffic *atterns? a**lication
t%*es? se!entin co!!on workrou*s? and network !anae!ent re6uire!ents. 4owe=er? consideration
!ust be i=en to t"e relations"i* between :LANs and t"e I' addressin sc"e!es. Cisco reco!!ends a onetoone
corres*ondence between :LANs and I' subnets? w"ic" !eans t"at if a Class C network address is
used for a :LAN? t"en no !ore t"an &., de=ices s"ould be in t"e :LAN. Cisco also reco!!ends t"at
:LANs not e;tend be%ond t"e La%er & do!ain of t"e distribution switc"? i.e.? t"e :LAN s"ould not reac" across t"e
core of a network and into anot"er switc" block. T"is is desined to kee* broadcasts and
unnecessar% !o=e!ent of traffic out of t"e core block. :LANs can be scaled in t"e switc" block b% usin two
basic !et"ods: end3to3end :LANs and local :LANs.
J End3to3end :LANs s*an t"e entire switc" fabric of a network and are also called ca!*us3wide :LANs. T"e%
are *ositioned to su**ort !a;i!u! fle;ibilit% and !obilit% of end de=ices. 5sers are assined to :LANs
reardless of t"eir *"%sical location. T"is !eans t"at eac" :LAN !ust be !ade a=ailable at t"e access la%er
in e=er% switc" block. End3to3end :LANs s"ould rou* users accordin to co!!on
re6uire!ents? followin t"e 19(&9 rule. Alt"ou" onl% &9 *ercent of t"e traffic in a :LAN is e;*ected to cross
t"e network core? end3to3end :LANs !ake it *ossible for all traffic wit"in a sinle :LAN to cross t"e core.
Because all :LANs !ust be a=ailable at eac" access la%er switc"? :LAN trunkin !ust be
used to carr% all :LANs between t"e access and distribution la%er switc"es.
J In t"e !odern network? end users re6uire access to central resources outside t"eir :LAN. 5sers !ust
cross into t"e network core !ore fre6uentl%? !akin t"e end3to3end :LANs cu!berso!e and difficult to
!aintain. $ost enter*rise networks "a=e ado*ted t"e &9(19 rule. Local :LANs de*lo%ed in t"is t%*e of
network. Local :LANs are desined to contain user co!!unities based on eora*"ic boundaries? wit"
little reard to t"e a!ount of traffic lea=in t"e :LAN. T"e% rane in si>e fro! a sinle switc" in a
wirin closet to an entire buildin. Local :LANs enables t"e La%er + function in t"e ca!*us network to
intellientl% "andle t"e inter3:LAN traffic loads. T"is *ro=ides !a;i!u! a=ailabilit% b% usin !ulti*le
*at"s to destinations? !a;i!u! scalabilit% b% kee*in t"e :LAN wit"in a switc" block? and !a;i!u!
!anaeabilit%.
&.+ :LAN Trunkin
2"en usin :LANs in networks t"at "a=e !ulti*le interconnected switc"es? %ou need to use :LAN
trunkin between t"e switc"es. 2it" :LAN trunkin? t"e switc"es ta eac" fra!e sent between switc"es so
t"at t"e recei=in switc" knows to w"at :LAN t"e fra!e belons. End user de=ices connect to switc" *orts
t"at *ro=ide si!*le connecti=it% to a sinle :LAN eac". T"e attac"ed de=ices are unaware of an% :LAN
structure.
A trunk link can trans*ort !ore t"an one :LAN t"rou" a sinle switc" *ort. A trunk link is not assined to
a s*ecific :LAN. Instead? one or !ore acti=e :LANs can be trans*orted between switc"es usin a sinle
*"%sical trunk link. Connectin two switc"es wit" se*arate *"%sical links for eac" :LAN is also *ossible. In
addition? trunkin can su**ort !ulti*le :LANs t"at "a=e !e!bers on !ore t"an one switc".
Cisco switc"es su**ort two trunkin *rotocols? na!el%? Inter3Switc" Link 7ISL8 and IEEE 19&.1<.
CCNA
&.+.1 Inter3Switc" Link 7ISL8
Cisco created ISL before t"e IEEE standardi>ed a trunkin *rotocol. T"us? ISL is a Cisco *ro*rietar%
solution and can be used onl% between two Cisco switc"es. ISL full% enca*sulates eac" oriinal Et"ernet
fra!e in an ISL "eader and trailer. T"e oriinal Et"ernet fra!e inside t"e ISL "eader and trailer re!ains
unc"aned.
T"e ISL "eader includes a :LAN field t"at *ro=ides a *lace to encode t"e :LAN nu!ber. B% tain a
fra!e wit" t"e correct :LAN nu!ber inside t"e "eader? t"e sendin switc" can ensure t"at t"e recei=in
switc" knows to w"ic" :LAN t"e enca*sulated fra!e belons. Also? t"e source and destination addresses in
t"e ISL "eader use $AC addresses of t"e sendin and recei=in switc"? as o**osed to t"e de=ices t"at
actuall% sent t"e oriinal fra!e.
&.+.& 19&.1<
After Cisco created ISL? t"e IEEE co!*leted work on t"e 19&.1< standard. 19&.1< uses a different st%le of
"eader to ta fra!es wit" a :LAN nu!ber t"an t"e ISL. It does not enca*sulate t"e oriinal fra!e? but adds
a ,3b%te "eader to t"e oriinal Et"ernet "eader. T"is additional "eader includes a field wit" w"ic" to identif%
t"e :LAN nu!ber. Because t"e oriinal "eader "as been c"aned? 19&.1< enca*sulation forces a
recalculation of t"e oriinal FCS field in t"e Et"ernet trailer? because t"e FCS is based on t"e contents of t"e
entire fra!e. 19&.1< also introduces t"e conce*t of a nati=e :LAN on a trunk. Fra!es belonin to t"is
:LAN are not enca*sulated wit" tain infor!ation. In t"e e=ent t"at a "ost is connected to an 19&.1<
trunk link? t"at "ost will be able to recei=e and understand onl% t"e nati=e :LAN fra!es.
&., :LAN Trunkin 'rotocol 7:T'8
Ad!inistration of network en=iron!ents t"at consists of !an% interconnected switc"es is co!*licated.
Cisco "as de=elo*ed a *ro*riet% solution to !anae :LANs across suc" networks usin t"e :LAN
Trunkin 'rotocol 7:T'8 to e;c"ane :LAN confiuration infor!ation between switc"es. :T' uses La%er
& trunk fra!es to e;c"ane :LAN infor!ation so t"at t"e :LAN confiuration sta%s consistent t"rou"out
a network. :T' also !anaes t"e additions? deletions? and na!e c"anes of :LANs across !ulti*le
switc"es fro! a central *oint? !ini!i>in !isconfiurations and confiuration inconsistencies t"at can
cause *roble!s? suc" as du*licate :LAN na!es or incorrect :LANt%*e settins.
:T' is orani>ed into !anae!ent do!ains or areas wit" co!!on :LAN re6uire!ents. A switc" can
belon to onl% one :T' do!ain. Switc"es in different :T' do!ains do not s"are :T' infor!ation.
Switc"es in a :T' do!ain ad=ertise se=eral attributes to t"eir do!ain nei"bors. Eac" ad=ertise!ent
contains infor!ation about t"e :T' !anae!ent do!ain? :T' confiuration re=ision nu!ber? known
:LANs? and s*ecific :LAN *ara!eters. T"e :T' Confiuration #e=ision
Nu!ber
T"e :T' *rocess beins wit" :LAN creation on a switc" called a Eac" ti!e a :T' ser=er !odifies its
:LAN
:T' ser=er. :T' floods ad=ertise!ents t"rou"out t"e :T'
do!ain e=er% . !inutes? or w"ene=er t"ere is a c"ane in :LAN
confiuration. T"e :T' ad=ertise!ent includes a confiuration
:T'
re=ision nu!ber? :LAN na!es and nu!bers? and infor!ation
ad=ertise!ent
about w"ic" switc"es "a=e *orts assined to eac" :LAN. B%
re=ision
confiurin t"e details on one or !ore :T' ser=er and
*ro*aatin t"e infor!ation t"rou" ad=ertise!ents? all switc"es
confiuration
infor!ation? it incre!ents t"e
confiuration re=ision nu!ber t"at is sent
wit" t"e :T' ad=ertise!ent b% 1. T"e
ser=er t"en sends out a :T'
t"at includes t"e new confiuration
nu!ber. 2"en a switc" recei=es a :T'
ad=ertise!ent wit" a larer
CCNA
know t"e na!es and nu!bers of all :LANs. re=ision nu!ber? it u*dates its :LAN
&.,.1 :T' $odes confiuration.
To *artici*ate in a :T' !anae!ent do!ain? eac" switc" !ust be confiured to o*erate in one of t"ree
!odes. T"ese !odes are: ser=er !ode? client !ode? and trans*arent !ode.
&.,.1.1 Ser=er $ode
Ser=er !ode is t"e default !ode. In t"is !ode? :T' ser=ers "a=e full control o=er :LAN creation and
!odification for t"eir do!ains. All :T' infor!ation is ad=ertised to ot"er switc"es in t"e do!ain? w"ile all
recei=ed :T' infor!ation is s%nc"roni>ed wit" t"e ot"er switc"es. Because it is t"e default !ode? ser=er !ode
can be used on an% switc" in a !anae!ent do!ain? e=en if ot"er ser=er and client switc"es are in use. T"is
!ode *ro=ides so!e redundanc% in t"e e=ent of a ser=er failure in t"e do!ain.
&.,.1.& Client $ode
Client !ode is a *assi=e listenin !ode. Switc"es listens to :T' ad=ertise!ents fro! ot"er switc"es and
!odif% t"eir :LAN confiurations accordinl%. T"us t"e ad!inistrator is not allowed to create? c"ane? or
delete an% :LANs. If ot"er switc"es are in t"e !anae!ent do!ain? a new switc" s"ould be confiured for
client !ode o*eration. In t"is wa%? t"e switc" will learn an% e;istin :T' infor!ation fro! a ser=er. If t"is
switc" will be used as a redundant ser=er? it s"ould start out in client !ode to learn all :T' infor!ation
fro! reliable sources. If t"e switc" was initiall% confiured for ser=er !ode instead? it !i"t *ro*aate
incorrect infor!ation to t"e ot"er do!ain switc"es. Once t"e switc" "as learned t"e current :T'
infor!ation? it can be reconfiured for ser=er !ode.
&.,.1.+ Trans*arent $ode
Trans*arent !ode does not allow t"e switc" to *artici*ate in :T' neotiations. T"us? a switc" does not
ad=ertise its own :LAN confiuration? and a switc" does not s%nc"roni>e its :LAN database wit" recei=ed
ad=ertise!ents. :LANs can still be created? deleted? and rena!ed on t"e trans*arent switc". 4owe=er? t"e%
will not be ad=ertised to ot"er nei"borin switc"es. :T' ad=ertise!ents recei=ed b% a trans*arent switc" will
be forwarded on to ot"er switc"es on trunk links.
&.,.& :T' 'runin
A switc" !ust forward broadcast fra!es out all a=ailable *orts in t"e broadcast do!ain because broadcasts
are destined e=er%w"ere t"ere is a listener. $ulticast fra!es? unless forwarded b% !ore intellient !eans?
follow t"e sa!e *attern. In addition? fra!es destined for an address t"at t"e switc" "as not %et learned or "as
forotten !ust be forwarded out all *orts in an atte!*t to find t"e destination. 2"en forwardin fra!es out
all *orts in a broadcast do!ain or :LAN? trunk *orts are included. B% default? a trunk link trans*orts traffic
fro! all :LANs? unless s*ecific :LANs are re!o=ed fro! t"e trunk wit" t"e clear trunk co!!and. In a
network wit" se=eral switc"es? trunk links are enabled between switc"es and :T' is used to !anae t"e
*ro*aation of :LAN infor!ation. T"is causes t"e trunk links between switc"es to carr% traffic fro! all
:LANs.
:T' *runin !akes !ore efficient use of trunk bandwidt" b% reducin unnecessar% flooded traffic.
Broadcast and unknown unicast fra!es on a :LAN are forwarded o=er a trunk link onl% if t"e switc" on t"e
recei=in end of t"e trunk "as *orts in t"at :LAN. In ot"er words? :T' *runin allows switc"es to *re=ent
broadcasts and unknown unicasts fro! flowin to switc"es t"at do not "a=e an% *orts in t"at :LAN. :T'
*runin occurs as an e;tension to :T' =ersion 1. 2"en a Catal%st switc" "as a *ort associated wit" a
:LAN? t"e switc" sends an ad=ertise!ent to its nei"bor switc"es t"at it "as acti=e *orts on t"at :LAN.
T"e nei"bors kee* t"is infor!ation? enablin t"e! to decide if flooded traffic fro! a :LAN s"ould use a
trunk *ort or not.
B% default? :T' *runin is disabled on IOS3based and CLI3based switc"es. On IOS3based switc"es? t"e =t*
*runin co!!and in t"e :LAN database confiuration !ode? t"e can be used to enable *runin w"ile t"e set
=t* *runin enable co!!and can be used to enabled :T' *runin on CLI3based switc"es
CCNA
&.,.+ :T' Confiuration
Before :LANs can be confiured? :T' !ust be confiured. B% default? e=er% switc" will o*erate in :T'
ser=er !ode for t"e !anae!ent do!ain N5LL? wit" no *assword or secure !ode. T"e followin sections
discuss t"e co!!ands and considerations t"at s"ould be used to confiure a switc" for :T' o*eration.
&.,.+.1 Confiurin a :T' $anae!ent )o!ain
Before a switc" is added into a network? t"e :T' !anae!ent do!ain s"ould be identified. If t"is switc" is t"e
first one on t"e network? t"e !anae!ent do!ain will need to be created. Ot"erwise? t"e switc" !a% "a=e to
Coin an e;istin !anae!ent do!ain wit" ot"er e;istin switc"es.
T"e followin co!!and can be used to assin a switc" to a !anae!ent do!ain on an IOS3based switc":
Switc"R =lan database
Switc"7=lan8R =t* do!ain do!ainNna!e
To assin a switc" to a !anae!ent do!ain on a CLI3based switc"? use t"e followin co!!and:
Switc"7enable8 set =t* O do!ain do!ainNna!e Q
&.,.+.& Confiurin t"e :T' $ode
Once %ou "a=e assined t"e switc" to a :T' !anae!ent do!ain? %ou need to select t"e :T' !ode for t"e
new switc". T"ere are t"ree :T' !odes t"at can be selected: ser=er !ode? client !ode and trans*arent
!ode. T"ese :T' !odes were discussed in Section &.,.1.
On an IOS3based switc"? t"e followin co!!ands can be used to confiure t"e :T' !ode:
Switc"R =lan database
Switc"7=lan8R =t* do!ain do!ainNna!e
Switc"7=lan8R =t* S ser=er P client P trans*arent T
Switc"7=lan8R =t* *assword *assword
On a CLI3based switc"? t"e followin co!!and can be used to confiure t"e :T' !ode:
Switc"7enable8 set =t* O do!ain do!ainNna!e Q
O !odeS ser=er P client P trans*arent TQ O *assword *assword Q
If t"e do!ain is o*eratin in secure !ode? a *assword can be included in t"e co!!and line. T"e *assword
can "a=e 1 to /, c"aracters.
&.,.+.+ Confiurin t"e :T' :ersion
Two =ersions of :T'? :T' =ersion 1 and :T' =ersion &? are a=ailable for use in a !anae!ent do!ain.
Alt"ou" :T' =ersion 1 is t"e default *rotocol on a Catal%st switc"? Catal%st switc"es are ca*able of
runnin bot" =ersionsG "owe=er? t"e two =ersions are not intero*erable wit"in a !anae!ent do!ain. T"us? t"e
sa!e :T' =ersion !ust be confiured on eac" switc" in a do!ain. 4owe=er? a switc" runnin :T'
=ersion & !a% coe;ist wit" ot"er =ersion 1 switc"es? if its :T' =ersion & is not enabled. T"is situation
beco!es i!*ortant if %ou want to use =ersion & in a do!ain. T"en? onl% one ser=er !ode switc" needs to
"a=e :T' =ersion & enabled. T"e new =ersion nu!ber is *ro*aated to all ot"er =ersion &3ca*able switc"es in
t"e do!ain? causin t"e! to enable =ersion & for use. B% default? :T' =ersion 1 is enabled. :ersion & can be
enabled or disabled usin t"e =& o*tion. T"e two =ersions of :T' differ in t"e features t"e% su**ort. :T'
=ersion & offers t"e followin additional features o=er =ersion 1:
J In trans*arent !ode :T' =ersion 1 !atc"es t"e :T' =ersion and do!ain na!e before forwardin t"e
infor!ation to ot"er switc"es usin :T'. On t"e ot"er "and? :T' =ersion & in trans*arent !ode
forwards t"e :T' !essaes wit"out c"eckin t"e =ersion nu!ber.
J :T' =ersion & *erfor!s consistenc% c"ecks on t"e :T' and :LAN *ara!eters entered fro! t"e CLI or b%
Si!*le Network $anae!ent 'rotocol 7SN$'8. T"is c"eckin "el*s *re=ent errors in suc" t"ins as :LAN
na!es and nu!bers fro! bein *ro*aated to ot"er switc"es in t"e do!ain. 4owe=er? no
consistenc% c"ecks are *erfor!ed on :T' !essaes t"at are recei=ed on trunk links or on confiuration and
database data t"at is read fro! N:#A$.
J :T' =ersion & su**orts t"e use of Token #in switc"in and Token #in :LANs.
CCNA
J :T' =ersion & "as 5nreconi>ed T%*e3Lent"3:alue 7TL:8 su**ort? w"ic" !eans t"at :T' =ersion &
switc"es will *ro*aate recei=ed confiuration c"ane !essaes out ot"er trunk links? e=en if t"e switc"
su*er=isor is not able to *arse or understand t"e !essae.
On an IOS3based switc"? t"e :T' =ersion nu!ber is confiured usin t"e followin co!!ands:
Switc"R =lan database
Switc"7=lan8R =t* =&3!ode
On a CLI3based switc"? t"e :T' =ersion nu!ber is confiured usin t"e followin co!!and:
Switc"7enable8 set =t* =& enable
+. I' Addressin and Subnettin
+.1 I' Addressin
An I' address is a network la%er 7La%er +8 address t"at uni6uel% identifies a "ost? includin network
co!*onents and de=ices? on a TC'(I' network. An I' address is co!*osed of +& binar% bits and consists of
two *arts: a network I) and a "ost I).
J T"e Network I) identifies t"e TC'(I' "osts t"at are located on t"e sa!e *"%sical network. All "osts on t"e
sa!e *"%sical network !ust be assined t"e sa!e network I) to co!!unicate wit" eac" ot"er. If routers
connect %our networks? a uni6ue network I) is re6uired for eac" wide area connection.
J T"e 4ost I) identifies t"e indi=idual "osts wit"in a network. T"e "ost I) !ust be uni6ue to t"e network
desinated b% t"e network I).
T"e boundar% between t"e network I) and t"e "ost I) of t"e I' address is defined b% t"e subnet !ask?
w"ic" is anot"er +&3bit field. T"ere is a bit3for3bit alin!ent between t"e I' address and t"e subnet !ask. T"e
subnet !ask contains a continuous field of 1s followed b% a continuous field of 9s. T"e contiuous 1s sto* at
t"e boundar% between t"e network I) and t"e "ost I) of t"e I' address. T"e network boundar% can occur at
an% *lace after t"e ei"t" bit *osition fro! t"e left. Once t"e boundar% between t"e network *art and t"e "ost
*art of t"e I' address is known? all de=ices addressed in t"at network will "a=e a co!!on
binar% *attern in t"e network *art t"at identifies t"e de=ice as belonin to t"e s*ecified network.
T"ere are a nu!ber of for!ats for referencin an I' address. T"ese include binar%? dotted deci!al notation and
Classless Interdo!ain #outin 7CI)#8 Notation.
+.1.1 Binar% For!at
Binar% is a nu!eral s%ste! t"at is & based? i.e.? it uses onl% 9s and 1s? to denote a =alue. Because binar% is &
based? eac" successi=e bit is twice t"e =alue of t"e *recedin bit? read fro! ri"t to left. T"is is illustrated in
A**endi;
A. A 9 denotes t"at t"e bit does not carr% a =alue and a 1 denotes t"at t"e bit does carr% a =alue.
2"en binar% =alue "as !ore t"an one 1? as in 999991991 t"e deci!al =alues for t"e 1s are added to *roduce
t"e deci!al =alue. In t"is e;a!*le 999999991 is 1 and 999991999 is 1. T"erefore t"e deci!al =alue for
999991991 is @ 71E18. T"e !a;i!u! binar% =alue for an octet would contain all 1s? as in 111191111? and would
"a=e a deci!al =alue &.. 71&1E/,E+&E1/E1E,E&E18? as illustrated in Fiure +.1.
Binar% Code
1 1 1 1 1 1 1 1
)eci!al :alue 1&1 /, +& 1/ 1 , & 1
FI-5#E +.1: Binar% Code 1111 1111
T"e deci!al =alue of t"e binar% code is t"e su! of deci!al =alue of eac" bit. T"erefore t"e deci!al =alue for a
binar% code of 111191111 is 1&1E/,E+&E1/E1E,E&E1U&..
Note: T"e corres*ondin deci!al =alue of t"e binar% code is calculated fro! ri"t to
left and not left to ri"t.
CCNA
A 9 in t"e binar% code indicates t"at t"e corres*ondin bit "as no =alue. Fiure +.& illustrates a b%te wit" a
binar% code of 111991191 and t"e =alue of eac" of its ei"t bits.
Binar% Code
)eci!al :alue
1 1 1 9 1 1 9 1
1&1 /, +& 1/ 1 , & 1
FI-5#E +.&: Binar% Code 1119 1191
T"e deci!al =alue for t"is binar% code is 1&1E/,E+&E9E1E,E9E1U&+0
Note: Eac" bit in t"e binar% code t"at is !arked wit" a 9 "as no =alue.
T"erefore t"e corres*ondin deci!al =alue of t"ese bits are also 9.
+.1.& )otted )eci!al For!at
Bot" t"e I' address and its associated subnet !ask contain +& bits. 4owe=er? t"e +&3bit I' address can be
re*resented in ot"er for!ats. T"e co!!on for!ats include deci!al 7base 198 and "e;adeci!al 7base 1/8
notation. T"e enerall% acce*ted for!at for re*resentin I' addresses and subnet !asks t"e doted deci!al
notation in w"ic" t"e +&3bit field is di=ided into four rou*s of ei"t bits? also called a b%te? t"at are
translated to deci!al =alue and se*arated b% dots. Eac" rou* of ei"t bits is called an octet. T"us? an I'
Address e;*ressed as 119999999919199199991919991199911191119 in binar% for!at can be broken into
its four octets: 119999999.191991999.191999119.911191119. T"ese octets are con=erted to deci!al =alue
in Fiure +.+.
First
Octet
Second
Octet
T"ird
Octet
Fourt"
Octet
Binar% Code 1
)eci!al :alue 1&1
Binar% Code 1
)eci!al :alue 1&1
Binar% Code 1
)eci!al :alue 1&1
Binar% Code 9
)eci!al :alue 1&1
1 9 9 9 9 9 9
/, +& 1/ 1 , & 1
9 1 9 1 9 9 9
/, +& 1/ 1 , & 1
9 1 9 9 1 1 9
/, +& 1/ 1 , & 1
1 1 1 1 1 1 9
/, +& 1/ 1 , & 1
FI-5#E +.+: Binar% Code 1199 9999.1919 1999.9111 1911
T"e deci!al =alue of t"e first octet is: 1&1E/,E9E9E9E9E9E9 U 1@&
T"e deci!al =alue of t"e second octet is: 1&1E9E+&E9E1E9E9E9 U 1/1
T"e deci!al =alue of t"e t"ird octet is: 1&1E9E+&E9E9E,E&E9 U 1//
T"e deci!al =alue of t"e fourt" octet is: 9E/,E+&E1/E1E,E&E9 U 1&/
In dotted deci!al for!at t"is I' Address would be e;*ressed as: 1@&.1/1.1//.1&/
+.1.+ I' Address Classes
I' addresses are di=ided in to IclassesI? based on t"e deci!al =alue re*resented in t"e first octet. T"is class
definition is referred to as t"e First Octet #ule. T"ere are fi=e classes of I' addresses: classes A? class B?
class C? class )G and class E? but onl% class A? B and C addresses are used to identif% de=ices connected to
t"e Internet. Class ) addresses are used for !ulticastin? and Class E addresses are reser=ed for
e;*eri!ental use. T"e subnet !ask is related to t"e I' address class. T"us? once t"e I' address class is
known? t"e default routin !ask is also known. T"e I' address classes and t"eir related subnet !asks are:
J Class A addresses rane fro! 9.9.9.9 t"rou" 1&/.&...&...&.. and use a default subnet !ask of
&...9.9.9. In Class A addresses? t"e first octet is used as for t"e network I) w"ile t"e last t"ree octets are
used for t"e "ost I). In ot"er words? t"e first 1 bits of t"e subnet !ask are all 1s? "ence a subnet !ask of
&...9.9.9. As a result? networks t"at use Class A addresses can t"eoreticall% su**ort a !a;i!u! of &./
networks and 1/?.11?+0. 7&..;&..;&..8 "osts? "owe=er? t"e first and t"e last address cannot be used.
CCNA
T"e first address is t"e network address and t"e last address is t"e broadcast address. For e;a!*le? a
network wit" an I' address of 19.19.11.1& "as a network I) of 19.9.9.9? t"e fist address? and a broadcast
address of 19.&...&...&..? t"e last address. T"us networks wit" a Class A I' address s*ace can su**ort a
!a;i!u! of &., networks 7&13&8 and 1/?000?&1, "osts 7&&,3&8. Conse6uentl%? Class A addresses are used
for a few networks wit" a =er% lare nu!ber of "osts on eac" network.
J Class B addresses rane fro! 1&1.9.9.9 t"rou" 1/1.&...&...&.. and 109.9.9.9 t"rou"
1@1.&...&...&... T"ese addresses use a default subnet !ask of &...&...9.9. In Class B addresses? t"e
first two bits are used as for t"e network I) w"ile t"e last two bits are used for t"e "ost I). As a result?
networks t"at use Class B addresses can su**ort a !a;i!u! of /.?.+, networks 7&1/3&8 and /.?.+,
"osts. Conse6uentl%? Class B addresses are used for a reasonable nu!ber of !ediu! si>ed networks.
Note: I' addresses wit" a first octet of 1&0? i.e. 1&0.9.9.9 t"rou"
1&0.&...&...&.. do not fall in eit"er t"e Class A address rane or t"e Class B
address rane. I' addresses t"at "a=e a first octet of 1&0 are reser=ed for
dianostics *ur*oses.
J Class C addresses rane fro! 1@&.9.9.1 t"rou" &&+.&&..&&..&&. and default subnet !ask of
&...&...&...9. In Class C addresses? t"e first t"ree bits are used as for t"e network I) w"ile onl% t"e last bit
is used for t"e "ost I). As a result? networks t"at use Class C addresses can su**ort a !a;i!u! of
1/?000?&1, networks and &., "osts. Conse6uentl%? Class C addresses are used for a lare nu!ber of
networks wit" a relati=el% s!all nu!ber of "osts on eac" network.
J Class ) addresses are in t"e rane &&,.9.9.9 t"rou" &+@.&...&...&... T"ese addresses are reser=ed
for !ulticast trans!issions.
J Class E addresses are in t"e rane &,9.9.9.9 t"rou" &.,.&...&...&... T"ese addresses are reser=ed
for e;*eri!ental use.
Note: InterNIC "as reser=ed a nu!ber of I' address rane? includin 1/@.9.9.1
t"rou" 1/@.&.+.&...&.,? w"ic" "as been reser=ed b% for future useG
9.9.9.9? w"ic" was oriinall% defined for use as a broadcast addressG and
1&0.9.9.9? w"ic" is used as t"e loo*back address. 1&1.9.9.9? 1@1.&...9.9?
1@&.9.9.9? and &&+.&...&...9 also are reser=ed.
+.1., Classless Interdo!ain #outin 7CI)#8 Notation
Class3based I' addressin is fairl% riid. T"us? a s!all co!*an% wit" .9 "osts t"at wants to connect to t"e
Internet would need a Class C address. 4owe=er? a Class C address rane su**orts &.+ "ostsG t"erefore &9+
addresses would be wasted. Si!ilarl%? a co!*an% wit" ,?999 "osts would re6uire a Class B address to
connect to t"e Internet. A Class B address can su**ort u* to /.?9&+ "osts? resultin in /1?9&+ addresses
bein wasted. T"is *roble! can be o=erco!e b% e;tendin t"e default subnet !ask b% addin !ore
continuous 1s to it. T"e result is t"at t"e network can su**ort less "osts. T"us? t"e co!*an% t"at "as ,?999
"osts would use a Class B address wit" a subnet !ask of &...&...&,9.9. T"is is ac"ie=ed b% e;tendin t"e
subnet !ask b% , bits so t"at t"e first &9 bits re*resent t"e network I) and 1& bits onl% re*resent t"e "ost I).
T"us t"e address rane now su**orts onl% ,?9@, "osts? re*resentin a loss of onl% @, addresses. 2e can
calculate t"e nu!ber of "osts su**orted b% usin t"e for!ula: &n3& w"ere n is t"e nu!ber of bits used for t"e
"ost I). 2e need to subtract & addresses: t"e network address and t"e broadcast address. In t"is e;a!*le? 1&
bits are used for t"e "ost I). T"us usin t"e for!ula we can see t"at t"is subnet !ask su**orts ,?9@, "osts
7&1&3&8.
2e can calculate t"e nu!ber of subnets su**orted b% a subnet !ask b% usin t"e sa!e for!ula: &n3&.
4owe=er? t"is ti!e n is t"e nu!ber of bits used for t"e network I). 2e aain need to subtract & addresses: t"e
network address and t"e broadcast address. T"us? in t"e e;a!*le &...&...&,9.9? &9 bits re*resent t"e
network I) t"erefore t"is subnet !ask su**orts 19,1?.0, subnets 7&&93&8.
CCNA
T"is sol=es t"e *roble! of I' address allocation on t"e internet but *resents a *roble! for routin tables? as
t"e routin table cannot deter!ine t"e subnet !ask on t"e basses of t"e I' address class. 4ence a different
for!at of re*resentin t"e I' address and its subnet !ask is re6uired. T"is for!at is called t"e Classless
Interdo!ain #outin 7CI)#8 notation? or *refi; notation. CI)# is in essence an ada*tation of t"e )otted
)eci!al For!at and re*resents t"e subnet !ask as a nu!ber of bits used for t"e network I). T"is nu!ber of
bits is indicated after t"e I' address b% t"e nu!ber t"at follows t"e slas" 7(8 s%!bol. For e;a!*le? t"e CI)#
notation I' address 1,9.1&.&.1&1(&9 indicates t"at t"e first &9 bits of t"e I' address is used for t"e subnet
!ask? i.e.? t"e first &9 bits are all 1s. T"us? t"e subnet !ask e;*ressed in binar% for!at is
111191111.111191111.111199999.999999999? bein re*resented in dotted deci!al for!at as
&...&...&,9.9. In addition? t"e routin *rotocols !ust send t"e !ask wit" t"e routin u*date.
+.1.. :ariable3Lent" Subnet $asks
CI)# is used wit"in t"e Internet. Its counter*art wit"in an orani>ation is t"e :ariable3lent" subnet !ask
7:LS$8. Like CI)#? :LS$ allows %ou to allocate t"e re6uired "ost bits on a ranular basis. In ot"er
words? it allows %ou to *ro=ide onl% t"e bits re6uired to address t"e nu!ber of "osts on a *articular
subnetwork. Like CI)#? :LS$ re6uires a routin *rotocol t"at su**orts t"e sendin of t"e subnet !ask in its
u*dates. T"e routin *rotocols t"at su**ort :LS$ are: #I'=&G OS'FG IS3ISG EI-#'G and B-'3,. T"e routin
*rotocols do not su**ort :LS$ are: #I'=1G I-#'G and E-'.
+.& Subnetin
T"e *rocess of e;tendin t"e default subnet !ask creates a countin rane in t"e octet t"at t"e subnet was
e;tended into? w"ic" can be used to re*resent subnetworks. T"is allows a sinle Class A? B? or C network to be
subdi=ided into !an% s!aller rou*s wit" eac" rou*? or subdi=ision treated as if it were a network itself. T"us?
w"en we e;tend t"e default Class B subnet !ask to &...&...&,9.9? we do so b% e;tendin t"e subnet
!ask b% , bits into t"e t"ird octet. T"e nu!ber of bits t"at t"e subnet !ask is e;tended b% re*resents a
countin rane for countin t"e nu!ber of subnetworks t"at new subnet !ask can su**ort? usin t"e &n3&
for!ula. T"us? t"e subnet !ask &...&...&,9.9 subnet !ask can su**ort 1, subnets 7&,3&8. In ot"er words?
t"e /.?.+, "osts su**orted b% t"e default subnet !ask can now be di=ided a!on 1, subnetworks. T"e
nu!ber of I' addresses su**orted b% eac" subnet is called an address rane. To calculate t"e rane of
addresses for eac" subnet? we would take t"e deci!al =alue for t"e last bit used for t"e subnet !ask as t"e
startin *oint for t"e first address in our subnetwork? and t"en incre!ent t"at nu!ber for eac" subse6uent
subnet. In t"is octet t"e bit rane would be 111199999. T"e last bit in t"e subnet !ask would t"us "a=e a
deci!al =alue of 1/ 79991999998. T"erefore t"e first I' address in t"e first subnet address rane would be
1,9.1&.1/.1. T"e address ranes for t"e 1, subnets would be:
J 1,9.1&.1/.1 to 1,9.1&.+1.&.,
J 1,9.1&.+&.1 to 1,9.1&.,0.&.,
J 1,9.1&.,1.1 to 1,9.1&./+.&.,
J 1,9.1&./,.1 to 1,9.1&.0@.&.,
J 1,9.1&.19.1 to 1,9.1&.@..&.,
J 1,9.1&.@/.1 to 1,9.1&.111.&.,
J 1,9.1&.11&.1 to 1,9.1&.1&0.&.,
J 1,9.1&.1&1.1 to 1,9.1&.1,+.&.,
J 1,9.1&.1,,.1 to 1,9.1&.1.@.&.,
J 1,9.1&.1/9.1 to 1,9.1&.10..&.,
J 1,9.1&.10/.1 to 1,9.1&.1@1.&.,
J 1,9.1&.1@&.1 to 1,9.1&.&90.&.,
J 1,9.1&.&91.1 to 1,9.1&.&&+.&.,
J 1,9.1&.&&,.1 to 1,9.1&.&+@.&.,
Note: T"e I' address rane for eac" subnet beins wit" a 1? as in 1,9.1&.1/.1 or
1,9.1&.+&.1 and not 1,9.1&.1/.9 or 1,9.1&.+&.9 as t"is would be t"e first address in
t"e subnetwork? and would t"erefore be t"e network address. Si!ilarl%? t"e last
address in t"e rane ends in &., and not &.. as t"e last address would be t"e
broadcast address.
+.+ Su!!ari>ation
Su!!ari>ation allows t"e re*resentation of a series of networks in a sinle su!!ar% address. At t"e to* of
CCNA
t"e "ierarc"ical desin? t"e subnets in t"e routin table are !ore enerali>ed. T"e subnet !asks are s"orter
because t"e% "a=e areated t"e subnets lower in t"e network "ierarc"%. T"ese su!!ari>ed networks are
often referred to as su*ernets? *articularl% w"en seen in t"e Internet as an areation of class addresses.
T"e% are also known as areated routes. T"e su!!ari>ation of !ulti*le subnets wit"in a few subnets "as
se=eral ad=antaes. T"ese include: reducin t"e si>e of t"e routin tableG si!*lif%in t"e recalculation of t"e
network as t"e routin tables are s!allerG network o=er"ead scalabilit%G and "idin network c"anes.
+.+.1 Auto!atic Su!!ari>ation
All routin *rotocols e!*lo% so!e a t%*e of su!!ari>ation. #I' and I-#' auto!aticall% su!!ari>e at t"e NIC
or natural class boundar% as t"e subnet !ask is not sent in t"e routin u*dates. 2"en a routin u*date is
recei=ed? t"e router c"ecks if it "as an interface in t"e sa!e class network. If it "as one? it a**lies t"e !ask
confiured on t"e interface to t"e inco!in routin u*date. 2it" no interface confiured in t"e sa!e NIC
network? t"ere is insufficient infor!ation and t"e routin *rotocol uses t"e first octet rule to deter!ine t"e default
subnet !ask for t"e routin u*date.
+.+.& $anual Su!!ari>ation
Bot" EI-#' and O*en S"ortest 'at" First 7OS'F8 send t"e subnet !ask alon wit" t"e routin u*date. T"is
feature allows t"e use of :LS$ and su!!ari>ation. 2"en t"e routin u*date is recei=ed? it assins t"e subnet
!ask to t"e *articular subnet. 2"en t"e routin *rocess *erfor!s a looku*? it searc"es t"e entire database
and acts on t"e lonest !atc"? w"ic" is i!*ortant because it allows for t"e ranularit% of t"e
"ierarc"ical desin? su!!ari>ation? and discontiuous networks.
A discontiuous network is a network in w"ic" a different NIC nu!ber se*arates two instances of t"e sa!e NIC
nu!ber. T"is can "a**en eit"er t"rou" intentional desin or t"rou" a break in t"e network to*olo%. If t"e
network is not usin a routin *rotocol t"at su**orts :LS$? t"is will create a routin *roble! because t"e router
will not know w"ere to send t"e traffic. 2it"out a subnet !ask? a routin *rotocol t"at su**orts :LS$ resol=es
t"e address down to t"e NIC nu!ber? w"ic" a**ears as if t"ere is a du*licate address. T"is will incorrectl% lead
to t"e a**earance of inter!ittent connecti=it% s%!*to!s.
If t"ere are discontiuous networks in t"e orani>ation? it is i!*ortant t"at su!!ari>ation is turned off or
not confiured. Su!!ari>ation !a% not *ro=ide enou" infor!ation to t"e routin table on t"e ot"er side of t"e
inter=enin NIC nu!ber to be ca*able of a**ro*riatel% routin to t"e destination subnets? es*eciall% wit"
EI-#'? w"ic" auto!aticall% su!!ari>es at t"e NIC boundar%. In OS'F and EI-#'? !anual confiuration
is re6uired for an% so*"istication in t"e network desin. 4owe=er? because EI-#' can *erfor!
su!!ari>ation at t"e interface le=el? it is *ossible to select interfaces t"at do not feed discontiuous
networks for su!!ari>ation.
If su!!ari>ation is not *ossible? %ou can eit"er turn su!!ari>ation off and understand t"e scalin
li!itations t"at "a=e now been set on t"e network? or %ou can readdress t"e network.
+., )eter!inin t"e Network I) usin t"e Loical AN) O*eration
2"en an I' address is assined to an interface? it is confiured wit" t"e subnet !ask. Alt"ou" re*resented in
a dotted deci!al for!at? t"e router con=erts t"e I' address and t"e subnet !ask into binar% and *erfor!s a
loical AN) o*eration to find t"e network *ortion of t"e address? i.e.? t"e network I). To *erfor! a loical AN)?
t"e I' address is written out in binar%? wit" t"e subnet or Internet !ask written beneat" it in binar%. Eac" binar%
diit of t"e address is t"en AN)ed wit" t"e corres*ondin binar% diit of t"e !ask. T"e AN) o*eration "as two
rules: 1 AN) 1 is 1G and 9 AN) 1 or 9 re!ains 9. Essentiall%? t"e loical AN) o*eration re!o=es t"e "ost I)
fro! t"e I' address? as illustrated in Fiure +.,.
I' address:
I' subnet !ask:
I' address in binar%:
I' subnet !ask in binar%:
1,9.1&.&/.1&1
&...&...&,9.9
19991199.99991199.99911919.19999999
11111111.11111111.11119999.99999999
CCNA
T"e result of t"e loical AN) in binar%: 19991199.99991199.99919999.99999999
T"e result of t"e loical AN) in dotted deci!al for!at: 1,9.1&.1/.9
FI-5#E +.,: T"e Loical AN) O*eration
In t"e abo=e e;a!*le? t"e network to w"ic" t"e "ost 1,9.1&.&/.1&1 belons "as t"e network I) of
1,9.1&.1/.9. Once t"e network I) is deter!ined? t"e router can *erfor! a searc" on t"e routin table to see
w"et"er it can route to t"e re!ote network. T"erefore? t"e correct !ask is essential to ensure t"at traffic can
be directed t"rou" t"e o=erall network.
,. #outin
#outin is a rela% s%ste! b% w"ic" *ackets are forwarded fro! one de=ice to anot"er. Eac" de=ice in t"e
network as well as t"e network itself "as a loical address so it can be identified and reac"ed indi=iduall% or
as *art of a larer rou* of de=ices. For a router to act as an effecti=e rela% de=ice? it !ust be able to
understand t"e loical to*olo% of t"e network and to co!!unicate wit" its nei"borin de=ices. T"e router
understands se=eral different loical addressin sc"e!es and reularl% e;c"anes to*olo% infor!ation wit"
ot"er de=ices in t"e network. T"e !ec"anis! of learnin and !aintainin awareness of t"e network
to*olo% is considered to be t"e routin function w"ile t"e !o=e!ent of traffic t"rou" t"e router is a
se*arate function and is considered to be t"e switc"in function. #outin de=ices !ust *erfor! bot" a
routin and a switc"in function to be an effecti=e rela% de=ice. A router recei=in a *acket fro! a "ost? t"e
router will need to !ake a routin decision based on t"e *rotocol in useG t"e e;istence of t"e destination
network address in its routin tableG and t"e interface t"at is connected to t"e destination network. After t"e
decision "as been !ade t"e router will switc" t"e *acket to t"e a**ro*riate interface on t"e router to forward
it out. If t"e destination loical network does not e;ist in t"e routin table? routin de=ices will discard t"e
*acket and to enerate an Internet Control $essae 'rotocol 7IC$'8 !essae to notif% t"e sender of t"e
e=ent.
,.1 #outin Tables
A routin table is a database re*ositor% t"at "olds t"e routerIs routin infor!ation t"at re*resents eac"
*ossible loical destination network t"at is known to t"e router. T"e entries for !aCor networks are listed in
ascendin order and? !ost co!!onl%? wit"in eac" !aCor network t"e subnetworks are listed in descendin
order. If t"e routin table entr% *oints to an I' address? t"e router will *erfor! a recursi=e looku* on t"at ne;t3
"o* address until t"e router finds an interface to use. T"e router will switc" t"e *acket to t"e outbound
interfaces buffer. T"e router will t"en deter!ine t"e La%er & address t"at !a*s to t"e La%er + address. T"e
*acket will t"en be enca*sulated in a La%er & fra!e a**ro*riate for t"e t%*e of enca*sulation used b% t"e
outbound interface. T"e outbound interface will t"en *lace t"e *acket on t"e !ediu! and forward it to t"e ne;t
"o*. T"e *acket will continue t"is *rocess until it reac"es its destination.
T"ere are two wa%s in w"ic" a routin table can be *o*ulated: a route can be entered !anuall%? t"is is called
static routin? or a router can d%na!icall% learnin a route. Once a router learns a route? it is added to its
route table.
,.1.1 Static #outin
A staticall% defined route is a route is !anuall% entered into t"e router. T"e *ur*ose of t"is is to add routes to
a routerIs routin table. T"us? static routin consists of indi=idual confiuration co!!ands t"at define a route
to a router. A router can forward *ackets onl% to subnets in its routin table. T"e router alwa%s knows about
directl% connected routes. B% addin static routes? a router can be told "ow to forward *ackets to
subnets t"at are not attac"ed to it.
A static route can be entered into t"e router in lobal confiuration !ode wit" t"e followin co!!and:
i* route destinationNi*Naddress subnetN!ask
S i*3address P interface T O distance Q
CCNA
In t"e i* route co!!and? t"e destinationNi*Naddress and subnetN!ask is t"e I' address and subnet
!ask for t"e destination "ost. T"e i*3address *ara!eter is t"e I' address of t"e ne;t "o* t"at can be used
to reac" t"e destination and interface is t"e router interface to use. T"e o*tional distance *ara!eter
s*ecifies t"e ad!inistrati=e distance.
T"e ad=antaes to usin static routes in an internetwork are t"e ad!inistrator "as total control of w"at is in
t"e routers routin table and t"ere is no network o=er"ead for a routin *rotocol. T"e disad=antae of usin
onl% static routes is t"e% do not scale well.
,.1.& )%na!ic #outin
)%na!ic routin is a *rocess in w"ic" a routin *rotocol will find t"e best *at" in a network and !aintain
t"at route. Once a route fails? t"e routin *rotocol will auto!aticall% find an alternate route to t"e destination.
#outin *rotocols are easier to use t"an static routes. 4owe=er? a routin *rotocol will consu!e !ore C'5
c%cles and network bandwidt" t"an a static route.
,.1.+ #outin 5*dates
#outin u*dates can occur usin t"e distance =ector a**roac" or t"e link3state a**roac".
J )istance3=ector *rotocols use a routine? *eriodic announce!ent t"at contains t"e entire contents of t"e
routin table. T"ese announce!ents are usuall% broadcasts and are *ro*aated onl% to directl%3connected?
ne;t3"o*? de=ices. T"is allows t"e router to =iew t"e network fro! t"e nei"borIs *ers*ecti=e and
facilitates t"e addition of t"e routerIs !etric to t"e IdistanceI alread% stated b% t"e nei"borin router.
4owe=er? t"is a**roac" uses considerable bandwidt" at reular inter=als on eac" link e=en if no
to*olo% c"anes "a=e occurred.
J Link3state *rotocols use a triered3u*date t%*e of announce!ent t"at is enerated onl% w"en t"ere is a
to*olo% c"ane wit"in t"e network. T"e link3state announce!ents onl% contain infor!ation about t"e link t"at
c"aned and are *ro*aated or flooded to all de=ices in t"e network. T"is a**roac" sa=es
bandwidt" on eac" link because t"e announce!ents contain less infor!ation and is onl% sent w"en t"ere is a
to*olo% c"ane. In so!e link3state *rotocols? a *eriodic announce!ent is re6uired to ensure t"at t"e
to*olo% database is s%nc"roni>ed a!on all routin de=ices.
,.1., :erif%in #outin Tables
Aou can use t"e s"ow i* route *ri=ileed e;ec co!!and to =iew an I' routin table. If t"e infor!ation
t"at is dis*la%ed is not correct? %ou can force an u*date fro! t"e nei"borin de=ices wit" t"e clear i*
route co!!and. An o*tional ke%word s*ecif%in an i*Naddress and subnetN!ask? or t"e V 7wildcard8
c"aracter? can be used to furt"er identif% t"e routes to be refres"ed.
,.& #outin 'rotocols
T"ere are two t%*es of d%na!ic routin *rotocols: Interior -atewa% 'rotocols 7I-'8 and E;ternal
-atewa% 'rotocols 7E-'8. I-'s are used to e;c"ane routin infor!ation wit"in an autono!ous s%ste!
7AS8? w"ic" is a collection of routin do!ains under t"e sa!e ad!inistrati=e control t"e sa!e routin
do!ain. An E-'? on t"e ot"er "and? is used to e;c"ane routin infor!ation between different ASs. I-'s
can be broken into two classes: distance3=ector and link3state? and can also be broken into two cateories:
classful routin *rotocols and classless routin *rotocols.
,.&.1 )istance3:ector #outin
)istance3=ector routin is consists of two *arts: distance and =ector. )istance is t"e !easure of "ow far it is to
reac" t"e destination and =ector is t"e direction t"e *acket !ust tra=el to reac" t"at destination. T"e latter is
deter!ined b% t"e ne;t "o* of t"e *at". )istance3=ector routin *rotocols will learn routes fro! its
nei"bors. T"is is called routin b% ru!or. E;a!*les of distance3=ector routin *rotocols are: #outin
Infor!ation 'rotocol 7#I'8? Interior -atewa% #outin 'rotocol 7I-#'8? and En"anced Interior
-atewa% #outin 'rotocol 7EI-#'8.
,.&.1.1 #oute 'oisonin
CCNA
#oute *oisonin is a feature t"at distance =ector *rotocols use to reduce t"e c"ance of routin loo*s. #oute
*oisonin beins w"en a router notices t"at a connected route is no loner =alid. T"e router t"en ad=ertises
t"at route out all its interfaces and wit" a =er% lare !etric so t"at ot"er routers consider t"e !etric infinite
and t"e route in=alid. 4owe=er? route *oisonin does not sol=e t"e countin3to3infinit% *roble!.
,.&.1.& S*lit 4ori>on
As !entioned earlier? route *oisonin does
not sol=e t"e countin3to3infinit% *roble!.
Countin3to3infinit% can occur w"en one
router "as a =alid !etric t"at *oints to an
address t"at is reac"able t"rou" an
inter!ediate router w"ile t"e inter!ediate
router "as an infinite3distance route to t"e
sa!e address 7see Fiure ,.18. If routin
table u*dates are sent b% bot" routers at t"e
sa!e in ti!e? t"e inter!ediate router will
ad=ertise t"at t"e route to t"e destination address is an infinite3distance route w"ile t"e ot"er router will
ad=ertise t"at t"e route "as a =alid !etric. Because t"e two routers use t"e sa!e u*date inter=al between
u*dates? t"is *rocess re*eats itself wit" t"e ne;t routin u*date? wit" t"e difference t"at t"e =alid !etric will be
incre!ented b% 1 eac" ti!e until an infinite !etric is reac"ed? "ence t"is *"eno!enon is called countin
to infinit%.
FI-5#E ,.1: Count To Infinit%
S*lit "ori>on sol=es t"e countin3to3infinit% *roble! b% *re=entin a router fro! sendin routin u*dates
out t"e sa!e interface on w"ic" it learnt t"e route. T"us? in Fiure ,.1? t"e router would "a=e learnt t"e route
to t"e destination address across t"e link fro! t"e inter!ediate router. 2it" s*lit "ori>on? t"at router cannot
t"en send ad=ertise!ents about t"e route to t"e destination address out across t"e sa!e link. T"erefore t"e
inter!ediate router will not recei=e t"e =alid !etric fro! t"e route to t"e destination address fro! t"e ot"er
router ad t"e count to infinit% *roble! will not occur? sol=in t"e count3to3infinit% *roble! on a sinle link.
,.&.1.+ S*lit 4ori>on wit" 'oison #e=erse
S*lit "ori>on wit" *oison re=erse? or si!*l% *oison re=erse co!bines t"e two features. 2"en a route fails t"e
router uses route *oisonin? i.e.? t"e router ad=ertises an infinite3!etric route about t"at subnet out all
interfaces? includin interfaces *re=iousl% *re=ented b% s*lit "ori>on. T"is ensures t"at all routers know for
sure t"at t"e route "as failed? w"ile s*lit "ori>on *re=ents countin to infinit%.
,.&.1., 4old3)own Ti!er
S*lit "ori>on sol=es t"e countin3to3infinit% *roble! o=er a sinle link but t"e countin to infinit% *roble!
can also occur in networks wit" !ulti*le or redundant *at"s because t"ere are !ore t"an one *at" to a router.
In suc" networks? t"e "old3down ti!er feature *re=ents t"e countin3to3infinit% *roble!.
2it" t"e 4old3down ti!er feature? a router inores an% infor!ation about an alternati=e route to a
destination address for a ti!e e6ual to t"e "old3down ti!er once it "as learnt t"at a route to t"e destination
address "as failed.
,.&.1.. Triered 5*dates
)istance =ector *rotocols t%*icall% send u*dates based on a reular u*date inter=al. 4owe=er? !ost loo*in
CCNA
*roble!s occur w"en a route fails. T"erefore? so!e distance =ector *rotocols send triered u*dates as soon
as a route fails. T"is causes t"e infor!ation about t"e route w"ose status "as c"aned to be forwarded !ore
6uickl% and also starts t"e "old3down ti!ers !ore 6uickl% on t"e nei"borin routers.
,.&.& Link3State #outin
Link3state routin differs fro! distance3=ector routin in t"at eac" router knows t"e e;act to*olo% of t"e
network. T"is reduces t"e nu!ber of bad routin decisions t"at can be !ade because e=er% router in t"e
*rocess "as an identical =iew of t"e network. Eac" router in t"e network will re*ort on its state? t"e directl%
connected links? and t"e state of eac" link. T"e router will t"en *ro*aate t"is infor!ation to all routers in t"e
network. Eac" router t"at recei=es t"is infor!ation will take a sna*s"ot of t"e infor!ation. T"is ensures all
routers in t"e *rocess "a=e t"e sa!e =iew of t"e network? allowin eac" router to !ake its own routin
decisions based u*on t"e sa!e infor!ation.
In addition? link3state routin *rotocols enerate routin u*dates onl% w"en t"ere is a c"ane in t"e network
to*olo%. 2"en a link? i.e.? a *oint on a route? c"anes state? a link3state ad=ertise!ent 7LSA8 concernin
t"at link is created b% t"e de=ice t"at detected t"e c"ane and *ro*aated to all nei"borin de=ices usin a
!ulticast address. Eac" routin de=ice takes a co*% of t"e LSA? u*dates its to*oloical database and
forwards t"e LSA to all nei"borin de=ices. An LSA is enerated for eac" link on a router. Eac" LSA will include
an identifier for t"e link? t"e state of t"e link? and a !etric for t"e link. 2it" t"e use of LSAs? linkstate *rotocols
reduces routin bandwidt" usae.
E;a!*les of link3state routin *rotocols are: O*en S"ortest 'at" First 7OS'F8 and Interated
Inter!ediate S%ste! to Inter!ediate S%ste! 7IS3IS8. Anot"er *rotocol? En"anced Interior -atewa%
#outin 'rotocol 7EI-#'8 is considered a "%brid *rotocol because it contains traits of bot" distance3=ector
and link3state routin *rotocols. $ost link3state routin *rotocols re6uire a "ierarc"ical desin? es*eciall% to
su**ort *ro*er address su!!ari>ation. T"e "ierarc"ical a**roac"? suc" as creatin !ulti*le loical areas for
OS'F? reduces t"e need to flood an LSA to all de=ices in t"e routin do!ain. T"e use of areas restricts t"e
floodin to t"e loical boundar% of t"e area rat"er t"an to all de=ices in t"e OS'F do!ain. In ot"er words? a
c"ane in one area s"ould onl% cause routin table recalculation in t"at area? not in t"e entire do!ain.
OS'F is discussed in !ore detail in Section . and EI-#' is discussed in !ore detail in Section /. IS3IS is
not co=ered in t"e CCNA /,93111 e;a! and is t"us not discussed in t"is Stud% -uide.
,.&.+ Classful #outin
Classful routin is used in routin *ackets based u*on t"e class of I' address. I' addresses are di=ided into
fi=e classes: Class A? Class B? Class C? Class )? and Class E. Class A? Class B and Class C are used to
*ri=ate and *ublic network addressinG Class ) is used for !ulticast broadcastinG and Class E is reser=ed b%
t"e Internet Assined Nu!bers Aut"orit% 7IANA8 for future use. I' Address classes were discussed in
detail in Section +.1.+.
Classful routin is a conse6uence of t"e fact t"at routin !asks are not ad=ertised in t"e *eriodic? routine?
routin ad=ertise!ents enerated b% distance =ector routin *rotocols. In a classful en=iron!ent? t"e
recei=in de=ice !ust know t"e routin !ask associated wit" an% ad=ertised subnets or t"ose subnets cannot
be ad=ertised to it. T"ere are two wa%s t"is infor!ation can be ained:
J S"are t"e sa!e routin !ask as t"e ad=ertisin de=ice
J If t"e routin !ask does not !atc"? t"is de=ice !ust su!!ari>e t"e recei=ed route a classful boundar% and
send t"e default routin !ask in its own ad=ertise!ents.
Classful routin *rotocols? suc" as #outin Infor!ation 'rotocol =ersion 1 7#I'=18 and Interior -atewa%
#outin 'rotocol 7I-#'8? e;c"ane routes to subnetworks wit"in t"e sa!e network if network ad!inistrator
confiured all of t"e subntworks in t"e !aCor network "a=e t"e sa!e routin !ask. 2"en routes are
e;c"aned wit" forein networks? subnetwork infor!ation fro! t"is network cannot be included because t"e
routin !ask of t"e ot"er network is not known. As a result? t"e subnetwork infor!ation fro! t"is network
CCNA
!ust be su!!ari>ed to a classful boundar% usin a default routin !ask *rior to inclusion in t"e routin
u*date. T"e creation of a classful su!!ar% route at !aCor network boundaries is "andled auto!aticall% b%
classful routin *rotocols. 4owe=er? su!!ari>ation at ot"er *oints wit"in t"e !aCor network address is not
allowed b% classful routin *rotocols.
,.&., Classless #outin
One of t"e !ost serious li!itations in a classful network en=iron!ent is t"at t"e routin !ask is not
e;c"aned durin t"e routin u*date *rocess. T"is re6uires t"e sa!e routin !ask be used on all
subnetworks. T"e classless a**roac" ad=ertises t"e routin !ask for eac" route and t"erefore a !ore *recise
looku* can be *erfor!ed in t"e routin table. Classless routin? w"ic" is also known as Classless
Interdo!ain #outin 7CI)#8? is t"us not de*endent on I' address classes but? instead? allows a =ariablelent"
subnet !ask 7:LS$8? w"ic" e;tends I' addressin be%ond t"e li!itations of usin fi;ed3lent"
subnet !asks 7FLS$8?to be sent in t"e routin u*date wit" t"e route. T"is allows %ou to conser=e I'
addresses? e;tendin t"e use of I' addresses. Classless routin *rotocols also addressed t"e need to
su!!ari>e to a classful network wit" a default routin !ask at !aCor network boundaries. In t"e classless
en=iron!ent? t"e su!!ari>ation *rocess is !anuall% controlled and can be in=oked at an% *oint wit"in t"e
network. :LS$ was discussed in Section +.1...
T"e routin *rotocols t"at su**ort classless routin *rotocols are: #outin Infor!ation 'rotocol =ersion &
7#I'=&8G En"anced Interior -atewa% #outin 'rotocol 7EI-#'8G O*en S"ortest 'at" First 7OS'F8G and
Interated Inter!ediate S%ste! to Inter!ediate S%ste! 7IS3IS8.
,.+ Basic Switc"in Functions
In order to forward a *acket t"at "as arri=ed at a router interface? t"e router !ust *erfor! a switc"in
function. T"is switc"in function "as four ste*s:
J A *acket transitin t"e router will be acce*ted into t"e router if t"e fra!e "eader contains t"e $AC
address of one of t"e routerIs NIC cards. If *ro*erl% addressed? t"e fra!e and its content will be buffered
occurs in !e!or% *endin furt"er *rocessin.
J T"e switc"in *rocess c"ecks t"e destination loical network *ortion of t"e *acket "eader aainst t"e
network(subnetwork entries in t"e routin table. If t"e searc" is successful? t"e switc"in *rocess
associates t"e destination network wit" a ne;t3"o* loical de=ice and an outbound interface.
J Once t"e ne;t3"o* loical de=ice address is known? a looku* is *erfor!ed to locate a *"%sical address for
t"e ne;t de=ice in t"e rela% c"ain. T"e looku* is *erfor!ed in an Address #esolution 'rotocol 7A#'8 table
for LAN interfaces or a !a* table for 2AN interfaces.
J Once t"e *"%sical address of t"e ne;t3"o* de=ice is known? t"e fra!e "eader is o=erwritten? and t"e
fra!e is t"en !o=ed to t"e outbound interface for trans!ission onto t"e !edia. As t"e fra!e is *laced on t"e
!edia? t"e outbound interface adds t"e C#C c"aracter and endin deli!iters to t"e fra!e. T"ese
c"aracters will need to be =alidated at t"e arri=in interface on t"e ne;t3"o* rela% de=ice.
,., Con=erence
In a routed network? t"e routin *rocess in eac" router !ust !aintain a loo*3free? sinle *at" to eac"
*ossible destination loical network. 2"en all of t"e routin tables are s%nc"roni>ed and eac" contains a
usable route to eac" destination network? t"e network is described as bein Icon=eredI. Con=erence is t"e
ti!e it takes for all routers to aree on t"e network to*olo% after a c"ane in t"e network.
Con=erence efforts are different wit"in different routin *rotocols. T"ere are at least two different
detection !et"ods used b% all routin *rotocols. T"e first !et"od is used b% t"e '"%sical La%er 7La%er 18
and t"e )ata Link La%er 7La%er&8 *rotocols. 2"en t"e network interface on t"e router does not recei=e t"ree
consecuti=e kee*ali=es? t"e link will be considered down. T"e second !et"od is t"at w"en t"e routin
*rotocol at t"e Network(Trans*ort La%er 7La%er +8 fails to recei=e t"ree consecuti=e 4ello !essaes? t"e
link will be considered down.
CCNA
#outin *rotocols "a=e ti!ers t"at are used to sto* network loo*s fro! occurrin on a network w"en a link
failure "as been detected. 4old3down ti!ers are used to i=e t"e network stabilit% w"ile new route
calculations are bein *erfor!ed. T"e% also allow all t"e routers a c"ance to learn about t"e failed route to a=oid
routin loo*s and countin to infinit% *roble!s. Since a network cannot con=ere durin t"is "olddown *eriod?
t"is can cause a dela% in t"e routin *rocess of t"e network. Because of t"is slow con=erence
ti!e? link3state routin *rotocols do not use "old3down ti!ers.
,.,.1 )istance3:ector #outin Con=erence
,.,.1.1 #I' and I-#' Con=erence
Con=erence ti!e is one of t"e *roble!s associated wit" distance3=ector *rotocols? suc" as #I'=1 and I-#'.
2"en a router detects a link failure between itself and a nei"bor? it sends a flas" u*date wit" a *oisoned
route to it ot"er nei"bors. T"ese nei"bors in turn create a new flas" u*date and send it to all of its
nei"bors? and so on. T"e #outer t"at detected t"e link failure *ures t"e entr% for t"e failed link and
re!o=es all routes associated wit" t"at link fro! t"e routin table. T"e router t"en sends a 6uer% to its
nei"bors for t"e routs t"at "a=e been re!o=ed. If a nei"bor res*onds wit" a route? it is i!!ediatel%
installed in t"e routin table. T"e router does not o into "old3down because t"e entr% was alread% *ured.
4owe=er? its nei"bors are in "old3down for t"e failed route? t"us inorin *eriodic ad=ertise!ent for t"at
route. As t"e ot"er routers co!e out of "old3down? t"e new route announced b% t"e router t"at detected t"e
failed link will cause t"eir routin table entries to be u*dated.
,.,.1.& EI-#' Con=erence
En"anced I-#' 7EI-#'8 con=erence differs sli"tl%. If a router detects a link failure between itself and a
nei"bor? it c"ecks t"e network to*olo% table for a feasible alternate route. If it does not find a 6ualif%in
alternate route? it enters in an acti=e con=erence state and sends a <uer% out all interfaces for ot"er routes
to t"e failed link. If a nei"bor re*lies to t"e <uer% wit" a route to t"e failed link? t"e router acce*ts t"e new
*at" and !etric infor!ation? *laces it in t"e to*olo% table? and creates an entr% for t"e routin table. It t"en
sends an u*date about t"e new route out all interfaces. All nei"bors acknowlede t"e u*date and send
u*dates of t"eir own back to t"e sender. T"ese bi3directional u*dates ensure t"e routin tables are
s%nc"roni>ed and =alidate t"e nei"borIs awareness of t"e new to*olo%. Con=erence ti!e in t"is e=ent is
t"e total of detection ti!e? *lus <uer% and #e*l% ti!es and 5*date ti!es.
,.,.& Link3State Con=erence
T"e con=erence c%cle used in Link3State #outin 'rotocols? suc" as OSF' and IS3IS? differs fro! t"at of
t"e distance3=ector *rotocols. 2"en a router detects a link failure between itself and a nei"bor? it tries to
*erfor! a )esinated #outer 7)#8 election *rocess on t"e LAN interface? but fails to reac" an% nei"bors. It
t"en deletes t"e route fro! t"e routin table? builds a link3state ad=ertise!ent 7LSA8 for OSF' or a link3state
')5 7LS'8 for IS3IS? and sends it out all ot"er interfaces. 5*on recei*t of t"e LSA? t"e ot"er nei"bors t"at
are u* co*% t"e ad=ertise!ent and forward t"e LSA *acket out all interfaces ot"er t"an t"e one u*on w"ic"
it arri=ed. All routers? includin t"e router t"at detected t"e failure? wait fi=e seconds after recei=in t"e LSA
and run t"e s"ortest *at" first 7S'F8 alorit"!. T"ere after t"e router t"at detected t"e failure adds t"e new
route to t"e routin table? w"ile its nei"bors u*date t"e !etric in t"eir routin table. After a**ro;i!atel% +9
seconds? t"e failed router sends an LSA after ain out t"e to*olo% entr% fro! router t"at detected t"e
failure. After fi=e seconds? all routers run t"e S'F alorit"! aain and u*date t"eir routin tables to t"e *at" to
t"e failed link. Con=erence ti!e is t"e total of detection ti!e? *lus LSA floodin ti!e? *lus t"e fi=e
seconds wait before t"e second S'F alorit"! is run.
,.. Testin and Troubles"ootin #outes
T"ere are two tools t"at can be used for testin and troubles"ootin routes or reac"abilit%. T"ese are: *in
and traceroute.
,...1 T"e *in Co!!and
CCNA
T"e *in co!!and? w"ic" is included as a *art of t"e TC'(I' *rotocol suite? is su**orted at t"e user and
*ri=ileed e;ec !odes. In user !ode? %ou !ust s*ecif% an I' address or a "ost na!e? if t"e "ost na!e can be
resol=ed to an I' address? wit" t"e *in co!!and. T"e *in co!!and tests t"e round3tri* *at" to and fro! a
taret. In *ri=ileed !ode? %ou !ust enter a *rotocol? a taret I' address? a re*eat count? datara! si>e?
and a ti!eout in seconds.
Cisco IOS !akes *in a=ailable for a nu!ber of *rotocols includin I'D and A**leTalk. Cisco introduced *in
for I'D in IOS =ersion 1.&. T"is is? "owe=er? a Cisco *ro*rietar% tool. T"erefore non3Cisco de=ices suc" as
No=ell ser=ers do not res*ond to it. If %ou want t"e Cisco router to enerate No=ell3co!*liant *ins? %ou !ust
use t"e lobal confiuration co!!and i*; *in3default no=ell. 'in for A**leTalk sends
A**leTalk Ec"o 'rotocol 7AE'8 *ackets to t"e destination node and waits for re*lies.
-enerall%? t"e s%nta; for t"e *in co!!and is:
*in 3s i*Naddress O *acketNsi>eQ O *acketNcountQ
TABLE ,.1: 'ara!eters for t"e *in Co!!and
'ara!eter 'ur*ose
3s Causes *in to send one datara! *er second? *rintin one line of
out*ut for e=er% res*onse recei=ed. T"e *in co!!and does not
return an% out*ut w"en no res*onse is recei=ed.
i*Naddress T"e I' address or I' alias of t"e "ost.
*acketNsi>e T"is o*tional *ara!eter re*resents t"e nu!ber of b%tes in a *acket?
fro! 1 to &999 b%tes? wit" a default of ./ b%tes. T"e actual *acket si>e is
ei"t b%tes larer because t"e switc" adds "eader infor!ation.
*acketNcount T"is o*tional *ara!eter re*resents t"e nu!ber of *ackets to send.
,...& T"e traceroute Co!!and
T"e traceroute co!!and was introduced wit" t"e release 19.9 of Cisco IOS and can be used to find t"e
route between I' de=ices. T"e traceroute co!!and can be e;ecuted in user and *ri=ileed e;ec !odes?
but in *ri=ileed e;ec !ode? %ou can use t"e e;tended traceroute? w"ic" is !ore fle;ible and infor!ati=e.
Initiall%? traceroute was a=ailable onl% for t"e I' *rotocol but since release 1&.9 of Cisco IOS?
traceroute is also a=ailable for I'D. T"is co!!and can be =er% useful in troubles"ootin b% deter!inin
w"ere alon a *articular network *at" a *articular *roble! !i"t be as t"e traceroute co!!and dis*la%s a
"o*3b%3"o* *at" t"rou" an I' network fro! t"e switc" to a s*ecific destination "ost. T"e s%nta; for t"e
traceroute co!!and is:
traceroute O 3n Q O3 w waitNti!e Q O 3i initialNttl Q O 3! !a;Nttl Q
O 3* destN*ort Q O 36 n6ueries Q O 3t tos Q i*Naddress O dataNsi>e Q
TABLE ,.&: 'ara!eters for t"e traceroute Co!!and
'ara!eter )escri*tion
3n 're=ents traceroute fro! *erfor!in a )NS looku* for eac" "o* on
t"e *at". Onl% nu!erical I' addresses are *rinted.
3w waitNti!e S*ecifies t"e a!ount of ti!e t"at traceroute will wait for an IC$'
res*onse !essae. T"e allowed rane for wait ti!e is 1 to +99
secondsG t"e default is ..
3i initialNttl Causes traceroute to send IC$' datara!s wit" a TTL =alue e6ual to
initialNttl instead of t"e default TTL of 1. T"is causes
traceroute to ski* *rocessin for "osts t"at are less t"an
initialNttl "o*s awa%.
3! !a;Nttl S*ecifies t"e !a;i!u! TTL =alue for outoin IC$' datara!s.
T"e allowed rane is 1 to &..G t"e default =alue is +9.
3* destN*ort S*ecifies t"e base 5)' destination *ort nu!ber used in traceroute
CCNA
data ra!s. T"is =alue is incre!ented eac" ti!e a datara! is sent.
T"e allowed rane is 1 to /..+.G t"e default base *ort is ++,+,.
36 n6ueries S*ecifies t"e nu!ber of datara!s to send for eac" TTL =alue. T"e
allowed rane is 1 to 1999G t"e default is +.
3t tos S*ecifies t"e TOS to be set in t"e I' "eader of t"e outoin
data ra!s. T"e allowed rane is 9 to &..G t"e default is 9.
i*Naddress I' alias or I' address in dot notation of t"e destination "ost.
)ataNsi>e Nu!ber of b%tes? in addition to t"e default of ,9 b%tes? of t"e
outoin data ra!s. T"e allowed rane is 9 to 1,&9G t"e default is 9.
.. Link3State 'rotocols
Like distance =ector *rotocols? link3state *rotocols use routin tables t"at are *o*ulated wit" t"e currentl%best
routes. Link3state *rotocols? "owe=er? differ fro! )istance =ector *rotocols in t"e !et"ods t"e% use to
build t"eir routin tables. T"e biest difference between t"e two is t"at distance =ector *rotocols ad=ertise
little infor!ation.
5nlike distance =ector *rotocols? link3state *rotocols do not recei=e !etrics in t"e routin table u*dates.
Instead t"e% !ust calculate t"e !etric for! t"e to*olo% infor!ation learned b% a router? w"ic" includes a
cost associated wit" eac" link in t"e network. A router totals t"e cost associated wit" eac" link in eac" route
to find t"e !etric associated wit" t"at route. Link3state *rotocols use t"e S"ortest 'at" First 7S'F8
alorit"!? w"ic" is also called t"e )iCkstra S'F alorit"!? to calculate route !etrics.
2"en a new router t"at is confiured wit" a link3state *rotocol is booted for t"e first ti!e? it does not start
broadcastin to*olo% infor!ation out e=er% interface. Instead? t"e router uses t"e 4ello *rotocol to send
and recei=e a s!all 4ello *acket to disco=er nei"bors? i.e.? ot"er routers t"at use t"e sa!e link3state
*rotocol and s"are a co!!on subnet. It "as a source address of t"e router and a !ulticast destination address
set to AllS'F#outers 7&&,.9.9..8. All routers runnin OS'F or t"e S'F alorit"! listen for t"e "ello *acket
and send t"eir own "ello *ackets *eriodicall%. Once a router identifies a nei"bor? t"e two routers e;c"ane
routin infor!ation? w"ic" is called t"e to*olo% database? and t"en run t"e S'F alorit"! to calculate new
routes. 2"en t"eir to*olo% databases are s%nc"roni>ed? t"e nei"bors are said to be full% adCacent. T"e
4ello *rotocol continues to trans!it t"e 4ello *ackets *eriodicall%.
)atabases
T"e trans!ittin router and its networks reside in t"e to*olo%
w"ic" so!eti!es
database for as lon as t"e ot"er routers recei=e t"e 4ello *rotocol.
database? is t"e
T"is *ro=ides anot"er !ec"anis! for deter!inin t"at a router "as
wit"in t"e
one down? i.e.? w"en t"e nei"bor no loner sends 4ello *ackets.
router wit"in
T"e routin u*dates sent b% an OS'F router are called link3state
networks.
u*dates 7LS5s8? and t"e ite!s sent in an LS5 include indi=idual
table for w"ic"
link3state ad=ertise!ents 7LSAs8. OS'F uses a reliable *rotocol to
!ade. T"e
e;c"ane routin infor!ation? ensurin t"at lost LS5 *ackets are
b% link3state
Actualtests.co! 3 T"e 'ower of Bnowin
To*olo% and #outin
T"e to*olo% database?
referred to as t"e link3state
routerIs =iew of t"e network
area. It includes e=er% OS'F
t"e area and all t"e connected
T"is database is a routin
no *at" decisions "a=e been
to*olo% database is u*dated
CCNA
retrans!itted. OS'F routers can? t"us? deter!ine w"et"er a
router wit"in
nei"bor "as recei=ed all t"e LSAs.
to*olo%
..1 Buildin #outin Table on New OS'F3Confiured #outers
of t"e
Fi=e *ackets are used to build t"e routin table on a new OS'Fconfiured
t"e use of
router. T"ese are t"e 4ello *rotocolG t"e database
"eaders.
descri*tor? w"ic" is used to send su!!ar% infor!ation to
constructed fro! t"e
nei"bors to s%nc"roni>e to*olo% databasesG t"e link3state
is uni6ue to
re6uest? w"ic" works as a re6uest for !ore detailed infor!ation
routin
t"at is sent w"en t"e router recei=es a database descri*tor t"at
s"ortest *at" first
contains new infor!ationG t"e link3state u*date? w"ic" works as
deter!ine t"e best *at"
S'F tree on
t"ere are
network? OS'F
balances t"e
ad=ertise!ents 7LSAs8. Eac"
t"e area "as e;actl% t"e sa!e
database. T"e s%nc"roni>ation
to*olo% !a*s is ensured b%
se6uence nu!bers in t"e LSA
A routin database is
to*olo% !a*. T"is database
eac" router? w"ic" creates a
database b% runnin t"e
7S'F8 alorit"! to
to eac" network and creates an
w"ic" it *laces itself at t"e to*. If
e6ual !etrics for a re!ote
includes all t"e *at"s and load
routed data traffic a!on t"e!.
t"e link3state ad=ertise!ent 7LSA8 *acket issued in res*onse to t"e re6uest for database infor!ation in t"e
link3state re6uest *acketG and t"e link3state acknowlede!ent? w"ic" acknowledes t"e link3state u*date.
2"en t"e new OS'F3confiured router is connected to t"e network? it !ust learn t"e network fro! t"e routers
t"at are u* and runnin. T"e router oes t"rou" t"ree staes w"ile e;c"anin infor!ation: t"e down state?
t"e init stae? and t"e two3wa% state. Aou can c"eck w"at stae an interface runnin OS'F is in b% usin t"e
s"ow i* os*f nei"bor co!!and or t"e debu i* os*f adCacenc% co!!and.
J T"e new router starts in a down state. It trans!its its own 4ello *ackets to introduce itself to t"e
se!ent and to find an% ot"er OS'F3confiured routers. T"is is sent out as a 4ello to t"e !ulticast
address &&,.9.9.. 7AllS'F#outers8. It sets t"e desinated router 7)#8 and t"e backu* desinated
router 7B)#8 in t"e 4ello to 9.9.9.9.
B)#
2"ile t"e new router waits for a re*l%? w"ic" usuall% is four
router on
ti!es t"e lent" of t"e 4ello ti!er? t"e router is in t"e init
t"at is
state. 2it"in t"e wait ti!e? t"e new router "ears a 4ello fro!
to*olo%
Actualtests.co! 3 T"e 'ower of Bnowin
T"e )# and t"e
T"e desinated router 7)#8 is a
broadcast !ulti3access network
res*onsible for !aintainin t"e
CCNA
anot"er router and learns t"e )# and t"e B)#. If t"ere is no table for its se!ent. T"is router
can be
)# or B)# stated in t"e inco!in 4ello? an election takes d%na!icall% elected t"rou" use
of t"e
*lace. 4ello *rotocol? or can be
desinated b% t"e
J Once t"e new router sees its own router I) in t"e list of network ad!inistrator.
#edundanc% is
nei"bors? and a nei"bor relations"i* is establis"ed? it *ro=ided b% t"e Backu*
)esinated #outer
c"anes its status to t"e two3wa% state. 7B)#8.
T"e new router and t"e )# "a=e now establis"ed a nei"bor relations"i* and need to ensure t"at t"e new
router "as all t"e rele=ant infor!ation about t"e network. T"e )# !ust u*date and s%nc"roni>e t"e to*olo%
database of t"e new router. T"is is ac"ie=ed b% usin t"e e;c"ane *rotocol wit" t"e database descri*tion
*ackets 7))'s8. T"ere are four different staes t"at t"e router oes t"rou" w"ile e;c"anin routin
infor!ation wit" a nei"bor: t"e e;start state? t"e e;c"ane state? t"e loadin state? and t"e full state.
J )urin t"e e;start state? one of t"e routers will take seniorit% and beco!e t"e !aster router? based on
"i"est I' interface address.
J Bot" routers will send out database descri*tion *ackets? c"anin t"e state to t"e e;c"ane state. At t"is stae?
t"e new router "as no knowlede and can infor! t"e )# onl% of t"e networks or links to w"ic" it
is directl% connected. T"e )# sends out a series of ))'s containin t"e networks? referred to as links
t"at are "eld in t"e to*olo% database. $ost of t"ese links "a=e been recei=ed fro! ot"er routers =ia linkstate
ad=ertise!ents 7LSAs8. T"e source of t"e link infor!ation is referred to b% t"e router I). Eac" link
will "a=e an interface I) for t"e outoin interface? a link I)? and a !etric to state t"e =alue of t"e *at".
T"e ))'s will contain a su!!ar% rat"er t"an all t"e necessar% infor!ation. 2"en t"e router "as
recei=ed t"e ))'s fro! t"e nei"borin router? it co!*ares t"e recei=ed network infor!ation wit" t"at
in its to*olo% table. In t"e case of a new router? all t"e ))'s are new.
J If t"e new router re6uires !ore infor!ation? it will re6uest t"at *articular link in !ore detail usin t"e link3
state re6uest *acket 7LS#8. T"e LS# will *ro!*t t"e !aster router to send t"e link3state u*date *acket
7LS58. T"is is t"e sa!e as a LSA used to flood t"e network wit" routin infor!ation. 2"ile t"e new router is
awaitin t"e LS5s fro! its nei"bor? it is in t"e loadin state.
J 2"en t"ese LS#s are recei=ed and t"e databases are u*dated and s%nc"roni>ed? t"e nei"bors are full%
adCacent. T"is is t"e full state.
..& Stead%3State O*eration
Link3state *rotocols kee* in touc" wit" t"eir nei"bors b% *eriodicall% e;c"anin s!all *ackets rat"er t"an
co!*lete routin u*dates. In OS'F? t"ese *ackets are called 4ello *ackets? w"ic" identif% t"e subnet? t"e
router sendin t"e *ackets and a few ot"er details. T"ese 4ello *ackets ser=e t"e sa!e *ur*ose as ti!ed?
reular full routin u*dates ser=e for distance =ector *rotocols. 2"en a router fails to "ear 4ellos fro! a
nei"bor for an inter=al called t"e dead inter=al? t"e router assu!es t"at t"e silent router "as failed. OS'F
t"en !arks t"e silent router as LdownL in its to*olo% database. T"e ot"er router t"en runs t"e S'F alorit"!
to calculate new routes? based on t"e fact t"at one of t"e networkIs routers is now una=ailable. In addition?
t"e router t"at notices t"e failure i!!ediatel% floods t"e new router or link status to its nei"bors? wit" t"ose
routers forwardin t"e u*dated status to t"eir nei"bors? e=entuall% floodin t"e new status infor!ation to
all t"e routers in t"e network. T"is 6uick con=erence of link3state *rotocols *re=ents t"e occurrence of
loo*s.
..+ OS'F Areas
CCNA
T"ere are a nu!ber of *roble!s associated wit" usin OS'F. T"ese *roble!s are related to t"e network si>e.
T"e larer t"e network? t"e reater t"e *robabilit% of a network c"ane? w"ic" would re6uire a recalculation
of t"e w"ole area. T"is increases t"e fre6uenc% wit" w"ic" t"e S'F alorit"! is bein run. In addition? eac"
recalculation will take loner. As t"e network rows? t"e si>e of t"e routin table will increase. Alt"ou" t"e
co!*lete routin table is not sent out as in a distance =ector routin *rotocol? t"e reater t"e si>e of t"e table?
t"e loner eac" looku* beco!es. T"e !e!or% re6uire!ents on t"e router will also increase. Furt"er!ore?
t"e to*oloical database will increase in si>e and will e=entuall% beco!e un!anaeable. As t"e =arious
databases increase in si>e and t"e calculations beco!e increasinl% fre6uent? t"e C'5 utili>ation will
increase as !ore of t"e a=ailable !e!or% I consu!ed. T"is will "a=e a neati=e i!*act on network res*onse
ti!e? not because of conestion on t"e line but because of conestion wit"in t"e router itself.
5sin !ulti*le OS'F areas sol=es !ost of t"e co!!on *roble!s wit" runnin OS'F in larer networks. T"e
di=ision of a lare sinle area network into !ulti*le areas allows routers in eac" area to !aintain t"eir own
to*oloical databases. T"is li!its t"e si>e of t"e to*oloical databases wit"in an area? w"ic" results in routers
re6uirin less !e!or% and *rocessin ti!e to run S'F? and a decrease in con=erence ti!e.
Su!!ar% and e;ternal links ensure connecti=it% between areas and networks outside t"e autono!ous area
7AS8. T"is is ac"ie=ed b% creatin areas fro! rou*s of subnets. Eac" area is treated internall% as a s!all entit%
on its own. It co!!unicates wit" t"e ot"er areas? e;c"anin routin infor!ation w"ic" is ke*t to a !ini!u! b%
allowin onl% t"at infor!ation t"at is re6uired for connecti=it%.
T"ere are two a**roac"es to i!*le!entin !ulti*le area networks. T"e first a**roac" is to row a sinle
area until it beco!es un!anaeable. T"is a**roac" re6uires less initial work and confiuration but care
s"ould be *ut into t"e desin of t"e network because t"is !a% cause *roble!s in t"e future? *articularl% in
addressin. T"e second a**roac" is to desin t"e network wit" !ulti*le areas? w"ic" are =er% s!all? in
antici*ation t"at t"e networks will row to fit co!fortabl% into t"eir areas. In *ractice? !an% co!*anies
con=ert t"eir networks into OS'F fro! a distance =ector routin *rotocol w"en t"e% reali>e t"at t"e% "a=e
outrown t"e e;istin routin *rotocol. T"is allows t"e *lanned i!*le!entation of t"e second a**roac".
..+.1 OS'F Area T%*es
#eardless of w"ic" a**roac" is used? a !ulti*le area OS' network "as a "ierarc"ical structure and consists
a nu!ber of distinct areas. T"ese areas are:
J T"e backbone area? w"ic" is also referred to as Area 9. All ot"er areas !ust connect to t"e backbone
area. 4ence? t"is area is obliator%.
J An ordinar% or standard area? w"ic" is an area t"at connects to t"e backbone 7Area 98 and is treated as a
se*arate entit%. All routers in a standard area "a=e t"e sa!e to*oloical database? but t"eir routin tables
will be based on t"e routers *osition in t"e standard area and will t"us be uni6ue to t"e router.
J A stub area? w"ic" is an area t"at does not acce*t e;ternal su!!ar% routes. A router wit"in a stub area can
onl% see outside t"e autono!ous s%ste! if a default route "as been confiuration for it.
J A totall% stubb% area? w"ic" is si!ilar to a stub area. In t"is area? t"e default route !ust be confiured as
9.9.9.9. T"is t%*e of area is useful for re!ote sites t"at "a=e few networks and li!ited connecti=it% wit" t"e
rest of t"e network and is a Cisco *ro*rietar% solution.
J A not so stubb% area 7NSSA8? w"ic" is a stub area t"at can recei=e e;ternal routes but will not
*ro*aate t"ose e;ternal routes into t"e backbone area.
..+.& #outer #es*onsibilities
Because of t"e "ierarc"ical nature of a !ulti*le area OS'F network? routers "a=e different res*onsibilities?
de*endin on t"eir *osition and functionalit% wit"in t"e "ierarc"ical desin. T"ese routers "a=e different
desinations suc" as internal routers? backbone routers? area border routers 7AB#8? and autono!ous s%ste!
boundar% routers 7ASB#8.
J T"e Internal #outer e;ists wit"in an area. It is res*onsible for !aintainin a current and accurate
CCNA
database of e=er% subnet wit"in t"e area. It is also res*onsible for forwardin data to ot"er networks b%
t"e s"ortest *at". Floodin of routin u*dates is confined to t"e area. All interfaces on t"is router are
wit"in t"e sa!e area.
J T"e Backbone #outer e;ists wit"in t"e backbone area? w"ic" is also called Area 9. T"e desin rules for
OS'F re6uire t"at all t"e areas be connected t"rou" a sinle area? known as Area 9. Area 9 is also
known as Area 9.9.9.9 on ot"er routers. A router wit"in t"is area is referred to as a backbone router. It !a%
also be an internal router or an Area Border #outer.
J T"e Area Border #outer 7AB#8 is res*onsible for connectin two or !ore areas. It "olds a full
to*oloical database for eac" area to w"ic" it is connected and sends LSA u*dates between t"e areas.
T"ese LSA u*dates are su!!ar% u*dates of t"e subnets wit"in an area. It is at t"e area border t"at
su!!ari>ation s"ould be confiured for OS'F because t"is is w"ere t"e LSAs !ake use of t"e reduced
routin u*dates to !ini!i>e t"e routin o=er"ead on bot" t"e network and t"e routers.
J T"e Autono!ous S%ste! Boundar% #outer 7ASB#8 is used to connect to a network or routin
*rotocol outside t"e OS'F do!ain. OS'F is an interior routin *rotocol or Interior -atewa% 'rotocol
7I-'8G atewa% is an older ter! for a router. If t"ere is an% redistribution between ot"er *rotocols to
OS'F on a router? it will be an ASB#. T"is router s"ould reside in t"e backbone area but %ou can *lace it
an%w"ere in t"e OS'F "ierarc"ical desin.
.., Balanced 4%brid #outin 'rotocol and EI-#'
Cisco su**orts two distance =ector I' routin *rotocols? na!el% #I' and I-#'G two link3state I' routin
*rotocols? na!el% OS'F and Inter!ediate S%ste!3to3Inter!ediate S%ste! 7IS3IS8G and a sinle balanced
"%brid I' routin *rotocol? na!el% En"ance I-#' 7EI-#'8.
EI-#' is called a balanced "%brid *rotocol because it "as so!e features t"at act like distance =ector
*rotocols and so!e features t"at act like link3state *rotocols. EI-#' uses nei"bor disco=er and e;c"ane full
routin infor!ation. Like OS'F? EI-#' sends and recei=es "ello *ackets to ensure t"at t"e nei"bor is still
a=ailable but uses a different 4ello *acket t"an OS'F. 2"en link status c"anes or new subnets are
disco=ered? reliable routin u*dates are sent? but onl% wit" t"e new infor!ation.
EI-#' uses a for!ula based on bandwidt" and dela% to calculate t"e !etric associated wit" a route. It uses t"e
sa!e for!ula used b% I-#'? but t"e nu!ber is !ulti*lied b% &./ to acco!!odate calculations w"en =er%
"i" bandwidt" =alues are used.
..,.1 EI-#' Loo* A=oidance
EI-#' a=oids loo*s b% kee*in so!e basic to*oloical infor!ation but not full infor!ation. 2"en a router
learns !ulti*le routes to t"e sa!e subnet? it *uts t"e best route in t"e routin table? followin t"e sa!e rules
about addin !ulti*le e6ual3!etric routes as I-#'. In EI-#'? t"e best route? i.e.? t"e route wit" t"e lowest
!etric is called t"e successor. EI-#' also runs an alorit"! to identif% w"ic" backu* routes could be used
in case of a route failure? wit"out causin a loo*. T"ese routes are called feasible successors.
S"ould t"e best route 7successor8 fail and t"ere are no feasible successors for t"at route? EI-#' uses a
distributed alorit"! called )iffusin 5*date Alorit"! 7)5AL8. )5AL sends 6ueries lookin for a
loo*3free route to t"e subnet in 6uestion. 2"en t"e new route is found? )5AL adds it to t"e routin table.
CCNA
... #outer Confiuration
....1 Confiurin OS'F
T"ere are a few si!*le co!!ands t"at are used to confiure and troubles"oot a Cisco router confiured to
use OS'F in a sinle area and in a !ulti*le area network.
T"e co!!ands used to confiure OS'F are:
J router os*f W *rocessNnu!ber X w"ere *rocessNnu!ber is a nu!ber local to t"e router. T"is
co!!and confiures OS'F as t"e routin *rotocol on t"e router.
J network networkNnu!ber wildcardN!ask defines t"e networks t"at are to *artici*ate in t"e OS'F
u*dates and t"e area t"at t"e% reside in.
J interface loo*back W interfaceNnu!ber X i* address W i*Naddress X W subnetN!ask X
defines a loo*back interface? w"ic" is a =irtual interface? on t"e router.
J i* os*f cost W cost X sets t"e default cost for t"e router.
J auto3cost reference3bandwidt" c"anes t"e OS'F cost for!ula.
Note: T"e i* os*f cost co!!and o=errides t"e auto3cost reference
bandwidt" co!!and.
....& :erif%in t"e OS'F Confiuration
T"ere are a nu!ber of s"ow i* co!!ands t"at can be used w"en troubles"ootin an OS'F network. T"ese
co!!ands are:
J s"ow i* os*f? w"ic" *ro=ides infor!ation about t"e OS'F *rocess and its details.
J s"ow i* os*f database? w"ic" *ro=ides infor!ation about t"e contents of t"e to*oloical database.
J s"ow i* os*f interface? w"ic" *ro=ides infor!ation on "ow OS'F "as been confiured on eac"
interface.
J s"ow i* os*f nei"bor? w"ic" dis*la%s all t"e infor!ation about t"e relations"i* t"at t"e router "as wit"
its nei"bors.
J s"ow i* *rotocols? w"ic" dis*la%s t"e I' confiuration on t"e router? includin t"e interfaces and t"e
confiuration of t"e I' routin *rotocols.
J s"ow i* route Oi*3address O!askQ Oloner3*refi;esQQ P O*rotocol O*rocess3idQQ? w"ic"
*ro=ides detailed infor!ation on t"e networks t"at t"e router is aware of and t"e *referred *at"s to t"ose
networks. It also i=es t"e ne;t loical "o* as t"e ne;t ste* in t"e *at".
J debu i* os*f e=ents? w"ic" issues lo !essaes for eac" OS'F *acket.
J debu i* os*f *acket? w"ic" issues lo !essaes describin t"e contents of all OS'F *ackets.
....+ Confiurin EI-#'
T"e co!!ands used to confiure EI-#' on a Cisco router are consistent wit" t"e ot"er I' routin *rotocol
co!!ands. T"e EI-#' co!!ands are:
J router eir* autono!ousNs%ste!Nnu!ber confiures EI-#' as t"e routin *rotocol on t"e router.
J network networkNnu!ber O wildcardN!ask Q defines t"e networks t"at are to *artici*ate in t"e
EI-#' u*dates. T"e O wildcardN!ask Q o*tional *ara!eter identifies w"ic" interfaces are runnin
EI-#'.
J no network networkNnu!ber O wildcardN!ask Q disables EI-#'.
J no autosu!!ar% turns off auto!atic su!!ari>ation.
J i* su!!ar% address eir* autono!ousNs%ste!Nnu!ber i*Naddress subnetN!ask confiures
su!!ari>ation at t"e interface le=el.
J =ariance !ulti*lier confiures EI-#' to load3balance across une6ual *at"s.
J bandwidt" lineNs*eed o=errides t"e default bandwidt" settins on t"e links.
...., :erif%in t"e EI-#' Confiuration
T"ere are a nu!ber of s"ow and debu co!!ands t"at can be used to confiure? !aintain? and troubles"oot
CCNA
a li=e EI-' network. T"e s"ow co!!ands are:
J s"ow i* eir* nei"bors? w"ic" *ro=ides detailed infor!ation on t"e nei"bors.
J s"ow i* eir* to*olo%? w"ic" *ro=ides details about t"e routes "eld in t"e to*olo% table and for
detailed infor!ation on t"e networks t"at t"e router is aware of and t"e *referred *at"s to t"ose networks? as
well as t"e ne;t loical "o* as t"e first ste* in t"e *at".
J s"ow i* eir* to*olo% all? w"ic" *ro=ides details about all t"e routes and alternati=e *at"s "eld in t"e
to*olo% table.
J s"ow i* eir* traffic? w"ic" *ro=ides infor!ation on t"e areate traffic sent to and fro! t"e
EI-#' *rocess.
J s"ow i*; route? w"ic" s"ows t"e routin table for I'D and is t"e source of t"e infor!ation on "ow to
reac" t"e re!ote destination network.
J s"ow i* route? w"ic" *ro=ides detailed infor!ation on t"e networks t"at t"e router is aware of and t"e
*referred *at"s to t"ose networks.
J s"ow i* *rotocols? w"ic" dis*la%s t"e I' confiuration on t"e router? includin t"e interfaces and t"e
confiuration of t"e I' routin *rotocols.
/. Ad=anced TC'(I'
T"e oriinal desin for t"e Internet re6uired e=er% orani>ation to "a=e one or !ore uni6ue I' network
nu!bers. In t"e earl% to !id31@@9s? it beca!e a**arent t"at t"e Internet was rowin so fast t"at all I'
network nu!bers would be used. One solution to t"is *roble! was to increase t"e si>e of t"e I' address b%
de=elo*in I' :ersion / 7I'=/8. I'=/ "as a !uc" larer address structure t"an I'=,? allowin for trillions of I'=/
networks.
T"ree ot"er I' functions "a=e been introduced to reduce t"e need for I'=, reistered network nu!bers.
T"ese include Network Address Translation 7NAT8? alon wit" a feature called *ri=ate I' addressin?
w"ic" allows orani>ations to use unreistered I' network nu!bers internall% and still co!!unicate well wit" t"e
InternetG and Classless Interdo!ain #outin 7CI)#8? w"ic" allows Internet ser=ice *ro=iders 7IS's8 to reduce
t"e wastin of I' addresses b% assinin a co!*an% a subset of a network nu!ber rat"er t"an t"e entire
network. CI)# "as been discussed in Section +.1.,.
/.1 'ri=ate I' Addressin
$ost orani>ations "a=e a nu!ber of co!*uters t"at will ne=er be connected to t"e Internet. T"ese
co!*uters do not need loball% uni6ue I' addresses but !ust be uni6ue wit"in t"e orani>ationIs network.
T"us? an orani>ation could use an% network nu!ber7s8 it wanted? reardless of w"et"er t"ose network
nu!ber7s8 are in use on t"e Internet or not. 4owe=er? a set of I' addresses fro! Class A? Class B and Class C
"as been set aside for use in *ri=ate networks and "as been defined in #FC 1@11. T"is #FC defines a set
of networks t"at not be assined to an% orani>ation as a reistered network nu!ber to be used on t"e
Internet. T"ese network nu!bers allow orani>ations to use unreistered network nu!bers t"at are not used
b% an%one else in t"e *ublic Internet. 4owe=er? no orani>ation is allowed to ad=ertise t"ese networks usin a
routin *rotocol on t"e Internet.
TABLE /.1: T"e 'ri=ate I' Address S*ace defined b% #FC 1@11
#ane of I' Addresses Nu!ber of Networks Class
19.9.9.9 to 19.&...&...&.. 1 A
10&.1/.9.9 to 10&.+1.&...&.. 1/ B
1@&.1/1.9.9 to 1@&.1/1.&...&.. &./ C
/.& Network Address Translation 7NAT8
T"e ad=antae of usin *ri=ate I' addresses is t"at it allows an orani>ation to use *ri=ate addressin in a
network? and use t"e Internet at t"e sa!e ti!e? b% i!*le!entin Network Address Translation 7NAT8. NAT
is defined in #FC 1/+1 and allows a "ost t"at does not "a=e a =alid reistered I' address to
CCNA
co!!unicate wit" ot"er "osts t"rou" t"e Internet. Essentiall%? NAT allows "osts t"at use *ri=ate addresses
or addresses assined to anot"er orani>ation? i.e. addresses t"at are not Internet3read%? to continue to be
used and still allows co!!unication wit" "osts across t"e Internet. NAT acco!*lis"es t"is b% usin a =alid
reistered I' address to re*resent t"e *ri=ate address to t"e rest of t"e Internet. T"e NAT function c"anes
t"e *ri=ate I' addresses to *ublicl% reistered I' addresses inside eac" I' *acket t"at is trans!itted to a "ost
on t"e Internet.
/.&.1 :ariations of NAT
T"e Cisco IOS software su**orts se=eral =ariations of NAT.
T"ese include Static NATG )%na!ic NATG and O=erloadin NAT
t"e
wit" 'ort Address Translation 7'AT8.
for
/.&.1.1 Static NAT
In Static NAT? t"e I' addresses are staticall% !a**ed to eac"
and
ot"er. T"us? t"e NAT router si!*l% confiures a one3to3one
LinsideL
!a**in between t"e *ri=ate address and t"e reistered address
side of
t"at is used on its be"alf. Su**ortin two I' "osts in t"e *ri=ate
*art of
network re6uires a second static one3to3one !a**in usin a
"as t"e
and it
t"e
Cisco Ter!inolo%
Cisco uses t"e ter! inside local for
*ri=ate I' addresses and inside lobal
t"e *ublic I' addresses. T"e enter*rise
network t"at uses *ri=ate addresses?
t"erefore t"at needs NAT? is t"e
*art of t"e network. T"e Internet
t"e NAT function is t"e LoutsideL
t"e network. A "ost t"at needs NAT I'
address it uses inside t"e network? needs
an I' address to re*resent it in outside
network.
second I' address in t"e *ublic address rane? de*endin on t"e nu!ber of addresses su**orted b% t"e
reistered I' address.
/.&.1.& )%na!ic NAT
)%na!ic NAT is si!ilar to static NAT in t"at t"e NAT router creates a one3to3one !a**in between an
inside local and inside lobal address and c"anes t"e I' addresses in *ackets as t"e% e;it and enter t"e
inside network. 4owe=er? t"e !a**in of an inside local address to an inside lobal address "a**ens
d%na!icall%. )%na!ic NAT acco!*lis"es t"is b% settin u* a *ool of *ossible inside lobal addresses and
definin criteria for t"e set of inside local I' addresses w"ose traffic s"ould be translated wit" NAT.
2it" d%na!ic NAT? %ou can confiure t"e NAT router wit" !ore I' addresses in t"e inside local address
list t"an in t"e inside lobal address *ool. 2"en t"e nu!ber of reistered *ublic I' addresses is defined in
t"e inside lobal address *ool? t"e router allocates addresses fro! t"e *ool until all are allocated. If a new
*acket arri=es? and it needs a NAT entr%? but all t"e *ooled I' addresses are alread% allocated? t"e router
discards t"e *acket. T"e user !ust tr% aain until a NAT entr% ti!es out? at w"ic" *oint t"e NAT function
works for t"e ne;t "ost t"at sends a *acket. T"is can be o=erco!e t"rou" t"e use of 'ort Address
Translation 7'AT8.
/.&.1.+ O=erloadin NAT wit" 'ort Address Translation 7'AT8
In so!e networks? !ost? if not all? I' "osts need to reac" t"e Internet. If t"at network uses *ri=ate I'
addresses? t"e NAT router needs a =er% lare set of reistered I' addresses. If %ou use static NAT? eac"
CCNA
*ri=ate I' "ost t"at needs Internet access needs a *ublicl% reistered I' address. )%na!ic NAT lessens t"e
*roble!? but if a lare *ercentae of t"e I' "osts in t"e network need Internet access t"rou"out nor!al
business "ours? a lare nu!ber of reistered I' addresses would also be re6uired. T"ese *roble!s can be
o=erco!e t"rou" o=erloadin wit" *ort address translation. O=erloadin allows NAT to scale to su**ort
!an% clients wit" onl% a few *ublic I' addresses.
To su**ort lots of inside local I' addresses wit" onl% a few inside lobal? *ublicl% reistered I' addresses?
NAT o=erload uses 'ort Address Translation 7'AT8? translatin t"e I' address as well as translatin t"e *ort
nu!ber. 2"en NAT creates t"e d%na!ic !a**in? it selects not onl% an inside lobal I' address but also a
uni6ue *ort nu!ber to use wit" t"at address. T"e NAT router kee*s a NAT table entr% for e=er% uni6ue
co!bination of inside local I' address and *ort? wit" translation to t"e inside lobal address and a uni6ue
*ort nu!ber associated wit" t"e inside lobal address. And because t"e *ort nu!ber field "as 1/ bits? NAT
o=erload can use !ore t"an /.?999 *ort nu!bers? allowin it to scale well wit"out needin !an% reistered
I' addresses.
/.&.1., Translatin O=erla**in Addresses
NAT can also be used in orani>ations t"at do not use *ri=ate addressin but use a network nu!ber
reistered to anot"er co!*an%. If one orani>ation uses a network nu!ber t"at is reistered to anot"er
orani>ation? and bot" orani>ations are connected to t"e Internet? NAT can be used to translate bot" t"e
source and t"e destination I' addresses. 4owe=er? bot" t"e source and t"e destination addresses !ust be
c"aned as t"e *acket *asses t"rou" t"e NAT router.
/.&.& Confiurin NAT
T"ere are a nu!ber of co!!ands t"at can be used to confiure t"e different =ariations of NAT.
/.&.&.1 Confiurin Static NAT
Static NAT confiuration re6uires t"at eac" static !a**in between a local? or *ri=ate? address and a lobal? or
*ublic? address !ust be confiured. T"en? eac" interface needs to be identified as eit"er an inside or
outside interface.
T"e i* nat inside source static co!!and is used to create a static !a**in. T"e inside ke%word
indicates t"at NAT translates addresses for "osts on t"e inside *art of t"e network. T"e source ke%word
indicates t"at NAT translates t"e source I' address of *ackets co!in into its inside interfaces. T"e static
ke%word indicates t"at t"e *ara!eters define a static entr%. If two "osts re6uire Internet access? two i* nat
inside co!!ands !ust be used.
T"e i* nat inside and i* nat outside interface subco!!ands identif% w"ic" interfaces are LinsideL
and w"ic" are LoutsideL res*ecti=el%.
Two s"ow co!!ands list t"e !ost i!*ortant infor!ation about static NAT. T"ese co!!ands are:
J s"ow i* nat translations? w"ic" lists t"e static NAT entriesG and t"e
J s"ow i* nat statistics? w"ic" lists statistics? includin t"e nu!ber of currentl% acti=e translation
table entries and t"e nu!ber of "its? w"ic" incre!ents for e=er% *acket for w"ic" NAT !ust translate
addresses.
/.&.&.& Confiurin )%na!ic NAT
)%na!ic NAT confiuration differs fro! static NAT but it also "as so!e si!ilarities. It re6uires t"at eac"
interface be identified as eit"er an inside or outside interface but t"e static !a**in is not re6uired. In addition?
a *ool of inside lobal addresses needs to be defined.
T"e i* nat inside source co!!and is used to identif% w"ic" inside local I' addresses need to "a=e
t"eir addresses translated.
T"e i* nat *ool co!!and defines t"e set of I' addresses to be used as inside lobal addresses.
T"e two s"ow co!!ands used to trouble s"oot static NAT can also be used to troubles"oot d%na!ic NAT.
In addition to t"ese %ou can use t"e debu i* nat co!!and. T"is co!!and causes t"e router to issue a
CCNA
!essae e=er% ti!e a *acket "as its address translated for NAT.
/.&.&.+ Confiurin NAT O=erload and 'AT
T"e i* nat inside source o=erload co!!and is used to confiure NAT o=erload. T"e o=erload
*ara!eter is re6uired to enable o=erload. 2it"out t"is *ara!eter? t"e router does not *erfor! o=erload? but
d%na!ic NAT.
Aou can use t"e s"ow i* nat translations to troubles"oot NAT o=erload.
/.+ Internet Control $essae 'rotocol 7IC$'8
IC$' is a TC'(I' *rotocol desined to "el* !anae and control t"e o*eration of a TC'(I' network. T"e
IC$' *rotocol *ro=ides a wide =ariet% of infor!ation about a networkIs status and is considered *art of
TC'(I'Is network la%er. IC$' can *ro=ide useful infor!ation for troubles"ootin TC'(I'.
IC$' uses !essaes to acco!*lis" its tasks. $an% of t"ese !essaes are used in e=en t"e s!allest I'
network. Table /.& lists so!e of t"e IC$' !essaes.
TABLE /.&: IC$' $essaes
$essae
)estination 5nreac"able
Ti!e E;ceeded
#edirect
Ec"o
/., FT' and TFT'
)escri*tion
Infor!s t"e source "ost t"at t"ere is a *roble! deli=erin a
*acket.
Indicates t"at t"e ti!e t"at it takes a *acket to be deli=ered
"as e;*ired and t"at t"e *acket "as been discarded.
Indicates t"at t"e *acket "as been redirected to anot"er router
t"at "as a better route to t"e destination address. T"e
!essae infor!s t"e sender to use t"e better route.
5sed b% t"e *in co!!and to =erif% connecti=it%.
File Transfer 'rotocol 7FT'8 and Tri=ial File Transfer 'rotocol 7TFT'8 are two *o*ular file transfer
*rotocols used in TC'(I' networks. $ost end users use FT'? but Cisco router and switc" ad!inistrators
often use TFT'. FT' is a TC'3based a**lication t"at "as !an% o*tions and features? includin t"e ca*abilit%
to c"ane directories? list files usin wildcard c"aracters? transfer !ulti*le files wit" a sinle co!!and? and
use a =ariet% of c"aracter sets or file for!ats. 2"en a user? called a FT' client? atte!*ts to connect to an
FT' ser=er? a TC' connection is establis"ed to t"e FT' ser=erIs well3known *ort &1. T"e user is re6uired to
enter a userna!e and *assword? w"ic" t"e ser=er uses to aut"enticate t"e files a=ailable to t"at user for read
and write *er!issions. T"is securit% is based on t"e file securit% on t"e ser=erIs *latfor!. All t"e co!!ands
used to control t"e transfer of a file are sent across t"is connection. At t"is *oint? t"e user "as a =ariet% of
co!!ands a=ailable to enable settins for transfer? c"ane directories? list files? etc. 4owe=er? w"ene=er a
et 7!et for !ulti*le files8 or *ut 7or !*ut for !ulti*le files8 co!!and is entered? or t"e e6ui=alent
button is clicked on t"e user interface? a file is transferred. T"e data is transferred o=er a se*arate FT' data
connection? anot"er TC' connection? establis"ed to well3known *ort &9. T"is *re=ents a file transfer fro!
i!*actin on t"e control connection.
Tri=ial File Transfer 'rotocol 7TFT'8 is a !ore basic file transfer *rotocol t"at use a s!all set of features? takes
little !e!or% to load? and little ti!e to *rora!. TFT' uses 5ser )atara! 'rotocol 75)'8? so t"ere is no
connection establis"!ent and no error reco=er% b% t"e trans*ort la%er. 4owe=er? TFT' uses
a**lication la%er reco=er% b% e!beddin a s!all "eader between t"e 5)' "eader and t"e data. T"is "eader
includes codes alon wit" a nu!berin sc"e!e t"at nu!bers .1&3b%te blocks of data. T"e TFT' a**lication
uses t"ese block nu!bers to acknowlede recei*t and resend t"e data. TFT' sends one block and waits on
an acknowled!ent before sendin anot"er block.
/.. $T5 and Fra!entation
TC'(I' defines a !a;i!u! lent" for an I' *acket. T"e ter! used to describe t"at !a;i!u! lent" is
!a;i!u! trans!ission unit 7$T58. T"e $T5 =aries based on confiuration and t"e interfaceIs
CCNA
c"aracteristics. B% default? a co!*uter calculates an interfaceIs $T5 based on t"e !a;i!u! si>e of t"e data
*ortion of t"e data3link fra!e. I' "osts? includin routers? cannot forward a *acket out an interface if t"e
*acket is loner t"an t"e $T5. T"erefore? if a routerIs interface $T5 is s!aller t"an a *acket t"at !ust be
forwarded? t"e router fra!ents t"e *acket into s!aller *ackets? eac" of w"ic" is less t"an or e6ual to t"e
$T5 =alue.
T"e fra!ented *ackets are reasse!bled b% t"e end*oint "ost. T"e I' "eader contains fields t"at are used for
reasse!blin t"e fra!ents. T"is includes an I) =alue t"at is t"e sa!e in eac" fra!ented *acket? as well as
an offset =alue t"at defines w"ic" *art of t"e oriinal *acket is "eld in eac" fra!ent. T"erefore fra!ented
*ackets can be reasse!bled in t"e correct order.
Two confiuration co!!ands can be used to c"ane t"e I' $T5 si>e on an interface. T"ese are:
J !tu? w"ic" sets t"e $T5 for all La%er + *rotocolsG and
J i* !tu? w"ic" sets t"e $T5 for I' onl%.
If bot" !tu and i* !tu are confiured on an interface? t"e i* !tu settin takes *recedence. 4owe=er? if t"e !tu
co!!and is confiured after i* !tu is confiured? t"e i* !tu =alue is reset to t"e !tu =alue.
0. 2ide Area Networks 72ANs8
2"en desinin networks? %ou need to know about t"e =arious 2ide Area Network 72AN8 connecti=it%
o*tions. T"ere are t"ree !ain cateories of 2AN connecti=it% o*tions. T"ese are:
J Leased *oint3to3*oint linesG
J )ial lines? w"ic" are also called circuit3switc"ed linesG and
J 'acket3switc"ed networks.
T"is c"a*ter discusses t"ese t"ree 2AN connecti=it% o*tions.
0.1 'oint3to3'oint Leased Lines
0.1.1 O=er=iew
'oint3to3*oint leased lines are establis"ed across s%nc"ronous *oint3to3*oint serial links. T"ese s%nc"ronous
*oint3to3*oint links include a cable fro! a ser=ice *ro=ider? wit" t"e ser=ice includin t"e ca*abilit% to send
and recei=e bits across t"at cable at a *redeter!ined s*eed. T"e *"%sical connection includes a CS5()S5
on eac" end of t"e link. After t"e CS5()S5s are confiured and
t"e lines are installed? onl% a s!all a!ount of confiuration is
t"at t"e
re6uired on t"e routers to et t"e two routers workin. Aou onl%
o*erate
need to confiure I' addresses on eac" router and run a no
CS5()S5s on
s"utdown co!!and on eac" interface to enable t"e! to *in
use a
eac" ot"er across t"e link. T"e I' addresses of t"e two routers at
and
eit"er end of t"e s%nc"ronous *oint3to3*oint serial link !ust be in
*articular
t"e sa!e subnet because t"e two routersI interfaces are not
at
se*arated b% so!e ot"er I' router.
res*onsible for
-enerall%? t"e no s"utdown co!!and is not re6uired but if a
itself
S%nc"ronicit%
S%nc"ronous 2AN links re6uire
CS5()S5s on eac" end of t"e link
at t"e e;act sa!e s*eed. T"e
eac" side of t"e 2AN link aree to
certain clock rate? or s*eed? to send
recei=e bits. After t"e% aree to a
s*eed? bot" CS5()S5s tr% to o*erate
t"at s*eed. One CS5()S5 is
!onitorin t"e clock rates between
CCNA
Cisco router co!es u*? and t"e *"%sical 2AN link is not workin?
s!all
t"e router !i"t *lace a s"utdown co!!and on t"e interface
of t"e
confiuration. So t"e no s"utdown interface subco!!and would
does
be needed to *ut t"e interface in ser=ice.
0.1.& )ata3Link 'rotocols
and t"e ot"er CS5()S5 and !akes
adCust!ents to !atc" t"e clock rate
ot"er CS5()S5. T"e CS5()S5 t"at
not adCust its clock is called t"e clock
source.
T"ere are a nu!ber of different data link la%er *rotocols t"at can be i!*le!ented on a *oint3to3*oint 2AN.
2AN data3link *rotocols used on *oint3to3*oint serial links *ro=ide t"e basic function of data deli=er%
across t"at one link. T"e two !ost *o*ular 2AN data3link *rotocols are 4i"3Le=el )ata Link Control
74)LC8 and '''. Bot" of t"ese *rotocols *ro=ide for t"e deli=er% of data across a sinle *oint3to3*oint
serial link and deli=er data on s%nc"ronous serial links. In addition? ''' also su**orts as%nc"ronous serial
links.
Eac" s%nc"ronous serial data3link *rotocol is fra!e3oriented? wit" eac" data3link *rotocol definin t"e
beinnin and end of t"e fra!e? t"e infor!ation and for!at of a "eader and trailer? and t"e location of t"e
*acket between t"e "eader and trailer. )ata3link *rotocols also send idle fra!es. T"is is because
s%nc"ronous 2AN links re6uire t"at t"e CS5()S5s on eac" end of t"e link o*erate at t"e e;act sa!e s*eed.
To acco!*lis" t"is? t"e CS5()S5s on eac" side of t"e 2AN link aree to use a certain clock rate? or s*eed?
to send and recei=e bits. After t"e% aree to a *articular s*eed? bot" CS5()S5s tr% to o*erate at t"at s*eed.
One CS5()S5 is res*onsible for !onitorin t"e clock rates between itself and t"e ot"er CS5()S5 b%
noticin c"anes in t"e electrical sinal recei=ed on t"e *"%sical line. 2"en a c"ane occurs? t"e CS5()S5
!onitorin t"e clock rates res*onds b% adCustin its clock s*eed. If no traffic was sent across t"e link? t"ere
would be no electrical sinal and clock s%nc"roni>ation would be lost. T"erefore s%nc"ronous data3link
*rotocols send idle fra!es w"en t"ere is no end3user data to be sent o=er t"e link. T"e idle fra!es are called
#ecei=er #ead%. T"is need to !onitor and adCust t"e clock rates for s%nc"ronous *rotocols re6uires !ore
e;*ensi=e "ardware t"an as%nc"ronous *rotocols. 4owe=er? s%nc"ronous *rotocols allow !ore t"rou"*ut
o=er a serial link t"an as%nc"ronous *rotocols. For links between routers? s%nc"ronous links are t%*icall%
desired and used.
Al!ost all data3link *rotocols? includin ''' and 4)LC? *erfor! error detection. T"ese *rotocols use a
field in t"e trailer called t"e fra!e c"eck se6uence 7FCS8 for t"is *ur*ose. T"e FCS is used to =erif%
w"et"er bit errors occurred durin trans!ission of t"e fra!e. If bit errors occurred? t"e fra!e is discarded.
4owe=er? error reco=er%? w"ic" is t"e *rocess t"at causes retrans!ission of t"e lost or errored fra!e? is not
uaranteed. Error reco=er% can be *erfor!ed b% t"e data3link *rotocol or a "i"er3la%er *rotocol? or it !i"t not
be *erfor!ed at all.
''' was defined !uc" later t"an t"e oriinal 4)LC s*ecifications. As a result? ''' includes !an% new
features t"at are not i!*le!ented in 4)LC. For t"is reason? ''' "as beco!e t"e !ost *o*ular 2AN data
link la%er *rotocol.
''' uses a *rotocol t"at offers features reardless of t"e La%er + *rotocol used? and a *rotocol to su**ort
eac" La%er + *rotocol su**orted on t"e link. T"e ''' Link Control 'rotocol 7LC'8 *ro=ides t"e core
features for ''' t"at o*erate reardless of t"e La%er + *rotocol used? w"ile a series of ''' control *rotocols?
suc" as I' Control 'rotocol 7I'C'8? *ro=ide features related to a s*ecific La%er + *rotocol. T"us? ''' uses
one LC' *er link and one Control 'rotocol for eac" La%er + *rotocol defined on t"e link. If a router is
confiured for I'D? A**leTalk? and I' on a ''' serial link? t"e router confiured for ''' enca*sulation
auto!aticall% tries to brin u* t"e a**ro*riate control *rotocols for eac" La%er + *rotocol. Cisco routers also
CCNA
use a ''' C' for su**ortin C)' traffic? called C)'C'.
LC' *ro=ides a =ariet% of o*tional features for '''. T"ese are:
J Error detection? w"ic" is *ro=ided b% Link <ualit% $onitorin 7L<$8. T"e router can be confiured to take
down t"e link after a confiured error rate "as been e;ceeded. B% takin down a link t"at "as !an% errors?
%ou can cause *ackets to use an alternati=e *at" t"at !i"t not "a=e as !an% errors but t"is is onl% useful
w"en %ou "a=e redundant routes in t"e network.
J Loo*ed link detection? w"ic" is *ro=ided b% !aic nu!bers. 5sin different !aic nu!bers? routers send
!essaes to eac" ot"er. If a router recei=es its own !aic nu!ber? it knows t"at t"e fra!e it sent "as
been loo*ed back. If confiured to do so? t"e router can take down t"e interface t"rou" w"ic" t"e fra!e
was sent? and effecti=el% close t"e loo*. T"is will i!*ro=e con=erence.
J $ultilink su**ort? w"ic" is *ro=ided b% $ultilink ''' and allows ''' to load3balance fra!ents of
*ackets across !ulti*le links.
J Aut"entication? w"ic" can be *ro=ided b% 'assword Aut"entication 'rotocol 7'A'8 or C"allene
4ands"ake Aut"entication 'rotocol 7C4A'8 and allows for t"e e;c"ane of na!es and *asswords so t"at
eac" de=ice can =erif% t"e identit% of t"e de=ice on t"e ot"er end of t"e link. C4A' is t"e *referred !et"od
because it uses a $essae )iest . 7$).8 one3wa% "as" to encode t"e *assword w"ile 'A' sends
*asswords in clear3te;t.
0.1.+ Confiurin 4)LC and ''' Confiuration
4)LC and ''' confiuration is strai"tforward. Aou onl% need to be sure t"at t"e sa!e 2AN data3link
*rotocol is confiured on eac" end of t"e serial link because eac" 2AN data3link *rotocol uses a different
fra!e for!at. T"e co!!and used to confiure w"ic" *rotocol to use is: enca*sulation S"dlc P ***T.
T"e co!*ress O*redictor P stac P !**c Oinore3*fcQQ co!!and can be used to confiure co!*ression. T"e
*redictor? stac or !**c o*tions s*ecif% w"ic" co!*ression alorit"! !ust be used. T"ese are *redictor for
*redictor? Stacker 7LHS8 for stac and $''C for !**c. T"e inore3*fc o*tion s*ecifies t"at t"e
*rotocol field co!*ression fla neotiated t"rou" LC' will be inored.
T"ere are also a few s"ow co!!ands t"at can be used to troubles"oot 4)LC and '''. T"ese are:
J s"ow interfacesOt%*e nu!berQ ? w"ic" lists statistics and details of interface confiuration? includin t"e
enca*sulation t%*eG
J s"ow co!*ress? w"ic" lists co!*ression ratiosG and
J s"ow *rocessesOc*uQ? w"ic" lists *rocessor and task utili>ation. T"is is useful for !onitorin t"e
i!*act of co!*ression.
0.& Interated Ser=ices )iital Network 7IS)N8
Sites t"at use routers often need so!e sort of *er!anent? alwa%s3on 2AN connecti=it% to ot"er sites in t"e
network. T"e% also re6uire a back3u* s%ste!? usuall% so!e sort of a dial 7circuit3switc"ed8 tec"nolo% t"at can be
used s"ould t"at *er!anent connecti=it% fail. Ot"er sites t"at need onl% occasional 2AN connecti=it% can also
i!*le!ent a dialled circuit? for w"ic" a ser=ice *ro=ider c"ares a s!all fee *er call and *er !inute? w"ic" is
usuall% c"ea*er t"an usin a leased line or *acket3switc"ed ser=ice. For t"ese reasons? dialed links are still
*o*ular alt"ou" t"e% are not t"e t%*ical c"oice for 2AN connecti=it%.
Of all t"e circuit3switc"ed LdialL o*tions? Interated Ser=ices )iital Network 7IS)N8 is t"e !ost *o*ular
c"oice for connecti=it% between routers. IS)N uses diital sinals? w"ic" allows for faster s*eeds t"an
analo lines. T"ese s*eeds are in incre!ents of /, kb*s. For Internet access? IS)N "as been usur*ed b%
co!*etin tec"noloies suc" as )iital Subscriber Line 7)SL8? As%!!etric )iital Subscriber Line 7A)SL8
cable !ode!s? and si!*l% faster analo !ode!s. IS)N? "owe=er? re!ains a *o*ular o*tion for te!*orar%
connecti=it% between routers and is fre6uentl% used to create a backu* link w"en t"e *ri!ar% leased line or
Fra!e #ela% connection is lost.
0.&.1 IS)N C"annels
CCNA
IS)N interfaces can be eit"er Basic #ate Interface 7B#I8 or 'ri!ar% #ate Interface 7'#I8. A '#I differs fro!
a B#I !ainl% due to t"e nu!ber of c"annels it offers. IS)N c"annels are usuall% di=ided into two
different t%*es: t"e bearer 7B8 c"annel? w"ic" carries t"e data? and t"e ) c"annel? w"ic" are used to !ake
sinallin re6uests.
Eac" B c"annel "as a !a;i!u! t"rou"*ut of /, kb*s and can carr% encoded *ulse code !odulation
7co!*uter$8 diital =oice? =ideo? or data. T"e% are used !ainl% for circuit3switc"ed data co!!unications
suc" as 4i"3Le=el )ata Link Control 74)LC8 and 'oint3to3'oint 'rotocol 7'''8. 4owe=er? t"e% can also
carr% *acket3switc"ed data co!!unications.
T"e router uses t"e ) c"annel to dial destination *"one nu!bers. It "as a bandwidt" of 1/ kb*s for B#I or
/, kb*s for '#I. Alt"ou" t"e ) c"annel is used !ainl% for sinallin? it too can also carr% *acket3switc"ed
data.
T"e different t%*es of IS)N lines are often described wit" a *"rase t"at i!*lies t"e nu!ber of eac" t%*e of
c"annel. For e;a!*le? B#Is are referred to as &BE)? !eanin two B c"annels and one ) c"annel.
0.&.& IS)N 'rotocols
IS)N *rotocols fall in one of t"ree cateories: E3series *rotocols? I3series *rotocols and <3series *rotocols.
J T"e E3series *rotocols include E.1/+ and E.1/,? bot" of w"ic" are used for t"e international tele*"one
nu!berin *lan and international IS)N addressin.
J T"e I3series *rotocols include t"e I.199 series and I.,99 series. T"e I.199 series includes a nu!ber of
reco!!endations t"at describe and define t"e *rinci*les and t"e ter!inolo% used in IS)N? w"ile t"e
I.,99 series is !ainl% concerned wit" standardisation of t"e 5ser3Network Interface 75NI8.
J T"e <3series *rotocols include <.@&1 and <.@+1. <.@&1 is also referred to as Link Access 'rotocol 3 )
C"annel 7LA')8 and is t"e data3link *rotocol used o=er IS)NIs ) c"annel w"ile <.@+1 is used for t"e
IS)N call establis"!ent? !aintenance? and ter!ination of loical network connections between two
de=ices.
0.&.+ IS)N La%ers
T"e IS)N i!*le!entation is di=ided into t"ree la%ers. La%er 1 deals wit" sinal fra!in? La%er & deals wit"
fra!in *rotocols? and La%er + deals wit" ) c"annel call setu* and teardown *rotocols. Eac" of t"ese
*rotocols "as a s*ecific function.
0.&.+.1 IS)N La%er 1
IS)N La%er 1 is si!ilar to La%er 1 of t"e OSI !odel. It refers to *"%sical connecti=it%. In order for a router to
co!!unicate wit" an IS)N network? it !ust be confiured for t"e t%*e of switc" to w"ic" it is connected. T"e
carrier s"ould *ro=ide t"e t%*e of switc" t"at is to be used. If it was not *re=iousl% docu!ented? a call s"ould be
*laced to t"e carrier to obtain t"e infor!ation.
$anufacturers of IS)N central office switc"es? w"ic" are also known as local e;c"ane e6ui*!ent? di=ide t"e
local e;c"ane into two functions: local ter!ination and e;c"ane ter!ination. T"e local ter!ination function
deals wit" t"e trans!ission facilit% and ter!ination of t"e local loo* w"ile t"e e;c"ane
ter!ination function deals wit" t"e switc"in *ortion of t"e local e;c"ane.
T"e IS)N La%er 1 is also concerned wit" "ow t"e bits tra=erse t"e wire. To acco!!odate trans!ission? a
fra!in !et"od !ust be establis"ed to enable co!!unication between t"e NT and t"e TE as well as
between t"e NT and t"e Local E;c"ane 7LE8. T"e fra!in between t"e NT and TE is defined in t"e IT5
s*ecification I.,+9.
0.&.+.& IS)N La%er &
IS)N La%er & is !eant to *ro=ide *"%sical addressin on t"e network. Because !ulti*le loical de=ices can
e;ist in a sinle *"%sical de=ice? it is necessar% to correctl% identif% t"e source and(or destination *rocess or
loical entit% w"en trans!ittin or recei=in data. In co!!unication wit" t"e IS)N switc"? an identifier
!ust be issued b% t"e switc". T"is is known as a Ter!inal End*oint Identifier 7TEI8. T"e ser=ice *ro=ider
CCNA
"as t"e o*tion of creatin a s*ecific *rofile for %our i!*le!entation. S"ould t"is be t"e case? t"e ser=ice
*ro=ider will assin a S'I) for eac" of %our bearer c"annels. T"e use of S'I)s is o*tional.
J Ter!inal End*oint Identifier 7TEIs8 A ter!inal end*oint can be an% IS)N3ca*able de=ice attac"ed to an
IS)N network. T"e TEI is a nu!ber between 9 and 1&0? w"ere 93/+ is used for static TEI assin!ent? /,31&/
are used for d%na!ic assin!ent? and 1&0 is used for rou* assin!ents. T"e TEI *ro=ides t"e *"%sical
identifier? and t"e ser=ice access *oint identifier 7SA'I8 carries t"e loical identifier. In Nort" A!erica? La%er 1
and La%er & are acti=ated at all ti!es. In Euro*e? t"e acti=ation does not occur until t"e call setu* is sent. T"is
dela% conser=es switc" resources.
J Ser=ice 'rofile Identifiers 7S'I)s8 are anot"er ke% *art of t"e IS)N B#I La%er &. T"e% are used onl%
in B#I i!*le!entations. T"e S'I) s*ecifies t"e ser=ices to w"ic" %ou are entitled fro! t"e switc" and
defines t"e feature set t"at %ou ordered w"en t"e IS)N ser=ice was *ro=isioned. T"e S'I) is a series of
c"aracters !anuall% entered into t"e routerIs confiuration to identif% t"e router to t"e switc". T"is is
different fro! t"e TEI. T"e TEI address is d%na!icall% assined. T"e S'I) is staticall% assined to t"e
router based on infor!ation *ro=ided b% t"e ser=ice *ro=ider. If needed? two S'I)s are confiured? one
for eac" c"annel of t"e B#I. 5suall%? t"e S'I) includes t"e ten3diit *"one nu!ber of eac" B c"annel
followed b% four additional diits assined b% t"e ser=ice *ro=ider. S'I) re6uire!ents are de*endent on
bot" t"e software re=ision and t"e switc". $an% switc" !anufacturers are !o=in awa% fro! S'I)s? as
t"e% "a=e alread% done in Euro*e. S'I)s are re6uired onl% in t"e 5.S.? and t"en are used onl% b% certain
switc"es.
0.&.+.+ IS)N La%er +
IS)N La%er + does not i!*ose t"e use of an% network la%er *rotocol for t"e B c"annels. T"e use of t"e )
c"annel is defined in <.@+1 and s*ecified in IT5 I.,.1 and <.@+1 E <.@+&. <.@+1 is used between t"e TE
and t"e local IS)N switc". Inside t"e IS)N network? t"e Sinalin S%ste! 0 7SS08 Internal Sinalin
5tilit% 'rotocol 7IS5'8 is used. Link Access 'rocedure on t"e ) c"annel 7LA')8 is t"e IS)N data link
la%er *rotocol for t"e ) c"annel. T"e data link *rotocol for t"e B c"annel? "owe=er? can be an% of t"e
a=ailable *rotocols because t"e infor!ation can be *assed trans*arentl% to t"e re!ote *art%. 4)LC? '''? or
Fra!e #ela% enca*sulations can be used to *ass data o=er t"e B c"annel. LA') is t"e data link la%er
*rotocol for t"e ) c"annel. It defines t"e fra!in c"aracteristics for *a%load trans!ission.
0.&., B#I Function -rou*s and #eference 'oints
IS)N uses t"e ter! function rou* to refer to a set of functions t"at a *iece of "ardware or software !ust
*erfor! to su**ort custo!er *re!ises e6ui*!ent 7C'E8. T"e IT5 "as defined se=eral different function
rou*s? *ro=idin se=eral different IS)N o*tions for custo!ers. T"ese function rou*s include:
J Ter!inal E6ui*!ent 1 7TE18? w"ic" is IS)N3ca*able four3wire cable t"at understands sinallin and
&BE).
J Ter!inal E6ui*!ent & 7TE&8? w"ic" is e6ui*!ent t"at does not "a=e IS)N awareness and t"us does
not understand IS)N *rotocols and s*ecifications.
J Ter!inal Ada*ter 7TA8? w"ic" can be t"ou"t of as TE1 function rou* on be"alf of a TE&.
J Network Ter!ination T%*e 1 7NT18? w"ic" is C'E e6ui*!ent in Nort" A!erica.
J Network Ter!ination T%*e & 7NT&8? w"ic" is found bot" inside and outside Nort" A!erica. Inside Nort"
A!erica.
J NT1(NT&? w"ic" is a co!bination of NT1 and NT& in t"e sa!e de=ice. T"is is relati=el% co!!on inside Nort"
A!erica.
T"ese function rou*s !i"t be i!*le!ented b% se*arate *roducts fro! different =endors. T"erefore t"e
IT5 "as e;*licitl% defined t"e interfaces between t"e de=ices t"at *erfor! eac" function. T"e ter!
reference *oint is used to refer to t"is interface between two function rou*s. T"e =arious reference *oints
are:
CCNA
J A 5 reference *oint? w"ic" is used b% a NT1 to connect to t"e tele*"one co!*an%.
J A S reference *oint? w"ic" is used b% a TE1 to connect to ot"er de=icesG a TAG a NT1 to connect to
ot"er C'EG and a NT& to connect to ot"er C'E.
J A T reference *oint? w"ic" is used b% a NT1 to connect to ot"er C'EG and a NT& to connect to t"e
tele*"one co!*an% outside Nort" A!erica or to a NT1 inside Nort" A!erica.
J A # reference *oint? w"ic" is used b% a TE& to connect to a TA.
Note: T"ese function rou*s and reference *oints are onl% defined for B#I. 2"en
t"e IT5 *lanned for !ulti*le i!*le!entation o*tions? B#I was to be installed w"en
connectin to consu!ers w"ile '#I was seen as a ser=ice for businesses.
0.&.. Encodin and Fra!in
La%er 1 includes s*ecifications for encodin and fra!in. 2it"out t"ese s*ecifications? t"e de=ices attac"ed
to t"e network would not know "ow to send and recei=e bits across t"e !ediu!. Aou need to be aware of
encodin and fra!in at La%er 1 w"en confiurin an IS)N '#I? because %ou need to *ick between two
o*tions for eac" w"en confiurin a '#I on a Cisco router. IS)N B#I uses a sinle encodin sc"e!e and a
sinle o*tion for fra!in. Because of t"is? t"ere are no confiuration o*tions for eit"er fra!in or encodin
in a router.
IS)N '#I in Nort" A!erica is based on a diital T1 circuit. T1 circuits use two different encodin sc"e!es:
Alternate $ark In=ersion 7A$I8 and Binar% 1 wit" Hero Substitution 7B1HS8. Aou will confiure one
or t"e ot"er for a '#IG all %ou need to do is !ake t"e router confiuration !atc" w"at t"e tele*"one
co!*an% is usin. For '#I circuits in Euro*e? Australia? and ot"er *arts of t"e world t"at use E1s? t"e onl% c"oice
for line codin is 4i"3)ensit% Bi*olar + 74)B+8.
Fra!in? at IS)N La%er 1? defines "ow a de=ice decides w"ic" bits are *art of w"ic" c"annel. As wit"
encodin? '#I fra!in is based on t"e underl%in T1 or E1 s*ecifications. T"e two T1 fra!in o*tions
define &, /,3kb*s )S9 c"annels as well as an 13kb*s !anae!ent c"annel used b% t"e tele*"one co!*an%.
T"is i=es %ou a total s*eed of 1..,, $b*s reardless of w"ic" fra!in !et"ods are used. 2it" E1s?
fra!in defines +& /,3kb*s c"annels? for a total of &.9,1 $b*s? reardless of t"e t%*e of fra!in used.
T"e two o*tions for fra!in on T1s are E;tended Su*er Fra!e 7ESF8 and Su*er Fra!e 7SF8. In !ost
cases T1s use t"e newer ESF. For E1s? t"e line uses C#C3, fra!in or t"e oriinal line fra!in defined for
E1s.
As soon as t"e fra!in details are known? t"e '#I can assin so!e c"annels as B c"annels and one c"annel
as t"e ) c"annel. For '#Is based on T1s? t"e first &+ )S9 c"annels are t"e B c"annels? and t"e last )S9
c"annel is t"e ) c"annel? i=in %ou &+BE). 2it" '#Is based on E1 circuits? t"e ) c"annel is c"annel 1..
T"e c"annels are counted fro! 9 to +1. C"annel +1 is una=ailable because it is used for fra!in o=er"ead.
T"is lea=es c"annels 9 t"rou" 1, and 1/ t"rou" +9 as t"e B c"annels? w"ic" results in a total of +9BE).
0.&./ )ial3on3)e!and #outin 7))#8
)ial3on3de!and routin 7))#8 is a feature a=ailable on IS)N3ca*able Cisco routers. It was created to
enable users to sa=e !one% on usae3based IS)N. 5se3based IS)N occurs w"en c"ares are assessed for
e=er% !inute of IS)N circuit connect ti!e. In suc" en=iron!ents? t"e connection s"ould be down durin no or
low3=olu!e traffic ti!es. ))# *ro=ides t"at ca*abilit% and offers a wide arra% of co!!ands and
confiuration =ariations. T"e confiuration tasks for i!*le!entin basic ))# are as follows:
J T"e tele*"one co!*an% *ro=ides t"e t%*e of switc" to w"ic" %ou are connectin. $anufacturers of
IS)N central office switc"es? or local e;c"ane e6ui*!ent? di=ide t"e local e;c"ane into two functions:
local ter!ination and e;c"ane ter!ination. T"e local ter!ination function *ri!aril% deals wit" t"e
trans!ission facilit% and ter!ination of t"e local loo*. T"e e;c"ane ter!ination function deals wit" t"e
switc"in *ortion of t"e local e;c"ane. To function? t"e switc" t%*e !ust be s*ecified on t"e router.
CCNA
Aou can use t"e isdn switc"3t%*e co!!and to confiure t"e router for t"e t%*e of switc" to w"ic" t"e
router connects. Aour tele*"one co!*an% will infor! %ou about t"e t%*e of switc" t"at %our router will
connect to.
J T"e confiuration of ))# de*ends on "ow t"e traffic t%*es t"at cause a call setu* to occur are triered. T"is
traffic is known as interestin traffic. CiscoIs i!*le!entation of ))# allows for as !uc" or as
little s*ecificit% of interestin traffic as is dee!ed necessar%G interestin traffic is defined b% t"e creation of
dialer3lists t"at can s*ecif% t"at an entire *rotocol suite? no !atter t"e le=el of traffic? can trier a
call setu*. )ialer3lists can be associated wit" standard or e;tended access lists to be s*ecific to =arious
traffic t%*es. #at"er t"an associatin an access list wit" an interface? it is associated wit" a dialer3list. To define
s*ecific traffic t%*es as interestin traffic? %ou s"ould use access lists. An% t%*e of access list can be
i!*le!ented in definin interestin traffic.
J In t"e ))# !odel? d%na!ic routin *rotocol u*dates do not !o=e across t"e link? so it is i!*ortant t"at static
routes be used in *lace of d%na!ic u*dates. To *ro=ide bi3directional reac"abilit% between t"e two sites in t"e
absence of routin *rotocol traffic? static routes s"ould be confiured at bot" t"e local and
re!ote routers. An% I' traffic t"at needs to cross t"e link s"ould be defined as interestin and will trier a
call setu*. Once a call "as been establis"ed? an% t%*e of traffic t"at "as been confiured on t"e B#I
interface tra=erses t"e link freel%? includin routin u*dates. If t"e I' network on w"ic" t"e B#I
interface e;ists is included in t"e routin *rotocol confiuration and t"e B#I interface is not s*ecified as
*assi=e? routin u*dates can flow across t"e link w"ile it is acti=e. Once static routes "a=e been s*ecified? it
is i!*ortant to !ake t"e B#I interfaces *assi=e.
J IS)N installations are ca*able of e!*lo%in 4)LC or ''' enca*sulation. ''' is !ost often used. It
offers t"e use of a sinle B c"annel or t"e co!bination of t"e two B c"annels in a sinle areate *i*e.
It enables %ou to decide w"en a connection s"ould be dialed? w"en an additional c"annel s"ould be
brou"t u* and used? w"en to disconnect t"e call? and ot"er o*tions t"at are discussed in t"e ne;t cou*le
of sections. To establis" co!!unications o=er an IS)N link? eac" end of t"e ''' link !ust first send
Link Control 'rotocol 7LC'8 *ackets to confiure and test t"e data link. After t"e link "as been
establis"ed and o*tional facilities "a=e been neotiated as needed? ''' !ust send Network Control
'rotocol 7NC'8 *ackets to c"oose and confiure one or !ore network3la%er *rotocols. Once eac" of t"e
c"osen network la%er *rotocols "as been confiured? datara!s fro! eac" network la%er *rotocol can be
sent o=er t"e link. T"e link re!ains confiured for co!!unications until e;*licit LC' or NC' *ackets
close t"e link down? or until so!e e;ternal e=ent occurs. Functionall%? ''' is si!*l% a *at"wa% o*ened
for !ulti*le *rotocols to s"are si!ultaneousl%. T"e call setu* is initiated b% interestin traffic as defined
usin access lists and ter!inated b% an e;ternal e=ent? suc" as !anual clearin or idle ti!er e;*iration.
An% interestin traffic t"at tra=erses t"e link resets t"e idle ti!erG non3interestin traffic does not.
J Once t"e enca*sulation "as been decided u*on? %ou !ust a**l% a *rotocol addressin sc"e!e. Aou can
confiure ))# wit" an% routable *rotocol. Eac" *rotocol t"at !ust *ass across t"e link !ust "a=e a
confiured address. For I' i!*le!entations? %ou !ust su**l% an I' address and subnet !ask to t"e
interface. T"e *rotocol addressin sc"e!e s"ould be decided u*on well in ad=ance of an% de*lo%!ent of
an% networkin tec"nolo%. In I'D i!*le!entations? %ou !ust a**l% an I'D network nu!ber to t"e B#I
interface. T"e "ost *ortion of t"e address is "ard3coded in t"e lobal confiuration or is taken fro! t"e
Burned In Address 7BIA8 of t"e lowest nu!bered LAN interface 7t"at is? Et"ernet 98. 2"en I'D
routin is enabled and I'D network nu!bers are confiured on interfaces? t"e I'D #I' and t"e SA'
*rotocols are auto!aticall% enabled for t"ose interfaces. I'D #I' and SA' are broadcast3based u*dates
for routin table infor!ation and No=ell Net2are ser=ice *ro*aation? res*ecti=el%. T"ese broadcasts
are on inde*endent /93second ti!ers. Aou !i"t or !i"t not wis" for t"is traffic to o across %our
IS)N link. To a=oid t"is traffic? %ou can si!*l% not include #I' and SA' in %our interestin traffic
CCNA
definitions. T"is is acco!*lis"ed b% i!*le!entin I'D access lists to filter out #I' and SA'. T"e access
lists are t"en associated wit" t"e dialer list definin interestin traffic. At t"is *oint? #I' and SA' o across
t"e link onl% as lon as t"e link is u* because of t"e transfer traffic t"at fits t"e interestin
*ara!eters. Aou can also define I'D static routes and static SA' entries.
J T"e *ur*ose of ))# is to brin down t"e IS)N link w"en t"e traffic =olu!e is low or idle. 4owe=er? at ti!es?
t"e traffic =olu!e can si!*l% be in a s"ort lull. To a=oid t"e link co!in down w"en traffic flow ceases and t"en
bein forced to redial? use t"e dialer idle3ti!eout co!!and. E;ecutin t"is
co!!and dictates t"at w"en traffic defined as interestin "as ceased to flow across t"e link for t"e
s*ecified *eriod of ti!e? t"e link can be brou"t down.
0.&.0 IS)N Confiuration for ))#
Aou can confiure ))# in se=eral wa%s? includin Leac% ))# and ))# dialer *rofiles. T"e !ain
difference between t"e two is t"at Leac% ))# associates dial details wit" a *"%sical interface? w"ic" ))#
dialer *rofiles do not do. T"e latter allows a reat deree of fle;ibilit%.
0.&.0.1 Confiurin Leac% ))#
T"e *rocess of Leac% ))# works in four ste*s:
1. #oute *ackets out t"e interface to be dialedG
&. )eter!ine t"e subset of t"e *ackets t"at trier t"e dialin *rocessG
+. )ial 7sinal8G and
,. )eter!ine w"en t"e connection is ter!inated.
To bein t"e *rocess of buildin a Leac% ))# confiuration? I' routes are added to t"e confiuration so
t"at *ackets can be directed out t"e B#I. T"is can be acco!*lis"ed b% usin t"e i* route co!!and. Aou
!ust t"en define t"e Leac% ))# loic re6uired to deter!ine w"en to dial a circuit. T"is is t%*icall% called
trierin t"e dial. #outin *ackets out t"e interface to be dialed does not necessaril% cause t"e dial to
occur. T"e Cisco IOS software re6uires t"at %ou define a subset of t"e *ackets routed out t"e interface to
actuall% cause t"e route to dial. T"is re6uires t"at %ou define w"ic" *ackets can cause t"e de=ice to dial.
Cisco calls t"ese *ackets interestin *ackets. T"ere are two !et"ods t"at can be used to define interestin
*ackets. In t"e first !et"od? interestin is defined as all *ackets of one or !ore La%er + *rotocols. T"e
second !et"od allows %ou to define *ackets as interestin if t"e% are *er!itted b% an access control list
7ACL8. Access control lists? w"ic" are discussed in !ore detail in Section 1? consider t"e *ackets eit"er
*er!itted or denied. 2it" ))#? if t"e access list *er!its t"e *acket? it is considered interestin. Aou can use t"e
dialer3rou* subco!!and to deter!ine w"at is interestin. T"is subco!!and refers to a dialerlist?
w"ic" can refer to eit"er an entire *rotocol suite or an access list.
Before t"e router can dial? or sinal? to set u* a call %ou !ust confiure it wit" t"e tele*"one nu!ber of t"e
ot"er router. Aou can use t"e dialer strin Wtele*"oneNnu!berX co!!and can be used to tell t"e
router w"ic" tele*"one nu!ber to dial. T"e sinallin occurs on t"e B#IIs ) c"annel usin <.@+1 sinallin.
2"en t"ere is onl% one site to dial? %ou can confiure a sinle dial strin. 4owe=er? w"en %ou "a=e !ulti*le
re!ote sites? t"e router needs to know eac" siteIs tele*"one nu!ber and w"ic" tele*"one nu!ber to use
w"en callin eac" site. Leac% ))# links t"e nu!ber to be dialed to t"e route t"at was used to route t"e
*acket out t"e interface. T"us? all t"at is needed is a !a**in between t"e ne;t3"o* addresses and t"eir
res*ecti=e IS)N tele*"one nu!bers. T"is is acco!*lis"ed b% usin t"e dialer !a* co!!and.
T"e router kee*s an idle ti!er? w"ic" counts t"e ti!e since t"e last interestin *acket went across t"e link. It
uses t"is idle ti!er to deter!ine w"en to take down t"e link. If no interestin traffic "a**ens for t"e nu!ber
of seconds defined b% t"e idle ti!er? t"e router takes t"e link down. T"ere are two idle ti!ers t"at !ust be
set: t"e dialer idle3ti!eout WsecondsX co!!and can be used to set t"e idle ti!e? but if t"e router
wants to dial ot"er sites based on recei=in interestin traffic for t"ose sites? and all t"e B c"annels are in use?
anot"er s"orter idle ti!er can be used. T"e dialer fast3idle WsecondsX co!!and lets %ou confiure a
CCNA
t%*icall% lower nu!ber t"an t"e idle ti!er so t"at w"en ot"er sites need to be dialed? t"e link t"at is
currentl% u* can be brou"t down !ore 6uickl%.
In addition to t"ese co!!ands? t"e Cisco IOS also e;*ects %ou to define t"e t%*e of IS)N switc" to w"ic"
t"e router is connected. Aou can use t"e isdn switc"3t%*e co!!and eit"er as a lobal co!!and or wit" an
interface subco!!and to confiure t"is. T"e t%*es of IS)N switc"es include:
J basic3net+? w"ic" is t%*icall% found in Australia? and Euro*e? includin t"e 5BG
J =n+? w"ic" is t%*icall% found in FranceG
J ntt? w"ic" is t%*icall% found in Fa*anG
J basic3.ess? basic3d!s199 and basic3ni1? all of w"ic" are t%*icall% found in Nort" A!erica.
Aou !i"t need to confiure t"e Ser=ice 'rofile Identifier 7S'I)8 for one or bot" B c"annels? de*endin
on t"e switc"Is e;*ectations. 2"en t"e tele*"one co!*an%Is switc" "as confiured S'I)s? it !i"t not
allow t"e B#I line to work unless t"e router announces t"e correct S'I) =alues to t"e switc". S'I)s? w"en
used? *ro=ide a basic aut"entication feature. If %our ser=ice *ro=ider tells %ou it uses S'I)s? %ou s"ould
confiure t"e!? or sinallin will not work. T"e isdn s*idWB#INidentifierX co!!and defines t"e
S'I)s for t"e B c"annel.
0.&.0.& Confiurin ))# wit" )ialer 'rofiles
T"e confiuration for Leac% ))# re6uires a route to *oint *ackets out a *articular *"%sical interface. As
soon as t"e *ackets are routed out t"e interface? ))# loic can decide if t"e *acket is interestin. If it is
interestin? ))# loic causes t"e dial to occur.
2it" Leac% ))#? t"ere is no wa% to su**ort a sinle set of re!ote sites t"rou" confiuration usin
!ulti*le different B#Is or '#Is in a sinle router. 2"en %ou "a=e !ulti*le B#Is or '#Is? Leac% ))#
allows %ou to dial onl% one set of sites usin one interface and anot"er set of sites wit" t"e ot"er. In ot"er
words? wit" Leac% ))#? t"e static routes used b% ))# can direct *ackets out a sinle *"%sical B#I
interface so t"at onl% a sinle B#I can be used to reac" an indi=idual re!ote site. )ialer *rofiles o=erco!e
t"is *roble! wit" Leac% ))# usin a sli"tl% different st%le of ))# confiuration. )ialer *rofiles *ool
t"e *"%sical interfaces so t"at t"e router si!*l% uses an a=ailable B c"annel on an% of t"e B#Is or '#Is in
t"e *ool.
))# dialer *rofiles are a different st%le of confiuration for ))#. T"is st%le of confiuration !o=es !ost
of t"e ))# interface confiuration to a =irtual interface called a dialer interface. Eac" *"%sical B#I or '#I
interface can be included in a *ool of a=ailable *"%sical IS)N interfaces. ))# loic relies on t"e routin of
*ackets out t"e dialer interface. If a *acket is interestin? ))# *icks an interface fro! t"e *ool o=er w"ic"
to *lace t"e actual call. T"e confiuration for dialer *rofiles is =er% si!ilar to Leac% ))# confiuration:
T"e i* route co!!and is aain used to add I' routes to t"e router so t"at *ackets can be directed out t"e
B#I. Si!ilarl%? t"e access3list co!!and defines t"e interestin loic and t"e dialer3list co!!and
refers to t"ose ACLs to define w"at is interestin and w"at is not.
T"e new co!!ands: t"e interface dialer and dialer *ool W=alueX co!!and creates t"e =irtual dialer
interface and tells t"e router to look for an% IS)N interface in t"e s*ecified dialer *ool to actuall% *lace t"e
call.
0.&.1 $ultilink '''
$ultilink ''' is a non3*ro*rietar% s*ecification t"at enables t"e bandwidt" areation of !ulti*le B
c"annels into one loical *i*e? *ro=idin load3balancin functionalit% o=er !ulti*le wide area network
72AN8 links? w"ile *ro=idin *acket fra!entation and *ro*er se6uencin? and load calculation on bot"
inbound and outbound traffic. $ultilink ''' enables *ackets to be fra!ented and t"e fra!ents to be sent
7at t"e sa!e ti!e8 o=er !ulti*le *oint3to3*oint links to t"e sa!e re!ote address. As wit" BO)? t"e !ulti*le
links co!e u* in res*onse to a dialer load3t"res"old co!!and. T"e load can be calculated on inbound
traffic or outbound traffic as needed for t"e traffic between t"e s*ecific sites. $ultilink ''' *ro=ides
CCNA
bandwidt" on de!and and reduces trans!ission latenc% across 2AN links. Also? as in BO)? a router
runnin $ultilink ''' recalculates t"e load e=er% fi=e !inutes. Aou can use a s"ow interface co!!and to
see t"e current load of t"e interface.
T"ere are so!e troubles"ootin co!!ands a=ailable to resol=e an% issues wit" ''' and $ultilink '''
connections. T"ese co!!ands include:
J s"ow *** !ultilink? w"ic" dis*la%s t"e current status of $ultilink ''' sessions.
J s"ow dialer? w"ic" dis*la%s acti=e calls and status infor!ation.
J debu *** !ultilink? w"ic" !onitors t"e ''' connect *"ase.
J debu dialer? w"ic" is one of t"e best tools to use in fiurin out w"at traffic is atte!*tin to tra=erse t"e
IS)N link.
0.+ Fra!e #ela%
Fra!e #ela% is a connection3oriented? La%er & 2AN connection tec"nolo%. It o*erates at s*eeds fro! ./ k*bs
to ,. $b*s. It is =er% fle;ible and offers a wide arra% of de*lo%!ent o*tions. Fra!e #ela% o*erates b%
statisticall% !ulti*le;in !ulti*le data strea!s o=er a sinle *"%sical link. Eac" data strea! is known as a
=irtual circuit 7:C8. Fra!e #ela% :Cs co!e in two t%*es: 'er!anent :irtual Circuits 7':Cs8 and
Switc"ed :irtual Circuits 7S:Cs8.
Eac" :C is taed wit" an identifier to kee* it uni6ue. T"e identifier? known as a )ata Link Connection
Identifier 7)LCI8? is deter!ined on a *er3le basis durin t"e trans!ission. It !ust be uni6ue and areed u*on
b% two adCacent Fra!e #ela% de=ices. As lon as t"e two aree? t"e =alue can be an% =alid nu!ber? and
t"e nu!ber does not "a=e to be t"e sa!e end to end. :alid )LCI nu!bers are 1/31990. For )LCI *ur*oses?
931. and 1991319&+ are reser=ed. T"e )LCI also defines t"e loical connection between t"e Fra!e #ela%
7F#8 switc" and t"e custo!er *re!ises e6ui*!ent 7C'E8.
Fra!e #ela% de=ices fall into two *ossible roles? data ter!inal e6ui*!ent 7)TE8 or data circuitter!inatin
e6ui*!ent 7)CE8. T"e )TE()CE relations"i* is a La%er & 7data link8 la%er relations"i*. )TE
and )CE relations"i*s are nor!all% electrical. T"e )TE()CE relations"i* at La%er 1 is inde*endent of t"at
at La%er &.
J )TEs are enerall% considered to be ter!inatin e6ui*!ent for a s*ecific network and are located at t"e
custo!er *re!ises.
J )CEs are carrier3owned internetworkin de=ices. )CE e6ui*!ent *ro=ides clockin and switc"in
ser=ices in a networkG t"e% are t"e de=ices t"at actuall% trans!it data t"rou" t"e 2AN. In !ost cases? t"e
de=ices are *acket switc"es.
Local $anae!ent Interface 7L$I8 is t"e !eans b% w"ic" Fra!e #ela% ede de=ices !aintain kee*ali=e
!essaes. T"e Fra!e #ela% switc" is res*onsible for !aintainin t"e status of t"e C'E de=ice7s8 to w"ic" it
is attac"ed. L$I is t"e co!!unication b% w"ic" t"e switc" !onitors status. L$I i!*le!ents a kee*ali=e
!ec"anis! t"at =erifies connecti=it% between )CE and )TE and t"e fact t"at data can flow. A L$I
!ulticast ca*abilit%? in conCunction wit" an L$I !ulticast addressin !ec"anis!? enables attac"ed de=ices
to learn local )LCIs as well as *ro=ide lobal? rat"er t"an local? sinificance to t"ose )LCIs. Finall%? L$I
*ro=ides a status indicator t"at is constantl% e;c"aned between router and switc". T"e L$I settin is
confiurable.
Fra!e #ela% networks *ro=ide !ore features and benefits t"an si!*le *oint3to3*oint 2AN links? but to do
t"at? Fra!e #ela% *rotocols are !ore detailed. Fra!e #ela% networks are !ultiaccess networks? w"ic" !eans
t"at !ore t"an two de=ices can attac" to t"e network? si!ilar to LANs. 4owe=er? unlike LANs? %ou cannot send
a data link la%er broadcast o=er Fra!e #ela%. T"erefore? Fra!e #ela% networks are called nonbroadcast !ulti3
access 7NB$A8 networks. Also? because Fra!e #ela% is !ultiaccess? it re6uires t"e use of an address t"at
identifies to w"ic" re!ote router eac" fra!e is addressed.
0.+.1 :irtual Circuits
CCNA
Fra!e #ela% *ro=ides sinificant ad=antaes o=er si!*l% usin *oint3to3*oint leased lines. T"e *ri!ar%
ad=antae "as to do wit" =irtual circuits 7:Cs8 w"ic" define a loical *at" between two Fra!e #ela% )TEs. T"e
:C acts like a *oint3to3*oint circuit? *ro=idin t"e abilit% to send data between two end*oints o=er a 2AN.
4owe=er? t"ere is no *"%sical circuit directl% between t"e two end*oints. :Cs s"are t"e access link and t"e
Fra!e #ela% network. Eac" :C "as a co!!itted infor!ation rate 7CI#8? w"ic" is a uarantee b% t"e *ro=ider
t"at a *articular :C ets at least t"at !uc" bandwidt". Ser=ice *ro=iders can build t"eir Fra!e
#ela% networks !ore cost3effecti=el% t"an for leased lines. T"erefore? Fra!e #ela% is !ore cost3effecti=e t"an
leased lines for connectin !an% 2AN sites.
Two t%*es of :Cs are allowed3*er!anent 7':C8 and switc"ed 7S:C8. ':Cs are *redefined b% t"e
*ro=ider? w"ile S:Cs are created d%na!icall%. A Fra!e #ela% network w"ic" includes ':Cs between eac"
*air of sites is called a full !es" Fra!e #ela% network. In suc" a network? an% two sites are connected b% a
':C. 2"en not all *airs "a=e a direct ':C? it is called a *artial !es" network. In suc" networks *ackets !ust
be forwarded t"rou" ot"er sites w"en *ackets are to be trans!itted between two sites t"at are not directl%
connected b% a ':C. T"is is t"e !aCor disad=antae of *artial !es" networks? "owe=er? *artial !es"
networks are c"ea*er because t"e *ro=ider c"ares *er :C.
Fra!e #ela% uses an address to differentiate one ':C fro! anot"er. T"is address is called a data3link
connection identifier 7)LCI8. T"e na!e is descri*ti=e: T"e address is for an OSI La%er & 7data link8 *rotocol? and
it identifies a :C? w"ic" is so!eti!es called a =irtual connection. )CLI addressin is discussed in
!ore detail in Section 0.+.+.
0.+.& L$I and Enca*sulation T%*es
T"e L$I is a definition of t"e !essaes used between t"e )TE and t"e )CE. T"e enca*sulation defines t"e
"eaders used b% a )TE to co!!unicate so!e infor!ation to t"e )TE on t"e ot"er end of a :C. T"e switc"
and its connected router care about usin t"e sa!e L$IG t"e switc" does not care about t"e enca*sulation.
T"e end*oint routers 7)TEs8 do care about t"e enca*sulation. T"e !ost i!*ortant L$I !essae relatin to
to*ics on t"e e;a! is t"e L$I status in6uir% !essae. Status !essaes *erfor! two ke% functions:
J 'erfor! a kee*ali=e function between t"e )TE and )CE. If t"e access link "as a *roble!? t"e absence of
kee*ali=e !essaes i!*lies t"at t"e link is down.
J Sinal w"et"er a ':C is acti=e or inacti=e. E=en t"ou" eac" ':C is *redefined? its status can c"ane.
An access link !i"t be u*? but one or !ore :Cs could be down. T"e router needs to know w"ic" :Cs are
u* and w"ic" are down. It learns t"at infor!ation fro! t"e switc" usin L$I status !essaes.
T"ere are t"ree L$I *rotocol o*tions are a=ailable in Cisco IOS software:
J Cisco L$I? w"ic" is a Cisco *ro*riet% solution and uses )LCI 19&+G
J ANSI L$I? w"ic" is also known as Anne; ) and uses )LCI 9G and
J <@++a? w"ic" is defined b% t"e IT5 and is also known as Anne; A.
Alt"ou" t"e difference between t"ese t"ree L$I *rotocol o*tions is sli"tG t"e% are inco!*atible wit" one
anot"er. T"erefore bot" t"e )TE and )CE on eac" end of an access link !ust use t"e sa!e L$I standard.
Confiurin t"e L$I t%*e is eas% and includes a default L$I settin? w"ic" uses t"e L$I autosense feature? in
w"ic" t"e router fiures out w"ic" L$I t%*e t"e switc" is usin. If %ou c"oose to confiure t"e L$I t%*e? it disables
t"e autosense feature. Aou can use t"e fra!e3rela% S cisco P ansi P itu T interface
subco!!and to confiure L$I t%*e.
A Fra!e #ela%3connected router enca*sulates eac" La%er + *acket inside a Fra!e #ela% "eader and trailer
before it is sent out an access link. T"e "eader and trailer are defined b% t"e Link Access 'rocedure Fra!e
Bearer Ser=ices 7LA'F8 s*ecification? IT5 <.@&&3
A. T"e s*arse LA'F fra!in *ro=ides error detection
wit" an FCS in t"e trailer? as well as t"e )LCI? )E? FECN? and BECN fields in t"e "eader.
4owe=er? t"e LA'F "eader and trailer do not identif% t"e t%*e of *rotocol? w"ic" is needed b% routers. As
CCNA
discussed in Section & and Section +? a field in t"e data3link "eader !ust define t"e t%*e of *acket t"at
follows t"e data3link "eader. If Fra!e #ela% is usin onl% t"e LA'F "eader? )TEs 7includin routers8
cannot su**ort !ulti*rotocol traffic? because t"ere is no wa% to identif% t"e t%*e of *rotocol in t"e
Infor!ation field. Two solutions were created to co!*ensate for t"e lack of a *rotocol t%*e field in t"e
standard Fra!e #ela% "eader:
J Cisco and t"ree ot"er co!*anies created an additional "eader? w"ic" co!es between t"e LA'F "eader
and t"e La%er + *acket. It includes a &3b%te 'rotocol T%*e field? wit" =alues !atc"in t"e sa!e field used
for 4)LC b% Cisco.
J #FC 1,@9? w"ic" was su*erceded b% #FC &,&0? defines a si!ilar "eader? also *laced between t"e
LA'F "eader and La%er + *acket? and includes a 'rotocol T%*e field as well as !an% ot"er o*tions. IT5 and
ANSI later incor*orated #FC 1,@9 "eaders into t"eir <.@++ Anne; E and T1./10 Anne; F
s*ecifications? res*ecti=el%.
)TEs use and react to t"e fields s*ecified b% t"ese two s*ecifications? but Fra!e #ela% switc"es inore t"e!. In
t"e confiuration? t"e enca*sulation created b% Cisco is called cisco? and t"e ot"er is called ietf.
0.+.+ )LCI Addressin
T"e )LCI is an addressin !ec"anis! used to identif% a :C so t"at w"en !ulti*le :Cs use t"e sa!e access
link t"e Fra!e #ela% switc"es know "ow to forward t"e fra!es to t"e correct re!ote sites. Two i!*ortant
features of t"e )LCI are:
J T"e Fra!e #ela% "eaders? w"ic" "a=e a sinle )LCI field? not bot" Source and )estination )LCI
fieldsG and
J T"e local sinificance of t"e )LCI? w"ic" !eans t"at t"e addresses need to be uni6ue onl% on t"e local
access link. T"is is called local addressin.
Because t"ere is onl% a sinle )LCI field in t"e Fra!e #ela% "eader? -lobal addressin can be used? !akin
)LCI addressin look like LAN addressin in conce*t. -lobal addressin is a wa% of c"oosin )LCI
nu!bers w"en *lannin a Fra!e #ela% network so t"at workin wit" )LCIs is !uc" easier.
0.+., Fra!e #ela% Confiuration
In !an% cases? t"e confiuration of Fra!e #ela% can be as si!*le as settin t"e enca*sulation and *uttin an
I' address on t"e interface. T"is enables in=erse3A#' to d%na!icall% confiure t"e )LCI and disco=er
nei"borin routers across t"e cloud. Alt"ou" basic functionalit% can be ac"ie=ed in t"is !anner? !ore
co!*le; *rocedures are necessar% for "ub and s*oke subinterface confiurations dealin wit" *oint3
to!ulti*oint
i!*le!entations. T"e confiuration of Fra!e #ela% can be acco!*lis"ed in a four ste*s? and
entails deter!inin t"e interface to be confiured? confiurin Fra!e #ela% enca*sulation? confiurin
*rotocol s*ecific *ara!eters? and confiure Fra!e #ela% c"aracteristics.
0.+.,.1 )eter!inin t"e Interface
T"e interface t"at interfaces t"e Fra!e #ela% network is t"e one t"at s"ould be confiured. Once t"e
interface "as been selected? %ou s"ould c"ane to t"e a**ro*riate interface confiuration !ode in t"e router. Aou
s"ould decide w"et"er subinterfaces s"ould be i!*le!ented. For a sinle *oint3to3*oint
i!*le!entation? it !i"t not be necessar% to use subinterfacesG "owe=er? t"is i!*le!entation does not scale. If
future sites are *lanned? it is best to use subinterfaces fro! t"e beinnin.
To create a subinterface? use t"e followin co!!and to c"ane to t"e desired interface:
interface interfaceNt%*e interfaceNnu!ber.subinterfaceNnu!ber
For e;a!*le? to create subinterface 1 on Serial 9? use t"e co!!and interface serial 9.1. Aou !ust also
deter!ine t"e nature? or cast t%*e? of t"e subinterface to be created? i.e.? decide w"et"er t"e subinterface will act
as a *oint3to3*oint connection or a *oint3to3!ulti*oint connection. If not s*ecified? t"e subinterface
defaults to a !ulti*oint connection. To s*ecif% t"e cast t%*e? add t"e ke%words *oint3to3*oint or
CCNA
!ulti*oint to t"e end of t"e *re=ious co!!and.
0.+.,.& Confiurin Fra!e #ela% Enca*sulation
To enable Fra!e #ela% on t"e interface? issue t"e enca*sulation fra!e rela% co!!and. T"e
enca*sulation of t"e interface deter!ines t"e wa% it s"ould act because eac" enca*sulation is
tec"nolo%s*ecific.
T"e enca*sulation s*ecified at t"is *oint dictates t"e La%er & fra!in c"aracteristics of t"e *acket
*assed to t"is s*ecific interface fro! La%er +. Once t"e La%er & fra!in is establis"ed? t"e resultin fra!e
can be *assed down to t"e *"%sical la%er for trans!ission.
0.+.,.+ Confiurin 'rotocol3S*ecific 'ara!eters
For eac" *rotocol to be *assed across t"e Fra!e #ela% connection? %ou !ust confiure a**ro*riate
addressin. T"is addressin !ust be *lanned in ad=ance. For *oint3to3*oint connections? eac" indi=idual
circuit s"ould "a=e its own subnetwork addressin and two a=ailable "ost addresses. For I'? eac"
subinterface is assined a se*arate and uni6ue I' subnet. For I'D? eac" subinterface !ust "a=e a uni6ue I'D
network nu!ber? and so on. As wit" an% ot"er addressin sc"e!e? eac" side of t"e link !ust "a=e a uni6ue
"ost address. For *oint3to3!ulti*oint connections? eac" subinterface also !ust "a=e uni6ue addressin.
4owe=er? a *oint3to3!ulti*oint connection can connect to !ulti*le re!ote sites. T"us? all sites s"arin t"e *oint3
to3!ulti*oint connection are !e!bers of t"e sa!e subnetwork? no !atter t"e nu!ber of connections or t"e
*rotocol. T"e cast t%*e of t"e interface also dictates t"e !anner in w"ic" )LCIs are assined to t"e Fra!e
#ela% interface. T"e ne;t section co=ers t"is to*ic in detail.
0.+.,., Confiurin Fra!e #ela% C"aracteristics
Aou !ust define s*ecific *ara!eters for Fra!e #ela% o*eration. T"e *ara!eters include L$I and )LCI
confiuration. If %ou use a *re 11.& release of IOS Software? %ou !ust s*ecif% t"e L$I t%*e t"at is bein
i!*le!ented. T"e Fra!e #ela% ser=ice *ro=ider? or ser=ice *ro=ider? s"ould *ro=ide t"e L$I infor!ation.
For IOS Software #elease 11.& and later? %ou need not confiure t"e L$I t%*e. To disable L$I co!*letel%? use
t"e no kee*ali=e co!!and to cease to trans!it and recei=e L$I. 4owe=er? kee*ali=es !ust also be
disabled at t"e switc".
Aou can now confiure address !a**in? if necessar%. In t"e case of *oint3to3*oint connections? !a**in of
*rotocol addresses to )LCIs is d%na!ic and re6uires no inter=ention. 4owe=er? if *oint3to3!ulti*oint
connections are in use? !anual !a**in is necessar%. $a**in is t"e sa!e fro! *rotocol to *rotocol and
uses t"e fra!e3rela% !a* *rotocol ne;tN"o* dlci O broadcast QO ietf P cisco Qco!!and.
'rotocols su**orted in t"e fra!e3rela% !a* co!!and include I'? I'D? A**leTalk? CLNS? )ECnet? DNS?
and :ines. T"e ne;tN"o* aru!ent in t"e co!!and re*resents t"e ne;t "o* loical address for t"e router on
t"e re!ote end of t"e connection. T"e dlci aru!ent re*resents t"e local )LCI? not t"at of t"e re!ote end.
T"e broadcast ke%word s*ecifies t"at routin u*dates tra=erse t"e network t"rou" t"is circuit. T"e final
o*tion in t"e co!!and s*ecifies w"ic" Fra!e #ela% i!*le!entation to utili>e in co!!unications wit" t"e
re!ote router. 2"en co!!unicatin wit" a Cisco de=ice on t"e re!ote side? t"e default =alue 7cisco8 can
be utili>ed. 4owe=er? w"en co!!unicatin wit" non3Cisco ear on t"e re!ote end? it can be necessar% to
s*ecif% t"at t"e IETF i!*le!entation of Fra!e #ela% be used.
0.+.,.. :erif%in Fra!e #ela% Confiuration
T"e !ost useful !et"od of =erif%in t"e Fra!e #ela% confiurations is t"rou" t"e use of t"e s"ow and
debu co!!ands. So!e of t"e !ore useful s"ow and debu co!!ands are:
J s"ow fra!e3rela% *=c is useful for =iewin t"e status of staticall% or d%na!icall% defined ':Cs. T"e out*ut
for eac" ':C is detailed. T"e out*ut also i=es infor!ation on eac" circuit t"at s*ecifies t"e recei*t or
trans!ission of FECN(BECN *ackets. FECN and BECN deal wit" conestion in t"e Fra!e #ela%
network? so ob=iousl%? a low nu!ber is *referable. T"e out*ut also details t"e nu!ber of discard eliible
7)E8 *ackets recei=ed for w"ic" a low nu!ber is better.
CCNA
J s"ow fra!e3rela% l!i allows %ou to c"eck t"e status of indi=idual ':Cs and to !onitor t"e
co!!unication status between t"e router and t"e switc". T"is co!!and s"ow s"ows t"e nu!ber of L$I
!essaes sent and recei=ed across t"e link between t"e router and t"e switc". T"e L$I t%*e can be
s*ecified differentl% for eac" interface? so t"e t%*e is s*ecified in t"e out*ut. T"is co!!and also s"ows t"e
L$I in*ut(out*ut infor!ation.
J debu fra!e3rela% l!i is *robabl% t"e !ost useful tool in =erif%in and troubles"ootin Fra!e #ela%
*roble!s. T"is co!!and !akes it *ossible to watc" t"e real3ti!e co!!unication between t"e router and t"e
switc". Eac" re6uest sent fro! t"e router to t"e switc" is noted? and t"e counter is incre!ented b% 1 wit" eac"
re6uest. L$Is sent fro! t"e switc" to t"e router b% t"e ser=ice *ro=ider are noted and also are incre!ented b%
1 wit" eac" re6uest. As lon as bot" nu!bers are reater t"an 9? t"e router s"ould be functionin nor!all%
at La%ers 1 and +.
J s"ow fra!e3rela% !a* is used to =iew t"e )LCI !a**ins t"at "a=e been created. T"e% can be static or
d%na!ic and are noted as suc" in t"e co!!and out*ut.
1. I' Access Control List Securit%
Network securit% is a crucial ele!ent of an% network strate%. Cisco routers can be used as *art of %our
network securit% strate%. T"e !ost i!*ortant tool in Cisco IOS software used as *art of t"at strate% are
Access Control Lists 7ACLs8. ACLs define rules t"at can be used to *re=ent so!e *ackets fro! flowin
t"rou" t"e network and s"ould be *art of an orani>ationIs securit% *olic%.
I' access control lists 7ACLs8 cause a router to discard so!e *ackets based on criteria t"e network enineer
defines b% !eans of filters. T"e oal of t"ese filters is to *re=ent unwanted traffic in t"e network. Access
lists.
T"ere are two !ain cateories of IOS I' ACLs:
J Standard ACLs? w"ic" use si!*ler loicG and
J E;tended ACLs? w"ic" use !ore3co!*le; loic.
1.1 Standard I' Access Control Lists
Filterin loic could be confiured on an% router and on an% of its interfaces. Cisco IOS software a**lies t"e
filterin loic of an ACL eit"er as a *acket enters an interface or as it e;its t"e interface. In ot"er words? IOS
associates an ACL wit" an interface? and s*ecificall% for traffic eit"er enterin or e;itin t"e interface. After %ou
"a=e c"osen t"e router on w"ic" %ou want to *lace t"e access list? %ou !ust c"oose t"e interface on
w"ic" to a**l% t"e access loic? as well as w"et"er to a**l% t"e loic for inbound or outbound *ackets.
T"e ke% features of Cisco ACLs are:
J 'ackets can be filtered as t"e% enter an interface? before t"e routin decision.
J 'ackets can be filtered before t"e% e;it an interface? after t"e routin decision.
J )en% is t"e ter! used in Cisco IOS software to i!*l% t"at t"e *acket will be filtered.
J 'er!it is t"e ter! used in Cisco IOS software to i!*l% t"at t"e *acket will not be filtered.
J T"e filterin loic is confiured in t"e access list.
J If a *acket does not !atc" an% of %our access list state!ents? it is blocked.
Access lists "a=e two !aCor ste*s in t"eir loic: !atc"in? w"ic" deter!ines w"et"er it !atc"es t"e
access3list state!entG and action? w"ic" can be eit"er den% or *er!it. )en% !eans to discard t"e *acket?
and *er!it i!*lies t"at t"e *acket s"ould be allowed. 4owe=er? t"e loic t"at IOS uses wit" a !ulti*le3entr% ACL
can be !uc" !ore co!*le;. -enerall%? t"e loic can be su!!ari>ed as follows:
Ste* 1: T"e !atc"in *ara!eters of t"e access3list state!ent are co!*ared to t"e *acket.
Ste* &: If a !atc" is !ade? t"e action defined in t"is access3list state!ent 7*er!it or den%8 is
*erfor!ed.
CCNA
Ste* +: If a !atc" is not !ade in Ste* &? re*eat Ste*s 1 and & usin eac" successi=e
state!ent in t"e ACL until a !atc" is !ade.
Ste* ,: If no !atc" is !ade wit" an entr% in t"e access list? t"e den% action is *erfor!ed.
1.1.1 2ildcard $asks
IOS I' ACLs !atc" *ackets b% lookin at t"e I'? TC'? and 5)' "eaders in t"e *acket. Standard I' access
lists can also e;a!ine onl% t"e source I' address. Aou can confiure t"e router to !atc" t"e entire I'
address or Cust a *art of t"e I' address. 2"en definin t"e ACL state!ents %ou can define a wildcard !ask
alon wit" t"e I' address. T"e wildcard !ask tells t"e router w"ic" *art of t"e I' address in t"e
confiuration state!ent !ust be co!*ared wit" t"e *acket "eader. T"e wildcard !asks look si!ilar to
subnet !asks? in t"at t"e% re*resent a +&3bit nu!ber. 4owe=er? t"e wildcard !askIs 9 bits tell t"e router t"at
t"ose corres*ondin bits in t"e address !ust be co!*ared w"en *erfor!in t"e !atc"in loic. T"e binar%
1s in t"e wildcard !ask tell t"e router t"at t"ose bits do not need to be co!*ared. T"us? wildcard !ask
9.9.9.9? w"ic" in binar% for! is 99999999.99999999.99999999.99999999? indicates t"at t"e entire I'
address !ust be !atc"ed? w"ile wildcard !ask 9.9.9.&..? w"ic" in binar% for! is
99999999.99999999.99999999.11111111? indicates t"at t"e first &, bits of t"e I' address !ust be !atc"ed?
and wildcard !ask 9.9.+1.&..? w"ic" in binar% for! is 99999999.99999999.99911111.11111111?
indicates t"at t"e first &, bits of t"e I' address !ust be !atc"ed.
1.1.& Standard I' Access List Confiuration
A standard access list is used to !atc" a *acket and t"en take t"e directed action. Eac" standard ACL can
!atc" all? or onl% *art? of t"e *acketIs source I' address. T"e onl% two actions taken w"en an access3list
state!ent is !atc"ed are to eit"er den% or *er!it t"e *acket. T"e confiuration co!!ands re6uired are:
J i* access3rou* Snu!ber P action Oin P outQT? in w"ic" action can be eit"er *er!it of den% and
is used to enable access listsG and
J access3class nu!ber P action Oin P outQ? w"ic" can be used to enable eit"er standard or
e;tended access lists.
T"e standard access list confiuration can be =erified usin t"e followin s"ow co!!ands:
J s"ow i* interfaceOt%*e nu!berQ? w"ic" includes a reference to t"e access lists enabled on t"e
interfaceG
J s"ow access3lists Oaccess3list3nu!ber P access3list3na!eQ? w"ic" s"ows details of
confiured access lists for all *rotocolsG and
J s"ow i* access3list Oaccess3list3nu!ber P access3list3na!eQ? w"ic" s"ows t"e access lists.
1.& E;tended I' Access Control Lists
E;tended I' access lists are si!ilar to standard I' ACLs in t"at %ou enable e;tended access lists on
interfaces for *ackets eit"er enterin or e;itin t"e interface. IOS t"en searc"es t"e list se6uentiall%. T"e first
state!ent !atc"ed sto*s t"e searc" t"rou" t"e list and defines t"e action to be taken. T"e ke% difference
between t"e e;tended ACLs and standard ACLs is t"e =ariet% of fields in t"e *acket t"at can be co!*ared for
!atc"in b% e;tended access lists. A sinle e;tended ACL state!ent can e;a!ine !ulti*le *arts of t"e *acket
"eaders? re6uirin t"at all t"e *ara!eters be !atc"ed correctl% in order to !atc" t"at one ACL
state!ent. T"at !atc"in loic is w"at !akes e;tended access lists bot" !uc" !ore useful and !uc" !ore
co!*le; t"an standard I' ACLs. Aou can confiure e;tended ACL to !atc" t"e I' *rotocol t%*e? w"ic"
identifies w"at "eader follows t"e I' "eader. Aou can s*ecif% all I' *ackets? or t"ose wit" TC' "eaders?
5)' "eaders? IC$'? etc? b% c"eckin t"e 'rotocol field. Aou can also c"eck t"e source and destination I'
addresses? as well as t"e TC' source and destination *ort nu!bers.
An e;tended access list is !ore co!*le; t"an standard access lists. T"erefore t"e confiuration co!!ands
are !ore co!*le;. T"e confiuration co!!and for e;tended access lists is:
J access3list access3list3nu!ber action *rotocol source source3wildcard destination
CCNA
destination3wildcard Olo P lo3in*utQ? w"ic" can be used to enable access listsG
1.+ Na!ed I' Access Lists
Na!ed ACLs can be used to !atc" t"e sa!e *ackets? wit" t"e sa!e *ara!eters? %ou can !atc" wit"
standard and e;tended I' ACLs. Na!ed I' ACLs do "a=e so!e differences? "owe=er. T"e !ost ob=ious
difference is t"at IOS identifies na!ed ACLs usin na!es %ou assin t"e! as o**osed to nu!bers. Na!ed
ACLs also "a=e anot"er ke% feature t"at nu!bered ACLs do not: Aou can delete indi=idual lines in a na!ed I'
access list.
In addition? two i!*ortant confiuration differences e;ist between nu!bered and na!ed access lists. One ke%
difference is t"at na!ed access lists use a lobal co!!and t"at *laces t"e user in a na!ed I' access list
sub!ode? under w"ic" t"e !atc"in and *er!it or den% loic is confiured. T"e ot"er ke% difference is t"at
w"en a na!ed !atc"in state!ent is deleted? onl% t"at one state!ent is deleted. 2it" nu!bered lists? t"e
deletion of an% state!ent in t"e list deletes all t"e state!ents in t"e list.
1., Controllin Telnet Access wit" ACLs
Access into and out of t"e =irtual ter!inal line 7=t%8 *orts of t"e Cisco IOS software can also be controlled b%
I' access lists. IOS uses =t%s to re*resent a user w"o "as Telnetted to a router? as well as for Telnet
sessions a user of a router "as created to ot"er de=ices. Aou can use ACLs to li!it t"e I' "osts t"at can
Telnet into t"e router? and %ou can also li!it t"e "osts to w"ic" a user of t"e router can Telnet.
A**endi; A: )eci!al to Binar% Con=ersion Table
)eci!al :alue Binar% :alue )eci!al :alue Binar% :alue
9 9999 9999 &0 9991 1911
1 9999 9991 &1 9991 1199
& 9999 9919 &@ 9991 1191
+ 9999 9911 +9 9991 1119
, 9999 9199 +1 9991 1111
. 9999 9191 +& 9919 9999
/ 9999 9119 ++ 9919 9991
0 9999 9111 +, 9919 9919
1 9999 1999 +. 9919 9911
@ 9999 1991 +/ 9919 9199
19 9999 1919 +0 9919 9191
11 9999 1911 +1 9919 9119
1& 9999 1199 +@ 9919 9111
1+ 9999 1191 ,9 9919 1999
1, 9999 1119 ,1 9919 1991
1. 9999 1111 ,& 9919 1919
1/ 9991 9999 ,+ 9919 1911
10 9991 9991 ,, 9919 1199
11 9991 9919 ,. 9919 1191
1@ 9991 9911 ,/ 9919 1119
&9 9991 9199 ,0 9919 1111
&1 9991 9191 ,1 9911 9999
&& 9991 9119 ,@ 9911 9991
&+ 9991 9111 .9 9911 9919
&, 9991 1999 .1 9911 9911
&. 9991 1991 .& 9911 9199
CCNA
&/ 9991 1919 .+ 9911 9191
., 9911 9119 1, 9191 9199
.. 9911 9111 1. 9191 9191
./ 9911 1999 1/ 9191 9119
.0 9911 1991 10 9191 9111
.1 9911 1919 11 9191 1999
.@ 9911 1911 1@ 9191 1991
/9 9911 1199 @9 9191 1919
/1 9911 1191 @1 9191 1911
/& 9911 1119 @& 9191 1199
/+ 9911 1111 @+ 9191 1191
/, 9199 9999 @, 9191 1119
/. 9199 9991 @. 9191 1111
// 9199 9919 @/ 9119 9999
/0 9199 9911 @0 9119 9991
/1 9199 9199 @1 9119 9919
/@ 9199 9191 @@ 9119 9911
09 9199 9119 199 9119 9199
01 9199 9111 191 9119 9191
0& 9199 1999 19& 9119 9119
0+ 9199 1991 19+ 9119 9111
0, 9199 1919 19, 9119 1999
0. 9199 1911 19. 9119 1991
0/ 9199 1199 19/ 9119 1919
00 9199 1191 190 9119 1911
01 9199 1119 191 9119 1199
0@ 9199 1111 19@ 9119 1191
19 9191 9999 119 9119 1119
11 9191 9991 111 9119 1111
1& 9191 9919 11& 9111 9999
1+ 9191 9911 11+ 9111 9991
11, 9111 9919 1,, 1991 9999
11. 9111 9911 1,. 1991 9991
11/ 9111 9199 1,/ 1991 9919
110 9111 9191 1,0 1991 9911
111 9111 9119 1,1 1991 9199
11@ 9111 9111 1,@ 1991 9191
1&9 9111 1999 1.9 1991 9119
1&1 9111 1991 1.1 1991 9111
1&& 9111 1919 1.& 1991 1999
1&+ 9111 1911 1.+ 1991 1991
1&, 9111 1199 1., 1991 1919
1&. 9111 1191 1.. 1991 1911
1&/ 9111 1119 1./ 1991 1199
1&0 9111 1111 1.0 1991 1191
1&1 1999 9999 1.1 1991 1119
CCNA
1&@ 1999 9991 1.@ 1991 1111
1+9 1999 9919 1/9 1919 9999
1+1 1999 9911 1/1 1919 9991
1+& 1999 9199 1/& 1919 9919
1++ 1999 9191 1/+ 1919 9911
1+, 1999 9119 1/, 1919 9199
1+. 1999 9111 1/. 1919 9191
1+/ 1999 1999 1// 1919 9119
1+0 1999 1991 1/0 1919 9111
1+1 1999 1919 1/1 1919 1999
1+@ 1999 1911 1/@ 1919 1991
1,9 1999 1199 109 1919 1919
1,1 1999 1191 101 1919 1911
1,& 1999 1119 10& 1919 1199
1,+ 1999 1111 10+ 1919 1191
10, 1919 1119 &9, 1199 1199
10. 1919 1111 &9. 1199 1191
10/ 1911 9999 &9/ 1199 1119
100 1911 9991 &90 1199 1111
101 1911 9919 &91 1191 9999
10@ 1911 9911 &9@ 1191 9991
119 1911 9199 &19 1191 9919
111 1911 9191 &11 1191 9911
11& 1911 9119 &1& 1191 9199
11+ 1911 9111 &1+ 1191 9191
11, 1911 1999 &1, 1191 9119
11. 1911 1991 &1. 1191 9111
11/ 1911 1919 &1/ 1191 1999
110 1911 1911 &10 1191 1991
111 1911 1199 &11 1191 1919
11@ 1911 1191 &1@ 1191 1911
1@9 1911 1119 &&9 1191 1199
1@1 1911 1111 &&1 1191 1191
1@& 1199 9999 &&& 1191 1119
1@+ 1199 9991 &&+ 1191 1111
1@, 1199 9919 &&, 1119 9999
1@. 1199 9911 &&. 1119 9991
1@/ 1199 9199 &&/ 1119 9919
1@0 1199 9191 &&0 1119 9911
1@1 1199 9119 &&1 1119 9199
1@@ 1199 9111 &&@ 1119 9191
&99 1199 1999 &+9 1119 9119
&91 1199 1991 &+1 1119 9111
&9& 1199 1919 &+& 1119 1999
&9+ 1199 1911 &++ 1119 1991
&+, 1119 1919 &,. 1111 9191
CCNA
&+. 1119 1911 &,/ 1111 9119
&+/ 1119 1199 &,0 1111 9111
&+0 1119 1191 &,1 1111 1999
&+1 1119 1119 &,@ 1111 1991
&+@ 1119 1111 &.9 1111 1919
&,9 1111 9999 &.1 1111 1911
&,1 1111 9991 &.& 1111 1199
&,& 1111 9919 &.+ 1111 1191
&,+ 1111 9911 &., 1111 1119
&,, 1111 9199 &.. 1111 1111
A**endi; B: Co!!on TC' and 5)' 'orts Assin!ents
'rotocol 'ort Ser=ice
TC' 1 tc*!u;
TC'(5)' 0 ec"o
TC'(5)' @ discard
TC' 11 s%stat
TC'(5)' 1+ da%ti!e
TC' 1. netstat
TC'(5)' 1@ c"aren
TC' &9 ft*data
TC' &1 ft*
TC' &+ telnet
TC' &. s!t*
TC'(5)' +0 ti!e
TC'(5)' ,& wins
TC' ,+ w"ois
TC' ,@ tacacs
TC'(5)' .+ do!ain
5)' /0 boot*
5)' /@ tft*
TC' 09 o*"er
TC' 0@ finer
TC' 19 "tt*
TC' 10 link
5)' 11 kerberos
TC' @. su*du*
TC' 19@ 'o*&
TC' 119 'o*+
TC'(5)' 111 sunr*c
TC' 11+ aut"
TC' 11@ nnt*
5)' 1&+ nt*
TC'(5)' 1+. loc3sr=
TC'(5)' 1+0 Nbna!e 7NetBE5I o=er TC'(I' na!e ser=ice8
5)' 1+1 nbdra! 7NetBE5I o=er TC'(I' 3 NB datara!8
CCNA
TC' 1+@ nbsess 7NetBE5I o=er TC'(I' 3 NB session8
TC' 1,+ i!a*
TC' 1,, Ne2s
5)' 1/1 sn!*
5)' 1/& sn!*tra*
5)' 100 ;d!c*
TC' 10@ b* 7Border -atewa% 'rotocol8
TC' +1@ ad 72indows &999 Acti=e )irector%8
TC' ,,+ ssl
TC' ,,. L)A'
TC' .1& e;ec
5)' .1& biff
TC' .1+ loin
5)' .1+ w"o
TC' .1, s"ell
5)' .1, s%slo
TC' .1. *rinter 7used b% l*r8
5)' .10 talk
5)' .11 ntalk
5)' .&9 route
TC' .,9 uuc*
TC' .,+ kloind
TC' @@+ i3ssl 7I$A' o=er SSL8
TC' 19&. listen
TC' 19&1 unknown
TC' 1,++ !s3s6l
TC' 10&+ ''T'C
TC' 10&. ''T'
TC'(5)' &9,@ nfs
TC' &0// listen
TC' ,1,, CI$ 7Co!*user=e Infor!ation $anaer8
TC' .1@9 AOL 7A!erica On Line =ia TC'8
TC' .../ rwd
TC' ///0 I#C 7Internet #ela% C"at8
TC' 0999 ;font
TC' 199& rci