You are on page 1of 775

2002, Cisco Systems, Inc. All rights reserved.

Networking Basics

How a LAN Is Built

www.cisco.com

1999, Cisco Systems, Inc.

Local-Area NetworkLAN
What is a LAN?
A collection of computers, printers, and other
devices that can communicate with each other in a
small area (< ~ 3000 m or 1000 feet)

What are the components?


Computers, operating system (OS),
network interface card (NIC), and hubs

How is a LAN controlled?


ProtocolsFormal descriptions of sets of rules and
conventions that govern how devices on a network
exchange information

Local-Area Networks
LANs are designed to:
Operate within a limited geographic area
Allow multi-access to high-bandwidth media
Control the network privately under local
administration
Provide full-time connectivity to local services
Connect physically adjacent devices

Network Operating System (OS)


Software that allows
communicating and sharing
of data and network
resources
Examples:
AppleTalk
NetWare
Win NT

PC or Workstation
Loaded with NOS

Network Interface Card


Amplifies electronic signals
Packages data for transmission
Physically connects computer to
transmission
media (cable)
PC or Workstation
Loaded with NOS
Connector Port

Network Interface
Card (NIC)

1990sGlobal Internetworking

19921 major backbone, 3,000 networks, 200K computers


1995Multiple backbones, hundreds of regional nets, tens of thousands
of LANs, millions of hosts, tens of millions of users

Doubling every year!

The OSI Model


OSI Layer is meant for Networking
manufacturers and developers to provide
them a standard based on which they can
make their products.
All OSI Layers are independent from each
other, which makes introducing changes
easier as no other layers are effected.
Ease of Troubleshooting.

The Layered Model

1999, Cisco Systems, Inc.

www.cisco.com

Layered Communication
Location A
I like
rabbits

L: Dutch
Ik hou
van
konijnen

Fax #:--L: Dutch


Ik hou
van
konijnen

Message

Information
for the
Remote
Translator

Information
for the
Remote
Secretary
Source: Tanenbaum, 1996

Layered Communication
Location B

Location A
I like
rabbits

L: Dutch
Ik hou
van
konijnen

Fax #:--L: Dutch


Ik hou
van
konijnen

Message

Jaime
les lapins

Information
for the
Remote
Translator

L: Dutch
Ik hou
van
konijnen

Information
for the
Remote
Secretary

Fax #:--L: Dutch


Ik hou
van
konijnen

Layered Communication
Location A
I like
rabbits

L: Dutch
Ik hou
van
konijnen

Fax #:--L: Dutch


Ik hou
van
konijnen

Layers
Message

Information
for the
remote
translator

Information
for the
remote
secretary

Location B

Jaime
les lapins

L: Dutch
Ik hou
van
konijnen

Fax #:--L: Dutch


Ik hou
van
konijnen

Why a Layered Network Model?


7

Application

Presentation

Session

Transport

Network

Data Link

Physical

Reduces complexity (one big


problem to seven smaller
ones)
Standardizes interfaces
Facilitates modular
engineering
Assures interoperable
technology
Accelerates evolution
Simplifies teaching and
learning

Devices Function at Layers

NIC Card

Application

Presentation

Session

Transport

Network

Data Link

Physical

Hub

Host Layers
7

Application

Presentation

Session

Transport
Network

Data Link

Physical

Host layers: Provide


accurate data delivery
between computers

Media Layers
7

Application

Presentation

Session

4
Transport

Network

Data Link

Physical

}
}

Host layers: Provide


accurate data delivery
between computers

Media layers: Control


physical delivery of messages
over the network

Layer Functions
7

Application

Provides network services to


application processes (such as
electronic mail, file transfer, and
terminal emulation)

Layer Functions
7

Application

Network services to applications

Presentation

Data representation
Ensures data is readable by
receiving system
Format of data
Data structures
Negotiates data transfer
syntax for application layer

Layer Functions
7

Application

Network services to applications

Presentation

Data representation

Session

Inter-host communication
Establishes, manages, and
terminates sessions between
applications

Layer Functions
7

Application

Network services to applications

Presentation

Data representation

Session

Transport

Inter-host communication
End-to-end connection reliability
Concerned with data transport
issues between hosts
Data transport reliability
Establishes, maintains, and
terminates virtual circuits
Fault detection and recovery
Information flow control

Layer Functions
7

Application

Network services to applications

Presentation

Data representation

Session

Transport

Network

Inter-host communication
End-to-end connection reliability
Addresses and best path
Provides connectivity and path
selection between two end
systems
Domain of routing

Layer Functions
7

Application

Network services to applications

Presentation

Data representation

Session

Transport

Network

Addresses and best path

Data Link

Access to media

Inter-host communication
End-to-end connection reliability

Provides reliable transfer of data


across media
Physical addressing, network
topology, error notification, flow
control

Layer Functions
7

Application

Network services to applications

Presentation

Data representation

Session

Transport

Network

Addresses and best path

Data Link

Access to media

Physical

Binary transmission
Wires, connectors, voltages,
data rates

Inter-host communication
End-to-end connection reliability

Peer-to-Peer Communications
Host A

Host B

Application

Application

Presentation

Presentation

Session

Session

Transport

Segments

Transport

Network

Packets

Network

Data Link

Frames

Data Link

Physical

Bits

Physical

Application Layer
This is where users communicate to the
computer.
This is where communication between two
users are established.
This is a point where user or application
interfaces with the protocols to gain access to
the network.
Examples are WWW, Telnet, FTP, TFTP, Email, SNMP, DNS

Presentation Layer
Tasks like Translation, Encryption, decryption,
compression, decompression are associated with
this layer.
It receives the data in native format & converts in
standard format or receives data in standard
format and converts in native format, ie. EBCDIC
to ASCII.
It is mainly responsible for how the data is to be
presented to the Application Layer.
Examples are PICT, TIFF, JPEG, MIDI, MPEG,
GIFF etc.

Presentation Layer

login:

Text
Data
ASCII
EBCDIC
Encrypted

Graphics
Visual images

Sound
MIDI

Video
MPEG
QuickTime

Provides code formatting and


conversion for applications

PICT
TIFF
JPEG
GIF

Session Layer
Session Establishment
Establishes a session between two devices before actual
transmission of data.

Dialog Control
Simplex
Half Duplex
Full Duplex

Session Layer

Simplex
Data travels only one way.
Radio transmission is the best example of this.

Half Duplex
Both way but one at a time. By default all LAN Cards (NICs)
work on Half Duplex.

Full Duplex
Both way at the same time.

Session Layer

Network File System (NFS)


Structured Query Language (SQL)
Remote-Procedure Call (RPC)
X Window System
AppleTalk Session Protocol (ASP)
DEC Session Control Protocol (SCP)

Service Request
Service Reply

Coordinates applications as
they interact on different hosts

Transport Layer

Segments upper-layer applications


Establishes an end-to-end connection
Sends segments from one end host to another
Optionally, ensures data reliability

Transport Layer
Transport Layer never actually transports the data but only
prepares for transporting.
Uses Socket to define the services running on a particular
node, the data is associated with.
Responsible for the following :
Segmentation
End-to-end Communication
Flow Control
Error Control
Multiplexing of Applications
TCP, UDP and SPX work at this layer

Socket

Socket is a software component and points to a particular service running


on a particular node.
Structure of a socket
IP Address + Port Address
Each service has a unique Port address
Max. Port Addresses can be 65,536
Port address 1-1023 is reserved for specific Services like
WWW
FTP
SMTP

80
21
25

Port Addresses are reserved for standardization purpose.

Transport Layer
Segments Upper-Layer
Applications
Application

Electronic

File

Terminal

Presentation

Mail

Transfer

Session

Session

Transport

Application
Port

Data

Application
Port

Segments

Data

Port Numbers

Application
Layer

Transport
Layer

F
T
P

T
E
L
N
E
T

S
M
T
P

D
N
S

T
F
T
P

S
N
M
P

R
I
P

21

23

25

53

69

161

520

TCP

UDP

Port
Numbers

Segmentation

This is a mechanism wherein the data is divided into multiple


segments and sent over the network.
By doing this different segments can use different links for
travelling across the network.
If one segment is lost the only segment is required to be resent and not the entire data.
Once all segments reach to the destination the received
segments have to be sequenced back, which is also done at
this layer.

Transport Layer
Sends Segments with Flow Control
Transmit
Sender

Stop

Go

Receiver

Not Ready

Buffer Full

Process
Segments

Ready
Resume Transmission

Buffer OK

Flow Control
Used while connection oriented communication
It helps to have a control on over flow of Buffer.
Advantages are:
The segments delivered are acknowledged if received
Any segment not acknowledged are retransmitted
segments are sequenced back upon their arrival
Congestion, Overloading and data loss are avoided
To achieve all this it uses the technique of Sliding window or
Windowing

Transport Layer
Establishes Connection
Sender

Receiver

Synchronize
Negotiate Connection
Synchronize
Acknowledge

Connection Established
Data Transfer
(Send Segments)

End-to-End Communication
Connection Less Transmission
UDP is used
Not reliable
Faster

Connection Oriented Transmission


TCP or SPX is used
Reliable
Slower

Connection Oriented Protocol


These protocols relies on Acknowledgement.
Positive acknowledgement means data has been
received.
Negative acknowledgement means data is lost no
further data is sent till positive acknowledgement is
received.
It is slow but Reliable.
Eg. TCP and SPX

Transport Layer
Reliability with Windowing
Window Size = 1
Send 1
Sender

Receive 1
Ack 2
Receive 2
Ack 3

Send 2

Receiver

Window Size = 3

Sender

Send 1
Send 2
Send 3
Send 4

Receive 1
Receive 2
Receive 3
Ack 4

Receiver

Transport Layer
An Acknowledgement Technique
Sender

1 2 3 4 5 6 7

Receiver

1 2 3 4 5 6 7

Send 1
Send 2
Send 3
Ack 4
Send 4
Send 5
Send 6
Ack 5
Send 5
Ack 7

Connection Less Protocol


They do not provide acknowledgement neither
sequence numbers.
It is faster but not reliable
Eg. UDP

Network Layer

It is responsible for communicating Networks


It recognizes Networks with the help of Netwok Addresses
Network Address is a logical address like IP Address or IPX Address
It is common for a group of computers
It works only with Network IDs and has got nothing to do with host Ids.
Path determination or Routing is performed at this layer.
Router works at this layer.

Network Layer: Path


Determination

Which
Which Path?
Path?

Layer 3 functions to find the best


path through the internetwork

Network Layer: Communicate


Path
5

2
4

9
6

8
10

11

3
7

Addresses represent the path of media


connections

AddressingNetwork and Node


Network

Node

1
2
3

2.1

1.2
1.3

1.1

3.1

Network addressPath part used by the router


Node addressSpecific port or device on the network

Protocol Addressing Variations


General
Example

Network

Node

TCP/IP
Example

Network

Host

10.

8.2.48

Novell IPX
Example

Network
1aceb0b.

(Mask 255.0.0.0)

Node
0000.0c00.6e25

Network Layer
Protocol Operations
X

C
C

A
A

Each router provides its services to support


upper layer functions

Routed Versus Routing Protocol


Routed protocol
used between
routers to direct
user traffic

Examples: IP, IPX,


AppleTalk
Routing protocol
used only between
routers to maintain
routing tables

Examples: RIP, IGRP, OSPF

Static Versus Dynamic Routes


Static Route
Uses a protocol route that a network
administrator enters into the router

Dynamic Route
Uses a route that a network protocol
adjusts automatically for topology or
traffic changes

Static Route Example

A
A

Point-to-point or
circuit-switched
connection

Only a single network


connection with no need
for routing updates

Fixed route to address reflects


administrators knowledge

B
B
Stub network

Adapting to Topology Change

A
A

B
B

D
D

C
C

Can an alternate route substitute


for a failed route?

Adapting to Topology Change

A
A

B
B

X
D
D

C
C

Adapting to Topology Change

A
A

B
B

X
D
D

C
C

Can an alternate route substitute


for a failed route?
YesWith dynamic routing enabled

Data Link Layer


It uniquely identifies each device in the Network.
It translates data from Network Layer into bits for the Physical
layer to transmit.
It formats the messages into Data Frames
Adds a customized header containing Source and Destination
hardware address
This layer works with Frames
This layer is logically divided in two sub-layers:
LLC (Logical Link Control)
MAC (Media Access Control)

Physical Layer

Electrical and Mechanical settings are provided at this layer.


Transmits data in the form of bits.
This layer communicates directly with actual communication media.
At this layer DCE & DTE are identified
DCE (Data Circuit-Terminating Equipment)
Located at Service Providers side

DTE (Data Terminal Equipment)


The attached device at customer Place eg. Modem

Services available to a DTE is most often accessed via a Modem or


Channel Service Unit (CSU) Data Service Unit (DSU).
HUBs & REPEATERS are working at this layer.

Max. troubleshooting occurs at this layer.

2002, Cisco Systems, Inc. All rights reserved.

DOD MODEL

The DoD

Model

The Process / Application Layer


The Host-to-Host Layer
The Internet Layer
The Network Layer

The DoD & OSI


DoD Model

OSI Model
Application

Application

Presentation
Session

Host-to-Host
Internet
Network
Access

Transport
Network
Data Link
Physical

Process/Application Layer
The Process / Application layer defines protocols
for node-to-node application communication and
also controls user-interface specification.
A vast array of protocols combine at this layer of
DoDs Model to integrate the activities and duties
of upper layer of OSI.
Examples for this layer are :
Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS
DHCP, BootP etc.

Host-to-Host Layer
The Host-to-Host layer parallels the functions of
the OSIs Transport layer
It performs the following:
Defining protocols for setting up the level of
transmission service for Applications
It tackles issues like creating reliable ene-toend communication.
It ensures the error free delivery of data
It handles packet sequencing and maintains
data integrity.

Internet Layer
Internet Layer corresponds to the OSIs Network
Layer.
It performs the following:
Designating the protocols relating to the logical
transmission of packets over the entire network.
It takes care of the addressing of hosts by
giving them an IP address.
It handles routing of packets among multiple
networks.

Network Access Layer


This layer is equivalent of the Data Link and Physical
Layer of OSI model.
It performs the following
It monitors the data exchange between the host and
the network.
Network Access Layer overseas hardware addressing
and defines protocols for the physical transmission of
the Data.
Lets have a look on how TCP/IP Protocol suit relates to
the DoD model layers.

TCP/IP Protocol Suit at DoD


TCP/IP Protocol Suit

DoD Model
Process /
Application

Telnet

FTP

LPD

SNMP

TFTP

SMTP

NFS

X Window

Host-to-Host

TCP
ICMP

Internet
Network
Access

UDP

BootP

ARP

RARP

Token
Ring

FDDI

IP
Ethernet

Fast
Ethernet

LOWER LAYERS
PROTOCOLS

Common LAN Technologies


Ethernet
Token Ring

Token
Ring

FDDI

FDDI
Dual Ring

Ethernet

1999, Cisco Systems, Inc.

www.cisco.com

Introduction
Ethernet is a methodology for accessing a media
It allows all hosts on a network to share the same bandwidth of
a link.
It is popular because :
It is easy to implement & Troubleshoot
It is easy to add new technologies like Fast Ethernet and
Gigabit Ethernet to existing infrastructure.
Ethernet uses Data Link Layer and Physical Layer
Specification
It uses something called

CSMA/CD

Ethernet Operation
A

Ethernet Operation
A

D
Application
Presentation
Session
Transport
Network
Data Link
Physical

Ethernet Operation
A

D
Application
Presentation
Session
Transport
Network
Data Link
Physical

B and C
Application
Presentation
Session
Transport
Network
Data Link
Physical

Ethernet LANs:
How do they work?
Multiple workstations
are connected to a
segment
Each station has to take
turns sending traffic
All stations listen to all
traffic on their segment
Stations can only send
data (Ethernet Frames)
when no one else is
sending

Ethernet LANs:
MAC Addresses
0000.0c12.3456

0000.1018.321a

0000.0c12.1111

Every workstation has


a Network Interface
Card (NIC)
Every NIC has a unique
MAC address
Stations use MAC
addresses to send
Ethernet Frames to a
specific station

Ethernet LANs:
Unicast Frames
0000.0c12.3456

Frame
To: 0000.0c12.3456

0000.1018.321a

0000.0c12.1111

Ethernet frames contain


the MAC address of the
station that the frame
was sent to
These are called
unicast frames
All stations receive the
Ethernet frame, but
ignore the frames that
are not addressed to
their MAC address

Ethernet LANs:
Broadcast Frames
0000.0c12.3456

Frame
To: FFFF.FFFF.FFFF

0000.1018.321a

0000.0c12.1111

Some Ethernet frames


are sent to all stations
These are called
broadcast frames
All stations process
this frame

Flow Control Mechanism


on Ethernet

Frame

Packet

CSMA/CD is the
mechanism that
regulates the segment
Each station listens for
other traffic before they
transmit

Ethernet Collisions
Collision!
Packe
Frame Packe
Frame t
t

Frame

Packet

Frame

Packet

Sometimes stations
transmit
simultaneously
Two frames on the
same segment collide
Collisions require
each station to wait
and resend

Ethernet Reliability
A

Figure 1

Figure 2

Collision

Ethernet Reliability
A

Collision

JAM

JAM

JAM

JAM

JAM

JAM

Ethernet Reliability
A

Collision

JAM

JAM

JAM

JAM

JAM

Carrier sense multiple access with


collision detection (CSMA/CD)

JAM

CSMA/CD
CSMA/CD stands for Carrier Sense Multiple Access /
Collision Detect.

It is used by all NICs in Ethernet Networking


In this method all NICs first sense whether the cable is
free or not.
If it is free the request is sent otherwise it waits.

Half Duplex Ethernet


It is defined in 802.3 Ethernet specifications
It uses only one wire pair for signals running
in both direction.
CSMA/CD is used to prevent collision.
Half Duplex typically 10base T is 50-60 %
efficient. (In CISCO views)
In a large 10 base T network you only get 3 to
4 MBPS at most.

Full Duplex

Full Duplex Ethernet uses two pairs of wires.


It uses Point-to-Point connection
There is no collision in Full Duplex
Full Duplex is suppose to offer 100%
efficiency in both direction
Means you can get 20 MBPS in 10 MBPS or
200 MBPS in Fast Ethernet running Full
Duplex.

Auto Detect Mechanism


When a Full Duplex port is powered on, it first
checks with remote end and decides whether
it can run on 10 or 100 MBPS.
Then it checks to see whether it can run Full
duplex or half duplex.

This is called Auto Detect Mechanism.

Ethernet Addressing uses MAC Address


MAC addresses are burned on every NIC
It is a 48-bit address
It is written in the same format even if different LAN
Technologies are used.

Ethernet Addressing

24 bits

Organizationally
Unique Identifier (OUI)
(Assigned by IEEE)
Ethernet Addressing using MAC Addresses

24 bits

Vender Assigned

Ethernet and IEEE 802.3

Benefits and background


Ethernet is the most popular physical layer LAN technology because it
strikes a good balance between speed, cost, and ease of installation
Supports virtually all network protocols
Xerox initiated, then joined by DEC & Intel in 1980

Revisions of Ethernet specification


Fast Ethernet (IEEE 802.3u) raises speed from 10 Mbps to 100 Mbps
Gigabit Ethernet is an extension of IEEE 802.3 which increases speeds to
1000 Mbps, or 1 Gbps

Ethernet and IEEE 802.3

Several framing variations exist for this


common LAN technology

Ethernet Frames
Frames are used at the Data Link Layer to
encapsulate packets coming down for
transmission on a type of Media Access
Types of Media Access
Contention (Ethernet)
Token Passing (Token Ring or FDDI)
We will be covering only Contention, as rest all are beyond the scope of our course.

MAC SUB-LAYER
MAC Layer - 802.3
# Bytes

Preamble Dest add Source add

0000.0C
IEEE assigned

xx.xxxx
Vendor
assigned

MAC Address

2
Length

Variable
Data

4
FCS

Ethernet II
uses Type
here and
does not use
802.2.

Preamble
It allows the receiving devices to lock the
incoming bit stream.
The Peamble is used to indicate to the
receiving station that the data portion of
the message will follow.

Destination Address (DA)


DA is used by receiving stations to determine
if an incoming packet is addressed to a
particular node.
Uses LSB (Least Significant Bit) first
Destination can be individual, multicast or
broadcast
Broadcast will be all 1s or Fs and will be sent to
all.
Multicast will be sent to the specific subnet

Source Address (SA)


SA is a 48 bit MAC Address supplied by
the transmitting device.
Broadcast and Multicast address formats
are illegal within the SA fields.
It uses LSB (Least significant bit first)

Length or Type Field


802.3 uses length field where as Ethernet frame
uses type field to identify the network layer
protocol.
802.2 can identify upper-layer protocol and must
be used with 802.3 frame.

Data
This is the packet sent down to the Data
Link Layer from the Network layer.
The size can vary from 46-1500 bytes.

Frame Check Sequence (FCS)


FCS is a field at the end of the frame that
is used to store the cyclic redundancy
check.

Data Link Layer Functions (cont.)


802.2 (SNAP)
# Bytes

1 or 2

Dest SAP Source SAP Ctrl OUI


Type
ID
AA
AA
03

OR
# Bytes

Variable

Data

802.2 (SAP)
1

1 or 2

Dest
SAP

Source
SAP

Ctrl

Preamble Dest add Source add Length

Variable

Data

Data

MAC Layer - 802.3

FCS

802.2 Frame
802.2 Frame has two new fields
DSAP (Destination Service Access Pointer)
SSAP (Source Service Access Pointer)

802.2 frame type is nothing but 802.3 frame


with LLC information
Because of the LLC information we know
what upper layer protocol is.

SNAP
Frame
The SNAP Frame has its own protocol field to identify

the upper layer protocol.


To Identify SNAP Frame:
DSAP and SSAP fields are always AA to indicate that
this is a SNAP header coming up.
it is an LLC data unit (sometimes called a Logical
Protocol Data Unit (LPDU)) of Type 1 (indicated by 03)
The SNAP header then indicates the vender via the
Organisational Unique Identifier (OUI) and the protocol
type via the Ethertype field
CISCO uses SNAP frame with their proprietary protocol
CDP (CISCO Discovery Protocol)

EXAMPLE - SNAP

In the example above we have the OUI as


00-00-00 which means that there is an Ethernet
frame, and the Ethertype of 08-00 which
indicates IP as the protocol.

ETHERNET
CABLING

Network Cabling
Media connecting network components
NIC cards take turns transmitting on the cable
LAN cables only carry one signal at a time
WAN cables can carry multiple signals
simultaneously

Three primary types of cabling


Twisted-pair (or copper)
Coaxial cable
Fiber-optic cable

Twisted-Pair (UTP and STP)


STP only:
Shielded Insulation
to Reduce EMI

Twisted-Pair

Outer Jacket

Speed and throughput:

10/100 Mbps

Relative cost:

Least costly

Media and connector size: Small


Maximum cable length:

100 m

Color-Coded
Plastic Insulation

RJ-45
Connector

Coaxial Cable
OuterJacket

Braided Copper Shielding


Plastic Insulation
Copper Conductor

BNC Connector

Speed and throughput:

10/100 Mbps

Relative cost:

More than UTP, but still low

Media and connector size:

Medium

Maximum cable length:

200/500 m

Fiber-Optic Cable
Outer Jacket

Kevlar Reinforcing
Material

Plastic
Shield

Speed and throughput:

100+ Mbps

Average cost per node:

Most expensive

Media and connector size: Small


Maximum cable length:

Up to 2 km

Glass Fiber
and Cladding

Optical Fiber
Metal cables transmit signals in the form of electric
current
Optical fiber is made of glass or plastic and transmits
signals in the form of light.
Light, a form of electromagnetic energy, travels at
300,000 Kilometers/second ( 186,000 miles/second), in
a vaccum.
The speed of the light depends on the density of the
medium through which it is traveling ( the higher
density, the slower the speed).

Ethernet Local Area Network


Ethernet was first created and implemented by a group called
DIX (Digital, Intel and Xerox).
The first Ethernet specification was modified by IEEE and
IEEE 802.3 was created.
This was a 10Mbps network running on co-axial, twisted pair
and fiber physical media.
IEEE 802.3 was further modified by IEEE only and 802.3u
(Fast Ethernet) and 802.3g (Gigabit Ethernet) was created.
802.3u and 802.3g are specified only on twisted pair and fiber
physical media.

Ethernet Protocol Names


100BaseFX
LAN
speed (bps)

Indicates type of cable


and maximum length.
If a number,
max. length = # x 100 m
Base = baseband
Broad = broadband

Cable Specification
Cables

Distance

Throughput Ethernet
Standard

Connectors

Co-axial
Thinnet

185 Mtrs. 10 MBPS

10Base2

T-connector

Co-axial
Thicknet

500 Mtrs. 100 MBPS

10Base5

AUI

Category 3

100 Mtrs. 10 MBPS

10BaseT

RJ-45

Category 5

100 Mtrs. 100 MBPS

10BaseX /
RJ-45
Fast Ethernet

UTP Connections (RJ-45)


UTP Cables have eight colored wire.
These wires are twisted into 4 pairs
Four (two pairs) carry the voltage and are
considered tip.
The more twists per inch in the wire, the less
interference.
CAT 5 & 6 have many more twists per inch than
CAT 3 UTP.

Crimping
There are two types of Crimping used with UTP cables and
RJ-45 connectors.
Straight-Through
This is used while connecting
Router to a Hub or Switch
Server to Hub or Switch
Workstation to a Hub or Switch

Crossover

This is used while connecting


Uplinks between Switches
Hubs to Switches
Hub to another Hub
Router Interface to another Router Interface

UTP Implementation
Straight-through
Cable 10BaseT/
Straight-through Cable
100BaseTx Straight-through

Hub/Switch

Pin
1
2
3
4
5
6
7
8

Label
RD+
RDTD+
NC
NC
TDNC
NC

Server/Router

Pin
1
2
3
4
5
6
7
8

Label
TD+
TDRD+
NC
NC
RDNC
NC

1
8

w g w b w o w br
g o
b br

w g w b w o w br
g o
b br

Wires on cable ends


are in same order

UTP Implementation
Crossover
Cable 10BaseT/
100BaseT Crossover
Hub/Switch
Pin
1
2
3
4
5
6
7
8

Label
RD+
RDTD+
NC
NC
TDNC
NC

Hub/Switch
Pin
1
2
3
4
5
6
7
8

Label
RD+
RDTD+
NC
NC
TDNC
NC

Crossover Cable

1
1

br w g w b w o w
br
g
o
b

w ww w
br
b
g br o b

o g

Some wires on cable


ends are crossed

CISCO MODEL

Network Structure Defined by


Hierarchy
Core Layer

Distribution
Layer

Access
Layer

118

The Three Layers are :


Core Layer
Distribution Layer
Access Layer

Core Layer Characteristics


Core Layer

Fast transport to enterprise services


No packet manipulation
120

Core Layer
Core Layer is actually the core of the network.
It is responsible for transporting large amount
of traffic reliably and quickly.
Core Layer failure affects each individual user,
hence fault tolerance becomes an issue at this
layer.
Core layer is likely to see large volume of
traffic, hence speed and latency is the driving
concerns.

There are few thing we do not want to do at


core layer but few things are recommended to
do at this layer.

Distribution Layer
Characteristics
Access Layer
Aggregation Point

Distribution Layer

Routes traffic
Broadcast/Multicast
Domains
Media Translation
Security

Possible point for remote access


122

Distribution Layer
It is sometimes also referred as workgroup layer.
It is communication point between Access Layer
and Core Layer.
Routing, Filtering & WAN Access is the Primary
function of the distribution layer.
Network policies are implemented at Distribution
Layer.
Best path is determined and request are
forwarded to Core Layer.

At Distribution Layer
We do the following:
Implementation of tools like access lists, packet
filtering etc.
Implementation of security and network policies
like address translation and firewalls
Redistribution between routing protocols, including
static routing
Routing between VLANs
Definition of Broadcast and Multicast Domains

Access Layer Characteristics

Access Layer

End station entry point to the network

125

The Access Layer


Access Layer controls users and workgroup
access to network resources.
This layer is also referred to as Desktop
Layer.
Continues access control and policies from
distribution layer
Creation of separate collision domains
(segmentation)
Workgroup connectivity into the distribution
layer

2002, Cisco Systems, Inc. All rights reserved.

UPPER LAYER PROTOCOLS

What Is TCP/IP?
A suite of protocols
Rules that dictate how packets
of information are sent across
multiple networks
Addressing
Error checking

TCP/IP Protocol
The Transmission Control Protocol/Internet Protocol
(TCP/IP) suit was created by the Department of Defense
(DoD).
The Internet Protocol can be used to communicate across
any set of interconnected networks.
TCP/IP supports both LAN and WAN communications.
IP suite includes not only Layer 3 and 4 specifications but
also specifications for common applications like e-mail,
remote login, terminal emulation and file transfer.
The TCP/IP protocol stack maps closely to the OSI model in
the lower layers.

The DoD & OSI


DoD Model

OSI Model
Application

Application

Presentation
Session

Host-to-Host
Internet
Network
Access

Transport
Network
Data Link
Physical

TCP/IP Protocol Suit at DoD


TCP/IP Protocol Suit

DoD Model
Process /
Application

Telnet

FTP

LPD

SNMP

TFTP

SMTP

NFS

X Window

Host-to-Host

TCP
ICMP

Internet
Network
Access

UDP

BootP

ARP

RARP

Token
Ring

FDDI

IP
Ethernet

Fast
Ethernet

TCP/IP Applications
Application layer
File Transfer Protocol (FTP)
Remote Login (Telnet)
E-mail (SMTP)

Transport layer
Transport Control Protocol (TCP)
User Datagram Protocol (UDP)

Network layer
Internet Protocol (IP)

Data link & physical layer


LAN Ethernet, Token Ring, FDDI, etc.
WAN Serial lines, Frame Relay, X.25, etc.

Internet Layer Overview

Internet Protocol (IP)


Application
Transport
Internet

Internet Control Message


Protocol (ICMP)
Address Resolution
Protocol (ARP)

Data-Link
Physical

Reverse Address
Resolution Protocol (RARP)

In the OSI reference model, the network layer


corresponds to the TCP/IP Internet layer.

Internet Protocol
Provides connectionless,best - effort
delivery routing of datagrams.
IP is not concerned with the content of
the datagrams.
It looks for a way to move the datagrams
to their destination.

IP Datagram
Bit
1 0
Version
(4)

Bit 15 Bit 16
Header
Length (4)

Type
of Service (8)

Total Length (16)


Flags
(3)

Identification (16)
Time-to-Live (8)

Bit 31

Protocol (8)

Fragment Offset (13)


Header Checksum (16)

Source IP Address (32)


Destination IP Address (32)
Options (0 or 32 if Any)
Data (Varies if Any)

20
Bytes

IP Datagram
Version Currently used IP version
Header Length Datagram header length
TOS Level of importance assigned by a particular upper-layer protocol
Total Length- Length of packet in bytes including Data and Header
Identification Identifies current datagram (Sequence Number)
Flags Specifies whether the packet can be fragmented or not
Fragment Offset Used to piece together datagram fragments

TTL It maintains a counter that gradually decreases, in increments, to zero


Protocol It indicates which upper-layer protocol receives incoming packets
Header Checksum Calculated checksum of the header to check its integrity
Source IP Address Sending node IP Address
Destination IP Address Receiving node IP Address
Options It allows IP to support various options like security
Data Upper layer information (maximum 64Kb)

Protocol Field
Transport
Layer

UDP

TCP
6

Internet
Layer

17

Protocol
Numbers

IP

Determines destination upper-layer protocol

Address Resolution Protocol


(ARP)
ARP works at Internet Layer of DoD Model
It is used to resolve MAC address with the help
of a known IP address.
All resolved MAC addresses are maintained in
ARP cache table is maintained.
To send a datagram this ARP cache table is
checked and if not found then a broadcast is sent
along with the IP address.
Machine with that IP address responds and the
MAC address is cached.

Address Resolution Protocol


I need the
Ethernet
address of
176.16.3.2.
172.16.3.1

172.16.3.2

IP: 172.16.3.2 = ???

Address Resolution Protocol


I need the
Ethernet
address of
176.16.3.2.

I heard that broadcast.


The message is for me.
Here is my Ethernet
address.
172.16.3.1

172.16.3.2

IP: 172.16.3.2 = ???

Address Resolution Protocol


I need the
Ethernet
address of
176.16.3.2.

I heard that broadcast.


The message is for me.
Here is my Ethernet
address.
172.16.3.1

172.16.3.2

IP: 172.16.3.2 = ???


IP: 172.16.3.2
Ethernet: 0800.0020.1111

Address Resolution Protocol


I need the
Ethernet
address of
176.16.3.2.

I heard that broadcast.


The message is for me.
Here is my Ethernet
address.
172.16.3.1

172.16.3.2

IP: 172.16.3.2 = ???


IP: 172.16.3.2
Ethernet: 0800.0020.1111

Map IP

Ethernet

RARP (Reverse ARP)

This also works at Internet Layer.


It works exactly opposite of ARP
It resolves an IP address with the help of a
known MAC addres.
DHCP is the example of an RARP
implementation.
Workstations get their IP address from a RARP
server or DHCP server with the help of RARP.

Reverse ARP
What is
my IP
address?

Ethernet: 0800.0020.1111 IP = ???

Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.

What is
my IP
address?

Ethernet: 0800.0020.1111 IP = ???

Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.

What is
my IP
address?

Ethernet: 0800.0020.1111 IP = ???


Ethernet: 0800.0020.1111
IP: 172.16.3.25

Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.

What is
my IP
address?

Ethernet: 0800.0020.1111 IP = ???


Ethernet: 0800.0020.1111
IP: 172.16.3.25

Map Ethernet

IP

Bootstrap Protocol (BootP)


BootP stands for BootStrap Protocol.
BootP is used by a diskless machine to learn the
following:
Its own IP address
The IP address and host name of a server
machine.
The boot filename of a file that is to be loaded
into memory and executed at boot-up.
BootP is an old program and is now called the
DHCP.

DHCP (Dynamic Host Configuration Protocol)


The DHCP server dynamically assigns IP address to hosts.
All types of Hardware can be used as a DHCP server, even a Cisco
Router.
BootP can also send an operating system that a host can boot
from. DHCP can not perform this function.
Following information is provided by DHCP while host registers for
an IP address:
IP Address
Subnet mask
Domain name
Default gateway (router)
DNS

Internet Control Message


Protocol
ICMP messages are carried in IP datagrams and used to send
error and control messages.
Application
Transport

Destination
Unreachable

ICMP

Echo (Ping)
Internet

Other
Data-Link
Physical

ICMP Ping

Transport Layer Overview

Application
Transport
Internet
Data-Link
Physical

Transmission Control
Protocol (TCP)

ConnectionOriented

User Datagram
Protocol (UDP)

Connectionless

Transmission Control Protocol


(TCP)
TCP works at Transport Layer
TCP is a connection oriented protocol.
TCP is responsible for breaking messages into
segments and reassembling them.
Supplies a virtual circuit between end-user
application.

TCP Segment Format


Bit 0

Bit 15 Bit 16
Source Port (16)

Bit 31
Destination Port (16)

Sequence Number (32)


Acknowledgment Number (32)
Header
Length (4)

Reserved (6) Code Bits (6)


Checksum (16)

Window (16)
Urgent (16)

Options (0 or 32 if Any)
Data (Varies)

20
Bytes

TCP Segment Format


Source port Number of the calling port
Destination Port Number of the called port
Sequence Number Number used to ensure correct sequencing of the
arriving data
Acknowledgement Number Next expected TCP octet
Header Length Length of the TCP header
Reserved Set to zero

Code Bits Control Functions (setup and termination of a session)


Window Number of octets that the sender is willing to accept
Checksum Calculated checksum of the header and data fields
Urgent Pointer Indication of the end of the urgent data
Options One option currently defined (maximum TCP segment size)
Data Upper layer protocol data

Port Numbers

Application
Layer

Transport
Layer

F
T
P

T
E
L
N
E
T

S
M
T
P

D
N
S

T
F
T
P

S
N
M
P

R
I
P

21

23

25

53

69

161

520

TCP

UDP

Port
Numbers

TCP Port Numbers


Source
Port

Destination
Port

Telnet Z
Host Z

Host A

SP

DP

1028

23

Destination port = 23.


Send packet to my
Telnet
application.

TCP Three-Way Handshake/Open


Connection
Host A

Host B

Send SYN
(seq = 100 ctl = SYN)
SYN Received
SYN Received

Established
(seq = 101 ack = 301
ctl = ack)

Send SYN, ACK 2


(seq = 300 ack = 101
ctl = syn,ack)

TCP Simple Acknowledgment


Sender

Receiver

Send 1

Receive 1
Send ACK 2

Receive ACK 2
Send 2

Receive 2
Send ACK 3

Receive ACK 3
Send 3

Receive 3
Send ACK 4

Receive ACK 4

Window Size = 1

TCP Sequence and


Acknowledgment Numbers
Source
Port

Destination
Port

I just
sent number
10

Sequence

Acknowledgment

I just got number


10, now I need
number 11.

Source Dest. Seq. Ack.


1028
23
10
1
Source Dest. Seq. Ack.
23
1028
1
11
Source Dest. Seq. Ack.

1028

23

11

2
.

TCP Windowing
Sender

Window Size = 3
Send 1

Window Size = 3

Receiver

Window Size = 3
Send 2
Window Size = 3
Send 3

Packet 3 Is
ACK 3
Window Size = 2 Dropped

Window Size = 3
Send 3
Window Size = 3
Send 4
ACK 5
Window Size = 2

UDP (User Datagram


A connectionless and
unacknowledged protocol.
Protocol)
UDP is also responsible for transmitting messages.
But no checking for segment delivery is provided.
UDP depends on upper layer protocol for reliability.
TCP and UDP uses Port no. to listen to a particular
services.

UDP Segment Format


Bit
1 0

Bit 15 Bit 16
Source Port (16)

Bit 31
Destination Port (16)

Length (16)

Checksum (16)
Data (if Any)

No sequence or acknowledgment fields

8
Bytes

UDP Segment Format


Source port Number of the calling port

Destination Port Number of the called port


Length Number of bytes, including header and data
Checksum Calculated checksum of the header and data
fields
Data Upper layer protocol data

Application Layer Overview

Application
Transport
Internet

File Transfer
- TFTP*
- FTP*
- NFS
E-Mail
- SMTP
Remote Login
- Telnet*
- rlogin*
Network Management
- SNMP*
Name Management
- DNS*

Data-Link

*Used by the Router


Physical

Telnet
Telnet is used for Terminal Emulation.
It allows a user sitting on a remote machine to
access the resources of another machine.
It allows you to transfer files from one machine to
another.
It also allows access to both directories and files.
It uses TCP for data transfer and hence slow but
reliable.

Network File System (NFS)

It is jewel of protocols specializing in file


sharing.
It allows two different types of file systems to
interoperate.

This is striped down version of FTP.


It has no directory browsing abilities.
It can only send and receive files.
It uses UDP for data transfer and hence faster
but not reliable.

LPD (Line Printer Daemon)


The Line Printer Protocol is designed for Printer
sharing.
The LPD along with the LPR (Line Printer
Program) allows print jobs to spooled and sent to
the networks printers using TCP/IP.

X Window

X-windows defines a protocol for the writing of


graphical user interface-based client/Server
application.

Simple Network Management


Protocol
SNMP enable a central management of
Network.
Using SNMP an administrator can watch the
entire network.
SNMP works with TCP/IP.
IT uses UDP for transportation of the data.

DNS (Domain Name Service)


DNS resolves FQDNs with IP address.
DNS allows you to use a domain name to
specify and IP address.
It maintains a database for IP address and
Hostnames.
On every query it checks this database and
resolves the IP.

2002, Cisco Systems, Inc. All rights reserved.

Introduction to TCP/IP
Addresses
172.18.0.1
172.18.0.2
10.13.0.0
10.13.0.1

172.16.0.1

HDR SA DA DATA

172.17.0.1

172.16.0.2

172.17.0.2

192.168.1.0
192.168.1.1

Unique addressing allows communication


between end stations.
Path choice is based on destination address.
Location is represented by an address

IPv4 Addressing
32-bit addresses
Commonly expressed in dotted
decimal format (e.g., 192.168.10.12)

Each dotted decimal is commonly


called an octet (8 bits)

IP Addressing
32 bits
Dotted
Decimal

Maximum

Network

255

255

Host

255

255

IP Addressing
32 bits
Dotted
Decimal

Network

16 17

255
24 25

32

11111111 11111111

11111111 11111111
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1

8 9

255

128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1

Binary

255

255

Maximum

Host

IP Addressing
32 bits
Dotted
Decimal

Network

16 17

255
24 25

32

11111111 11111111

11111111 11111111
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1

8 9

255

128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1

Binary

255

255

Maximum

Host

Example
172
16
122
204
Decimal
Example 10101100 00010000 01111010 11001100
Binary

IP Address Classes
8 bits

8 bits

8 bits

8 bits

Host

Host

Host

Host

Host

Class A:

Network

Class B:

Network Network

Class C:

Network Network Network

Class D:

Multicast

Class E:

Research

Host

IP AddressingClass A
10.222.135.17
Network # 10

Host # 222.135.17
Range of class A network IDs: 1126

Number of available hosts: 16,777,214

IP AddressingClass B
128.128.141.245

Network # 128.128
Host # 141.245

Range of class B network IDs:


128.1191.254
Number of available hosts: 65,534

IP AddressingClass C
192.150.12.1
Network # 192.150.12

Host # 1
Range of class C network IDs:
192.0.1223.255.254
Number of available hosts: 254

IP Network Address Classes


Class

# Networks

# Hosts

Example

126

16,777,214

01111111

00000000

00000000

00000000

16,384

65,534

10111111

11111111

00000000

00000000

2,097,152

254

11011111

11111111

11111111

00000000

Class A

35.0.0.0

Class B

128.5.0.0

Class C

132.33.33.0

Host Address Space

Network Address Space

IP Address Classes
Bits:

Class A:
Bits:

Class B:
Bits:

Class C:
Bits:

Class D:

8 9

0NNNNNNN

16 17

24 25

Host

Host

32
Host

Range (1-126)
1

8 9

10NNNNNN

16 17
Network

Range (128-191)
1
8 9
110NNNNN

Host
16 17

Network

Range (192-223)
1
8 9
1110MMMM

24 25
Host
24 25

Network
16 17

32

32
Host

24 25

32

Multicast Group Multicast Group Multicast Group

Range (224-239)

Private Addresses
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255

Determining Available Host


Addresses
Network

...

...

10101100 00010000 00000000 00000000


00000000 00000001
00000000 00000011

N
1
2
3
...

16

16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1

172

Host

11111111 11111101
11111111 11111110
11111111 11111111

65534
65535
65536
2

2N-2 = 216-2 = 65534

65534

Subnet Mask
Network
IP
Address

172

Host

16

Network
Default
Subnet
Mask

8-bit
Subnet
Mask

255

0
Host

255

11111111
11111111
00000000
00000000
Also written as /16 where 16 represents the number of 1s
in the mask.
Network
Subnet
Host

255

255

255

Also written as /24 where 24 represents the number of 1s


in the mask.

Decimal Equivalents of Bit


Patterns
128 64

32

16

128

192

224

240

248

252

254

255

Subnet Mask without Subnets


Network

Host

172.16.2.160

10101100

00010000

00000010

10100000

255.255.0.0

11111111

11111111

00000000

00000000

10101100

00010000

00000000

00000000

172

16

Network
Number

Subnets not in usethe default

Subnet Mask with Subnets


Network
172.16.2.160

Host

10101100

00010000

00000010

10100000

11111111

11111111

11111111

00000000

10101100

00010000

00000010

00000000

172

16

128
192
224
240
248
252
254
255

255.255.255.0

Subnet

Network
Number

Network number extended by eight bits

Subnet Mask with Subnets


(cont.)

255.255.255.192

Network
Number

Host

10101100

00010000

00000010

10100000

11111111

11111111

11111111

11000000

10101100

00010000

00000010

10000000
128
192
224
240
248
252
254
255

172.16.2.160

Subnet

128
192
224
240
248
252
254
255

Network

172

16

128

Network number extended by ten bits

Addressing Summary Example

172.16.2.160
255.255.255.192

172

16

10101100

00010000

160

00000010 10100000 Host

Mask
Subnet 4
Broadcast
First

Last

Addressing Summary Example

172.16.2.160
255.255.255.192

172

16

10101100

00010000

11111111

11111111

160

00000010 10100000 Host

11111111 11000000 Mask 2


Subnet
Broadcast
First

Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

11111111

11111111

00000010 10100000 Host

11111111 11000000 Mask 2


Subnet
Broadcast
First

Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

11111111

11111111

00000010 10100000 Host

11111111 11000000 Mask 2


10000000 Subnet 4
Broadcast
First

Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

11111111

11111111

00000010 10100000 Host

11111111 11000000 Mask 2


10000000 Subnet 4
10111111 Broadcast
5
First

Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

11111111

11111111

00000010 10100000 Host

11111111 11000000 Mask 2


10000000 Subnet 4
10111111 Broadcast
5
10000001 First

Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

11111111

11111111

00000010 10100000 Host

11111111 11000000 Mask 2


10000000 Subnet 4
10111111 Broadcast
5
10000001 First

10111110 Last

Addressing Summary Example


172

16

160
3

172.16.2.160
255.255.255.192

10101100

00010000

00000010 10100000 Host

11111111

11111111

11111111 11000000 Mask 2

10101100

00010000

00000010 10000000 Subnet 4

10101100

00010000

00000010 10111111 Broadcast

10101100

00010000

5
00000010 10000001 First

10101100

00010000

00000010 10111110 Last

Addressing Summary Example


172

16

160
3

10101100

00010000

255.255.255.192 11111111
8
9
172.16.2.128
10101100

11111111

11111111 11000000 Mask 2

00010000

00000010 10000000 Subnet 4

10101100

00010000

00000010 10111111 Broadcast


6
7

172.16.2.160

172.16.2.191

00000010 10100000 Host

172.16.2.129

10101100

00010000

5
00000010 10000001 First

172.16.2.190

10101100

00010000

00000010 10111110 Last

Variable-Length
Subnet Masks
2001, Cisco Systems, Inc.

3-200

What Is a Variable-Length
Subnet Mask?

HQ

172.16.0.0/16

What Is a Variable-Length
Subnet Mask? (cont.)

HQ
HQ

172.16.0.0/16

What Is a Variable-Length
Subnet Mask? (cont.)
172.16.14.32/27

172.16.14. 64/27
B

HQ
HQ

172.16.0.0/16

172.16.14.96/27
C

Subnet 172.16.14.0/24 is divided into smaller subnets:


Subnet with one mask at first (/27)

What Is a Variable-Length
Subnet Mask? (cont.)
172.16.14.32/27
A

172.16.14. 64/27
B

HQ
HQ

172.16.0.0/16

172.16.14.96/27
C

Subnet 172.16.14.0/24 is divided into smaller subnets:


Subnet with one mask at first (/27)
Then further subnet one of the unused /27 subnets into multiple /30
subnets

Calculating VLSMs
Subnetted Address: 172.16.32.0/20
In Binary 10101100. 00010000.00100000.00000000

Calculating VLSMs (cont.)


Subnetted Address: 172.16.32.0/20
In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000

Calculating VLSMs (cont.)


Subnetted Address: 172.16.32.0/20
In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000

1st subnet:

10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26


Network

Subnet VLSM
subnet

Host

Calculating VLSMs (cont.)


Subnetted Address: 172.16.32.0/20
In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000
1st subnet: 10101100 . 00010000
2nd subnet:
172
.
16
3rd subnet:
172
.
16
172
.
16
4th subnet:
172
.
16
5th subnet:
Network

.0010
.0010
.0010
.0010
.0010

0000.00
0000.01
0000.10
0000.11
0001.00

Subnet VLSM
Subnet

000000=172.16.32.0/26
000000=172.16.32.64/26
000000=172.16.32.128/26
000000=172.16.32.192/26
000000=172.16.33.0/26

Host

A Working VLSM Example


Derived from the 172.16.32.0/20 Subnet

A Working VLSM Example


(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26

172.16.32.64/26

172.16.32.128/26

172.16.32.192/26

26 bit mask
(62 hosts)

A Working VLSM Example


(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26

172.16.32.64/26

172.16.32.128/26

172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet
30 bit mask
(2 hosts)

26 bit mask
(62 hosts)

A Working VLSM Example


(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26
172.16.33.0/30

172.16.33.4/30

172.16.32.64/26

172.16.33.8/30
172.16.32.128/26

172.16.33.12/30
172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet
30-Bit Mask
(2 Hosts)

26-Bit Mask
(62 Hosts)

Route Summarization

2001, Cisco Systems, Inc.

3-213

What Is Route Summarization?


172.16.25.0/24

172.16.26.0/24

A
172.16.27.0/24

Routing table
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24

What Is Route
Summarization? (cont.)
172.16.25.0/24
I can route to the
172.16.0.0/16 network.
172.16.26.0/24

A
172.16.27.0/24

Routing Table
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24

B
Routing Table
172.16.0.0/16

Routing protocols can summarize addresses of several


networks into one address

Summarizing Within an Octet


172.16.168.0/24 = 10101100 . 00010000 . 10101 000 . 00000000
172.16.169.0/24 =

172

16

. 10101 001 .

172.16.170.0/24 =

172

16

. 10101 010 .

172.16.171.0/24 =

172

16

. 10101 011 .

172.16.172.0/24 =

172

16

. 10101 100 .

172.16.173.0/24 =

172

16

. 10101 101 .

172.16.174.0/24 =

172

16

. 10101 110 .

172.16.175.0/24 =

172

16

. 10101 111 .

Number of Common Bits = 21


Summary: 172.16.168.0/21

Noncommon
Bits = 11

Summarizing Addresses in
a VLSM-Designed Network
172.16.128.0/20

172.16.32.64/26
172.16.32.0/24
A

172.16.0.0/16

172.16.32.128/26

172.16.64.0/20

Corporate
Network

Classless
Interdomain Routing
2001, Cisco Systems, Inc.

3-218

Classless Interdomain Routing


Mechanism developed to alleviate
exhaustion of addresses and reduce
routing table size
Blocks of Class C addresses assigned
to ISPsISPs assign subsets of
address space to organizations
Blocks are summarized in routing tables

CIDR Example
192.168.8.0/24

192.168.9.0/24

192.168.9.0/24

192.168.15.0/24

192.168.8.0/21
ISP

Networks 192.168.8.0/24 through 192.168.15.0/24 are


summarized by the ISP in one advertisement
192.168.8.0/21

2002, Cisco Systems, Inc. All rights reserved.

WAN Basics

What Is a WAN?
A network that serves users across a broad
geographic area
Often uses transmission devices provided by
public carriers (Pacific Bell, AT&T, etc.)
This service is commonly referred to as plain old
telephone service (POTS)

WANs function at the lower three layers of the


OSI reference model
Physical layer, data link layer, and network layer

WAN Overview

Service
Provider

WANs connect sites


Connection requirements vary depending on
user requirements and cost

What is a
WAN?
A WAN is a data communications network that covers a relatively broad geographic
area and often uses transmission facilities provided by common carriers, such as
telephone companies. WAN technologies function at the lower three layers of the OSI
reference model: the physical layer, the data link layer, and the network layer.

WAN connection types


Point-to-Point Links or Leased Lines
Circuit Switching
Packet Switching

Point-to-Point Links or
Leased Lines

A point-to-point link is also known as a leased line because its


established path is permanent and fixed for each remote network reached
through the carrier facilities. It uses synchronous serial lines upto 45
Mbps

Leased Line

One connection per physical interface


Bandwidth: 56 kbps1.544 Mbps
Cost effective at 46 hours daily usage
Dedicated connections with predictable throughput
Permanent
Cost varies by distance

Circuit Switching

Modem

WAN

Modem

Dedicated physical circuit established, maintained, and


terminated through a carrier network for each
communication session
Datagram and data stream transmissions
Operates like a normal telephone call
Example: ISDN

Circuit Switching

Sets up line like a phone call. No data


can transfer before the end-to-end
connection is established.
Uses dial-up modems and ISDN. It is
used for low-bandwidth data transfers.

POTS Using Modem Dialup


Modem
Corporate Network
Telecommuters

Mobile
Users

Basic
Telephone
Service

Server
Modem
Access Router

Widely available
Easy to set up
Dial on demand
Asynchronous transmission
Low cost, usage-based
Lower bandwidth access requirements

Integrated Services Digital


Network (ISDN)
LAN
Server

ISDN
Telecommuter/AfterHours, Work-atHome

BRI
2B+D

BRI/PRI
23B+D
30B+D (Europe)

Company Network
High bandwidth
Up to 128 Kbps per basic rate interface
Dial on demand
Multiple channels
Fast connection time
Monthly rate plus cost-effective,
usage-based billing
Strictly digital

Packet Switching
Multiplexing

Modem

Demultiplexing

WAN

Modem

Network devices share a point-to-point link to transport


packets from a source to a destination across a carrier
network
Statistical multiplexing is used to enable devices to
share these circuits
Examples: ATM, Frame Relay, X.25

Packet Switching
WAN switching method that allows you to share
bandwidth with other companies to save money.
Think of packet switching networks as a party line. As long
as you are not constantly transmit-ting data and are instead
using bursty data transfers, packet switching can save you
a lot of money. However, if you have constant data
transfers,then you will need to get a leased line.
Frame Relay and X.25 are packet-switching technologies.
Speeds can range from 56Kbps to 2.048Mbps.

Frame Relay
Permanent, not dialup
Multiple connections per
physical interface
(permanent virtual circuits)
Efficient handling of
bursty (peak performance
period) data
Guaranteed bandwidth
(typical speeds are
56/64 Kbps, 256 Kbps,
and 1.544 Mbps)
committed information
rate (CIR)
Cost varies greatly by region

Permanent Virtual Circuit (PVC)

X.25
DTE

DTE
DCE

X.25

DCE

Very robust protocol for low-quality lines


Packet-switched
Bandwidth: 9.6 kbps64 kbps
Well-established technology;
large installed base
Worldwide availability

Asynchronous Transfer Mode


(ATM)
Technology capable of transferring voice, video, and data
through private and public networks
Uses VLSI technology to segment data,
at high speeds,
into
Data
Header
units called cells
5 bytes of header information
48 bytes of payload
53 bytes total

48

Cells contain identifiers that specify the data stream to


which they belong
Primarily used in enterprise backbones or WAN links

Cabling the WAN


Legend
FastEthernet/
Ethernet
ISDN
Dedicated
ISL
core_sw_b

ISDN Cloud

core_sw_b
core_sw_a

Leased Line/
Frame Relay

Core_
Server

WAN Physical Layer


Implementations
Physical layer implementations vary

Frame
Relay

PPP

HDLC

Cable specifications define speed of link

EIA/TIA-232
EIA/TIA-449
X.21 V.24 V.35
HSSI

ISDN BRI (with PPP)

RJ-45
NOTE: Pinouts are
different than RJ-45
used in campus

Differentiating Between WAN


Serial Connectors
Router connections

End user
device
DTE

CSU/
DSU

DCE
Service
provider

EIA/TIA-232

EIA/TIA-449

V.35

X.21

EIA-530

Network connections at the CSU/DSU

Serial Implementation of
DTE versus DCE
Data Terminal Equipment

Data Communications Equipment


End of the WAN providers
side of the communication facility
DCE is responsible for clocking

End of the users device


on the WAN link

Modem
CSU/DSU
DCE

DTE
S
S

DTE

DCE

S
S
S

DCE

DTE

WAN Terminating Equipment


Physical Cable Types

Router
To Corporate
Network

EIA/TIA-232
V.35
X.21
HSSI

WAN Provider
(Carrier) Network
Modem
Usually on the
Customers
Premises

DTE

DCE

Data Terminal Equipment

Data Circuit-Terminating Equipment

The Customers
Equipment

The Service Providers


Equipment

Serial Transmission
WAN Serial connectors use serial transmission
Serial transmission uses one bit at time over a
single channel.
Parallel transmission can use 8 bits at a time,
but all WANs use serial transmission.

Cisco Routers use a proprietary 60 pin serial


connector.

Connector at the other end of the cable will


depend on your service provider or end device
requirements.

LAN/WAN Devices

www.cisco.com

1999, Cisco Systems, Inc.

LAN/WAN Devices

Hubs
Bridges
Switches
Routers

Hub
Device that serves as the center of a
star topology network, sometimes
referred to as a multiport repeater,
no forwarding intelligence

Hubs
123

126

124

127

Hub
125

128

Amplifies signals
Propagates signals through the network
Does not filter data packets based on destination
No path determination or switching
Used as network concentration point

Hubs Operate at Physical layer

Physical

All devices in the same collision domain


All devices in the same broadcast domain
Devices share the same bandwidth

Hubs: One Collision Domain


More end stations means
more collisions

CSMA/CD is used

Bridge
Device that connects and passes
packets between two network
segments.
More intelligent than hubanalyzes
incoming packets and forwards (or
filters) them based on addressing
information.

Bridge Example
123

126

Bridge

124

127

Hub

Hub

125
128
Segment 1

Corporate Intranet

Segment 2

More intelligent than a hubcan analyze incoming packets and


forward (or filter) them based on addressing information
Collects and passes packets between two network segments
Maintains address tables

Switches
Use bridging technology to
forward traffic between ports.
Provide full dedicated data
transmission rate between two stations
that are directly connected to the switch
ports.
Build and maintain address
tables called content-addressable
memory (CAM).

SwitchingDedicated Media
Workstation

10-Mbps
UTP Cable
Dedicated

31

Switch

34

32
35
100 Mbps

33

100 Mbps

Corporate Intranet

Uses bridging technology to forward traffic (i.e.


maintains address tables, and can filter)
Provides full dedicated transmission rate between
stations that are connected to switch ports
Used in both local-area and in wide-area networking
All types availableEthernet, Token Ring, ATM

36

Switches and Bridges Operate


at Data Link Layer
Data Link

OR

Each segment has its own collision domain

All segments are in the same broadcast domain

Switches

Switch
Memory

Each segment has its


own collision domain
Broadcasts are
forwarded to all
segments

Routers

Interconnect LANs and WANs


Provide path determination using
metrics
Forward packets from one network
to another
Control broadcasts to the network

Network Layer Functions (cont.)


1.1

1.2

1.0

4.0

1.3
E0

2.1
S0

Routing Table
NET INT Metric
1
E0
0
2
S0
0
4
S0
1

2.2
S0

4.3

4.1

4.2

E0

Routing Table
NET INT Metric
1
S0
1
2
S0
0
4
E0
0

Logical addressing allows for hierarchical network


Configuration required
Uses configured information to identify paths to networks

Routers: Operate at the


Network Layer
Broadcast control
Multicast control
Optimal path
determination
Traffic management
Logical addressing

Connects to WAN
services

Using Routers to Provide


Remote Access
Modem or ISDN TA
Telecommuter

Mobile User

Branch Office
Main Office

Internet

Network Device Domains


Hub

Bridge

Switch

Router

Collision Domains:
1
4
Broadcast Domains:
1

2002, Cisco Systems, Inc. All rights reserved.

Product Selection
Considerations

Provides functionality and features you need today


Capacity and performance
Easy installation and centralized management
Provides network reliability

Investment protection in existing infrastructure


Migration path for change and growth

Seamless access for mobile users and


branch offices

Cisco Router Products


Cisco
12000 GSR
Series

Selection Issues:
Scale of the routing features needed
Port density/variety requirements
Capacity and performance
Common user interface

Cisco
1600/1700
Cisco Series
700/800
Series

Cisco
2500
Series

Cisco
2600
Series

Cisco
3600
Series

AS
5000
Series

Cisco
7000
Series

Cisco
10000
Series

Central Site Solutions

Branch Office Solutions


Small Office Solutions

Home Office Solutions

Visual Objective

Use the product selection tool to


select Cisco Equipment

Router 7200

Router 7300

Router 7500

Router 7600

Router 10000

Router 12000

Fixed and Moduler Interfaces


Some Cisco Routers have fixed interfaces while other are
modular.
2500 series routers have set interfaces that cant be changed.
The 2501 Router has two serial connections one 10BaseT AUI
interface.
If you need to add a third serial connection you need to buy a new
router.

The 1600, 1700, 2600, 3600 and higher routers have modular
interfaces.
These Routers allow you to buy what you need and add almost any
type of interface you may need later.

Fixed Interfaces
2500 Routerrear view

Serial WAN ports can be fixed

Modular Interfaces
WAN
Interface
Card

Serial WAN ports can be modular


1603 Routerrear view

Ethernet 10BaseT

3640 Router
rear view

Ethernet AUI

ISDN BRI S/T

Console

Module

Router Internal Components

RAM
It contains the software and data
structures that allow the router to function.
The principal software running in RAM is
the Cisco IOS image and the running
configuration. Some routers, such as the
2500 series, run IOS from Flash and not
RAM.

ROM Functions

Contains microcode for basic functions

ROM
POST : The microcode used to test the basic
functionality of the router hardware and to
determine what components are present.

ROM
Bootstrap code : the bootstrap code is
used to bring the router up during
initialization. It contains microcode for basic
functions to start and maintain the router. It
reads the configuration register to
determine how to boot and then, if
instructed to do so, loads the IOS
software.

ROM
ROM monitor : A low-level operating system normally
used for manufacturing, testing and troubleshooting.
A partial IOS : This partial IOS can be used to load a
new software image into Flash memory and to perform
some other maintainence operations. It does not
support the IP routing and most other routing
functions. Sometimes, this subset of the IOS is
referred to as RXBOOT code.

Flash memory
Flash memory : is used to contain the IOS
software image. Some router run IOS image
directly from Flash and do not need to
transfer it to RAM.

NVRAM
NVRAM : is used mainly to store the
configuration. NVRAM uses a battery to
maintain the data when the power is removed
from the router.

Configuration Register
Configuration Register : is used to control
how the router boots up.

External Configuration Sources

Configurations can come


from many sources.
Configurations will act in
device memory.

Basics of Cisco IOS


IOS Software delivers Network Services and enables network
services.
Cisco IOS enable the following network services:
Features to carry the chosen network protocols & functions.
Connectivity to provide high-speed traffic between devices.
Security to control access and discourage unauthorized network use.
Scalability to add interfaces and capability as the need for networking
grows.
Reliability to ensure dependable access to networked resources.

Cisco IOS Software Features

Cisco IOS software delivers network


services and enables networked
applications.

Cisco IOS User Interface


Functions
A CLI is used to enter commands.
Operations vary on different
internetworking devices.
Users type or paste entries in the
console command modes.
Enter key instructs device to parse and
execute the command.
Two primary EXEC modes are user
mode and privileged mode.
Command modes have distinctive
prompts.

Setting Up A Console
Connection
Device with Console

PCs require an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter.


COM port settings are 9600 bps, 8 data bits, no parity, 1
stop bit, no flow control.
This provides out-of-band console access.
AUX switch port may be used for a modem-connected
console.

Console
Connection
Console connection is required to configure the router for the
first time.
All Cisco devices are shipped with one Console cable.
It allows you to connect a device and configure, verify and
monitor it.
The cable is a rollover cable with RJ-45 connectors
Pinouts for the rollover cable is:
1-8
4-5
7-2
2-7
5-4
8-1
3-6
6-3
---

Console Connection
Setup terminal emulation program to run at
9600 bps
8 data bits
no parity
1 stop bit
no flow control
Most of the router has an auxiliary port which can connect to a
modem
This will give you console access to a remote router.
The console port and auxiliary port are considered out-of-band
management since you are configuring router out of the network
Telnet is considered in-band.

Initial Startup of the Cisco


Router
System startup routines initiate router software
Router falls back to startup alternatives if needed

Router Power-On/Bootup
Sequence
1.
2.
3.
4.
5.
6.
7.

Perform power-on self test (POST).


Load and run bootstrap code.
Find the Cisco IOS software.
Load the Cisco IOS software.
Find the configuration.
Load the configuration.
Run the configured Cisco IOS software.

Router Configuration from


CLI
First method of Router configuration is Setup utility
allows a basic initial configuration
Command Line Interface (CLI) can be used for more complex and
specific configurations
CLI provides following modes of operation:
User Mode
EXEC Mode
Terminal Configuration / Global Configuration Mode
Terminal configuration Mode gives you access to different
configuration Modes.

Bootup Output from the Router

Unconfigured Versus Configured Router

Setup: The Initial


Configuration Dialog
Router#setup

--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity


for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: no

Setup Interface Summary


First, would you like to see the current interface summary? [yes]:
Interface

IP-Address

OK?

Method

Status

Protocol

BRI0

unassigned

YES

unset

administratively down

down

BRI0:1

unassigned

YES

unset

administratively down

down

BRI0:2

unassigned

YES

unset

administratively down

down

Ethernet0

unassigned

YES

unset

administratively down

down

Serial0

unassigned

YES

unset

administratively down

down

Interfaces Found During Startup

Setup Initial
Global Parameters
Configuring global parameters:
Enter host name [Router]:wg_ro_c
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: sanfran
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: sanjose
Configure SNMP Network Management? [no]:

Setup Initial
Protocol Configurations
Configure LAT? [yes]: no
Configure AppleTalk? [no]:
Configure DECnet? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
Configure CLNS? [no]:
Configure IPX? [no]:
Configure Vines? [no]:
Configure XNS? [no]:
Configure Apollo? [no]:

Setup Interface
Parameters
BRI interface needs isdn switch-type to be configured
Valid switch types are :
[0] none..........Only if you don't want to configure BRI.
[1] basic-1tr6....1TR6 switch type for Germany
[2] basic-5ess....AT&T 5ESS switch type for the US/Canada
[3] basic-dms100..Northern DMS-100 switch type for US/Canada
[4] basic-net3....NET3 switch type for UK and Europe
[5] basic-ni......National ISDN switch type
[6] basic-ts013...TS013 switch type for Australia
[7] ntt...........NTT switch type for Japan
[8] vn3...........VN3 and VN4 switch types for France
Choose ISDN BRI Switch Type [2]:
Configuring interface parameters:
Do you want to configure BRI0 (BRI d-channel) interface? [no]:
Do you want to configure Ethernet0 interface? [no]: yes
Configure IP on this interface? [no]: yes
IP address for this interface: 10.1.1.33
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Do you want to configure Serial0

interface? [no]:

Setup Script
Review and Use
The following configuration command script was created:
hostname Router
interface BRI0
enable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0
shutdown
enable password sanfran
no ip address
line vty 0 4
!
password sanjose
interface Ethernet0
no snmp-server
no shutdown
!
ip address 10.1.1.31 255.255.255.0
no appletalk routing
no mop enabled
no decnet routing
!
ip routing
interface Serial0
no clns routing
shutdown
no ipx routing
no ip address
no vines routing
<text omitted>
no xns routing
end
no apollo routing
isdn switch-type basic-5ess
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]:

Logging In to the Router

Cisco IOS Software EXEC


Mode
There are two main EXEC modes for
entering commands.

Router User-Mode
Command List
wg_ro_c>?
Exec commands:
access-enable
atmsig
cd
clear
connect
dir
disable
disconnect
enable
exit
help
lat
lock
login
logout
-- More --

Create a temporary Access-List entry


Execute Atm Signalling Commands
Change current device
Reset functions
Open a terminal connection
List files on given device
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Exit from the EXEC
Description of the interactive help system
Open a lat connection
Lock the terminal
Log in as a particular user
Exit from the EXEC

You can abbreviate a command to the fewest characters


that make a unique character string.

Cisco IOS Software EXEC


Mode (Cont.)

Router Privileged-Mode
Command List
wg_ro_c#?
Exec commands:
access-enable
access-profile
access-template
bfe
cd
clear
clock
configure
connect
copy
debug
delete
dir
disable
disconnect
enable
erase
exit
help
-- More --

Create a temporary Access-List entry


Apply user-profile to interface
Create a temporary Access-List entry
For manual emergency modes setting
Change current directory
Reset functions
Manage the system clock
Enter configuration mode
Open a terminal connection
Copy from one file to another
Debugging functions (see also 'undebug')
Delete a file
List files on a filesystem
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Erase a filesystem
Exit from the EXEC
Description of the interactive help system

You can complete a command string by entering the


unique character string, then pressing the Tab key.

Access to Configuration
Interface configuration Mode
Modes
Support commands for per-interface basis configuration
Promp looks like
Router(Config-if)#

Subinterface Configuration Mode


Support command that configures multiple virtual (Logical)
interfaces on single physical interfaces.
Prompts looks like
Router(config-subif)#

Router Configuration Mode

Support commands that configures IP Routing Protocol


Prompt looks like
Router(Config-router)#

IPX-router Configuration Mode


Support command that configures the Novell Network
Layer Protocol
Prompts looks like
Router(config-router)#

Exiting Configuration Mode

Exit command will take you one level back and eventually
allowing you to log out.
CTRL+Z can also be used instead of Exit command

Router Command Line


Help Facilities
Context-Sensitive Help

Console Error Messages

Provides a list of
commands and the
arguments associated
with a specific command.

Identify problems with router


commands incorrectly
entered so that you can alter
or correct them.

Command History Buffer


Allows recall of long or
complex commands or
entries for reentry, review, or
correction.

Router Context-Sensitive Help


Router#

clok

Translating "CLOK"
% Unknown command or computer name, or unable to find computer address
Router#
clear
Router#

cl?
clock
clock

Symbolic translation

% Incomplete command.

Command prompting

Router#

Last command recall

set
Router#

clock ?
Set the time and date
clock set

% Incomplete command.
Router#
hh:mm:ss

<Ctrl-P>clock set ?
Current Time

Router Context-Sensitive Help


(cont.)
Router#

clok

Translating "CLOK"
% Unknown command
or computer
unable to find computer address
Router#
clock name,
set or
19:56:00

% Incomplete command.
Router#
clear

clock
Router#

<1-31>
Router#

MONTH

Command
prompting

clock set 19:56:00 ?


Day of the month
Month of the year

% Incomplete command.

Router#

clock set 19:56:00 04 8


^

Router#
set

Router#

Set%the
time and input
date
Invalid

Router#

detected at the '^' marker

clock set 19:56:00 04 August


command.

% Incomplete
% command.
Incomplete

Router#

Router# clock set 19:56:00 04 August ?


hh:mm:ss <1993-2035>
Current Time Year

Syntax checking

Command
prompting

Using Enhanced Editing


Commands
Router>Shape the future of internetworking by creating unpreced

Shape the future of internetworking by creating


unprecedented value for customers, employees,
and partners.

Using Enhanced Editing


Commands
Router>$ future of internetworking by creating unprecedented op

(Automatic scrolling of long lines).

Using Enhanced Editing


Commands
Router>Shape the value of internetworking by creating unpreced

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

<Esc-B>

Move back one word.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

<Esc-B>

Move back one word.

<Ctrl-F>

Move forward one character.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

<Esc-B>

Move back one word.

<Ctrl-F>

Move forward one character.

<Ctrl-B>

Move back one character.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

<Esc-B>

Move back one word.

<Ctrl-F>

Move forward one character.

<Ctrl-B>

Move back one character.

<Esc-F>

Move forward one word.

Using Enhanced Editing


Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).


<Ctrl-A>

Move to the beginning of the command line.

<Ctrl-E>

Move to the end of the command line.

<Esc-B>

Move back one word.

<Ctrl-F>

Move forward one character.

<Ctrl-B>

Move back one character.

<Esc-F>

Move forward one word.

<Ctrl-D>

Delete a single character.

Reviewing Router Command


History
Ctrl-P or Up arrow

Last (previous) command recall

Ctrl-N or Down arrow

More recent command recall

Router> show history

Show command buffer contents

Router> terminal history size lines

Set session command buffer size

show version Command


wg_ro_a#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 08-Feb-99 18:18 by phanguye
Image text-base: 0x03050C84, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1)
wg_ro_a uptime is 20 minutes
System restarted by reload
System image file is "flash:c2500-js-l_120-3.bin"
(output omitted)
--More-Configuration register is 0x2102

Viewing the Configuration


RAM

NVRAM

Config

Config

IOS
show
running-config

show
startup-config
Console

Setup utility

Setup saves the configuration to NVRAM

show running and show startup


Commands
In RAM

In NVRAM

wg_ro_c#show running-config
Building configuration...

wg_ro_c#show startup-config
Using 1359 out of 32762 bytes
!
version 12.0
!
-- More --

Current configuration:
!
version 12.0
!
-- More --

Display current and saved configuration

Overview of Router Modes


User EXEC mode

Router>enable

Privileged EXEC mode

Router#config term

Global configuration mode

Router(config)#

Configuration
Mode

Ctrl-Z (end)
Exit

Prompt

Interface
Router(config-if)#
Subinterface
Router(config-subif)#
Controller Router(config-controller)#
Line
Router(config-line)#
Router
Router(config-router)#
IPX router
Router(config-ipx-router)#

Saving Configurations
wg_ro_c#
wg_ro_c#copy running-config startup-config
Destination filename [startup-config]?
Building configuration

wg_ro_c#

Copy the current configuration to NVRAM

Configuring Router Identification


Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#

Message of the Day Banner


wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #

Sets local identity or message for the accessed router


or interface

Configuring Router Identification


Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#

Message of the Day Banner


wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #

Interface Description
wg_ro_c(config)#interface ethernet 0
wg_ro_c(config-if)#description Engineering LAN, Bldg. 18

Sets local identity or message for the accessed


router or interface

Router Password Configuration


Console Password
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password cisco

Virtual Terminal Password


Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password sanjose

Router Password Configuration


Console Password
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password cisco

Virtual Terminal Password


Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password sanjose

Enable Password
Router(config)#enable password cisco

Secret Password
Router(config)#enable secret sanfran

Other Console Line Commands


Router(config)#line console 0
Router(config-line)#exec-timeout 0 0

Prevents console session timeout


Router(config)#line console 0
Router(config-line)#logging synchronous

Redisplays interrupted console input

Configuring an Interface
Router(config)#interface type number
Router(config-if)#

type includes serial, ethernet, token ring, fddi, hssi,


loopback, dialer, null, async, atm, bri, and tunnel
number is used to identify individual interfaces
Router(config)#interface type slot/port
Router(config-if)#

For modular routers


Router(config-if)#exit

Quit from current interface configuration mode

Configuring a Serial Interface


Enter global
configuration mode

Specify interface

Router#configure term
Router(config)#

Router(config)#interface serial 0
Router(config-if)#

Configuring a Serial Interface


Enter global
configuration mode

Router#configure term
Router(config)#

Specify interface

Router(config)#interface serial 0
Router(config-if)#

Set clock rate


(on DCE interfaces
only)

Router(config-if)#clock rate 64000


Router(config-if)#

Set bandwidth

Router(config-if)#bandwidth 64
Router(config-if)#exit
Router(config)#exit
Router#

Verifying Your Changes


Router#show interface serial 0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address
addressisis10.140.4.2/24
10.140.4.2/24
MTU 1500 bytes, BWBW6464Kbit,
Kbit,DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:09, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
(output omitted)

Disabling or Enabling an
Interface
Router#configure term
Router(config)#interface serial 0
Router(config-if)#shutdown
%LINK-5-CHANGED: Interface Serial0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down

Administratively turns off an interface


Router#configure term
Router(config)#interface serial 0
Router(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Seria0, changed state to up
%LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up

Enables an interface that is administratively shutdown

Router show interfaces


Command
Router#show interfaces
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f)
Internet address is 10.1.1.11/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
81833 packets input, 27556491 bytes, 0 no buffer
Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort
0 input packets with dribble condition detected
55794 packets output, 3929696 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 4 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Interpreting Interface Status


Router#show interfaces serial 1
Serial1 is up, line protocol is up
Hardware is HD64570
Description: 64Kb Line to San Jose
:: :: :: :: :: :: :: :: ::

Carrier Detect
Operational..................
Connection problem...
Interface problem........
Disabled ......................

Keepalives
Serial1
Serial1
Serial1
Serial1

is
is
is
is

up, line protocol is up


up, line protocol is down
down, line protocol is down
administratively down, line protocol is down

Serial Interface show controller


Command
Router#show controller serial 0
HD unit 0, idb = 0x121C04, driver structure at 0x127078
buffer size 1524 HD unit 0, V.35 DTE cable
.
.
.

Shows cable type of serial cables

2002, Cisco Systems, Inc. All rights reserved.

ROUTING

What is Routing?
10.120.2.0

172.16.1.0

To route a router need to know:


Destination addresses
Sources it can learn from
Possible routes
Best route
Maintain and verify routing information

What is Routing? (cont.)


10.120.2.0
E0

172.16.1.0

S0

Network
Protocol
Connected
Learned

Destination
Network
10.120.2.0
172.16.1.0

Exit
Interface
E0
S0

Routed Protocol: IP

Routers must learn destinations that are


not directly connected

Identifying Static and Dynamic


Routes
Static Route
Uses a route that a
network administrator
enters into the router
manually

Dynamic Route
Uses a route that a network
routing protocol adjusts
automatically for topology or
traffic changes

STATIC ROUTING
Static Routing: The administrator must handtype all network locations into the routing table.
In Static Routing, the administrator is
responsible for updating all changes by hand
into all routers.

IP Route command

ip route [destination_network ][mask ]


[next_hop_address or exit interface ]

It is a Global configuration mode


command.
Above command is used for configuring
routing table in Static Routing

Static Routing
The following list describes each command in the string:
ip route
The command used to create the static route.
destination network
The network you are placing in the
routing table.
mask
Indicates the subnet mask being used on the
network.
next hop address
The address of the next hop router that
will receive the packet and forward it to the
remote network. This is a router interface
that is on a directly connected network. You
must be able to ping the router interface before
you add the route.

Static Route Example


Stub Network

172.16.1.0
SO

Network

172.16.2.2

172.16.2.1

B
B

ip route 172.16.1.0 255.255.255.0 172.16.2.1

This is a unidirectional route. You must have a route configured in


the opposite direction.

Default Routing
Default routing is used to send packets with a
remote destination network not in the routing
table to the next hop router.
You can only use default routing on stub
networks, which means that they have only
one exit port out of the network.

Default Routes
Stub Network
172.16.1.0
SO

Network

A
172.16.2.2

172.16.2.1

BB

ip route 0.0.0.0 0.0.0.0 172.16.2.2

This route allows the stub network to reach all known networks
beyond router A.

Static Routing
Static Routing is the process of an administrator manually adding routes in each
routers routing table.
Benefits of Static Routing
No overhead on the Router CPU
No Bandwidth usage between routers
Security (Administrator can allow routing to selected networks)
Disadvantage of Static Routing
The administrator must really understand the full internetwork to configure
routes correctly.
If one network is added to the internetwork the administrator must add a route
to it on all routers.
It is not feasible in large networks because it would be a full-time job.

2002, Cisco Systems, Inc. All rights reserved.

Dynamic Routing Basics

Routed versus Routing


Protocols

Routed protocols
used between
routers to direct user
traffic; also called
network protocols
Examples: IP, IPX,
DECnet, AppleTalk,
NetWare, OSI, VINES

Routing protocols
used between
routers to maintain
routing tables
Examples: RIP, IGRP,
OSPF, BGP, EIGRP

Network
Protocol
Protocol name

Destination Exit Port


Network
to Use
1.0
2.0
3.0

1.1
2.1
3.1

DYNAMIC ROUTING
Dynamic Routing: Dynamic routing is the
process of routing protocols running on the router
communicating with neighbor routers.
If a change occurs in the network the dynamic
routing protocols automatically inform all
routers about the change.

Dynamic Routing
Most internetworks use dynamic routing

X
C

A network change blocks


the established path...

B
C

and an alternate route is


found dynamically.

Routing Protocols

1999, Cisco Systems, Inc.

www.cisco.com

What is a Routing Protocol?


10.120.2.0

Routing protocols are


used between
routers to determine
paths and maintain
routing tables.
Once the path is
determined a router can
route a routed protocol.

E0

Network
Protocol
Connected
RIP
IGRP

172.16.1.0

S0

Destination
Network
10.120.2.0
172.16.2.0
172.17.3.0

Exit
Interface
E0
S0
S1

Routed Protocol: IP
Routing protocol: RIP, IGRP

172.17.3.0

Autonomous Systems: Interior or


Exterior Routing Protocols
IGPs: RIP, IGRP

EGPs: BGP

Autonomous System 100

Autonomous System 200

An autonomous system is a collection of networks


under a common administrative domain
IGPs operate within an autonomous system
EGPs connect different autonomous systems

Administrative Distance:
Ranking Routes
I need to send a packet to
Network E. Both router B
and C will get it there.
Which route is best?

IGRP
Administrative
Distance=100
Router A

Router B

RIP
Administrative
Distance=120

Router C

Router D

Distance Vector versus Link


State
Distance vector
Sends routing table info only to neighbors, so change
communication may need one min/router
Also called routing by rumor
Easy to configure, but slow
Link state
Floods routing information about itself to all nodes, so
changes are known immediately
Efficient, but complex to configure
Ciscos EIGRP hybrid
Efficient and easy to configure

Routing Protocol Evolutions


EIGRP
IGRP

RIP
Distance vector
Most common IGP
Uses hop count

Distance vector
Developed by Cisco
Addresses problems in
large, heterogeneous
networks

Hybrid protocol
Developed by Cisco
Superior convergence
and operating efficiency
Merges benefits of link
state & distance vector

OSPF

Distance Vector
Hybrid
Link State

Link state, hierarchical


Successor to RIP
Uses least-cost routing,
multipath routing, and
load balancing
Derived from IS-IS

Classes of Routing Protocols


B

Distance Vector

C
D

Hybrid Routing

B
A

C
D

Link State

Distance Vector Routing


Protocols
B
A

DistanceHow far
VectorIn which direction

Routing
Table

Routing
Table

Routing
Table

Routing
Table

Pass periodic copies of routing table to neighbor


routers and accumulate distance vectors

Distance VectorSources of
Information and Discovering Routes
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

S0

10.3.0.0
B

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0

E0

10.2.0.0

S0

10.3.0.0

S0

10.2.0.0

S0

10.3.0.0

S1

10.4.0.0

E0

Routers discover the best path to


destinations from each neighbor

Distance VectorSources of
Information and Discovering Routes
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

S0

10.3.0.0
B

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0

E0

10.2.0.0

S0

10.3.0.0

S0

10.2.0.0

S0

10.3.0.0

S1

10.4.0.0

E0

10.3.0.0

S0

10.4.0.0

S1

10.2.0.0

S0

10.1.0.0

S0

Routers discover the best path to


destinations from each neighbor

Distance VectorSources of
Information and Discovering Routes
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

S0

10.3.0.0
B

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0

E0

10.2.0.0

S0

10.3.0.0

S0

10.2.0.0

S0

10.3.0.0

S1

10.4.0.0

E0

10.3.0.0

S0

10.4.0.0

S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0

S0

10.1.0.0

S0

Routers discover the best path to


destinations from each neighbor

Distance VectorSelecting
Best Route with Metrics
A

IGRP
Bandwidth
56

Delay

RIP
Hop count

T1

56

T1
B

Information used to select the best path for routing

Distance VectorMaintaining
Routing Information
Process to
update this
routing
table

Updates proceed step-by-step


from router to router

Topology
change
causes
routing
table
update

Distance VectorMaintaining
Routing Information
Process to
update this
routing
table
Router A sends
out this updated
routing table
after the
next period
expires

Updates proceed step-by-step


from router to router

Topology
change
causes
routing
table
update

Distance VectorMaintaining
Routing Information
Process to
update this
routing
table

Process to
update this
routing
table
Router A sends
out this updated
routing table
after the
next period
expires

Updates proceed step-by-step


from router to router

Topology
change
causes
routing
table
update

Maintaining Routing Information


ProblemRouting Loops
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0

E0

10.2.0.0 S0

10.3.0.0 S0

10.2.0.0

S0

10.3.0.0 S1

10.4.0.0 E0

10.3.0.0

S0

10.4.0.0 S1

10.2.0.0 S0

10.4.0.0

S0

10.1.0.0 S0

10.1.0.0 S0

Each node maintains the distance from itself to each possible


destination network

Maintaining Routing Information


ProblemRouting Loops
10.1.0.0

10.2.0.0
A

E0

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0 S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0 E0 Down

10.3.0.0

S0

10.4.0.0 S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0 S0

10.1.0.0

S0

Slow convergence produces inconsistent routing

Maintaining Routing Information


ProblemRouting Loops
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0 S0

10.2.0.0

S0

10.3.0.0 S1

10.4.0.0 S0

10.3.0.0

S0

10.4.0.0

S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0

S1

10.1.0.0

S0

Router C concludes that the best path to network


10.4.0.0 is through Router B

Maintaining Routing Information


ProblemRouting Loops
10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0 S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0 S0

10.3.0.0

S0

10.4.0.0 S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0 S0

10.1.0.0

S0

Router A updates its table to reflect the new but


erroneous hop count

Symptom: Counting to Infinity


10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0 S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0 S0

10.3.0.0

S0

10.4.0.0

S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0

S0

10.1.0.0

S0

Packets for network 10.4.0.0 bounce between routers A,


B, and C
Hop count for network 10.4.0.0 counts to infinity

Solution: Defining a Maximum


10.1.0.0

10.2.0.0

E0

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0

S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0

S0

16

10.3.0.0

S0

10.4.0.0

S1

16

10.2.0.0

S0

10.4.0.0

S0

16

10.1.0.0

S0

10.1.0.0

S0

Define a limit on the number of hops to prevent infinite


loops

Solution: Split Horizon


10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0

E0

10.2.0.0 S0

10.3.0.0

S0

10.2.0.0

S0

10.3.0.0 S1

10.4.0.0

S0

10.3.0.0

S0

10.4.0.0

S1

10.2.0.0

S0

10.4.0.0

S0

10.1.0.0

E1

10.1.0.0

S0

It is never useful to send information about a route back in


the direction from which the original packet came

Solution: Route Poisoning


10.1.0.0
E0

10.2.0.0
A

S0

Routing Table

10.3.0.0

S0

S1

Routing Table

10.4.0.0
S0

E0

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0

S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0

10.3.0.0

S0

10.4.0.0 S1

10.2.0.0

S0 Infinity
1
S0

10.4.0.0

S0

10.1.0.0 E1

10.1.0.0

S0

Routers set the distance of routes that have gone down to


infinity

Solution: Poison Reverse


10.1.0.0
E0

10.2.0.0
A

S0

10.3.0.0

S0

S1

10.4.0.0
S0

E0

Poison
Reverse
Routing Table

Routing Table

Routing Table

10.1.0.0 E0

10.2.0.0 S0

10.3.0.0

S0

10.2.0.0 S0

10.3.0.0 S1

10.4.0.0

10.3.0.0

S0

10.4.0.0 S1

Possibly
Down

10.2.0.0

S0 Infinity
1
S0

10.4.0.0

S0

10.1.0.0 E1

10.1.0.0

S0

Poison Reverse overrides split horizon

Solution: Hold-Down Timers


Network 10.4.0.0
is unreachable

Update after
hold-down Time

10.1.0.0

10.2.0.0

E0

S0

Update after
hold-down Time

S0

10.3.0.0
B

S1

10.4.0.0
S0

E0

Network 10.4.0.0 is down


then back up
then back down

Router keeps an entry for the network possibly down state,


allowing time for other routers to recompute for this topology
change

Solution: Triggered Updates


Network 10.4.0.0
is unreachable

Network 10.4.0.0
is unreachable

10.1.0.0
E0

Network 10.4.0.0
is unreachable

10.2.0.0
A

S0

S0

10.3.0.0
B

S1

10.4.0.0
S0

E0

Router sends updates when a change in its routing table


occurs

Implementing Solutions in
Multiple Routes
D

10.4.0.0
E

Implementing Solutions in
Multiple Routes (cont.)
Holddown

10.4.0.0
E

Holddown

A
Holddown

Implementing Solutions in
Multiple Routes (cont.)
Holddown
Poison Reverse

D
Poison Reverse

10.4.0.0
E

Holddown
Poison Reverse
Poison Reverse

A
Holddown

Implementing Solutions in
Multiple Routes (cont.)
Holddown

10.4.0.0
E

Holddown
Packet for
Network 10.4.0.0

Packet for
Network 10.4.0.0

A
Holddown

Implementing Solutions in
Multiple Routes (cont.)
D

10.4.0.0
E

Link up!

Implementing Solutions in
Multiple Routes (cont.)
D

10.4.0.0
E

Link up!

Link-State Routing Protocols


B
C

A
D
Link-State Packets

Topological
Database

Routing
Table

SPF
Algorithm

Shortest Path First Tree

After initial flood, pass small event-triggered link-state


updates to all other routers

Hybrid Routing
Choose a
routing path based
on distance vectors
Balanced Hybrid Routing
Converge rapidly using
change-based
updates

Share attributes of both distance-vector


and link-state routing

IP Routing
Configuration Tasks
Network 172.16.0.0

Router configuration
Select routing protocols
Specify networks or
interfaces

RIP
IGRP,
RIP

IGRP
Network
160.89.0.0

RIP

Network 172.30.0.0

Dynamic Routing Configuration


Router(config)#router protocol [keyword]
Defines an IP routing protocol
Router(config-router)#network network-number
Mandatory configuration command for each
IP routing process
Identifies the physically connected network
that routing updates are forwarded to

RIP Overview

19.2 kbps

T1

T1
T1

Hop count metric selects the path


Routes update every 30 seconds

RIP Configuration
Router(config)#router rip
Starts the RIP routing process
Router(config-router)#network network-number
Selects participating attached networks
The network number must be a major classful
network number

RIP Configuration Example


E0
172.16.1.0

S2

S2

A
172.16.1.1 10.1.1.1

2.3.0.0
router rip
network 172.16.0.0
network 10.0.0.0

10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

2.3.0.0
router rip
network 192.168.1.0
network 10.0.0.0

router rip
network 10.0.0.0

Verifying the Routing Protocol


RIP
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv
Key-chain
Ethernet0
1
1 2
Serial2
1
1 2
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
120
00:00:10
Distance: (default is 120)

192.168.1.0

Displaying the
IP Routing Table
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set

C
R
C
R

172.16.0.0/24 is subnetted, 1 subnets


172.16.1.0 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 2 subnets
10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2
10.1.1.0 is directly connected, Serial2
192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2

debug ip rip Command


E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

RouterA#debug ip rip
RIP protocol debugging is on
RouterA#
00:06:24: RIP: received v1 update from 10.1.1.2 on Serial2
00:06:24:
10.2.2.0 in 1 hops
00:06:24:
192.168.1.0 in 2 hops
00:06:33: RIP: sending v1 update to 255.255.255.255 via
Ethernet0 (172.16.1.1)
00:06:34:
network 10.0.0.0, metric 1
00:06:34:
network 192.168.1.0, metric 3
00:06:34: RIP: sending v1 update to 255.255.255.255 via
Serial2 (10.1.1.1)
00:06:34:
network 172.16.0.0, metric 1

192.168.1.0

Introduction to IGRP
IGRP

More scalable than RIP


Sophisticated metric
Multiple-path support

IGRP Composite Metric


19.2 kbps

19.2 kbps

Source

Destination

Bandwidth
Delay
Reliability
Loading
MTU

IGRP Unequal Multiple Paths


New Route

Source

Initial
Route

Destination

Maximum six paths


Next-hop router closer to destination
Within metric variance

Configuring IGRP

Router(config)#router igrp autonomous-system


Defines IGRP as the IP routing protocol

Router(config-router)#network network-number
Selects participating attached networks

Configuring IGRP (cont.)

Router(config-router)#variance multiplier
Control IGRP load balancing

Router(config-router)#traffic-share
{ balanced | min }
Control how load-balanced traffic is distributed

IGRP Configuration Example


Autonomous System = 100
E0
172.16.1.0

S2

S2

A
172.16.1.1 10.1.1.1

router igrp 100


network 172.16.0.0
network 10.0.0.0

10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

router igrp 100


network 192.168.1.0
network 10.0.0.0

router igrp 100


network 10.0.0.0

Verifying the Routing Protocol


IGRP
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip protocols
Routing Protocol is "igrp 100"
Sending updates every 90 seconds, next due in 21 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
100
00:01:01
Distance: (default is 100)

192.168.1.0

Displaying the
IP Routing Table
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set

C
I
C
I

172.16.0.0/24 is subnetted, 1 subnets


172.16.1.0 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 2 subnets
10.2.2.0 [100/90956] via 10.1.1.2, 00:00:23, Serial2
10.1.1.0 is directly connected, Serial2
192.168.1.0/24 [100/91056] via 10.1.1.2, 00:00:23, Serial2

debug ip igrp transaction


Command
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterA#debug ip igrp transactions


IGRP protocol debugging is on
RouterA#
00:21:06: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:21:06:
network 10.0.0.0, metric=88956
00:21:06:
network 192.168.1.0, metric=91056
00:21:07: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:21:07:
network 172.16.0.0, metric=1100
00:21:16: IGRP: received update from 10.1.1.2 on Serial2
00:21:16:
subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:21:16:
network 192.168.1.0, metric 91056 (neighbor 89056)

debug ip igrp events Command


E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterA#debug ip igrp events


IGRP event debugging is on
RouterA#
00:23:44: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:23:44: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes.
00:23:44: IGRP: Total routes in update: 2
00:23:44: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:23:45: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:23:45: IGRP: Total routes in update: 1
00:23:48: IGRP: received update from 10.1.1.2 on Serial2
00:23:48: IGRP: Update contains 1 interior, 1 system, and 0 exterior routes.
00:23:48: IGRP: Total routes in update: 2

Updating Routing Information


Example
E0

172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterA# debug ip igrp trans


00:31:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down
00:31:15: IGRP: edition is now 3
00:31:15: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:31:15:
network 172.16.0.0, metric=4294967295
00:31:16: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:31:16: IGRP: Total routes in update: 1
00:31:16: IGRP: broadcasting request on Serial2
00:31:16: IGRP: received update from 10.1.1.2 on Serial2
00:31:16:
subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:31:16:
network 172.16.0.0, metric 4294967295 (inaccessible)
00:31:16:
network 192.168.1.0, metric 91056 (neighbor 89056)
00:31:16: IGRP: Update contains 1 interior, 2 system, and 0 exterior routes.
00:31:16: IGRP: Total routes in update: 3

Updating Routing Information


Example (cont.)
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterB#debug ip igrp trans


IGRP protocol debugging is on
RouterB#
1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2)
1d19h:
subnet 10.2.2.0, metric=88956
1d19h:
network 192.168.1.0, metric=89056
1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2)
1d19h:
subnet 10.1.1.0, metric=88956
1d19h:
network 172.16.0.0, metric=89056
1d19h: IGRP: received update from 10.1.1.1 on Serial2
1d19h:
network 172.16.0.0, metric 4294967295 (inaccessible)
1d19h: IGRP: edition is now 10
1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2)
1d19h:
subnet 10.2.2.0, metric=88956
1d19h:
network 172.16.0.0, metric=4294967295
1d19h:
network 192.168.1.0, metric=89056
1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2)
1d19h:
subnet 10.1.1.0, metric=88956
1d19h:
network 172.16.0.0, metric=4294967295

Updating Routing Information


Example (cont.)
E0

172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

192.168.1.0

RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
I

172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2


10.0.0.0/24 is subnetted, 2 subnets
C
10.1.1.0 is directly connected, Serial2
C
10.2.2.0 is directly connected, Serial3
I
192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:14, Serial3
RouterB#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RouterB#

Updating Routing Information


Example (cont.)
E0
172.16.1.0

S2

A
172.16.1.1 10.1.1.1

S2
10.1.1.2

S3
B

S3

E0

C
10.2.2.2 10.2.2.3 192.168.1.1

RouterB#debug ip igrp transactions


RouterB#
1d20h: IGRP: received update from 10.1.1.1 on Serial2
1d20h:
network 172.16.0.0, metric 89056 (neighbor 1100)
RouterB#
RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set


I

172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2


10.0.0.0/24 is subnetted, 2 subnets
C
10.1.1.0 is directly connected, Serial2
C
10.2.2.0 is directly connected, Serial3
I
192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:18, Serial3
RouterB#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms

192.168.1.0

EIGRP Overview
2000, Cisco Systems, Inc.

www.cisco.com

6-412

What Is Enhanced IGRP


(EIGRP)?
IP Routing
Protocols
AppleTalk
Routing Protocol

IP Routing
Protocols

Enhanced
IGRP

IPX Routing
Protocols

AppleTalk
Routing Protocol

IPX Routing
Protocols

EIGRP supports:
Rapid convergence
Reduced bandwidth usage
Multiple network-layer protocols

EIGRP Features

Advanced distance vector


100% loop free
Fast convergence
Easy configuration
Less network design constraints
than OSPF

EIGRP Features (cont.)


Incremental updates
Supports VLSM and discontiguous networks
Classless routing
Compatible with existing IGRP networks
Protocol independent
(supports IPX and AppleTalk)

Advantages of EIGRP
Uses multicast instead of broadcast
Utilizes link bandwidth and delay
EIGRP metric = IGRP metric x 256
(32 bit vs. 24 bit)

Unequal cost path load balancing


More flexible than OSPF
Manual summarization can be done in
any interface at any router within the
network

EIGRP Support for Route


Summarization
172.16.0.0 /24

172.16.0.0 /16

192.168.42.0 /27

10.0.0.0 /18

172.16.0.0 /16
192.168.42.0 /24

EIGRP performs route summarization


Classful network boundaries (default)
Arbitrary network boundaries (manual)

EIGRP Packets
Hello: Establish neighbor relationships
Update: Send routing updates
Query: Ask neighbors about
routing information
Reply: Response to query about
routing information
ACK: Acknowledgement of a reliable packet

EIGRP Neighbor Relationship


Two routers become neighbors when they see each others
hello packet
Hello address = 224.0.0.10
Hellos sent once every 5 seconds on the following links:
Broadcast media: Ethernet, Token Ring, FDDI
Point-to-point serial links: PPP, HDLC,
point-to-point Frame Relay/ATM subinterfaces
Multipoint circuits with bandwidth greater than T1: ISDN
PRI, Frame Relay

EIGRP Neighbor Relationship


(cont.)
Hellos sent once every 60 seconds on the
following links:
Multipoint circuits with bandwidth less than T1:
ISDN BRI, Frame Relay, and so on

Neighbor declared dead when no EIGRP


packets are received within hold interval
Not only hello can reset the hold timer

Hold time by default is three times the hello


time

EIGRP Neighbor Relationship


(cont.)
EIGRP will form neighbors even though hello
time and hold time dont match
EIGRP sources hello packets from primary
address of the interface
EIGRP will not form neighbor if K-values are
mismatched
EIGRP will not form neighbor if AS numbers
are mismatched

What Is in a Neighbor Table?


p2r2

p2r2#show ip eigrp neighbors


IP-EIGRP neighbors for process 400
H Address
Interface Hold Uptime
(sec)
1 172.68.2.2
To0
13 02:15:30
0 172.68.16.2
Se1
10 02:38:29

SRTT
(ms)
8
29

RTO Q Seq
Cnt Num
200 0 9
200 0 6

EIGRP Reliability
EIGRP reliable packets are packets that require
explicit acknowledgement:
Update
Query
Reply

EIGRP unreliable packets are packets that do not


require explicit acknowledgement:
Hello
ACK

EIGRP Reliability (cont.)


The router keeps a neighbor list and a
retransmission list for every neighbor
Each reliable packet (update, query, reply) will
be retransmitted when packet is
not acknowledged
Neighbor relationship is reset when retry limit
(limit = 16) for reliable packets is reached

Initial Route Discovery


A
1
Hello

B
I am router A, who is on the link?

Initial Route Discovery


A
1
Hello

B
I am router A, who is on the link?

Here is my complete routing information. Update

Initial Route Discovery


B

A
1
Hello

I am router A, who is on the link?

Here is my complete routing information. Update

3
5

Ack

Thanks for the information!

Initial Route Discovery


B

A
1
Hello

I am router A, who is on the link?

Here is my complete routing information. Update

4
Topology
Table

3
5

Ack

Thanks for the information!

Initial Route Discovery


B

A
1
Hello

I am router A, who is on the link?

Here is my complete routing information. Update

4
Topology
Table

3
5

Ack

Thanks for the information!

Update Here is my complete route information.

Initial Route Discovery


B

A
1
Hello

I am router A, who is on the link?

Here is my complete routing information. Update

4
Topology
Table

3
5

Ack

Thanks for the information!

Update Here is my complete route information.

Thanks for the information!

Converged

Ack

EIGRP Route Selection


IP

IP
A

AppleTalk

T1

19.2

T1

AppleTalk
IPX

IPX
T1
C

EIGRP uses a composite metric to


pick the best path

EIGRP Metrics Calculation


Metric = [K1 x BW + (K2 x BW) / (256 - load) +
K3 x delay] x [K5 / (reliability + K4)]
By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0

Delay is sum of all the delays of the links


along the paths
Delay = [Delay in 10s of microseconds] x 256

Bandwidth is the lowest bandwidth of the links


along the paths
Bandwidth = [10000000 / (bandwidth in Kbps)] x 256

By default, metric = bandwidth + delay

EIGRP DUAL
Diffusing Update Algorithm (DUAL)
Finite-state machine
Tracks all routes advertised by neighbors
Select loop-free path using a successor and remember
any feasible successors
If successor lost:
Use feasible successor

If no feasible successor:
Query neighbors and recompute new successor

DUAL Example (Start)


(a)

C
(a)

A
(1)
(1)
B

D
(2)

(2)

via B
via D
via E

FD AD
3
3
1
4
2
4
3

Topology
(fd)
(Successor)
(fs)

D EIGRP
(a)
via B
via C

FD AD
2
2
1
5
3

Topology
(fd)
(Successor)

E EIGRP
(a)
via D
via C

FD AD
3
3
2
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

EIGRP

DUAL Example
(a)

C
(a)

A
(1)
(1)
B

(2)

(2)

via B
via D
via E

FD AD
3
3
1
4
2
4
3

Topology
(fd)
(Successor)
(fs)

D EIGRP
(a)
via B
via C

FD AD
2
2
1
5
3

Topology
(fd)
(Successor)

E EIGRP
(a)
via D
via C

FD AD
3
3
2
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

EIGRP

DUAL Example (cont.)


(a)

C
(a)

via B
via D
via E

A
(1)

D
(2)

(2)

(1)

(1)
C

EIGRP

FD AD
3
3
1
4

D EIGRP
(a) **ACTIVE**
via E
via C

FD AD
-1

E EIGRP
(a)
via D
via C

FD AD
3
3
2
4
3

Topology
(fd)
(Successor)

Topology
(fd)
(q)
(q)

Topology
(fd)
(Successor)

DUAL Example (cont.)


(a)

C
(a)

FD AD
3
3
1

Topology
(fd)
(Successor)

D EIGRP
(a) **ACTIVE**
via E
via C

FD AD
-1

Topology
(fd)
(q)

E EIGRP
(a) **ACTIVE**
via D
via C

FD AD
-1

Topology
(fd)

(q)

via B
via D
via E

A
(1)

D
(2)

(2)

(1)

(1)
C

EIGRP

DUAL Example (cont.)


(a)

C
(a)

(1)

D
(2)

Topology
(fd)
(Successor)

D EIGRP
(a) **ACTIVE**
via E
via C

FD AD
-1

Topology
(fd)
(q)

E EIGRP
(a)
via C
via D

FD AD
4
4
3

(1)

(1)
C

FD AD
3
3
1

via B
via D
via E

(2)

EIGRP

Topology
(fd)
(Successor)

DUAL Example (cont.)


(a)

C
(a)

(1)

D
R
(2)

Topology
(fd)
(Successor)

D EIGRP
(a)
via C
via E

FD AD
5
5
3
5
4

Topology
(fd)
(Successor)
(Successor)

E EIGRP
(a)
via C
via D

FD AD
4
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

FD AD
3
3
1

via B
via D
via E

(2)

EIGRP

DUAL Example (cont.)


(a)

C
(a)

(1)

D
(2)

Topology
(fd)
(Successor)

D EIGRP
(a)
via C
via E

FD AD
5
5
3
5
4

Topology
(fd)
(Successor)
(Successor)

E EIGRP
(a)
via C
via D

FD AD
4
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

FD AD
3
3
1

via B
via D
via E

(2)

EIGRP

DUAL Example (Start)


(a)

C
(a)

A
(1)
(1)
B

D
(2)

(2)

via B
via D
via E

FD AD
3
3
1
4
2
4
3

Topology
(fd)
(Successor)
(fs)

D EIGRP
(a)
via B
via C

FD AD
2
2
1
5
3

Topology
(fd)
(Successor)

E EIGRP
(a)
via D
via C

FD AD
3
3
2
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

EIGRP

DUAL Example (End)


(a)

C
(a)

(1)

D
(2)

Topology
(fd)
(Successor)

D EIGRP
(a)
via C
via E

FD AD
5
5
3
5
4

Topology
(fd)
(Successor)
(Successor)

E EIGRP
(a)
via C
via D

FD AD
4
4
3

Topology
(fd)
(Successor)

(1)

(1)
C

FD AD
3
3
1

via B
via D
via E

(2)

EIGRP

EIGRP Load Balancing


Routes with metric equal to the minimum metric
will be installed in the routing table (equal-cost
load balancing)
Up to six entries in the routing table for the same
destination
Number of entries is configurable
Default is four

EIGRP Unequal-Cost Load


Balancing
EIGRP offers unequal-cost load balancing
variance command

Variance allows the router to include routes


with a metric smaller than multiplier times the
minimum metric route to that destination
Multiplier is the number specified by the
variance command

Variance Example
20

10
E

10
10
A

Network Z

(config)#

variance 2

25

20
D

Router E will choose Router C to get to Network Z


because FD = 20
With variance of 2, Router E will also choose Router B to
get to Network Z (20 + 10) < (2 x [FD])
Router D will not be used to get to Network Z (45 > 40)

Configuring
EIGRP
2000, Cisco Systems, Inc.

www.cisco.com

6-446

Configuring EIGRP for IP


AS = 109

10.4.0.0 Token

172.16.6.0

Ring

172.16.7.0

192.168.1.0

S0

172.16.5.0

S1

T0

10.1.0.0

172.16.2.0
S2

172.16.1.0

B
D

10.2.0.0

172.16.3.0

Token
Ring

172.16.4.0

router eigrp 109


network 10.0.0.0
network 172.16.0.0

Network 192.168.0.0 is not configured on Router


A because it is not directly connected to Router A

EIGRP SummarizationAutomatic
Purpose: Smaller routing tables, smaller updates, query
boundary
Autosummarization:
On major network boundaries, subnetworks are summarized to a
single classful (major) network
Autosummarization is turned on by default

172.17.X.X

172.16.X.X
172.16.0.0/16

EIGRP SummarizationManual
Manual summarization
Configurable on a per-interface basis in any
router within network
When summarization is configured on an interface,
the router immediate creates a route pointing to null
zero
Loop prevention mechanism

When the last specific route of the summary goes


away, the summary is deleted
The minimum metric of the specific routes is used
as the metric of the summary route

Configuring Summarization
(config-router)#

no auto-summary

Turns off autosummarization for the


EIGRP process
(config-if)#

ip summary-address eigrp <as-number>


<address> <mask>

Creates a summary address to be generated


by this interface

Summarizing EIGRP Routes


192.168.4.2

172.16.1.0

10.0.0.0

S0
C

172.16.2.0

router eigrp 1
network 10.0.0.0
network 172.16.0.0
no auto-summary

World

Verifying EIGRP
Operation
2000, Cisco Systems, Inc.

www.cisco.com

6-452

Verifying EIGRP Operation


Router#

show ip eigrp neighbors


Router#

show ip eigrp topology


Router#

show ip route eigrp


Router#

show ip protocols
Router#

show ip eigrp traffic

Displays the neighbors discovered by


IP EIGRP
Displays the IP EIGRP topology table
Displays current EIGRP entries in the
routing table
Displays the parameters and current
state of the active routing protocol
process
Displays the number of IP EIGRP
packets sent and received

Verifying EIGRP Operation


(cont.)
Router#

debug eigrp packet


Router#

debug eigrp neighbor


Router#

debug ip eigrp route


Router#

debug ip eigrp summary


Router#

show ip eigrp events

Displays all types of EIGRP packets,


both sent and received
Displays the EIGRP neighbor
interaction
Displays advertisements and
changes EIGRP makes to the
routing table
Displays a brief report of the EIGRP
routing activity
Displays the different categories of
EIGRP activity, including route
calculations

2002, Cisco Systems, Inc. All rights reserved.

ACCESS-LISTS

Why Use Access Lists?

Token
Ring
FDDI

Manage IP Traffic as network access grows

Why Use Access Lists?


172.16.0.0

Internet

Token
Ring
FDDI

172.17.0.0

Manage IP traffic as network access grows


Filter packets as they pass through the router

Access List Applications


Transmission of packets on an interface

Virtual terminal line access (IP)

Permit or deny packets moving through the router


Permit or deny vty access to or from the router
Without access lists all packets could be transmitted onto all
parts of your network

Other Access List Uses


Priority and custom queuing
Queue
List

Special handling for traffic based on packet tests

Other Access List Uses


Priority and custom queuing
Queue
List

Dial-on-demand routing

Special handling for traffic based on packet tests

What Are Access Lists?


E0
Incoming
Packet

Access List Processes


Outgoing
Packet

Source
Permit?

S0

Standard
Checks Source address
Generally permits or denies entire protocol suite

What Are Access Lists?


E0

Access List Processes

Incoming
Packet

Protocol

Source
and
Destination

Outgoing
Packet
Permit?

S0

Standard
Checks Source address
Generally permits or denies entire protocol suite

Extended
Checks Source and Destination address
Generally permits or denies specific protocols

What Are Access Lists?


E0

Access List Processes

Incoming
Packet

Protocol

Source
and
Destination

Outgoing
Packet
Permit?

S0

Standard
Checks Source address
Generally permits or denies entire protocol suite

Extended
Checks Source and Destination address
Generally permits or denies specific protocols

Inbound or Outbound

Outbound Access Lists


Packet
Inbound
Interface
Packets

Choose
Interface

Outbound
Interfaces

Routing
Table
Entry

?
N

S0

Access N
List
?
Y

Packet Discard Bucket

Outbound Access Lists


Packet
Inbound
Interface
Packets

Choose
Interface

Outbound
Interfaces

Test
Access List
Statements

Routing
Table
Entry

S0

Access N
List
?
Y

Packet Discard Bucket

E0
Packet

Permit
?

Outbound Access Lists


Packet
Inbound
Interface
Packets

Choose
Interface

Outbound
Interfaces

Test
Access List
Statements

Routing
Table
Entry

S0

Access N
List
?

E0
Packet

Permit
?

Y
N

Discard Packet

Notify Sender
Packet Discard Bucket
If no access list statement matches then discard the packet

A List of Tests: Deny or Permit


Packets to interfaces
in the access group

Match
First
Test
Y
Y
?

Deny

Permit
Destination
Interface(s)

Packet
Discard
Bucket

Deny

A List of Tests: Deny or Permit


Match
First
Test
Y
Y
?
N

Packets to Interface(s)
in the Access Group

Deny
Deny

Permit
Y

Match
Next
Test(s)
?

Permit

Destination
Interface(s)

Packet
Discard
Bucket

Deny

A List of Tests: Deny or Permit


Match
First
Test
Y
Y
?
N

Packets to Interface(s)
in the Access Group

Deny
Deny

Deny

Packet
Discard
Bucket

Permit
Y

Match
Next
Test(s)
?
N
Match
Last
Test
?

Deny

Permit

Destination
Interface(s)

Permit

A List of Tests: Deny or Permit


Match
First
Test
Y
Y
?
N

Packets to Interface(s)
in the Access Group

Deny
Deny

Deny

Packet
Discard
Bucket

Permit
Y

Match
Next
Test(s)
?
N

Match Y
Last
Test
?
N Implicit
Deny

Deny

Permit

Destination
Interface(s)

Permit

If no match
deny all

Access List Configuration


Guidelines

Access list numbers indicate which protocol is filtered


One access list per interface, per protocol, per direction
The order of access list statements controls testing
Most restrictive statements should be at the top of list
There is an implicit deny any as the last access list test
every list should have at least one permit statement
Create access lists before applying them to interfaces
Access list, filter traffic going through the router; they do not
apply to traffic originated from the router

Access List Command Overview


Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }

Access List Command Overview


Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }

Step 2: Enable an interface to use the specified


access list
Router(config-if)#
{ protocol } access-group access-list-number {in | out}

IP Access lists are numbered 1-99 or 100-199

How to Identify Access Lists


Access List Type
IP

Standard

Number Range/Identifier
1-99

Standard IP lists (1 to 99) test conditions of all IP packets from source


addresses

How to Identify Access Lists


Access List Type
IP

Standard
Extended

Number Range/Identifier
1-99
100-199

Standard IP lists (1 to 99) test conditions of all IP packets from source


addresses
Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports

How to Identify Access Lists


Access List Type

Number Range/Identifier

IP

Standard
Extended
Named

1-99
100-199
Name (Cisco IOS 11.2 and later)

IPX

Standard
Extended
SAP filters
Named

800-899
900-999
1000-1099
Name (Cisco IOS 11.2. F and later)

Standard IP lists (1 to 99) test conditions of all IP packets from source


addresses
Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports
Other access list number ranges test conditions for other networking
protocols

Testing Packets with


Standard Access Lists
Frame
Header
(for example,
HDLC)

Packet
(IP header)

Segment
(for example,
TCP header)

Source
Address

Data

Use
access
list statements
1-99
Deny

Permit

Testing Packets with


Extended Access Lists
An Example from a TCP/IP Packet
Frame
Header
(for example,
HDLC)

Packet
(IP header)

Segment
(for example,
TCP header)

Data

Port
Number
Protocol
Source
Address

Destination
Address
Deny

Use
access
list statements
1-99 or 100-199 to
test the
packet

Permit

Wildcard Bits: How to Check the


Corresponding Address Bits
128

64

32

16

Octet bit position and


address value for bit

Examples
check all address bits
(match all)

ignore last 6 address bits

ignore last 4 address bits

check last 2 address bits

do not check address


(ignore bits in octet)

0 means check corresponding address bit value


1 means ignore value of corresponding address bit

Wildcard Bits to Match a


Specific IP Host Address
Test conditions: Check all the address bits (match all)
An IP host address, for example:
172.30.16.29
Wildcard mask: 0.0.0.0
(checks all bits)

Example 172.30.16.29 0.0.0.0 checks all the


address bits
Abbreviate this wildcard mask using the IP address
preceded by the keyword host (host 172.30.16.29)

Wildcard Bits to Match


Any IP Address
Test conditions: Ignore all the address bits (match any)
Any IP address
0.0.0.0

Wildcard mask: 255.255.255.255


(ignore all)

Accept any address: 0.0.0.0 255.255.255.255


Abbreviate the expression using the
keyword any

Wildcard Bits to Match IP


Subnets
Check for IP subnets 172.30.16.0/24 to 172.30.31.0/24
Address and wildcard mask:
172.30.16.0 0.0.15.255
Network .host
172.30.16.0

Wildcard mask:

|<---- match ---->|<----- dont care ----->|


0

16

17

18

:
0

:
1

31

Configuring Standard
IP Access Lists
1999, Cisco Systems, Inc.

www.cisco.com

10-484

Standard IP Access List


Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]
Sets parameters for this list entry
IP standard access lists use 1 to 99
Default wildcard mask = 0.0.0.0
no access-list access-list-number removes entire access-list

Standard IP Access List


Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]
Sets parameters for this list entry
IP standard access lists use 1 to 99
Default wildcard mask = 0.0.0.0
no access-list access-list-number removes entire access-list

Router(config-if)#
ip access-group access-list-number

{ in | out }

Activates the list on an interface


Sets inbound or outbound testing
Default = Outbound
no ip access-group access-list-number removes access-list from the interface

Standard IP Access List


Example 1
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 permit 172.16.0.0 0.0.255.255


(implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0
255.255.255.255)

Standard IP Access List


Example 1
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 permit 172.16.0.0 0.0.255.255


(implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0
255.255.255.255)
interface ethernet 0
ip access-group 1 out
interface ethernet 1
ip access-group 1 out

Permit my network only

Standard IP Access List


Example 2
Non172.16.0.0

172.16.3.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 deny 172.16.4.13 0.0.0.0

Deny a specific host

Standard IP Access List


Example 2
Non172.16.0.0

172.16.3.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 deny 172.16.4.13 0.0.0.0


access-list 1 permit 0.0.0.0 255.255.255.255
(implicit deny all)
(access-list 1 deny 0.0.0.0
255.255.255.255)

Deny a specific host

Standard IP Access List


Example 2
Non172.16.0.0

172.16.3.0

172.16.4.0

S0
E0

E1

172.16.4.13

access-list 1 deny 172.16.4.13 0.0.0.0


access-list 1 permit 0.0.0.0 255.255.255.255
(implicit deny all)
(access-list 1 deny 0.0.0.0
255.255.255.255)
interface ethernet 0
ip access-group 1 out

Deny a specific host

Standard IP Access List


Example 3
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 deny 172.16.4.0 0.0.0.255


access-list 1 permit any
(implicit deny all)
(access-list 1 deny 0.0.0.0
255.255.255.255)

Deny a specific subnet

Standard IP Access List


Example 3
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 1 deny 172.16.4.0 0.0.0.255


access-list 1 permit any
(implicit deny all)
(access-list 1 deny 0.0.0.0
255.255.255.255)
interface ethernet 0
ip access-group 1 out

Deny a specific subnet

Control vty Access


With Access Class
1999, Cisco Systems, Inc.

www.cisco.com

10-494

Filter Virtual Terminal (vty)


Access to a Router
e0

console
Console port (direct connect)

0 1 2 34

Physical port e0 (Telnet)

Virtual ports (vty 0 through 4)

Five virtual terminal lines (0 through 4)


Filter addresses that can access into the
routers vty ports
Filter vty access out from the router

How to Control vty Access


e0

0 1 2 34
Physical port (e0) (Telnet)
Router#

Virtual ports (vty 0 through 4)

Setup IP address filter with standard access list


statement
Use line configuration mode to filter access with the
access-class command
Set identical restrictions on all vtys

Virtual Terminal Line


Commands
Router(config)#

line vty#{vty# | vty-range}

Enters configuration mode for a vty or vty range


Router(config-line)#

access-class access-list-number {in|out}

Restricts incoming or outgoing vty connections for


address in the access list

Virtual Terminal Access


Example
Controlling Inbound Access

access-list 12 permit 192.89.55.0


0.0.0.255
!
line vty 0 4
access-class 12 in

Permits only hosts in network 192.89.55.0 to connect to


the routers vtys

Configuring Extended
IP Access Lists
1999, Cisco Systems, Inc.

www.cisco.com

10-499

Standard versus External


Access List
Standard

Extended

Filters Based on
Source.

Filters Based on
Source and destination.

Permit or deny entire


TCP/IP protocol suite.

Specifies a specific IP
protocol and port number.

Range is 1 through 99

Range is 100 through 199.

Extended IP Access List


Configuration
Router(config)#
access-list access-list-number { permit | deny } protocol source
source-wildcard [operator port] destination destination-wildcard
[ operator port ] [ established ] [log]

Sets parameters for this list entry

Extended IP Access List


Configuration
Router(config)#
{ permit | deny
[operator port]
[ operator port

access-list access-list-number
} protocol source source-wildcard
destination destination-wildcard
] [ established ] [log]

Sets parameters for this list entry


Router(config-if)# ip access-group access-listnumber { in | out }

Activates the extended list on an interface

Extended Access List


Example 1
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21


access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20

Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0


Permit all other traffic

Extended Access List


Example 1
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21


access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
access-list 101 permit ip any any
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0


Permit all other traffic

Extended Access List


Example 1
172.16.3.0

Non172.16.0.0

S0
E0

E1

172.16.4.0
172.16.4.13

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21


access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
access-list 101 permit ip any any
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
interface ethernet 0
ip access-group 101 out

Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0


Permit all other traffic

Extended Access List


Example 2
172.16.3.0

Non172.16.0.0

172.16.4.0

S0
E0

E1

access-list 101 deny tcp 172.16.4.0

172.16.4.13

0.0.0.255

any eq 23

Deny only Telnet from subnet 172.16.4.0 out of E0


Permit all other traffic

Extended Access List


Example 2
172.16.3.0

Non172.16.0.0

172.16.4.0

S0
E0

E1

access-list 101 deny tcp 172.16.4.0


access-list 101 permit ip any any
(implicit deny all)

172.16.4.13

0.0.0.255

any eq 23

Deny only Telnet from subnet 172.16.4.0 out of E0


Permit all other traffic

Extended Access List


Example 2
172.16.3.0

Non172.16.0.0

172.16.4.0

S0
E0

E1

access-list 101 deny tcp 172.16.4.0


access-list 101 permit ip any any
(implicit deny all)

172.16.4.13

0.0.0.255

any eq 23

interface ethernet 0
ip access-group 101 out

Deny only Telnet from subnet 172.16.4.0 out of E0


Permit all other traffic

Using Named IP Access Lists


Feature for Cisco IOS Release 11.2 or later
Router(config)#

ip access-list { standard | extended } name

Alphanumeric name string must be unique

Using Named IP Access Lists


Feature for Cisco IOS Release 11.2 or later
Router(config)#

ip access-list { standard | extended } name

Alphanumeric name string must be unique


Router(config {std- | ext-}nacl)#

{ permit | deny } { ip access list test conditions }


{ permit | deny } { ip access list test conditions }
no { permit | deny } { ip access list test conditions }

Permit or deny statements have no prepended number


"no" removes the specific test from the named access list

Using Named IP Access Lists


Feature for Cisco IOS Release 11.2 or later
Router(config)# ip access-list { standard | extended } name

Alphanumeric name string must be unique


Router(config {std- | ext-}nacl)# { permit | deny }

{ ip access list test conditions }


{ permit | deny } { ip access list test conditions }
no { permit | deny } { ip access list test conditions }

Permit or deny statements have no prepended number


"no" removes the specific test from the named access list
Router(config-if)# ip access-group name { in | out }

Activates the IP named access list on an interface

Access List Configuration


Principles
Order of access list statements is crucial
Recommended: use a text editor on a TFTP server or use PC to
cut and paste

Top-down processing
Place more specific test statements first

No reordering or removal of statements


Use no access-list number command to remove entire access list
Exception: Named access lists permit removal of individual
statements

Implicit deny all


Unless access list ends with explicit permit any

Where to Place IP Access Lists


S0
E0

E0

S0
S1
S1

To0

Token
Ring

E0

E0

E1

Recommended:
Place extended access lists close to the source
Place standard access lists close to the destination

Verifying Access Lists


wg_ro_a#show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 10.1.1.11/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 1
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
<text ommitted>

Monitoring Access List


Statements
wg_ro_a#show {protocol} access-list {access-list number}
wg_ro_a#show access-lists {access-list number}
wg_ro_a#show access-lists
Standard IP access list 1
permit 10.2.2.1
permit 10.3.3.1
permit 10.4.4.1
permit 10.5.5.1
Extended IP access list 101
permit tcp host 10.22.22.1 any eq telnet
permit tcp host 10.33.33.1 any eq ftp
permit tcp host 10.44.44.1 any eq ftp-data

SILICON COMNET PVT `.LTD.

WAN PROTOCOLS

Typical WAN Encapsulation


Protocols: Layer 2
Leased Line

HDLC, PPP, SLIP

X.25, Frame Relay, ATM


Packet-switched

Service
Provider

PPP, SLIP, HDLC


Circuit-switched

Telephone
Company

HDLC Frame Format


Cisco HDLC
Flag

Address

Control

Proprietary

Data

FCS

Flag

Ciscos HDLC has a proprietary data field to support


multiprotocol environments
HDLC
Flag

Address

Control

Data

FCS

Supports only single protocol environments

Flag

HDLC Command
Router(config-if)#encapsulation hdlc

Enable hdlc encapsulation


HDLC is the default encapsulation on
synchronous serial interfaces

An Overview of PPP
Multiple protocol
encapsulations using
NCPs in PPP

TCP/IP
Novell IPX
AppleTalk

PPP Encapsulation

Link setup and control


using LCP in PPP

PPP can carry packets from several protocol suites using


Network Control Programs
PPP controls the setup of several link options using LCP

Layering PPP Elements


IP

IPX

IPCP

PPP

IPXCP

Layer 3 Protocols

Network
Layer

Many Others

Network Control Protocol

Data Link
Layer

Authentication, other options


Link Control Protocol
Synchronous or Asynchronous
Physical Media

Physical
Layer

PPPA data link with network-layer services

PPP LCP Configuration Options


Feature
Authentication

How It Operates

Protocol

Require a password

PAP
Perform Challenge Handshake CHAP

Compression

Compress data at source;


reproduce data at
destination

Stacker or
Predictor

Error
Detection

Monitor data dropped on link

Magic Number

Multilink

Load balancing across


multiple links

Avoid frame looping


Multilink
Protocol (MP)

PPP Authentication Overview


Dialup or
Circuit-Switched
Network

PPP Session Establishment


1
2
3

Link Establishment Phase


Optional Authentication Phase
Network-Layer Protocol Phase

Two PPP authentication protocols:


PAP and CHAP

Selecting a PPP Authentication


Protocol
Remote Router
(SantaCruz)

PAP
2-Way Handshake

Central-Site Router
(HQ)

santacruz, boardwalk

Accept/Reject
Hostname: santacruz
Password: boardwalk

username santacruz
password boardwalk

Passwords sent in clear text


Peer in control of attempts

Selecting a PPP Authentication


Protocol (cont.)
Remote Router
(SantaCruz)

CHAP
3-Way Handshake

Central-Site Router
(HQ)

Challenge

Response

Hostname: santacruz
Password: boardwalk

Accept/Reject

username santacruz
password boardwalk

Use secret known only to authenticator and


peer

Configuring PPP and


Authentication Overview
Verify who
you are.
Service
Provider

Authenticating Router

Router to Be Authenticated
(The router that initiated the call.)

(The router that received the


call.)
Enabling PPP

Enabling PPP

Enabling PPP Authentication

Enabling PPP Authentication

ppp encapsulation
hostname
username / password
ppp authentication

ppp encapsulation
hostname
username / password
ppp authentication

Configuring PPP

Router(config-if)#encapsulation ppp
Enable PPP encapsulation

Configuring PPP
Authentication
Router(config)#hostname name

Assigns a host name to your router


Router(config)#username name password password

Identifies the username and password of


authenticating router

Configuring PPP
Authentication
(cont.)
Router(config-if)#ppp authentication
{chap | chap pap | pap chap | pap}

Enables PAP and/or CHAP authentication

Configuring CHAP Example


Left
router

PSTN/ISDN

hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication CHAP

Right
router

hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP

Verifying HDLC and PPP


Encapsulation Configuration
Router#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:05, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
38021 packets input, 5656110 bytes, 0 no buffer
Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38097 packets output, 2135697 bytes, 0 underruns
0 output errors, 0 collisions, 6045 interface resets
0 output buffer failures, 0 output buffers swapped out
482 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

Verifying PPP Authentication with the


debug ppp authentication Command
Left
router

4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
changed

Service
Provider

Right
router

%LINK-3-UPDOWN: Interface Serial0, changed state to up


Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 CHAP: O CHALLENGE id 2 len 28 from left"
Se0 CHAP: I CHALLENGE id 3 len 28 from right"
Se0 CHAP: O RESPONSE id 3 len 28 from left"
Se0 CHAP: I RESPONSE id 2 len 28 from right"
Se0 CHAP: O SUCCESS id 2 len 4
Se0 CHAP: I SUCCESS id 3 len 4
dialer Protocol up for Se0
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
state to up

debug ppp authentication successful CHAP output

Frame Relay Overview


DCE or
Frame
Relay Switch
CSU/DSU

Frame Relay works here.

Virtual circuits make connections


Connection-oriented service

Frame Relay Stack


OSI Reference Model

Frame Relay

Application

Presentation
Session
Transport
Network

IP/IPX/AppleTalk, etc.

Data Link

Frame Relay

Physical

EIA/TIA-232,
EIA/TIA-449, V.35,
X.21, EIA/TIA-530

Frame Relay Terminology


PVC
DLCI: 100
DLCI: 200

LMI
100=Active
400=Active

DLCI: 400
Local Access
Loop=64 kbps

Local
Access
Loop=T1

PVC

DLCI: 500

Local Access
Loop=64 kbps

Frame Relay
Address Mapping
DLCI: 500

PVC

CSU/DSU

Inverse ARP or
Frame Relay map
Frame
Relay DLCI (500)

IP
(10.1.1.1)

Get locally significant DLCIs from provider


Map your network addresses to DLCIs

10.1.1.1

Frame Relay Signaling


DLCI: 500

PVC

10.1.1.1

CSU/DSU
LMI
500=Active
400=Inactive

DLCI: 400

PVC

Keepalive

Cisco supports three LMI standards:


Cisco
ANSI T1.617 Annex D
ITU-T Q.933 Annex A

Frame Relay Inverse ARP and


LMI Operation
1
DLCI=100
172.168.5.5

Frame Relay
Cloud

DLCI=400

172.168.5.7

Frame Relay Inverse ARP and


LMI Operation
1
DLCI=100
172.168.5.5

Status Inquiry

Frame Relay
Cloud

DLCI=400

172.168.5.7
Status Inquiry

Frame Relay Inverse ARP and


LMI Operation
1

Frame Relay
Cloud

DLCI=100

DLCI=400

172.168.5.5

172.168.5.7

Status Inquiry

Local DLCI 100=Active

Status Inquiry

34

Local DLCI 400=Active

Frame Relay Inverse ARP and


LMI Operation
1

Frame Relay
Cloud

DLCI=100

DLCI=400

172.168.5.5

172.168.5.7

Status Inquiry

Local DLCI 100=Active

Status Inquiry

34

Hello, I am 172.168.5.5 on DLCI 100. who r u ?

Local DLCI 400=Active

Frame Relay Inverse ARP and


LMI Operation (cont.)
DLCI=100

Frame Relay
Cloud

DLCI=400
172.168.5.7

172.168.5.5

Frame Relay Map


172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7 on DLCI 400.

Frame Relay Map


172.168.5.7 DLCI 100 Active

5
4

Frame Relay Inverse ARP and


LMI Operation (cont.)
DLCI=100

Frame Relay
Cloud

DLCI=400
172.168.5.7

172.168.5.5

Frame Relay Map


172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7.

5
6

Frame Relay Map


172.168.5.7 DLCI 100 Active
Hello, I am 172.168.5.5 on DLCI 100.

5
4

Frame Relay Inverse ARP and


LMI Operation (cont.)
DLCI=100

Frame Relay
Cloud

DLCI=400
172.168.5.7

172.168.5.5

Frame Relay Map


172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7.

5
6
7

5
4

Frame Relay Map


172.168.5.7 DLCI 100 Active
Hello, I am 172.168.5.5.
Keepalives

Keepalives

Configuring Basic Frame Relay


Rel. 11.2 Router
HQ

interface Serial1
ip address 10.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64

Rel. 10.3 Router


Branch

interface Serial1
ip address 10.16.0.2 255.255.255.0
encapsulation frame-relay
bandwidth 64
frame-relay lmi-type ansi

Configuring Basic Frame Relay


(cont.)
Rel. 11.2 Router
HQ

Rel. 10.3 Router


Branch

interface Serial1
interface Serial1
ip address 10.16.0.2 255.255.255.0
ip address 10.16.0.1 255.255.255.0
encapsulation frame-relay
encapsulation frame-relay
bandwidth 64
bandwidth 64
frame-relay lmi-type ansi

Inverse ARP
Enabled by default
Does not appear in configuration output

Configuring a Static Frame


Relay Map
DLCI=110
IP address=10.16.0.1/24

p1r1
HQ

Branch
DLCI=100
IP address=10.16.0.2/24

interface Serial1
ip address 10.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64
frame-relay map ip 10.16.0.2 110 broadcast

Verifying Frame Relay


Operation
Router#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
<Output omitted>

Displays line, protocol, DLCI, and LMI information

Verifying Frame Relay


Operation (cont.)
Router#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100
Num Update Status Rcvd 0 Num Status Timeouts 0

Displays LMI information

Verifying Frame Relay


Operation (cont.)
Router#show frame-relay pvc 100

PVC Statistics for interface Serial0 (Frame Relay DTE)


DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 28
output pkts 10
in bytes 8398
out bytes 1198
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 10
out bcast bytes 1198
pvc create time 00:03:46, last time pvc status changed 00:03:47

Displays PVC traffic statistics

Verifying Frame Relay


Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active

Displays the route maps, either static or dynamic

Verifying Frame Relay


Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
Router#clear frame-relay-inarp
Router#sh frame map
Router#

Clears dynamically created Frame Relay maps

Verifying Frame Relay


Operation (cont.)
Router#debug Frame lmi
Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
Router#
1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8C 8B
1w2d:
1w2d: Serial0(in): Status, myseq 140
1w2d: RT IE 1, length 1, type 1
1w2d: KA IE 3, length 2, yourseq 140, myseq 140
1w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8D 8C
1w2d:
1w2d: Serial0(in): Status, myseq 142
1w2d: RT IE 1, length 1, type 0
1w2d: KA IE 3, length 2, yourseq 142, myseq 142
1w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0

Displays LMI debug information

Selecting a Frame Relay


Topology

Full Mesh

Partial Mesh
Star (Hub and Spoke)

Frame Relay default: nonbroadcast, multiaccess (NMBA)

Reachability Issues with


Routing Updates
Routing
Update
AA

1
2

B
C

Problem:
Broadcast traffic must be replicated for
each active connection

Resolving Reachability Issues


Logical Interface
S0.1
S0.2
S0.3

Physical
Interface Subnet A
S0
Subnet B

Subnet C

Solution:
Split horizon can cause problems in NBMA environments
Subinterfaces can resolve split horizon issues
A single physical interface simulates multiple logical interfaces

Configuring Subinterfaces
Point-to-Point
Subinterfaces act as leased line
Each point-to-point subinterface requires its own subnet
Applicable to hub and spoke topologies

Multipoint
Subinterfaces act as NBMA network so they do not resolve the split
horizon issue
Can save address space because uses single subnet
Applicable to partial-mesh and full-mesh topology

Configuring Point-to-Point
Subinterfaces
10.17.0.1
s0.2
A

DLCI=110

s0.3
10.18.0.1

interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.2 point-to-point
ip address 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 110
!
interface Serial0.3 point-to-point
ip address 10.18.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 120
!

10.17.0.2
B

10.18.0.2
C

Multipoint Subinterfaces
Configuration Example
B

s2.2=10.17.0.1/24

s2.1=10.17.0.2/24

DLCI=130
RTR1

RTR3

s2.1=10.17.0.3/24
interface Serial2
no ip address
encapsulation frame-relay
!
interface Serial2.2 multipoint
ip address 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.17.0.2 120
broadcast
frame-relay map ip 10.17.0.3 130
broadcast
frame-relay map ip 10.17.0.4 140
broadcast

RTR4

s2.1=10.17.0.4/24

2002, Cisco Systems, Inc. All rights reserved.

OSPF Overview
2000, Cisco Systems, Inc.

www.cisco.com

4-562

What Is OSPF?

Has fast convergence


Supports VLSM
Processes updates efficiently
Selects paths based on bandwidth
Supports equal-cost multipath

OSPF in IP Packets
89 - OSPF
6 - TCP
17 - UDP
Frame Payload

Frame
Header

IP
Header

Protocol
Number

Packet Payload

OSPF is a link-state routing protocol


Relies on IP packets for delivery of routing
information
Uses protocol number 89

C
R
C

OSPF
Terminology
2000, Cisco Systems, Inc.

www.cisco.com

4-565

OSPF Terminology

Interfaces

Token
Ring

OSPF Terminology
Neighbors
Interfaces

Token
Ring

OSPF Terminology
Neighbors
Interfaces

Cost = 10
Token
Ring

Cost = 1785

Cost = 6

OSPF Terminology
Neighbors
Interfaces

Area 1

Cost = 10

Area 0
Token
Ring

Cost = 1785

Cost = 6

OSPF Terminology
Autonomous System

Neighbors
Interfaces

Area 1

Cost = 10

Area 0
Token
Ring

Cost = 1785

Cost = 6

OSPF Terminology
Autonomous System

Neighbors
Interfaces

Area 1

Cost = 10

Area 0
Token
Ring

Cost = 1785

Cost = 6

Neighborship
Database
Lists Neighbors

OSPF Terminology
Autonomous System

Neighbors
Interfaces

Area 1

Cost = 10

Area 0
Token
Ring

Cost = 1785

Cost = 6

Neighborship
Database
Lists Neighbors

Topology
Database
Lists All Routes

OSPF Terminology
Autonomous System

Neighbors
Interfaces

Area 1

Cost = 10

Area 0
Token
Ring

Cost = 1785

Cost = 6

Neighborship
Database
Lists Neighbors

Topology
Database
Lists All Routes

Routing
Table
Lists Best Routes

OSPF Operation

2000, Cisco Systems, Inc.

www.cisco.com

4-574

OSPF Topologies
Broadcast
Multiaccess

Point-to-Point

NBMA

X.25
Frame Relay

OSPF Operation in a
Broadcast Multiaccess
Topology

2000, Cisco Systems, Inc.

www.cisco.com

4-576

Neighborship
D

Hello

afadjfjorqpoeru
39547439070713

Router ID
Hello/dead intervals
Neighbors
Area-ID
Router priority
DR IP address
BDR IP address
Authentication password
Stub area flag

Hello

* Entry must match on neighboring routers

Neighborship (cont.)
D

Hello

afadjfjorqpoeru
39547439070713

Router ID
Hello/dead intervals
Neighbors
Area-ID
Router priority
DR IP address
BDR IP address
Authentication password
Stub area flag

Hello

* Entry must match on neighboring routers

DR and BDR
DR

BDR

Hellos elect DR and BDR to represent segment


Each router then forms adjacency with DR and
BDR

Electing the DR and BDR


P=3

P=2

DR

BDR

Hello

P=1

P=1

P=0

Hello packets exchanged via IP multicast


Router with highest OSPF priority elected

Exchange Process
A

172.16.5.1/24
E0

172.16.5.2/24
E1

Down State

Exchange Process
A

172.16.5.1/24
E0

172.16.5.2/24
E1

Down State

I am router ID 172.16.5.1 and I see no one.


Init State

Router B
Neighbors List
172.16.5.1/24, int E1

Exchange Process
A

172.16.5.1/24
E0

172.16.5.2/24
E1

Down State

I am router ID 172.16.5.1 and I see no one.


Init State

Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.

Exchange Process
A

172.16.5.1/24
E0

172.16.5.2/24
E1

Down State

I am router ID 172.16.5.1 and I see no one.


Init State

Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.
Router A
Neighbors List
172.16.5.2/24, int E0
Two-Way State

Discovering Routes
DR
E0

E0
172.16.5.1
afadjfjorqpoeru
39547439070713

Hello

172.16.5.3
Exstart State

I will start exchange because I have router ID 172.16.5.1.

No, I will start exchange because I have a


higher router ID.

afadjfjorqpoeru
39547439070713

Hello

Discovering Routes
DR
E0

E0
172.16.5.1
afadjfjorqpoeru
39547439070713

Hello

172.16.5.3
Exstart State

I will start exchange because I have router ID 172.16.5.1.

No, I will start exchange because I have a


higher router ID.
Exchange State

Here is a summary of my link-state database.

afadjfjorqpoeru
39547439070713

Hello
afadjfjorqpoeru
39547439070713

DBD

afadjfjorqpoeru
39547439070713

DBD

Here is a summary of my link-state database.

Discovering Routes (cont.)


DR
E0
172.16.5.1

E0
172.16.5.3

afadjfjorqpoeru
39547439070713

LSAck

afadjfjorqpoeru
39547439070713

Thanks for the information!

LSAck

Discovering Routes (cont.)


DR
E0
172.16.5.1

E0
172.16.5.3

afadjfjorqpoeru
39547439070713

afadjfjorqpoeru
39547439070713

LSAck

Thanks for the information!

LSAck

Loading State

afadjfjorqpoeru
39547439070713

LSR

I need the complete entry for network 172.16.6.0/24.


afadjfjorqpoeru
39547439070713

Here is the entry for network 172.16.6.0/24.


afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

LSU

Discovering Routes (cont.)


DR
E0
172.16.5.1

E0
172.16.5.3

afadjfjorqpoeru
39547439070713

afadjfjorqpoeru
39547439070713

LSAck

Thanks for the information!

LSAck

Loading State

afadjfjorqpoeru
39547439070713

LSR

I need the complete entry for network 172.16.6.0/24.


afadjfjorqpoeru
39547439070713

Here is the entry for network 172.16.6.0/24.


afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!


Full State

LSU

Choosing Routes
10.1.1.0/24
A

Token
Ring

10.2.2.0/24
B

FDDI

10.3.3.0/24
C

Cost=6

Cost=1
Cost=10
10.4.4.0/24
Topology Table
Net
Cost Out Interface
10.2.2.0 6
To0
10.3.3.0 7
To0
This is the best route to 10.3.3.0.
10.3.3.0 10
E0

Maintaining Routing Information


Link-State Change
DR

1 LSU
A

Router A tells all OSPF DRs on 224.0.0.6

Maintaining Routing Information


2

Link-State Change
LSU

DR

1 LSU
A

Router A tells all OSPF DRs on 224.0.0.6


DR tells others on 224.0.0.5

Maintaining Routing Information


2

Link-State Change
LSU

DR

1 LSU
A

3
LSU

Router A tells all OSPF DRs on 224.0.0.6


DR tells others on 224.0.0.5

Maintaining Routing Information


2

Link-State Change
LSU

DR

4 I need to update
my routing table.

1 LSU
A

3
LSU

Router A tells all OSPF DRs on 224.0.0.6


DR tells others on 224.0.0.5

Maintaining Routing Information


(cont.)
LSU
LSA

Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
Run SPF to calculate
new routing table
End

Maintaining Routing Information


(cont.)
LSU
LSA

Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
Run SPF to calculate
new routing table
End

Yes

Is seq. #
the same?

Ignore LSA
Yes

Maintaining Routing Information


(cont.)
LSU
LSA

Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
Run SPF to calculate
new routing table
End

Yes

Is seq. #
the same?
No
Is seq. #
higher?
No
Send LSU
with newer
information to
source

End

Ignore LSA
Yes

Maintaining Routing Information


(cont.)
LSU
LSA

Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
Run SPF to calculate
new routing table
End

Yes

Is seq. #
the same?

Ignore LSA
Yes

No
Is seq. #
higher?
No
Send LSU
with newer
information to
source

End

Yes

Go
to
A

OSPF Operation in a
Point-to-Point Topology
2000, Cisco Systems, Inc.

www.cisco.com

4-599

Point-to-Point Neighborship

Router dynamically detects its neighboring router


using the Hello protocol
No election: Adjacency is automatic as soon as
the two routers can communicate
OSPF packets are always sent as multicast
224.0.0.5

Configuring OSPF
in a Single Area
2000, Cisco Systems, Inc.

www.cisco.com

4-601

Configuring OSPF on Internal


Routers
Broadcast Network
E0

Point-to-Point Network
S0

10.64.0.2

10.64.0.1

E0

<Output Omitted>
interface Ethernet0
ip address 10.64.0.1 255.255.255.0
!
<Output Omitted>
router ospf 1
network 10.0.0.0 0.255.255.255 area 0

10.2.1.2

10. 2.1.1
S1

<Output Omitted>
interface Ethernet0

ip address 10.64.0.2 255.255.255.0


!
interface Serial0
ip address 10.2.1.2 255.255.255.0
<Output Omitted>

router ospf 50
network 10.2.1.2 0.0.0.0 area 0
network 10.64.0.2 0.0.0.0 area 0

Can Assign Network or


Interface Address.

Configuring Optional
Commands
Unadvertised Loopback Address
Ex: 192.168.255.254
Not in OSPF table
Saves address space
Cannot use ping

Advertised Loopback Address


Ex: 172.16.17.5
In OSPF table
Uses address space
Can use ping

Network
172.16.0.0

Router ID:
Number by which the router is known to OSPF
Default: The highest IP address on an active interface at the
moment of OSPF process startup
Can be overridden by a loopback interface: Highest IP address of
any active loopback interface

Configuring Optional
Commands (cont.)
Traffic
Token
Ring

Cisco

Non-Cisco

Router(config-if)#

ip ospf cost cost

Assigns a cost to an outgoing interface


May be required for interoperability
Use default cost between Cisco devices

Verifying OSPF
Operation
2000, Cisco Systems, Inc.

www.cisco.com

4-605

Verifying OSPF Operation


Router#

show ip protocols

Verifies that OSPF is configured


Router#

show ip route

Displays all the routes learned by the router


Router#

show ip ospf interface

Displays area ID and adjacency information

Verifying OSPF Operation (cont.)


Router#

show ip ospf

Displays
OSPF timers and statistics
Router#
show ip ospf neighbor detail

Displays information about DR, BDR


Router#
and
neighbors
show ip ospf database

Displays the link-state database

Verifying OSPF Operation (cont.)


Router#

clear ip route *

Allows you to clear the IP routing table


Router#

debug ip ospf option

Displays router interaction during the


hello, exchange, and flooding processes

show ip ospf interface


R2#sh ip ospf int e0
Ethernet0 is up, line protocol is up
Internet Address 192.168.0.12/24, Area 0
Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST,
Cost: 10
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 192.168.0.11, Interface address
192.168.0.11
Backup Designated router (ID) 192.168.0.13, Interface address
192.168.0.13
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:04
Neighbor Count is 3, Adjacent neighbor count is 2
Adjacent with neighbor 192.168.0.13 (Backup Designated Router)
Adjacent with neighbor 192.168.0.11 (Designated Router)
Suppress hello for 0 neighbor(s)

show ip ospf neighbor


Multiaccess and Point-toPoint
Neighbor ID
192.168.0.13
192.168.0.14
192.168.0.11
192.168.0.12

Pri
1
1
1
1

State
2WAY/DROTHER
FULL/BDR
2WAY/DROTHER
FULL/DR

Dead Time
00:00:31
00:00:38
00:00:36
00:00:38

Address
192.168.0.13
192.168.0.14
192.168.0.11
192.168.0.12

Interface
Ethernet0
Ethernet0
Ethernet0
Ethernet0

OSPF over Ethernet - Multiaccess Network

Neighbor ID
192.168.0.11

Pri
1

State
FULL/

Dead Time
00:00:39

Address
10.1.1.2

OSPF over HDLC - Point-to-Point Network

Interface
Serial1

show ip ospf database


R2#show ip ospf database
OSPF Router with ID (192.168.0.12) (Process ID 1)

Router Link States (Area 0)


Link ID
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14

ADV Router
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14

Age
817
817
816
816
817

Seq#
0x80000003
0x80000003
0x80000003
0x80000003
0x80000003

Checksum
0xFF56
0xFD55
0xFB54
0xF953
0xD990

Net Link States (Area 0)


Link ID
192.168.0.14

ADV Router
192.168.0.14

Age
812

Seq#
0x80000002

Checksum
0x4AC8

Link count
1
1
1
1
1

debug ip ospf adj


192.168.0.14 on Ethernet0, state 2WAY
OSPF: end of Wait on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.14
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id)
BDR: 192.168.0.14 (Id)
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32
state EXSTART
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92
state EXCHANGE
OSPF: Exchange Done with 192.168.0.14 on Ethernet0
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32
OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULL
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.13
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id)
BDR: 192.168.0.13 (Id)

2002, Cisco Systems, Inc. All rights reserved.

NAT
(NETWORK ADDRESS
TRANSLATION)

Private Addresses
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255

WHY WE NEED NAT ?


Organizations use Private Addresses in their
internal networks.
These addresses will never appear in the
global routing table on any public network.
But if these address are not routable on
public networks how hosts from these internal
networks are able to communicate across the
internet?

WHY WE NEED NAT ?


NAT is a concept which translates layer
three addresses, so it is implemented on
layer three devices.
NAT is used to translate these private
addresses into public addresses.

NAT
NAT is used when a packet is traversing
from one network to another and when the
source address on the transmitting
network is not legal or valid on the
destination network i.e, when a source
corresponds to a private address.

USE NAT IF

You need to connect to the Internet and


your hosts do not have globally unique IP
addresses
You change over to a new ISP that requires
you to renumber your network
Hide intranet addressing information from
outside world.

NAT Operation
Inside

10.1.1.1

Internet

10.1.1.2

Inside Local
IP Address

Inside Global
IP Address

10.1.1.1
10.1.1.2

192.168.2.2
192.168.2.3

NAT table

Addresses used in NAT


Inside local Address of a host on
the private side of the network.
Inside Global Public address into
which the inside local address will be
translated.

Addresses used in NAT

Outside Global Address of a host


that resides on the public network and
a routable IP address.
Outside Local Address used to
translate an outside global IP
address. This may or may not be a
registered IP address, but it must be
routable on the inside network.

TYPES OF NAT
STATIC NAT
DYNAMIC NAT
DYNAMIC NAT WITH OVERLOAD (PATPort Address Translation)

Translating Inside Local


Addresses
(Static
NAT)
Inside
4

DA
192.168.2.2

10.1.1.3

DA
10.1.1.1

Host B
172.20.7.3

SA
192.168.2.2

Internet

10.1.1.2
10.1.1.2
SA
10.1.1.1

10.1.1.1

2 NAT table
Inside Local
IP Address

10.1.1.3
10.1.1.2
10.1.1.1

Inside Global
IP Address

192.168.2.4
192.168.2.3
192.168.2.2

Overloading Inside Global


Addresses
(PAT)
Inside
4

DA
192.168.2.2

10.1.1.3

Host B
172.20.7.3

DA
10.1.1.1

SA
192.168.2.2

Internet
10.1.1.2

1
SA
10.1.1.1

10.1.1.1

2 NAT table
Protocol

TCP
TCP
TCP

Inside Local IP
Address

10.1.1.3
10.1.1.2
10.1.1.1

Inside Global IP
Address: Port

DA
192.168.2.2

Host C
172.21.7.3
Outside Global
IP Address: Port

192.168.2.2:1492 172.21.7.3:23
192.168.2.2:1723 172.21.7.3:23
192.168.2.2:1024 172.20.7.3:23

Static NAT Configuration


Example
ip nat inside source static 10.1.1.1 192.168.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!

This interface
connected to
the inside
network.

This
interface
connected to
the outside
world.

Maps the inside local address to the inside global address.

Dynamic NAT Configuration


ip nat pool test 192.168.2.1 192.168.2.254
netmask 255.255.255.0
ip nat inside source list 1 pool test
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
!

This interface
connected to
the inside
network.
This interface
connected to
the outside
world.

Translate between inside hosts addressed from 10.1.1.0/24 to


the globally unique 192.168.2.0/24 network.

Configuring Inside Global


Address Overloading
ip nat pool test 192.168.2.1 192.168.2.2
netmask 255.255.255.0
ip nat inside source list 1 pool test overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255

2002, Cisco Systems, Inc. All rights reserved.

ISDN
(INTEGRATED SERVICES
DIGITAL NETWORK)

What is ISDN?
Small office
Digital
PBX

Provider
network

Telecommuter

Home office
Central site

Voice, data, video, and special services

ISDN Standards
Issue

Protocol

Telephone
Network and
ISDN
ISDN Concepts,
Aspects, and
Interfaces
Switching and
Signaling

Key Examples

E-Series

E.163International Telephone
Numbering Plan
E.164International ISDN Addressing

I-Series

I.100 SeriesConcepts, Structures,


Terminology
I.400User-Network Interfaces (UNIs)

Q-Series

Q.921LAPD (Link Access Procedure


on the D channel)
Q.931ISDN Network Layer between
Terminal and Switch

Standards from the ITU (formerly CCITT)

ISDN Access Options


Channel

Capacity

Mostly Used for

64 kbps

16/64 kbps Signaling information (LAPD)

Circuit-switched data (HDLC, PPP)

NT1

BRI

Service
provider
network

D 2B

PRI

CSU/DSU

D 23 or 30B

BRI and PRI are used globally for ISDN

BRI Call Processing

ISDN
service provider

4
ISDN
Switch

ISDN
Switch
2

SS7

B channel(s)
D channel/SS7 signaling

ISDN Functions and


Reference Points
Local
loop

TE1

NT2 T NT1

ISDN Terminal

TE2
Existing
Terminal

Service
provider
network

TA
Terminal
Adapter

Functions are devices or


hardware
Reference points are
demarcations or interfaces

Cisco ISDN BRI Interfaces


Native ISDN interfaceint bri 0
bri 0

TE1

Service
provider
network

NT1

S/T

bri 0

TE1 U
NT1

TE2

S0

TA

S/T

NT1

Nonnative ISDN interfaceint serial 0


(EIA/TIA-232, V.35, X.21)

ISDN Switch Types


S

CO

S
S

S
S

S
S

CO

Many providers and switch types

Services vary by regions and countries

Configuring ISDN BRI


Step 1: Specify the ISDN switch type
Router(config)#isdn switch-type switch-type
Router(config-if)#isdn switch-type switch-type

Specifies the type of ISDN switch with


which the router communicates
Other configuration requirements vary for specific
providers

Configuring ISDN BRI (cont.)


Step 2: (Optional) Setting SPIDs
Router(config-if)#isdn spid1 spid-number [ ldn ]

Sets a B channel SPID required by many service


providers
Router(config-if)#isdn spid2 spid-number [ ldn ]

Sets a SPID for the second B channel

What Is Dial-on-Demand
Routing?
Dallas

Corporate
PSTN

Chicago
I need to send
data to Dallas.

ISDN

Connect when needed


Disconnect when finished
ISDN or PSTN

When to Use DDR

Telecommuter
Headquarters
Vendor

Periodic connections
Small amounts of data

Generic DDR Operation


Interesting
packet arrives

DCE

1. Route to destination is determined

Generic DDR Operation


Interesting
packet arrives

DCE

1. Route to destination is determined


2. Interesting packets dictate DDR call

Generic DDR Operation


Interesting
packet arrives
Dial connection
DCE

ISDN or
Basic
Service

1. Route to destination is determined


2. Interesting packets dictate DDR call
3. Dialer information is looked up

Generic DDR Operation


Interesting
packet arrives
Dial connection
DCE

ISDN or
Basic
Service

1. Route to destination is determined


2. Interesting packets dictate DDR call
3. Dialer information is looked up
4. Traffic is transmitted
5. Call is terminated

Configuring Legacy DDR


Interesting
packet arrives

DCE

Define static routesWhat route do I use?

Configuring Legacy DDR


Interesting
packet arrives

DCE

1
2

Define static routesWhat route do I use?


Specify interesting trafficWhat traffic
enables the link?

Configuring Legacy DDR


Interesting
packet arrives
Dial connection
DCE

1
2
3

ISDN or
Basic
Service

Define static routesWhat route do I use?


Specify interesting trafficWhat traffic
enables the link?
Configure the dialer informationWhat
number do I call?

Task 1: Defining Static Routes


(Route to Destination)
Subnet
10.40.0.0

10.1.0.1

Home

bri 0
5551000

10.1.0.2

ISDN

bri 0
5552000

Central

Subnets
10.10.0.0
10.20.0.0

ip route 10.40.0.0 255.255.0.0 10.1.0.1

Specify address of
next hop router
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2

Network prefix
and prefix mask

Task 2: Specifying Interesting Traffic


(What Enables the Connection?)
Without Access Lists
dialer-list 1 protocol ip permit

Any IP traffic will initiate the link


With Access Lists (for better control)
dialer-list 1 protocol ip list 101
access-list 101 deny tcp any any eq ftp
access-list 101 deny tcp any any eq telnet
access-list 101 permit ip any any

Deny FTP
Deny Telnet

Any IP traffic, except FTP and Telnet, will initiate the link

Task 3: Configuring the


Dialer Information
hostname Home
!
isdn switch-type basic-5ess
!
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
dialer-group 1
no fair-queue
ppp authentication chap
!
router rip
network 10.0.0.0
!
no ip classless
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
!
dialer-list 1 protocol ip permit

Applies rules
defined by dialerlist to individual
interfaces

Both values
must match

Task 3: Configuring the


Dialer Information (cont.)
How do I get to
subnetwork 10.10.0.0?
10.1.0.1

Home

bri 0
5551000

10.1.0.2

ISDN

bri 0
5552000

Central

interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
dialer-group 1
no fair-queue
ppp authentication chap

Subnets
10.10.0.0
10.20.0.0

Number to dial

Remote host name


Used for PPP CHAP

Legacy DDR Configuration


Tasks Summarized

1
2

hostname Home
!
isdn switch-type basic-5ess
!
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
dialer-group 1
no fair-queue
ppp authentication chap
!
router rip
network 10.0.0.0
!
no ip classless
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
dialer-list 1 protocol ip permit
!

Optional Legacy DDR


Commands
Router(config-if)#dialer load-threshold load
[ outbound | inbound | either ]

Establishes the amount of traffic on link before


a second link is enabled
Router(config-if)#dialer idle-timeout seconds

Establishes the idle time before disconnect

Legacy DDR Using ACLs


Configuration Example
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq telnet
dialer-list 1 list 101
!
ip route 192.168.12.0 255.255.255.0
10.108.126.2
ip route 192.168.14.0 255.255.255.0
10.108.126.2
!
interface bri 0
ip address 10.108.126.1 255.255.255.0
dialer-group 1
dialer map ip 10.108.126.2 name B 5551234
!
dialer idle-timeout 300

10.108.126.1

10.108.126.2

ISDN

Access list defining


interesting packets
on Cisco A

Static routes to
reach destination
Interface
configuration for
DDR
Time to wait
before dropping
call
Subnets
192.168.12.0
192.168.14.0

Verifying Legacy DDR and


ISDN Operation
Router#ping or telnet

Triggers a link (assuming it is part


of interesting traffic)

Router#show dialer

Displays current status of link, including


amount of time link is connected

Router#show isdn active

When using ISDN, displays call


status while call is in progress

Router#show isdn status

Displays the status of an ISDN


connection

Router#show ip route

Displays all routes, including static


routes

Verifying Legacy DDR and


ISDN Operation (cont.)
Router#debug isdn q921

Shows ISDN layer 2 messages

Router#debug isdn q931

Shows ISDN call setup and


teardown activity

Router#debug dialer

Shows call setup and teardown


activity

Router(config-if)#shutdown

Clears currently established


connections from the interface

2002, Cisco Systems, Inc. All rights reserved.

Understanding LAN
Switching

What is Switching ?
It breaks the Collision Domain
It takes the packet and forwards to destined
port without any modification.
Network still remains in one large Broadcast
Domain.
It increases bandwidth of the network.
Multiple devices can be connected to each
interface.

Collision Domain
All the computers which are physically
connected together and can collide with each
other are part of a single Collision Domain.
To reduce collision increase collision domain
Reducing Collision Domain will increase
collision.

Switching Technology
To understand Switching Technology we
need to understand the following :
Layer 2 Switching
Address Learning
Forward/Filtering Decisions
Loop Avoidance
Spanning-Tree Protocol
LAN Switch Types

Hubs Addressed Many of


These Problems
Ethernet

10

Hub

All nodes share 10 Mbps


One device sending at a time

Ethernet concentrator
Self-contained Ethernet
LAN in a box
Works at physical layer 1

Collisions: Telltale Signs

CRASH
Hub

I could have walked to


Finance by now.
I knew I should have
stayed home.
File transfers take
forever.

Sluggish network response


Increasing user complaints

Im waiting all the time.

Hub-Based LANs

10BaseT
Hub

10BaseT
Hub

Shared resources
Desktop connections wired to
centralized closets
Poor security within shared
segments
Routers provide scalability
Adds, moves, and changes
are easier than without hubs,
but still a hassle
Groups of users determined
by
physical location

SwitchesLayer 2
Switched Ethernet

10

Ethernet
Switch

Each Node has


10 Mbps
Multiple devices sending at the same time

Backbone

Switches versus Hubs


Hub

Ethernet

10

One device
sending at
a time
All nodes share 10 Mbps

Ethernet
Switch

Backbone

Each node has 10 Mbps

Switched Ethernet

10

Multiple
devices
sending at the
same time

Todays LANs

10/100
Switch

10/100
Switch

10-Mbps
Hub

Mostly switched
resources; few
shared
Routers provide
scalability
Groups of users
determined by
physical location

LAN Switching Basics

1999, Cisco Systems, Inc.

www.cisco.com

Layer 2 Switching
This is hardware based switching
It uses MAC address to filter the network.
To build Filter Table, it uses ASICs (Applicationspecific Integrated Circuits)
It is like Multiport bridge.
Layer 2 switches do not look at the Network layer
header and hence faster.
Based on hardware address it decides whether to
forward the packet or drop it.

Layer 2 Switching
Layer 2 Switching provides the following:
Hardware-based bridging (MAC)
Wire speed
Layer 2 switch is considered faster because no
modification in the packet.

Low Latency
Because the switching is faster

Low cost

LAN Switching Basics


Enables dedicated
access
Eliminates collisions
and increases
capacity
Supports multiple
conversations at the
same time

Functions of Switch
at Layer 2

There are three main functions at Layer2


Address Learning
Forward / Filter Decisions

Loop Avoidance

Address Learning
Switches and Bridges remember the source address of each frame
received on an interface and enter this information into MAC
database.
Whenever switch receives a packet it makes an entry of the
source address and sends a broadcast for destination.
- The destination machine then responds to broadcast and switch
receives a packet from destination.
Switch again makes entry for the destination machines
hardware address.
Using this method Switch maintains a table stating that which
hardware address is available at which port.

Forward / Filter Decisions


When a frame is received on an interface, the
switch looks at the destination hardware address
and finds the exit interface in the MAC database.
When a frame is reached to the switch the destination
port is checked in MAC database to find out the exit
interface.
If found the packet will be forwarded to the mentioned port
If not found the Broadcast is sent on all the ports and the exit
port for this particular address is determined.

Broadcast / Unicast
When packets are sent to a specific
machine that is called Unicast.
It always knows the destination address

When packets are sent to all that is called


Broadcast.
It the destination address will be all 1s.

Loop Avoidance
If multiple connections between switches are
created for redundancy, network loops can occur.
Most commonly networks are implemented with
redundant links for fault tolerance purpose.
These multiple links may cause loops and broadcast
storm
In a switched network some scheme should be
implemented to avoid these loops.
The Spanning-Tree Protocol (STP) is used to stop
network loops and allow redundancy.

LAN Switch Operation


Forwards packets based
on a forwarding table

10 Mbps

Forwards based on the MAC


(Layer 2) address

Operates at OSI Layer 2


Learns a stations location
by examining source
address

C
3

Data from A to B

10 Mbps
4
B

Interface

1
Stations

Sends out all ports when


destination address is
broadcast, or unknown address
Forwards when destination is
located on different interface

LAN Switch Operation


Forwards packets based
on a forwarding table

10 Mbps

Forwards based on the MAC


(Layer 2) address

Operates at OSI Layer 2


Learns a stations location
by examining source
address

C
3

1
10 Mbps

4
B
Interface

1
Stations

Sends out all ports when


destination address is
broadcast,or unknown address
Forwards when destination is
located on different interface

3
X

LAN Switch Operation


Forwards packets based
on a forwarding table

Data from A to B

10 Mbps

Forwards based on the MAC


(Layer 2) address

Operates at OSI Layer 2


Learns a stations location
by examining source
address

C
3

1
Data from
to B
10AMbps

Interface

Stations

1
A

3
X

Data from A to B

Sends out all ports when


destination address is
broadcast, or unknown address
Forwards when destination is
located on different interface

4
B

LAN Switch Operation


Forwards packets based
on a forwarding table

10 Mbps

Forwards based on the MAC


(Layer 2) address

Operates at OSI Layer 2


Learns a stations location
by examining source
address

C
2

Interface

1
A
B

X
X

Data from B to A

10 Mbps

Stations

Sends out all ports when


destination address is
broadcast,or unknown address
Forwards when destination is
located on different interface

4
B

LAN Switch Operation


Forwards packets based
on a forwarding table

10 Mbps

Forwards based on the MAC


(Layer 2) address

Operates at OSI Layer 2


Learns a stations location
by examining source
address

C
3

1
10 Mbps

Data from B to A

4
B
Interface

1
Stations

Sends out all ports when


destination address is
broadcast,or unknown address
Forwards when destination is
located on different interface

A
B

X
X

LAN Switch Types

Switching type basically effects the Latency and the reliability of your
network.

There are three Switching Types:


Store and Forward
Cut-through
FragmentFree

Store and Forward


It is default in Routers & Bridges
In this method the entire data is first stored,
processed for errors, if it is found error free, it
is forwarded otherwise returned.
Uses CRC for error checking.
Latency is high in this case but it is extremely
reliable.
Latency : Time involved in sending the data from
one node to another.

Cut-Through
(Real
Time)
Cut-Through switching is the fastest one, because it
does not check for errors.
It does not store data and process for error.
It just reads the destination address and forwards it.
It begins to forward the frame as soon as it reads the
destination address and determines the outgoing
interface.
It has Lowest Latency and not reliable.
Hence it is also called Wire Speed Switching.

FragmentFree (Modified CutThrough)


It provides us both Low latency as well as Speed.
It is a modified form of Cut Through switching.
It reads the first 64 bytes and then forwards.
It checks 64 bytes because most of the errors occur in these
bytes only. If first 64 bytes are error free FragmentFree
Switching considers entire data error free.
If there is any error in first 64 bytes the packet will be dropped or
else forwarded.
It provides better reliability than the Cut-through with almost same
Latency as in Cut through.

Understanding
Spanning-tree
protocol(802.1d)

The Need for Spanning Tree


Problems with large switched networks
Local multicast, broadcast, and unknown single-destination
event storms become global events
Station A
Segment A
1/1

2/1

Switch 1

Switch 2
1/2

2/2

Segment B

Station B

How does Loop occur

Loop Occuring
In this scenario if no loop avoidance scheme is implemented
the switch will generate a broadcast storm.
A device can receive multiple copy of same frames.
The MAC address table will be continuously updated and the
table itself will be confused, because frames will be received
from more than one link. This is called thrashing MAC Table.
This is how loops within other loop will be generated and no
switching will be performed in the network.
Note : Spanning Tree Protocol is designed to solve this
problem.

Spanning-Tree Protocol
The main function of STP is to maintain a loop free
network.
Originally STP was created by DEC (Now Compaq)
It was modified by IEEE and was published in 802.1d
specification.
DEC and IEEE 802.1d are not compatible

All CISCO switches run on IEEE802.1d version of STP

Bridge Protocol Data Units


Switches and Bridges running STP exchange information
with something called BPDUs.

BPDUs send Broadcast messages using multicast frames.


Bridge ID of each device is sent to other device using
BPDUs.

How STP Works


STP continuously monitors the network for a failure or addition
of a link, switch or bridge.
Whenever there is a change in topology, it reconfigures switch
or bridge to avoid a total loss of connectivity or creation of new
loops.
STP is by-default enabled in Catalyst switches.
STP provides a loop-free network by followin:
Electing a Root Bridge
Root Port for a Non-root Bridge
Designated port for Each Segment

Bridge ID
Bridge ID is used to determine the Root Bridge and Root Port.
The Bridge ID is 8 bytes long.
Bridge ID includes the priority and the MAC Address of the
device.
All devices running IEEE STP version has 32,768 as priority
value.
To Determine Bridge ID the Priorities and MAC address are
combined.
If two switches / Bridges have the same priority then MAC Address
is used to determine Bridge ID.
Eg. If switch A with MAC ID 0000.0c00.1111.1111 and switch B with
MAC IS 0000.0c00.2222.2222 have the same priority then switch
A will become the Root Bridge.

Electing Root Bridge


In one Broadcast Domain only one Bridge is designated as
Root Bridge.
All Ports on the Root Bridge are in Forwarding State and are
called Designated Port
All ports in forwarding state can send and receive traffic.
Bridge ID is used to determine the Root Bridge and Root Port.
Bridge ID includes the priority and the MAC Address of the
device.

Root Port for a Non-root Bridge


The Root Port is the lowest cost path from a
Non-Root Bridge to the Root Bridge.
Spanning Tree Path Cost is an accumulated cost
based on bandwidth.
More Bandwidth - Less Cost
In the event that the cost is the same then the deciding
factor would be the lowest port no.

Root Ports are in forwarding state.

Designated Port
There will be only one Designated Port in one
Segment.
Designated Port is selected on the bridge that has
the lowest cost path to Root Bridge.
Designated Port is in the forwarding state.
Responsible for forwarding traffic for the
segmentation
Nondesignated Ports are normally in the blocking
state to break the loop topology. That means the
Spanning Tree is preventing it from forwarding
traffic.

Spanning Tree Port State


There are four different states for ports on Switch / Bridge
running STP.
Blocking : Wont forward frames; listens to BPDUs. All
ports are in blocking state by default when the switch is
powered up.
Listening : Listens to BPDUs to make sure no loops occur
on the network before passing data frames.
Learning : Learns MAC addresses and builds a filter table
but does not forward frames.
Forwarding : Sends and receives all data on the bridged
port.

Spanning Tree Path Cost


Spanning Tree Path Cost is an accumulated total path cost
based on the bandwidth of all the links in the path. Table
shows some of the path costs specified in IEEE 802.1d
specification

Link Speed
10 Gbps
1 Gbps
100 Mbps
10 Mbps

Cost (Revised IEEE


Specification)
2
4
19
100

Cost (Previous IEEE


Specification)
1
1
10
100

Convegence
Covergence occurs when bridges and switches have
transitioned to either the forwarding or blocking states.
No data is forwarded during this time.
Convergence is important to make sure all devices have the
same database.
Before data can be forwarded, all devices must be updated.
The problem with convergence is the time it takes for these
devices to update.
It usually takes 50 seconds to got from Blocking to forwarding
state.
Forward delay is the time it takes to transition a port from listening
to learning state or from learning to forwarding state.

Spanning Tree Timers


Timer

Primary Function

Default Setting

Hello Time

Time between sending of configuration


BPDUs by the root Bridge

2 seconds

Forward Delay

Duration of listening and learning states

30 seconds

Max Age

Time BPDU stored

20 seconds

It is not recommended that you change the default


STP Timers, but the timers can be adjusted if
necessary.

Spanning Tree Example


Port 0
Switch X
MAC 0c0011111100
Default Priority 32768

Port 0

Switch Z
MAC 0c0011110000
Default Priority 32768

100BaseT

Port 0
Port 1

Port 1

Switch Y
MAC 0c0011111111
Default Priority 32768

100BaseT
Find out the following:
What is the Root Bridge?
What are the Designated, Nondesignated and Root Ports?
What are the Forwarding and Blocking Ports?

Lets verify the answers

Root Bridge: Switch Z, Because it has the lowest bridge ID (priority and
MAC address)
Root Port: Port 0 of Switches X and Y because it is the lowest-cost path to
the root.
Designated Port: Port 0 of Switch Z. All ports on the root are designated
ports. Port 1 of Switch X is a designated port. Because both Switch X and
SwitchY have the same path cost to the Root Bridge, the designated port is
selected to be on switch X because it has a lower bridge ID than Switch Y.
Blocking: Port 1 of Switch Y. The nondesignated port on the segment.
Forwarding: All designated ports and root ports are in the forwarding state.

802.1d Spanning-Tree
Protocol (STP)
Allows redundancy by using parallel links
Shuts down redundant links to eliminate
loops

Switches communicate with each other


using BPDUs (Bridge Protocol Data Units)
Takes 3060 seconds to converge

Cisco refinements:
PortFast
UplinkFast

2002, Cisco Systems, Inc. All rights reserved.

Understanding
Virtual LANs

Virtual LANs
VLAN 1
VLAN 2
VLAN 3

Server Farm

One broadcast domain


within a switch
VLANs help manage
broadcast domain
Can be defined on
port groups, users, or
protocols
LAN switches and
network management
software provide a
mechanism to create
VLANs

VLAN Definition
VLAN is defined as logical grouping of
network resources & User connected to
predefined ports on a Switch, defined by
Administrator.

VLAN
VLANs are used to create smaller broadcast
domain within a switch.
A Single VLAN is treated as a separate
subnet or broadcast domain.

In layer 2 switched network, broadcast packet transmitted


arrives at every device on the network , whether intended or
not for that device

Drawback of Layer 2 Switched


Network.
Larger the number of Devices and Users, the
more broadcasts and packets are to be handle
by each device
Lack of Security, the only security is assigning
passwords on the Servers and other devices.
The Solution is VLAN

Remove the Physical


Boundaries
Engineering

Marketing

Floor 3

Floor 2

Floor 1

Group users by department, team, or application


Routers provide communication between VLANs

Acctg.

VLAN Benefits
Reduced administrative costs
Simplify moves, adds, and changes

Efficient bandwidth utilization


Better control of broadcasts

Improved network security


Separate VLAN group for high-security users
Relocate servers into secured locations

Scalability and performance


Microsegment with scalability
Distribute traffic load

Advantages of VLAN
Broadcast Control: Multimedia applications use
broadcasts and multicast heavily, moreover,
faulty equipment, inadequate segmentation and
poorly designed Firewalls can be major players
for the above problem.
Switches forwards broadcasts to all segments
and hence called as Flat Network because it is
one Broadcast Domain

Solution :
It is the job of the Administrator to properly do
the segmentation of the network to avoid
problem from propagating throughout the
Network.
Devices in a particular VLAN are members of
same Broadcast Domain and so they receive all
broadcast .
Note: Routers are used along with Switches to
provide connection between VLANs which stops
broadcast from propagating throughout the
entire internetwork.

Security : can be implemented by


connecting hubs and Switches along with
routers.But,
Anyone connecting to the Physical network can
gain access to the network resources.
Plugging a network Analyzer could have
displayed entire traffic of that network to an
intruder.
Joining a workgroup was as easy as plugging
the intruders workstation into existing Hub.

Solution :
Creation of VLANs and multiple broadcast
groups, empowers the Administrator to have
control over each port and user.
Groups are created based on users requirement
for network resources.
If configured, unauthorized access of the
network resources will be reported to the
network management station by Switches.

Contd..
In case of Inter-VLAN communication, restriction
are implemented on the router.
Restriction can also be placed on the Hardware
address, Protocols and Application

Flexibility and Scalability


Layer 2 Switches only read Frames for filtering, which
causes it to forward all Broadcasts.
So, creating VLAN, means creating more
Broadcast Domains.
Assigning Switch ports or users to VLAN groups on a
switch or switch fabric, you have the option to add
selected users in the broadcast domain.
This stops Broadcast Storms caused by faulty
Network Interface Card (NIC) or applications.
VLAN can be kept on multiplying in order to efficiently
utilize the bandwidth.

Functioning of VLANs
Scenario: A collapsed Backbone.

Contd..
With reference to the figure, each network is
attached to the router having its own logical
network number.
Each node attached to a particular network must
match that network number in order to
communicate on the internetwork.

Contd..
With reference to the figure, Switches
removes the physical boundaries, creating
greater flexibility and scalability than
router.
You can group users into communities,
which are known as VLAN Organization.

Contd..
With reference to the figure there are four
VLANs or broadcast domain. Node within a
particular VLAN can communicate with each
other, but not with any other VLAN or node in
other VLAN.
So, communication between VLAN is only
possible through a Layer 3 device.

VLAN Membership
Administrator are responsible for creating
VLANs, which are further assigned to
Switch ports.
Vlan Membership can be configured as
Static or Dynamic.

Static VLAN
This is the basic and most secure type for
creating VLAN.
Port assignment associated with a VLAN is
maintained until and unless modified by the
Administrator.
This type of VLAN configuration is easy to Setup
and Monitor.

Dynamic VLAN
Using intelligent management software, you can
enable MAC address, Protocols or even
Application to create Dynamic VLANs.
For e.g. MAC address might be fed into a
centralized VLAN management application, Now
if a node is attached to an unassigned port, the
VLAN management database will lookup the
MAC address and assign and configure the
Switch port to correct VLAN. Again, if the user
moves, the Switch will automatically assign them
to correct VLAN.

VLAN Identification
VLAN can span multiple connected switches.
Switches must keep a track of Frames and
which VLAN, these Frame belong to.
Frame Tagging performs this function.

Establishing VLAN Membership

Approaches Can Vary Performance


Port driven
Port-Based
MAC address driven
Network address
Layer 3-Based
VLAN 1
driven
VLAN 2
Application type driven
VLAN 3
MAC-Based

MAC
MAC
Addresses Addresses
VLAN 1

VLAN 2

Subnet
198.21.xx

Subnet
198.22.xx

VLAN 1

VLAN 2

Membership by Port
Maximizes Forwarding Performance
VLAN 3

VLAN 1

VLAN 2

Users assigned by port association


Requires no lookup if
done in ASICs
Easily administered via GUIs
Maximizes security between VLANs
Packets do not leak into
other domains
Easily controlled across network

Communicating Between
VLANs
Two Physical Topology Approaches
Logical
Communication
VLANs 1, 2, 3

Cisco Internetworking
Software

Physical Link
per VLAN
VLAN 3
VLAN 2
VLAN 1

Layer 3 links
VLANs together
Adds additional security
and management
Logical links conserve
physical ports
Multimode, depending
on protocol
Controls access by VLAN
Up to 255 VLANs per router

VLAN Technologies

1999, Cisco Systems, Inc.

www.cisco.com

Inter-Switch Link

VLAN Tag Added


at Incoming Port

VLAN Tag Stripped


by Forwarding Port

Inter-Switch Link
(ISL) Carries
VLAN Identifier

802.10
ISL
802.1Q
LANE

Interconnects multiple switches


and maintains VLAN information
as traffic goes between switches
Establishes membership
through ASICs
Labels each packet as received
(packet tagging)
Eliminates lookups and tables
Transports multiple VLANs
across links
Protocol, endstation-independent
Easily managed

VLAN Standardization
Packet Tagging as Common VLAN Exchange
Level-1 Explicit Tagging
DES SRC

FCS

DES SRC
DES SRC

FCS

FCS

SRC

DES

Data
VLAN ID

Wide vendor endorsement for 802.1Q tagging standard


Cisco supports across Fast Ethernet, Gigabit uplinks
Cisco maps ISL to 802.1Q dynamically with VTP

VLAN Standard
Implementation
Typical Environment
Cisco
Domain

Cisco environment
uses ISL

802.1Q

Vendor environment uses


an existing, yet different
packet tagging method
Interdomain communication
based on 802.1Q standard

Vendor X
Domain

Si

Si

ISL
Company ABC

Types of Links in Switched


environment
Access Links :
These are part of only one VLAN and are known
as Native VLAN of the port.
Device attached to these link are unaware of
VLAN membership.
VLAN information from the frame are remove
before it is set to an access link device.
Access link devices are not capable of
communicating to device outside the VLAN
unless the packet is routed thru a router.

Trunk Links :
Capable of carrying multiple VLANs
Used to connect Switches to other
Switches or to Routers or even Servers
Supported on Fast or Gigabit ether net
only.

VLAN identification modes


TO identify which frames belongs to
which VLAN, VLAN identification is
used.The multiple types of trunking
methods are:

Inter-Switch Link (ISL)


Proprietary to Cisco Switches
Used for Fast Ethernet and Gigabit
ethernet links only
Used on a Switch port, Router interfaces
and Server Interface Cards to trunk a
server.

IEEE 802.1q
Created by IEEE as standard method for Frame
Tagging.
It inserts a field into Frame to identify the VLAN.
When trunking between Cisco Switches link and
different brand of Switch, it is mandatory to use
802.1q for the trunk to work.

Inter-Switch Link (ISL) Protocol


ISL is an external tagging process, which
means the original frame is not altered but
encapsulated with a new 26 byte ISL
header.
It also adds a second 4 byte FCS field at
the end of the frame.

DrawBack
As the frame is encapsulated with information,
only ISL devices can read it.
Also, the frame can be up to 1522 bytes long,
devices that receive an ISL frame may record
this as giant frame, as it is over the maximum of
1518 bytes allowed on an ethernet segment.

TRUNKING
Trunk Links are 100-1000 Mbps point-to-point
links between two Switches, between a Switch
and Router or between Switch and Server.
Trunk Links carry the traffic of multiple VLANs,
from 1 to 1005 at a time
Cannot run Trunk Links on 10 Mbps.

Virtual Trunk Protocol (VTP)

VLAN administration and configuration protocol


Reduces VLAN setup and administration

VLAN 1

Eliminates configuration errors


Decreases network managers
time adding and managing
VLANs
Maps VLANs across different backbones
(FDDI, Fast Ethernet, ATM)
Maps between ISL and 802.1q
Maintains security between VLANs

VLAN 2
ISL

ISL

LANE

LANE
ATM
Fabric

LANE

802.1Q

VLAN Trunking Protocol


(VTP)
VTP is created by Cisco, to allow
Administrator to add, delete, and rename
VLAN, which are further propagated to all
Switches

Benefits of VTP
Consistent VLAN configuration across all
switches in the network.
Allowing VLANs to be Trunked over mixed
networks, like Ethernet to ATM LANE or FDDI.
Accurate tracking and Monitoring of VLANs.
Dynamic reporting of adding VLAN to all
Switches.
Plug and Play VLAN adding.

VTP Modes
Server Mode
Sends/Forwards
VTP advertisements

Client Mode
Sends/Forwards
VTP advertisements

Transparent Mode
Forwards VTP
advertisements

Syn VLAN
configuration
information with
other switches
VLAN configurations
are saved on
NVRAM

Syn VLAN
configuration
information with
other switches
VLAN configurations
are not saved on
NVRAM

Does not Syn VLAN


configuration
information with
other switches
VLAN configurations
are saved on
NVRAM

VTP Modes
Catalyst Switch can
create VLANs

Catalyst Switch
cannot create
VLANs

Catalyst Switch can


create VLANs

Catalyst Switch can


modify VLANs

Catalyst Switch
cannot modify
VLANs

Catalyst Switch can


modify VLANs

Catalyst Switch can


delete VLANs

Catalyst Switch
cannot delete
VLANs

Catalyst Switch can


delete VLANs

Configuration Revision Number


The revision number is most important
piece in VTP advertisement
With Reference to the figure e.g. shows
how revision number is used in an
advertisement.

Contd..
Figure shows a configuration revision number
as N. As the database is modified, the VTP
server increments the revision number by 1.
The VTP server then advertises the database
with the new configuration revision number.
When Switch receives an advertisement that
has a higher revision number, it overwrites
the database in NVRAM with the new
database being advertised.

VTP Pruning
Pruning is defined as preserving bandwidth by
configuring the VTP to reduce the amount of
broadcast, multicast and other unicast packets
VTP Pruning only sends broadcast to Trunk
Links that must have the information, any Trunk
Link that does not need the broadcast will not
receive them.
VTP Pruning is disabled by default on all
Switches.

Several Facts to remember


before configuring VLAN
The maximum number of VLANs is Switchdependent.The 2950 switch supports 1005 VLANs
with a Spanning Tree support.
VLAN1 is one of the factory default VLANs.
CDP and VTP advertisements are sent on VLAN1.
The 2950 switch IP address is in the VLAN1
broadcast domain.
The Switch must be in VTP server mode or
transparent mode to create,add, or delete VLANs

VTP Configuration Guidelines


The default VTP configuration parameters for
the 2950 Switch are as foolws:
VTP domain name: None
VTP mode: Server
VTP password: None
VTP pruning: Disabled

Vlan Commands
Use the vlan global configuration command to configure a VLAN with a
number & name. Use the no vlan command to delete a VLAN or to negate the
configuration of a translational bridge VLAN.

vlan vlan [name vlan-name]


no vlan vlan

Syntax Description
vlan

vlan-name

Unique ISL VLAN identifier between 1 and


1005.
Unique VLAN name between 1 and 32
alphanumeric characters.

Command Mode

Global configuration
Example
This example shows how to configure VLAN 2 with the name
Engineering:
hostname(config)# vlan 2 name engineering

show (vlan)
Use the show vlan privileged Exec command to display the settings of VLAN
configuration parameters.
show vlan [vlan]
Syntax Description
vlan

Number from 1 to 1005.

Default
This command has no default value.
Command Mode
Privileged Exec

Usage Guidelines

If you do not specify vlan, the system displays all VLAN configuration parameters.
Example

This example shows how to display the settings of the VLAN configuration parameters:
hostname# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------1
default
active
1-15
2
VLAN0002
active
16-18
3
VLAN0003
active
4
VLAN0004
active
5
VLAN0005
active

Vlan-membership
vlan-membership
Use the vlan-membership interface configuration command to assign a port to
a VLAN. Use the no vlan-membership command to remove a port from a
VLAN.
vlan-membership {static {vlan} | dynamic}
no vlan-membership
Syntax Description
static

Sets VLAN membership type as static.

vlan

Static VLAN number from 1 to 1005.

dynamic

Sets VLAN membership type as dynamic.

Vlan-membership
Default
All nontrunk ports belong to a default VLAN. ISL VLAN ID 1 is the
default VLAN for Ethernet VLANs. The membership type of all
nontrunk ports is static.
Command Mode
Interface configuration

Usage Guidelines
If you want to know the VLAN membership of a port that has been set to
dynanmic but is static by default, query the VLAN Membership Policy
Server (VMPS).

Vlan-membership

Example
This example shows how to configure the interface as a dynamic
VLAN port:
hostname(config)# interface ethernet 0/6
hostname(config-if)# vlan-membership dynamic

show (Vlan-membership)

Use the show vlan-membership privileged Exec command to display


the VLAN assignment and membership type for all switch ports.
show vlan-membership
Syntax Description
This command has no additional arguments or keywords.
Default
This command has no default value.

Command Mode

Privileged Exec

Usage Guidelines
This command is not functional when bridge groups are enabled.

Example
This example shows how to display the VLAN assignment and
membership type for all switch ports:
hostname# show vlan-membership

VTP

Use the vtp global configuration command to specify the operating


mode, domain name, generation of traps, and pruning capabilities of
VLAN Trunk Protocol (VTP). Also use this command to set a password
for the VTP domain.

vtp [server | transparent] [domain domain-name] [trap {enable |


disable}] [password password] [pruning {enable | disable}]

Syntax Description
server

VTP server operating mode.

If selected, switch updates its VLAN configuration from configurations reported by


other trunked VTP devices and allows configuration to be modified locally. Any
changes are distributed through VTP messages.
transparent

VTP transparent operating mode.

If selected, switch allows configuration to be modified locally but configuration


changes are not advertised by VTP messages. VTP messages received are forwarded to
trunks without being processed.
domain-name

VTP management domain name from 1 to 32


alphanumeric characters.

enable

Enable generation of VTP traps such as Configuration


Revision Error Trap, Configuration Digest Error Trap,
and MTU Too Big Trap. Enable pruning.

disable

Disable generation of VTP traps/pruning.

password
Password between 8 and 64 alphanumeric characters.
Password is case insensitive.

VTP CONFIGURATION
Default
The default VTP mode is server, and the default trap-generation is
enabled. The default VTP pruning mode is enabled.

Usage Guidelines
If you create a VTP password, it generates a secret value. This value is
used in the calculation of the MD5 digest of a VTP advertisement. The
MD5 digest ensures the validity of VTP advertisements.

show (vtp)
Use the show vtp privileged Exec command to display Vlan Trunking Protocol
(VTP) statistics.
Syntax Description
This command has no additional arguments or keywords.
Default
This command has no default value.
Command Mode
Privileged Exec

Usage Guidelines
Example
This example shows how to display VTP statistics:
hostname# show vtp
VTP version: 1
Configuration revision
: 3
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name
: Zorro
VTP password
: vtp_server
VTP operating mode
: Server
VTP pruning mode
: Enabled
VTP traps generation
: Enabled
Configuration last modified by: 0.0.0.0 at
00-00-0000 00:00:00

Trunk

Use the trunk interface configuration command to set a Fast Ethernet


port to trunk mode with the Dynamic Inter-Switch Link (DISL) protocol.
trunk [on | off | desirable | auto | nonegotiate]

Syntax Description
on
Configures the port into permanent Inter-Switch Link (ISL) trunk
mode and negotiates with the connected device to convert the link to
trunk mode. The port converts to trunk mode even if the other end of the
link does not.
off
Disables port trunk mode and negotiates with the connected
device to convert the link to nontrunk. The port converts to nontrunk
even if the other end of the link does not. Use this state when an ISL port
is connected to another ISL port that does not support the DISL protocol.
desirable
Triggers the port to negotiate the link from nontrunking to
trunk mode. The port negotiates to a trunk port if the connected device is
either in the On, Desirable, or Auto state. Otherwise, the port becomes a
nontrunk port.

Syntax Description

auto Enables a port to become a trunk only if the connected device has
the state set to On or Desirable.
nonegotiate Configures port to permanent ISL trunk mode and no
negotiation takes place with the partner.

Trunk
Default
The default DISL configuration state for a Fast Ethernet port is
off.
Command Mode
Interface configuration
Usage Guidelines

This command applies only to one Fast Ethernet port. If you use
this command for a Fast Ethernet port that is an aggregate port
group member, the newly configured value also applies to all
other aggregate port group members.

Trunk

Example
This example shows how to set the Fast Ethernet port to trunk
mode:
hostname(config)# interface fastethernet
0/26
hostname(config-if)# trunk on

2002, Cisco Systems, Inc. All rights reserved.