Ccna Slides

2002, Cisco Systems, Inc. All rights reserved.
Networking Basics
How a LAN Is Built
www.cisco.com
1999, Cisco Systems, Inc.
Local-Area NetworkLAN
What is a LAN?
A collection of computers, printers, and other
devices that can communicate with each other in a
small area (< ~ 3000 m or 1000 feet)
What are the components?

Computers, operating system (OS),
network interface card (NIC), and hubs
How is a LAN controlled?

ProtocolsFormal descriptions of sets of rules and
conventions that govern how devices on a network
exchange information
Local-Area Networks
LANs are designed to:
Operate within a limited geographic area
Allow multi-access to high-bandwidth media
Control the network privately under local
administration
Provide full-time connectivity to local services
Connect physically adjacent devices
Network Operating System (OS)

Software that allows
communicating and sharing
of data and network
resources
Examples:
AppleTalk
NetWare
Win NT
PC or Workstation
Loaded with NOS
Network Interface Card

Amplifies electronic signals
Packages data for transmission
Physically connects computer to
transmission
media (cable)
PC or Workstation
Loaded with NOS
Connector Port
Network Interface
Card (NIC)
1990sGlobal Internetworking
19921 major backbone, 3,000 networks, 200K computers

1995Multiple backbones, hundreds of regional nets, tens of thousands
of LANs, millions of hosts, tens of millions of users
Doubling every year!
The OSI Model

OSI Layer is meant for Networking
manufacturers and developers to provide
them a standard based on which they can
make their products.
All OSI Layers are independent from each
other, which makes introducing changes
easier as no other layers are effected.
Ease of Troubleshooting.
The Layered Model
www.cisco.com
Layered Communication
Location A
I like
rabbits
L: Dutch
Ik hou
van
konijnen
Fax #:--L: Dutch

Ik hou
van
konijnen
Message
Information
for the
Remote
Translator
Information
for the
Remote
Secretary
Source: Tanenbaum, 1996
Location B
Location A
I like
rabbits
L: Dutch
Ik hou
van
konijnen
Fax #:--L: Dutch

Ik hou
van
konijnen
Message
Jaime
les lapins
Information
for the
Remote
Translator
L: Dutch
Ik hou
van
konijnen
Information
for the
Remote
Secretary
Fax #:--L: Dutch

Ik hou
van
konijnen
Location A
I like
rabbits
L: Dutch
Ik hou
van
konijnen
Fax #:--L: Dutch

Ik hou
van
konijnen
Layers
Message
Information
for the
remote
translator
Information
for the
remote
secretary
Location B
Jaime
les lapins
L: Dutch
Ik hou
van
konijnen
Fax #:--L: Dutch

Ik hou
van
konijnen
Why a Layered Network Model?

7
Application
Presentation
Session
Transport
Network
Data Link
Physical
Reduces complexity (one big

problem to seven smaller
ones)
Standardizes interfaces
Facilitates modular
engineering
Assures interoperable
technology
Accelerates evolution
Simplifies teaching and
learning
Devices Function at Layers
NIC Card
Application
Presentation
Session
Transport
Network
Data Link
Physical
Hub
Host Layers
7
Application
Presentation
Session
Transport
Network
Data Link
Physical
Host layers: Provide

accurate data delivery
between computers
Media Layers
7
Application
Presentation
Session
4
Transport
Network
Data Link
Physical
}
}
Host layers: Provide

accurate data delivery
between computers
Media layers: Control

physical delivery of messages
over the network
Layer Functions
7
Application
Provides network services to

application processes (such as
electronic mail, file transfer, and
terminal emulation)
Layer Functions
7
Application
Network services to applications
Presentation
Data representation
Ensures data is readable by
receiving system
Format of data
Data structures
Negotiates data transfer
syntax for application layer
Layer Functions
7
Application
Presentation
Data representation
Session
Inter-host communication
Establishes, manages, and
terminates sessions between
applications
Layer Functions
7
Application
Presentation
Data representation
Session
Transport
End-to-end connection reliability
Concerned with data transport
issues between hosts
Data transport reliability
Establishes, maintains, and
terminates virtual circuits
Fault detection and recovery
Information flow control
Layer Functions
7
Application
Presentation
Data representation
Session
Transport
Network
Addresses and best path
Provides connectivity and path
selection between two end
systems
Domain of routing
Layer Functions
7
Application
Presentation
Data representation
Session
Transport
Network
Data Link
Access to media
Provides reliable transfer of data

across media
Physical addressing, network
topology, error notification, flow
control
Layer Functions
7
Application
Presentation
Data representation
Session
Transport
Network
Data Link
Access to media
Physical
Binary transmission
Wires, connectors, voltages,
data rates
Peer-to-Peer Communications
Host A
Host B
Application
Application
Presentation
Presentation
Session
Session
Transport
Segments
Transport
Network
Packets
Network
Data Link
Frames
Data Link
Physical
Bits
Physical
Application Layer
This is where users communicate to the
computer.
This is where communication between two
users are established.
This is a point where user or application
interfaces with the protocols to gain access to
the network.
Examples are WWW, Telnet, FTP, TFTP, Email, SNMP, DNS
Presentation Layer
Tasks like Translation, Encryption, decryption,
compression, decompression are associated with
this layer.
It receives the data in native format & converts in
standard format or receives data in standard
format and converts in native format, ie. EBCDIC
to ASCII.
It is mainly responsible for how the data is to be
presented to the Application Layer.
Examples are PICT, TIFF, JPEG, MIDI, MPEG,
GIFF etc.
Presentation Layer
login:
Text
Data
ASCII
EBCDIC
Encrypted
Graphics
Visual images
Sound
MIDI
Video
MPEG
QuickTime
Provides code formatting and

conversion for applications
PICT
TIFF
JPEG
GIF
Session Layer
Session Establishment
Establishes a session between two devices before actual
transmission of data.
Dialog Control
Simplex
Half Duplex
Full Duplex
Session Layer
Simplex
Data travels only one way.
Radio transmission is the best example of this.
Half Duplex
Both way but one at a time. By default all LAN Cards (NICs)
work on Half Duplex.
Full Duplex
Both way at the same time.
Session Layer
Network File System (NFS)

Structured Query Language (SQL)
Remote-Procedure Call (RPC)
X Window System
AppleTalk Session Protocol (ASP)
DEC Session Control Protocol (SCP)
Service Request
Service Reply
Coordinates applications as
they interact on different hosts
Transport Layer
Segments upper-layer applications

Establishes an end-to-end connection
Sends segments from one end host to another
Optionally, ensures data reliability
Transport Layer
Transport Layer never actually transports the data but only
prepares for transporting.
Uses Socket to define the services running on a particular
node, the data is associated with.
Responsible for the following :
Segmentation
End-to-end Communication
Flow Control
Error Control
Multiplexing of Applications
TCP, UDP and SPX work at this layer
Socket
Socket is a software component and points to a particular service running

on a particular node.
Structure of a socket
IP Address + Port Address
Each service has a unique Port address
Max. Port Addresses can be 65,536
Port address 1-1023 is reserved for specific Services like
WWW
FTP
SMTP
80
21
25
Port Addresses are reserved for standardization purpose.
Transport Layer
Segments Upper-Layer
Applications
Application
Electronic
File
Terminal
Presentation
Mail
Transfer
Session
Session
Transport
Application
Port
Data
Application
Port
Segments
Data
Port Numbers
Application
Layer
Transport
Layer
F
T
P
T
E
L
N
E
T
S
M
T
P
D
N
S
T
F
T
P
S
N
M
P
R
I
P
21
23
25
53
69
161
520
TCP
UDP
Port
Numbers
Segmentation
This is a mechanism wherein the data is divided into multiple

segments and sent over the network.
By doing this different segments can use different links for
travelling across the network.
If one segment is lost the only segment is required to be resent and not the entire data.
Once all segments reach to the destination the received
segments have to be sequenced back, which is also done at
this layer.
Transport Layer
Sends Segments with Flow Control
Transmit
Sender
Stop
Go
Receiver
Not Ready
Buffer Full
Process
Segments
Ready
Resume Transmission
Buffer OK
Flow Control
Used while connection oriented communication
It helps to have a control on over flow of Buffer.
Advantages are:
The segments delivered are acknowledged if received
Any segment not acknowledged are retransmitted
segments are sequenced back upon their arrival
Congestion, Overloading and data loss are avoided
To achieve all this it uses the technique of Sliding window or
Windowing
Transport Layer
Establishes Connection
Sender
Receiver
Synchronize
Negotiate Connection
Synchronize
Acknowledge
Connection Established
Data Transfer
(Send Segments)
End-to-End Communication
Connection Less Transmission
UDP is used
Not reliable
Faster
Connection Oriented Transmission

TCP or SPX is used
Reliable
Slower
Connection Oriented Protocol

These protocols relies on Acknowledgement.
Positive acknowledgement means data has been
received.
Negative acknowledgement means data is lost no
further data is sent till positive acknowledgement is
received.
It is slow but Reliable.
Eg. TCP and SPX
Transport Layer
Reliability with Windowing
Window Size = 1
Send 1
Sender
Receive 1
Ack 2
Receive 2
Ack 3
Send 2
Receiver
Window Size = 3
Sender
Send 1
Send 2
Send 3
Send 4
Receive 1
Receive 2
Receive 3
Ack 4
Receiver
Transport Layer
An Acknowledgement Technique
Sender
1 2 3 4 5 6 7
Receiver
1 2 3 4 5 6 7
Send 1
Send 2
Send 3
Ack 4
Send 4
Send 5
Send 6
Ack 5
Send 5
Ack 7
Connection Less Protocol

They do not provide acknowledgement neither
sequence numbers.
It is faster but not reliable
Eg. UDP
Network Layer
It is responsible for communicating Networks

It recognizes Networks with the help of Netwok Addresses
Network Address is a logical address like IP Address or IPX Address
It is common for a group of computers
It works only with Network IDs and has got nothing to do with host Ids.
Path determination or Routing is performed at this layer.
Router works at this layer.
Network Layer: Path

Determination
Which
Which Path?
Path?
Layer 3 functions to find the best

path through the internetwork
Network Layer: Communicate

Path
5
2
4
9
6
8
10
11
3
7
Addresses represent the path of media

connections
AddressingNetwork and Node

Network
Node
1
2
3
2.1
1.2
1.3
1.1
3.1
Network addressPath part used by the router

Node addressSpecific port or device on the network
Protocol Addressing Variations

General
Example
Network
Node
TCP/IP
Example
Network
Host
10.
8.2.48
Novell IPX
Example
Network
1aceb0b.
(Mask 255.0.0.0)
Node
0000.0c00.6e25
Network Layer
Protocol Operations
X
C
C
A
A
Each router provides its services to support

upper layer functions
Routed Versus Routing Protocol

Routed protocol
used between
routers to direct
user traffic
Examples: IP, IPX,

AppleTalk
Routing protocol
used only between
routers to maintain
routing tables
Examples: RIP, IGRP, OSPF
Static Versus Dynamic Routes

Static Route
Uses a protocol route that a network
administrator enters into the router
Dynamic Route
Uses a route that a network protocol
adjusts automatically for topology or
traffic changes
Static Route Example
A
A
Point-to-point or
circuit-switched
connection
Only a single network

connection with no need
for routing updates
Fixed route to address reflects

administrators knowledge
B
B
Stub network
Adapting to Topology Change
A
A
B
B
D
D
C
C
Can an alternate route substitute

for a failed route?
A
A
B
B
X
D
D
C
C
A
A
B
B
X
D
D
C
C
Can an alternate route substitute

for a failed route?
YesWith dynamic routing enabled
Data Link Layer

It uniquely identifies each device in the Network.
It translates data from Network Layer into bits for the Physical
layer to transmit.
It formats the messages into Data Frames
Adds a customized header containing Source and Destination
hardware address
This layer works with Frames
This layer is logically divided in two sub-layers:
LLC (Logical Link Control)
MAC (Media Access Control)
Physical Layer
Electrical and Mechanical settings are provided at this layer.

Transmits data in the form of bits.
This layer communicates directly with actual communication media.
At this layer DCE & DTE are identified
DCE (Data Circuit-Terminating Equipment)
Located at Service Providers side
DTE (Data Terminal Equipment)

The attached device at customer Place eg. Modem
Services available to a DTE is most often accessed via a Modem or

Channel Service Unit (CSU) Data Service Unit (DSU).
HUBs & REPEATERS are working at this layer.
Max. troubleshooting occurs at this layer.
DOD MODEL
The DoD
Model
The Process / Application Layer

The Host-to-Host Layer
The Internet Layer
The Network Layer
The DoD & OSI

DoD Model
OSI Model
Application
Application
Presentation
Session
Host-to-Host
Internet
Network
Access
Transport
Network
Data Link
Physical
Process/Application Layer
The Process / Application layer defines protocols
for node-to-node application communication and
also controls user-interface specification.
A vast array of protocols combine at this layer of
DoDs Model to integrate the activities and duties
of upper layer of OSI.
Examples for this layer are :
Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS
DHCP, BootP etc.
Host-to-Host Layer
The Host-to-Host layer parallels the functions of
the OSIs Transport layer
It performs the following:
Defining protocols for setting up the level of
transmission service for Applications
It tackles issues like creating reliable ene-toend communication.
It ensures the error free delivery of data
It handles packet sequencing and maintains
data integrity.
Internet Layer
Internet Layer corresponds to the OSIs Network
Layer.
It performs the following:
Designating the protocols relating to the logical
transmission of packets over the entire network.
It takes care of the addressing of hosts by
giving them an IP address.
It handles routing of packets among multiple
networks.
Network Access Layer

This layer is equivalent of the Data Link and Physical
Layer of OSI model.
It performs the following
It monitors the data exchange between the host and
the network.
Network Access Layer overseas hardware addressing
and defines protocols for the physical transmission of
the Data.
Lets have a look on how TCP/IP Protocol suit relates to
the DoD model layers.
TCP/IP Protocol Suit at DoD

TCP/IP Protocol Suit
DoD Model
Process /
Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP
ICMP
Internet
Network
Access
UDP
BootP
ARP
RARP
Token
Ring
FDDI
IP
Ethernet
Fast
Ethernet
LOWER LAYERS
PROTOCOLS
Common LAN Technologies

Ethernet
Token Ring
Token
Ring
FDDI
FDDI
Dual Ring
Ethernet
www.cisco.com
Introduction
Ethernet is a methodology for accessing a media
It allows all hosts on a network to share the same bandwidth of
a link.
It is popular because :
It is easy to implement & Troubleshoot
It is easy to add new technologies like Fast Ethernet and
Gigabit Ethernet to existing infrastructure.
Ethernet uses Data Link Layer and Physical Layer
Specification
It uses something called
CSMA/CD
Ethernet Operation
A
Ethernet Operation
A
D
Application
Presentation
Session
Transport
Network
Data Link
Physical
Ethernet Operation
A
D
Application
Presentation
Session
Transport
Network
Data Link
Physical
B and C
Application
Presentation
Session
Transport
Network
Data Link
Physical
Ethernet LANs:
How do they work?
Multiple workstations
are connected to a
segment
Each station has to take
turns sending traffic
All stations listen to all
traffic on their segment
Stations can only send
data (Ethernet Frames)
when no one else is
sending
Ethernet LANs:
MAC Addresses
0000.0c12.3456
0000.1018.321a
0000.0c12.1111
Every workstation has

a Network Interface
Card (NIC)
Every NIC has a unique
MAC address
Stations use MAC
addresses to send
Ethernet Frames to a
specific station
Ethernet LANs:
Unicast Frames
0000.0c12.3456
Frame
To: 0000.0c12.3456
0000.1018.321a
0000.0c12.1111
Ethernet frames contain

the MAC address of the
station that the frame
was sent to
These are called
unicast frames
All stations receive the
Ethernet frame, but
ignore the frames that
are not addressed to
their MAC address
Ethernet LANs:
Broadcast Frames
0000.0c12.3456
Frame
To: FFFF.FFFF.FFFF
0000.1018.321a
0000.0c12.1111
Some Ethernet frames

are sent to all stations
These are called
broadcast frames
All stations process
this frame
Flow Control Mechanism

on Ethernet
Frame
Packet
CSMA/CD is the
mechanism that
regulates the segment
Each station listens for
other traffic before they
transmit
Ethernet Collisions
Collision!
Packe
Frame Packe
Frame t
t
Frame
Packet
Frame
Packet
Sometimes stations
transmit
simultaneously
Two frames on the
same segment collide
Collisions require
each station to wait
and resend
Ethernet Reliability
A
Figure 1
Figure 2
Collision
A
Collision
JAM
JAM
JAM
JAM
JAM
JAM
A
Collision
JAM
JAM
JAM
JAM
JAM
Carrier sense multiple access with

collision detection (CSMA/CD)
JAM
CSMA/CD
CSMA/CD stands for Carrier Sense Multiple Access /
Collision Detect.
It is used by all NICs in Ethernet Networking

In this method all NICs first sense whether the cable is
free or not.
If it is free the request is sent otherwise it waits.
Half Duplex Ethernet

It is defined in 802.3 Ethernet specifications
It uses only one wire pair for signals running
in both direction.
CSMA/CD is used to prevent collision.
Half Duplex typically 10base T is 50-60 %
efficient. (In CISCO views)
In a large 10 base T network you only get 3 to
4 MBPS at most.
Full Duplex
Full Duplex Ethernet uses two pairs of wires.

It uses Point-to-Point connection
There is no collision in Full Duplex
Full Duplex is suppose to offer 100%
efficiency in both direction
Means you can get 20 MBPS in 10 MBPS or
200 MBPS in Fast Ethernet running Full
Duplex.
Auto Detect Mechanism

When a Full Duplex port is powered on, it first
checks with remote end and decides whether
it can run on 10 or 100 MBPS.
Then it checks to see whether it can run Full
duplex or half duplex.
This is called Auto Detect Mechanism.
Ethernet Addressing uses MAC Address

MAC addresses are burned on every NIC
It is a 48-bit address
It is written in the same format even if different LAN
Technologies are used.
Ethernet Addressing
24 bits
Organizationally
Unique Identifier (OUI)
(Assigned by IEEE)
Ethernet Addressing using MAC Addresses
24 bits
Vender Assigned
Ethernet and IEEE 802.3
Benefits and background

Ethernet is the most popular physical layer LAN technology because it
strikes a good balance between speed, cost, and ease of installation
Supports virtually all network protocols
Xerox initiated, then joined by DEC & Intel in 1980
Revisions of Ethernet specification

Fast Ethernet (IEEE 802.3u) raises speed from 10 Mbps to 100 Mbps
Gigabit Ethernet is an extension of IEEE 802.3 which increases speeds to
1000 Mbps, or 1 Gbps
Ethernet and IEEE 802.3
Several framing variations exist for this

common LAN technology
Ethernet Frames
Frames are used at the Data Link Layer to
encapsulate packets coming down for
transmission on a type of Media Access
Types of Media Access
Contention (Ethernet)
Token Passing (Token Ring or FDDI)
We will be covering only Contention, as rest all are beyond the scope of our course.
MAC SUB-LAYER
MAC Layer - 802.3
# Bytes
Preamble Dest add Source add
0000.0C
IEEE assigned
xx.xxxx
Vendor
assigned
MAC Address
2
Length
Variable
Data
4
FCS
Ethernet II
uses Type
here and
does not use
802.2.
Preamble
It allows the receiving devices to lock the
incoming bit stream.
The Peamble is used to indicate to the
receiving station that the data portion of
the message will follow.
Destination Address (DA)

DA is used by receiving stations to determine
if an incoming packet is addressed to a
particular node.
Uses LSB (Least Significant Bit) first
Destination can be individual, multicast or
broadcast
Broadcast will be all 1s or Fs and will be sent to
all.
Multicast will be sent to the specific subnet
Source Address (SA)

SA is a 48 bit MAC Address supplied by
the transmitting device.
Broadcast and Multicast address formats
are illegal within the SA fields.
It uses LSB (Least significant bit first)
Length or Type Field

802.3 uses length field where as Ethernet frame
uses type field to identify the network layer
protocol.
802.2 can identify upper-layer protocol and must
be used with 802.3 frame.
Data
This is the packet sent down to the Data
Link Layer from the Network layer.
The size can vary from 46-1500 bytes.
Frame Check Sequence (FCS)

FCS is a field at the end of the frame that
is used to store the cyclic redundancy
check.
Data Link Layer Functions (cont.)

802.2 (SNAP)
# Bytes
1 or 2
Dest SAP Source SAP Ctrl OUI

Type
ID
AA
AA
03
OR
# Bytes
Variable
Data
802.2 (SAP)
1
1 or 2
Dest
SAP
Source
SAP
Ctrl
Preamble Dest add Source add Length
Variable
Data
Data
MAC Layer - 802.3
FCS
802.2 Frame
802.2 Frame has two new fields
DSAP (Destination Service Access Pointer)
SSAP (Source Service Access Pointer)
802.2 frame type is nothing but 802.3 frame

with LLC information
Because of the LLC information we know
what upper layer protocol is.
SNAP
Frame
The SNAP Frame has its own protocol field to identify
the upper layer protocol.

To Identify SNAP Frame:
DSAP and SSAP fields are always AA to indicate that
this is a SNAP header coming up.
it is an LLC data unit (sometimes called a Logical
Protocol Data Unit (LPDU)) of Type 1 (indicated by 03)
The SNAP header then indicates the vender via the
Organisational Unique Identifier (OUI) and the protocol
type via the Ethertype field
CISCO uses SNAP frame with their proprietary protocol
CDP (CISCO Discovery Protocol)
EXAMPLE - SNAP
In the example above we have the OUI as

00-00-00 which means that there is an Ethernet
frame, and the Ethertype of 08-00 which
indicates IP as the protocol.
ETHERNET
CABLING
Network Cabling
Media connecting network components
NIC cards take turns transmitting on the cable
LAN cables only carry one signal at a time
WAN cables can carry multiple signals
simultaneously
Three primary types of cabling

Twisted-pair (or copper)
Coaxial cable
Fiber-optic cable
Twisted-Pair (UTP and STP)

STP only:
Shielded Insulation
to Reduce EMI
Twisted-Pair
Outer Jacket
Speed and throughput:
10/100 Mbps
Relative cost:
Least costly
Media and connector size: Small

Maximum cable length:
100 m
Color-Coded
Plastic Insulation
RJ-45
Connector
Coaxial Cable
OuterJacket
Braided Copper Shielding

Plastic Insulation
Copper Conductor
BNC Connector
10/100 Mbps
Relative cost:
More than UTP, but still low
Media and connector size:
Medium
200/500 m
Fiber-Optic Cable
Outer Jacket
Kevlar Reinforcing
Material
Plastic
Shield
100+ Mbps
Average cost per node:
Most expensive
Media and connector size: Small

Up to 2 km
Glass Fiber
and Cladding
Optical Fiber
Metal cables transmit signals in the form of electric
current
Optical fiber is made of glass or plastic and transmits
signals in the form of light.
Light, a form of electromagnetic energy, travels at
300,000 Kilometers/second ( 186,000 miles/second), in
a vaccum.
The speed of the light depends on the density of the
medium through which it is traveling ( the higher
density, the slower the speed).
Ethernet Local Area Network

Ethernet was first created and implemented by a group called
DIX (Digital, Intel and Xerox).
The first Ethernet specification was modified by IEEE and
IEEE 802.3 was created.
This was a 10Mbps network running on co-axial, twisted pair
and fiber physical media.
IEEE 802.3 was further modified by IEEE only and 802.3u
(Fast Ethernet) and 802.3g (Gigabit Ethernet) was created.
802.3u and 802.3g are specified only on twisted pair and fiber
physical media.
Ethernet Protocol Names

100BaseFX
LAN
speed (bps)
Indicates type of cable

and maximum length.
If a number,
max. length = # x 100 m
Base = baseband
Broad = broadband
Cable Specification
Cables
Distance
Throughput Ethernet
Standard
Connectors
Co-axial
Thinnet
185 Mtrs. 10 MBPS
10Base2
T-connector
Co-axial
Thicknet
500 Mtrs. 100 MBPS
10Base5
AUI
Category 3
100 Mtrs. 10 MBPS
10BaseT
RJ-45
Category 5
100 Mtrs. 100 MBPS
10BaseX /
RJ-45
Fast Ethernet
UTP Connections (RJ-45)

UTP Cables have eight colored wire.
These wires are twisted into 4 pairs
Four (two pairs) carry the voltage and are
considered tip.
The more twists per inch in the wire, the less
interference.
CAT 5 & 6 have many more twists per inch than
CAT 3 UTP.
Crimping
There are two types of Crimping used with UTP cables and
RJ-45 connectors.
Straight-Through
This is used while connecting
Router to a Hub or Switch
Server to Hub or Switch
Workstation to a Hub or Switch
Crossover
This is used while connecting

Uplinks between Switches
Hubs to Switches
Hub to another Hub
Router Interface to another Router Interface
UTP Implementation
Straight-through
Cable 10BaseT/
Straight-through Cable
100BaseTx Straight-through
Hub/Switch
Pin
1
2
3
4
5
6
7
8
Label
RD+
RDTD+
NC
NC
TDNC
NC
Server/Router
Pin
1
2
3
4
5
6
7
8
Label
TD+
TDRD+
NC
NC
RDNC
NC
1
8
w g w b w o w br
g o
b br
w g w b w o w br
g o
b br
Wires on cable ends

are in same order
UTP Implementation
Crossover
Cable 10BaseT/
100BaseT Crossover
Hub/Switch
Pin
1
2
3
4
5
6
7
8
Label
RD+
RDTD+
NC
NC
TDNC
NC
Hub/Switch
Pin
1
2
3
4
5
6
7
8
Label
RD+
RDTD+
NC
NC
TDNC
NC
Crossover Cable
1
1
br w g w b w o w
br
g
o
b
w ww w
br
b
g br o b
o g
Some wires on cable

ends are crossed
CISCO MODEL
Network Structure Defined by

Hierarchy
Core Layer
Distribution
Layer
Access
Layer
118
The Three Layers are :

Core Layer
Distribution Layer
Access Layer
Core Layer Characteristics

Core Layer
Fast transport to enterprise services

No packet manipulation
120
Core Layer
Core Layer is actually the core of the network.
It is responsible for transporting large amount
of traffic reliably and quickly.
Core Layer failure affects each individual user,
hence fault tolerance becomes an issue at this
layer.
Core layer is likely to see large volume of
traffic, hence speed and latency is the driving
concerns.
There are few thing we do not want to do at

core layer but few things are recommended to
do at this layer.
Distribution Layer
Characteristics
Access Layer
Aggregation Point
Distribution Layer
Routes traffic
Broadcast/Multicast
Domains
Media Translation
Security
Possible point for remote access

122
Distribution Layer
It is sometimes also referred as workgroup layer.
It is communication point between Access Layer
and Core Layer.
Routing, Filtering & WAN Access is the Primary
function of the distribution layer.
Network policies are implemented at Distribution
Layer.
Best path is determined and request are
forwarded to Core Layer.
At Distribution Layer
We do the following:
Implementation of tools like access lists, packet
filtering etc.
Implementation of security and network policies
like address translation and firewalls
Redistribution between routing protocols, including
static routing
Routing between VLANs
Definition of Broadcast and Multicast Domains
Access Layer Characteristics
Access Layer
End station entry point to the network
125
The Access Layer

Access Layer controls users and workgroup
access to network resources.
This layer is also referred to as Desktop
Layer.
Continues access control and policies from
distribution layer
Creation of separate collision domains
(segmentation)
Workgroup connectivity into the distribution
layer
UPPER LAYER PROTOCOLS
What Is TCP/IP?
A suite of protocols
Rules that dictate how packets
of information are sent across
multiple networks
Addressing
Error checking
TCP/IP Protocol
The Transmission Control Protocol/Internet Protocol
(TCP/IP) suit was created by the Department of Defense
(DoD).
The Internet Protocol can be used to communicate across
any set of interconnected networks.
TCP/IP supports both LAN and WAN communications.
IP suite includes not only Layer 3 and 4 specifications but
also specifications for common applications like e-mail,
remote login, terminal emulation and file transfer.
The TCP/IP protocol stack maps closely to the OSI model in
the lower layers.
The DoD & OSI

DoD Model
OSI Model
Application
Application
Presentation
Session
Host-to-Host
Internet
Network
Access
Transport
Network
Data Link
Physical
TCP/IP Protocol Suit at DoD

TCP/IP Protocol Suit
DoD Model
Process /
Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP
ICMP
Internet
Network
Access
UDP
BootP
ARP
RARP
Token
Ring
FDDI
IP
Ethernet
Fast
Ethernet
TCP/IP Applications
Application layer
File Transfer Protocol (FTP)
Remote Login (Telnet)
E-mail (SMTP)
Transport layer
Transport Control Protocol (TCP)
User Datagram Protocol (UDP)
Network layer
Internet Protocol (IP)
Data link & physical layer

LAN Ethernet, Token Ring, FDDI, etc.
WAN Serial lines, Frame Relay, X.25, etc.
Internet Layer Overview
Internet Protocol (IP)

Application
Transport
Internet
Internet Control Message

Protocol (ICMP)
Address Resolution
Protocol (ARP)
Data-Link
Physical
Reverse Address
Resolution Protocol (RARP)
In the OSI reference model, the network layer

corresponds to the TCP/IP Internet layer.
Internet Protocol
Provides connectionless,best - effort
delivery routing of datagrams.
IP is not concerned with the content of
the datagrams.
It looks for a way to move the datagrams
to their destination.
IP Datagram
Bit
1 0
Version
(4)
Bit 15 Bit 16
Header
Length (4)
Type
of Service (8)
Total Length (16)

Flags
(3)
Identification (16)
Time-to-Live (8)
Bit 31
Protocol (8)
Fragment Offset (13)

Header Checksum (16)
Source IP Address (32)

Destination IP Address (32)
Options (0 or 32 if Any)
Data (Varies if Any)
20
Bytes
IP Datagram
Version Currently used IP version
Header Length Datagram header length
TOS Level of importance assigned by a particular upper-layer protocol
Total Length- Length of packet in bytes including Data and Header
Identification Identifies current datagram (Sequence Number)
Flags Specifies whether the packet can be fragmented or not
Fragment Offset Used to piece together datagram fragments
TTL It maintains a counter that gradually decreases, in increments, to zero

Protocol It indicates which upper-layer protocol receives incoming packets
Header Checksum Calculated checksum of the header to check its integrity
Source IP Address Sending node IP Address
Destination IP Address Receiving node IP Address
Options It allows IP to support various options like security
Data Upper layer information (maximum 64Kb)
Protocol Field
Transport
Layer
UDP
TCP
6
Internet
Layer
17
Protocol
Numbers
IP
Determines destination upper-layer protocol
Address Resolution Protocol

(ARP)
ARP works at Internet Layer of DoD Model
It is used to resolve MAC address with the help
of a known IP address.
All resolved MAC addresses are maintained in
ARP cache table is maintained.
To send a datagram this ARP cache table is
checked and if not found then a broadcast is sent
along with the IP address.
Machine with that IP address responds and the
MAC address is cached.

I need the
Ethernet
address of
176.16.3.2.
172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???

I need the
Ethernet
address of
176.16.3.2.
I heard that broadcast.

The message is for me.
Here is my Ethernet
address.
172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???

I need the
Ethernet
address of
176.16.3.2.

Here is my Ethernet
address.
172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???

IP: 172.16.3.2
Ethernet: 0800.0020.1111

I need the
Ethernet
address of
176.16.3.2.

Here is my Ethernet
address.
172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???

IP: 172.16.3.2
Ethernet: 0800.0020.1111
Map IP
Ethernet
RARP (Reverse ARP)
This also works at Internet Layer.

It works exactly opposite of ARP
It resolves an IP address with the help of a
known MAC addres.
DHCP is the example of an RARP
implementation.
Workstations get their IP address from a RARP
server or DHCP server with the help of RARP.
Reverse ARP
What is
my IP
address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.
What is
my IP
address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.
What is
my IP
address?
Ethernet: 0800.0020.1111 IP = ???

Ethernet: 0800.0020.1111
IP: 172.16.3.25
Reverse ARP
I heard that
broadcast.
Your IP
address is
172.16.3.25.
What is
my IP
address?
Ethernet: 0800.0020.1111 IP = ???

Ethernet: 0800.0020.1111
IP: 172.16.3.25
Map Ethernet
IP
Bootstrap Protocol (BootP)

BootP stands for BootStrap Protocol.
BootP is used by a diskless machine to learn the
following:
Its own IP address
The IP address and host name of a server
machine.
The boot filename of a file that is to be loaded
into memory and executed at boot-up.
BootP is an old program and is now called the
DHCP.
DHCP (Dynamic Host Configuration Protocol)

The DHCP server dynamically assigns IP address to hosts.
All types of Hardware can be used as a DHCP server, even a Cisco
Router.
BootP can also send an operating system that a host can boot
from. DHCP can not perform this function.
Following information is provided by DHCP while host registers for
an IP address:
IP Address
Subnet mask
Domain name
Default gateway (router)
DNS
Internet Control Message

Protocol
ICMP messages are carried in IP datagrams and used to send
error and control messages.
Application
Transport
Destination
Unreachable
ICMP
Echo (Ping)
Internet
Other
Data-Link
Physical
ICMP Ping
Transport Layer Overview
Application
Transport
Internet
Data-Link
Physical
Transmission Control
Protocol (TCP)
ConnectionOriented
User Datagram
Protocol (UDP)
Connectionless
Transmission Control Protocol

(TCP)
TCP works at Transport Layer
TCP is a connection oriented protocol.
TCP is responsible for breaking messages into
segments and reassembling them.
Supplies a virtual circuit between end-user
application.
TCP Segment Format

Bit 0
Bit 15 Bit 16
Source Port (16)
Bit 31
Destination Port (16)
Sequence Number (32)

Acknowledgment Number (32)
Header
Length (4)
Reserved (6) Code Bits (6)

Checksum (16)
Window (16)
Urgent (16)
Options (0 or 32 if Any)
Data (Varies)
20
Bytes
TCP Segment Format

Source port Number of the calling port
Destination Port Number of the called port
Sequence Number Number used to ensure correct sequencing of the
arriving data
Acknowledgement Number Next expected TCP octet
Header Length Length of the TCP header
Reserved Set to zero
Code Bits Control Functions (setup and termination of a session)

Window Number of octets that the sender is willing to accept
Checksum Calculated checksum of the header and data fields
Urgent Pointer Indication of the end of the urgent data
Options One option currently defined (maximum TCP segment size)
Data Upper layer protocol data
Port Numbers
Application
Layer
Transport
Layer
F
T
P
T
E
L
N
E
T
S
M
T
P
D
N
S
T
F
T
P
S
N
M
P
R
I
P
21
23
25
53
69
161
520
TCP
UDP
Port
Numbers
TCP Port Numbers

Source
Port
Destination
Port
Telnet Z
Host Z
Host A
SP
DP
1028
23
Destination port = 23.

Send packet to my
Telnet
application.
TCP Three-Way Handshake/Open

Connection
Host A
Host B
Send SYN
(seq = 100 ctl = SYN)
SYN Received
SYN Received
Established
(seq = 101 ack = 301
ctl = ack)
Send SYN, ACK 2

(seq = 300 ack = 101
ctl = syn,ack)
TCP Simple Acknowledgment

Sender
Receiver
Send 1
Receive 1
Send ACK 2
Receive ACK 2
Send 2
Receive 2
Send ACK 3
Receive ACK 3
Send 3
Receive 3
Send ACK 4
Receive ACK 4
Window Size = 1
TCP Sequence and

Acknowledgment Numbers
Source
Port
Destination
Port
I just
sent number
10
Sequence
Acknowledgment
I just got number

10, now I need
number 11.
Source Dest. Seq. Ack.

1028
23
10
1
23
1028
1
11
1028
23
11
2
.
TCP Windowing
Sender
Window Size = 3
Send 1
Window Size = 3
Receiver
Window Size = 3
Send 2
Window Size = 3
Send 3
Packet 3 Is
ACK 3
Window Size = 2 Dropped
Window Size = 3
Send 3
Window Size = 3
Send 4
ACK 5
Window Size = 2
UDP (User Datagram

A connectionless and
unacknowledged protocol.
Protocol)
UDP is also responsible for transmitting messages.
But no checking for segment delivery is provided.
UDP depends on upper layer protocol for reliability.
TCP and UDP uses Port no. to listen to a particular
services.
UDP Segment Format

Bit
1 0
Bit 15 Bit 16
Source Port (16)
Bit 31
Destination Port (16)
Length (16)
Checksum (16)
Data (if Any)
No sequence or acknowledgment fields
8
Bytes
UDP Segment Format

Source port Number of the calling port
Destination Port Number of the called port

Length Number of bytes, including header and data
Checksum Calculated checksum of the header and data
fields
Data Upper layer protocol data
Application Layer Overview
Application
Transport
Internet
File Transfer
- TFTP*
- FTP*
- NFS
E-Mail
- SMTP
Remote Login
- Telnet*
- rlogin*
Network Management
- SNMP*
Name Management
- DNS*
Data-Link
*Used by the Router

Physical
Telnet
Telnet is used for Terminal Emulation.
It allows a user sitting on a remote machine to
access the resources of another machine.
It allows you to transfer files from one machine to
another.
It also allows access to both directories and files.
It uses TCP for data transfer and hence slow but
reliable.
Network File System (NFS)
It is jewel of protocols specializing in file

sharing.
It allows two different types of file systems to
interoperate.
This is striped down version of FTP.

It has no directory browsing abilities.
It can only send and receive files.
It uses UDP for data transfer and hence faster
but not reliable.
LPD (Line Printer Daemon)

The Line Printer Protocol is designed for Printer
sharing.
The LPD along with the LPR (Line Printer
Program) allows print jobs to spooled and sent to
the networks printers using TCP/IP.
X Window
X-windows defines a protocol for the writing of

graphical user interface-based client/Server
application.
Simple Network Management

Protocol
SNMP enable a central management of
Network.
Using SNMP an administrator can watch the
entire network.
SNMP works with TCP/IP.
IT uses UDP for transportation of the data.
DNS (Domain Name Service)

DNS resolves FQDNs with IP address.
DNS allows you to use a domain name to
specify and IP address.
It maintains a database for IP address and
Hostnames.
On every query it checks this database and
resolves the IP.
Introduction to TCP/IP
Addresses
172.18.0.1
172.18.0.2
10.13.0.0
10.13.0.1
172.16.0.1
HDR SA DA DATA
172.17.0.1
172.16.0.2
172.17.0.2
192.168.1.0
192.168.1.1
Unique addressing allows communication

between end stations.
Path choice is based on destination address.
Location is represented by an address
IPv4 Addressing
32-bit addresses
Commonly expressed in dotted
decimal format (e.g., 192.168.10.12)
Each dotted decimal is commonly

called an octet (8 bits)
IP Addressing
32 bits
Dotted
Decimal
Maximum
Network
255
255
Host
255
255
IP Addressing
32 bits
Dotted
Decimal
Network
16 17
255
24 25
32
11111111 11111111
11111111 11111111
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1
8 9
255
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1
Binary
255
255
Maximum
Host
IP Addressing
32 bits
Dotted
Decimal
Network
16 17
255
24 25
32
11111111 11111111
11111111 11111111
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1
8 9
255
128
64
32
16
8
4
2
1
128
64
32
16
8
4
2
1
Binary
255
255
Maximum
Host
Example
172
16
122
204
Decimal
Example 10101100 00010000 01111010 11001100
Binary
IP Address Classes
8 bits
8 bits
8 bits
8 bits
Host
Host
Host
Host
Host
Class A:
Network
Class B:
Network Network
Class C:
Network Network Network
Class D:
Multicast
Class E:
Research
Host
IP AddressingClass A
10.222.135.17
Network # 10
Host # 222.135.17
Range of class A network IDs: 1126
Number of available hosts: 16,777,214
IP AddressingClass B
128.128.141.245
Network # 128.128
Host # 141.245
Range of class B network IDs:

128.1191.254
Number of available hosts: 65,534
IP AddressingClass C
192.150.12.1
Network # 192.150.12
Host # 1
Range of class C network IDs:
192.0.1223.255.254
Number of available hosts: 254
IP Network Address Classes

Class
# Networks
# Hosts
Example
126
16,777,214
01111111
00000000
00000000
00000000
16,384
65,534
10111111
11111111
00000000
00000000
2,097,152
254
11011111
11111111
11111111
00000000
Class A
35.0.0.0
Class B
128.5.0.0
Class C
132.33.33.0
Host Address Space
Network Address Space
IP Address Classes
Bits:
Class A:
Bits:
Class B:
Bits:
Class C:
Bits:
Class D:
8 9
0NNNNNNN
16 17
24 25
Host
Host
32
Host
Range (1-126)
1
8 9
10NNNNNN
16 17
Network
Range (128-191)
1
8 9
110NNNNN
Host
16 17
Network
Range (192-223)
1
8 9
1110MMMM
24 25
Host
24 25
Network
16 17
32
32
Host
24 25
32
Multicast Group Multicast Group Multicast Group
Range (224-239)
Private Addresses
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255
Determining Available Host

Addresses
Network
...
...
10101100 00010000 00000000 00000000

00000000 00000001
00000000 00000011
N
1
2
3
...
16
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
172
Host
11111111 11111101
11111111 11111110
11111111 11111111
65534
65535
65536
2
2N-2 = 216-2 = 65534
65534
Subnet Mask
Network
IP
Address
172
Host
16
Network
Default
Subnet
Mask
8-bit
Subnet
Mask
255
0
Host
255
11111111
11111111
00000000
00000000
Also written as /16 where 16 represents the number of 1s
in the mask.
Network
Subnet
Host
255
255
255
Also written as /24 where 24 represents the number of 1s

in the mask.
Decimal Equivalents of Bit

Patterns
128 64
32
16
128
192
224
240
248
252
254
255
Subnet Mask without Subnets

Network
Host
172.16.2.160
10101100
00010000
00000010
10100000
255.255.0.0
11111111
11111111
00000000
00000000
10101100
00010000
00000000
00000000
172
16
Network
Number
Subnets not in usethe default
Subnet Mask with Subnets

Network
172.16.2.160
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
00000000
10101100
00010000
00000010
00000000
172
16
128
192
224
240
248
252
254
255
255.255.255.0
Subnet
Network
Number
Network number extended by eight bits
Subnet Mask with Subnets

(cont.)
255.255.255.192
Network
Number
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
11000000
10101100
00010000
00000010
10000000
128
192
224
240
248
252
254
255
172.16.2.160
Subnet
128
192
224
240
248
252
254
255
Network
172
16
128
Network number extended by ten bits
Addressing Summary Example
172.16.2.160
255.255.255.192
172
16
10101100
00010000
160
00000010 10100000 Host
Mask
Subnet 4
Broadcast
First
Last
172.16.2.160
255.255.255.192
172
16
10101100
00010000
11111111
11111111
160
00000010 10100000 Host
11111111 11000000 Mask 2

Subnet
Broadcast
First
Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
11111111 11000000 Mask 2

Subnet
Broadcast
First
Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
11111111 11000000 Mask 2

10000000 Subnet 4
Broadcast
First
Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
11111111 11000000 Mask 2

10000000 Subnet 4
10111111 Broadcast
5
First
Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
11111111 11000000 Mask 2

10000000 Subnet 4
10111111 Broadcast
5
10000001 First
Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
11111111 11000000 Mask 2

10000000 Subnet 4
10111111 Broadcast
5
10000001 First
10111110 Last

172
16
160
3
172.16.2.160
255.255.255.192
10101100
00010000
00000010 10100000 Host
11111111
11111111
11111111 11000000 Mask 2
10101100
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast
10101100
00010000
5
00000010 10000001 First
10101100
00010000
00000010 10111110 Last

172
16
160
3
10101100
00010000
255.255.255.192 11111111
8
9
172.16.2.128
10101100
11111111
11111111 11000000 Mask 2
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast

6
7
172.16.2.160
172.16.2.191
00000010 10100000 Host
172.16.2.129
10101100
00010000
5
00000010 10000001 First
172.16.2.190
10101100
00010000
00000010 10111110 Last
Variable-Length
Subnet Masks
3-200
What Is a Variable-Length
Subnet Mask?
HQ
172.16.0.0/16
Subnet Mask? (cont.)
HQ
HQ
172.16.0.0/16
172.16.14.32/27
172.16.14. 64/27
B
HQ
HQ
172.16.0.0/16
172.16.14.96/27
C
Subnet 172.16.14.0/24 is divided into smaller subnets:

Subnet with one mask at first (/27)
172.16.14.32/27
A
172.16.14. 64/27
B
HQ
HQ
172.16.0.0/16
172.16.14.96/27
C
Subnet 172.16.14.0/24 is divided into smaller subnets:

Subnet with one mask at first (/27)
Then further subnet one of the unused /27 subnets into multiple /30
subnets
Calculating VLSMs
Subnetted Address: 172.16.32.0/20
In Binary 10101100. 00010000.00100000.00000000
Calculating VLSMs (cont.)

In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000

In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000
1st subnet:
10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26

Network
Subnet VLSM
subnet
Host

In Binary 10101100. 00010000.00100000.00000000
VLSM Address: 172.16.32.0/26
In Binary 10101100. 00010000.00100000.00000000
1st subnet: 10101100 . 00010000
2nd subnet:
172
.
16
3rd subnet:
172
.
16
172
.
16
4th subnet:
172
.
16
5th subnet:
Network
.0010
.0010
.0010
.0010
.0010
0000.00
0000.01
0000.10
0000.11
0001.00
Subnet VLSM
Subnet
000000=172.16.32.0/26
000000=172.16.32.64/26
000000=172.16.32.128/26
000000=172.16.32.192/26
000000=172.16.33.0/26
Host
A Working VLSM Example

Derived from the 172.16.32.0/20 Subnet

(cont.)
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26
26 bit mask
(62 hosts)

(cont.)
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet
30 bit mask
(2 hosts)
26 bit mask
(62 hosts)

(cont.)
172.16.32.0/26
172.16.33.0/30
172.16.33.4/30
172.16.32.64/26
172.16.33.8/30
172.16.32.128/26
172.16.33.12/30
172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet
30-Bit Mask
(2 Hosts)
26-Bit Mask
(62 Hosts)
Route Summarization
3-213
What Is Route Summarization?

172.16.25.0/24
172.16.26.0/24
A
172.16.27.0/24
Routing table
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24
What Is Route
Summarization? (cont.)
172.16.25.0/24
I can route to the
172.16.0.0/16 network.
172.16.26.0/24
A
172.16.27.0/24
Routing Table
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24
B
Routing Table
172.16.0.0/16
Routing protocols can summarize addresses of several

networks into one address
Summarizing Within an Octet

172.16.168.0/24 = 10101100 . 00010000 . 10101 000 . 00000000
172.16.169.0/24 =
172
16
. 10101 001 .
172.16.170.0/24 =
172
16
. 10101 010 .
172.16.171.0/24 =
172
16
. 10101 011 .
172.16.172.0/24 =
172
16
. 10101 100 .
172.16.173.0/24 =
172
16
. 10101 101 .
172.16.174.0/24 =
172
16
. 10101 110 .
172.16.175.0/24 =
172
16
. 10101 111 .
Number of Common Bits = 21

Summary: 172.16.168.0/21
Noncommon
Bits = 11
Summarizing Addresses in
a VLSM-Designed Network
172.16.128.0/20
172.16.32.64/26
172.16.32.0/24
A
172.16.0.0/16
172.16.32.128/26
172.16.64.0/20
Corporate
Network
Classless
Interdomain Routing
3-218
Classless Interdomain Routing

Mechanism developed to alleviate
exhaustion of addresses and reduce
routing table size
Blocks of Class C addresses assigned
to ISPsISPs assign subsets of
address space to organizations
Blocks are summarized in routing tables
CIDR Example
192.168.8.0/24
192.168.9.0/24
192.168.9.0/24
192.168.15.0/24
192.168.8.0/21
ISP
Networks 192.168.8.0/24 through 192.168.15.0/24 are

summarized by the ISP in one advertisement
192.168.8.0/21
WAN Basics
What Is a WAN?
A network that serves users across a broad
geographic area
Often uses transmission devices provided by
public carriers (Pacific Bell, AT&T, etc.)
This service is commonly referred to as plain old
telephone service (POTS)
WANs function at the lower three layers of the

OSI reference model
Physical layer, data link layer, and network layer
WAN Overview
Service
Provider
WANs connect sites

Connection requirements vary depending on
user requirements and cost
What is a
WAN?
A WAN is a data communications network that covers a relatively broad geographic
area and often uses transmission facilities provided by common carriers, such as
telephone companies. WAN technologies function at the lower three layers of the OSI
reference model: the physical layer, the data link layer, and the network layer.
WAN connection types

Point-to-Point Links or Leased Lines
Circuit Switching
Packet Switching
Point-to-Point Links or
Leased Lines
A point-to-point link is also known as a leased line because its

established path is permanent and fixed for each remote network reached
through the carrier facilities. It uses synchronous serial lines upto 45
Mbps
Leased Line
One connection per physical interface

Bandwidth: 56 kbps1.544 Mbps
Cost effective at 46 hours daily usage
Dedicated connections with predictable throughput
Permanent
Cost varies by distance
Circuit Switching
Modem
WAN
Modem
Dedicated physical circuit established, maintained, and

terminated through a carrier network for each
communication session
Datagram and data stream transmissions
Operates like a normal telephone call
Example: ISDN
Circuit Switching
Sets up line like a phone call. No data

can transfer before the end-to-end
connection is established.
Uses dial-up modems and ISDN. It is
used for low-bandwidth data transfers.
POTS Using Modem Dialup

Modem
Corporate Network
Telecommuters
Mobile
Users
Basic
Telephone
Service
Server
Modem
Access Router
Widely available
Easy to set up
Dial on demand
Asynchronous transmission
Low cost, usage-based
Lower bandwidth access requirements
Integrated Services Digital

Network (ISDN)
LAN
Server
ISDN
Telecommuter/AfterHours, Work-atHome
BRI
2B+D
BRI/PRI
23B+D
30B+D (Europe)
Company Network
High bandwidth
Up to 128 Kbps per basic rate interface
Dial on demand
Multiple channels
Fast connection time
Monthly rate plus cost-effective,
usage-based billing
Strictly digital
Packet Switching
Multiplexing
Modem
Demultiplexing
WAN
Modem
Network devices share a point-to-point link to transport

packets from a source to a destination across a carrier
network
Statistical multiplexing is used to enable devices to
share these circuits
Examples: ATM, Frame Relay, X.25
Packet Switching
WAN switching method that allows you to share
bandwidth with other companies to save money.
Think of packet switching networks as a party line. As long
as you are not constantly transmit-ting data and are instead
using bursty data transfers, packet switching can save you
a lot of money. However, if you have constant data
transfers,then you will need to get a leased line.
Frame Relay and X.25 are packet-switching technologies.
Speeds can range from 56Kbps to 2.048Mbps.
Frame Relay
Permanent, not dialup
Multiple connections per
physical interface
(permanent virtual circuits)
Efficient handling of
bursty (peak performance
period) data
Guaranteed bandwidth
(typical speeds are
56/64 Kbps, 256 Kbps,
and 1.544 Mbps)
committed information
rate (CIR)
Cost varies greatly by region
Permanent Virtual Circuit (PVC)
X.25
DTE
DTE
DCE
X.25
DCE
Very robust protocol for low-quality lines

Packet-switched
Bandwidth: 9.6 kbps64 kbps
Well-established technology;
large installed base
Worldwide availability
Asynchronous Transfer Mode

(ATM)
Technology capable of transferring voice, video, and data
through private and public networks
Uses VLSI technology to segment data,
at high speeds,
into
Data
Header
units called cells
5 bytes of header information
48 bytes of payload
53 bytes total
48
Cells contain identifiers that specify the data stream to

which they belong
Primarily used in enterprise backbones or WAN links
Cabling the WAN

Legend
FastEthernet/
Ethernet
ISDN
Dedicated
ISL
core_sw_b
ISDN Cloud
core_sw_b
core_sw_a
Leased Line/
Frame Relay
Core_
Server
WAN Physical Layer

Implementations
Physical layer implementations vary
Frame
Relay
PPP
HDLC
Cable specifications define speed of link
EIA/TIA-232
EIA/TIA-449
X.21 V.24 V.35
HSSI
ISDN BRI (with PPP)
RJ-45
NOTE: Pinouts are
different than RJ-45
used in campus
Differentiating Between WAN

Serial Connectors
Router connections
End user
device
DTE
CSU/
DSU
DCE
Service
provider
EIA/TIA-232
EIA/TIA-449
V.35
X.21
EIA-530
Network connections at the CSU/DSU
Serial Implementation of
DTE versus DCE
Data Terminal Equipment
Data Communications Equipment

End of the WAN providers
side of the communication facility
DCE is responsible for clocking
End of the users device

on the WAN link
Modem
CSU/DSU
DCE
DTE
S
S
DTE
DCE
S
S
S
DCE
DTE
WAN Terminating Equipment

Physical Cable Types
Router
To Corporate
Network
EIA/TIA-232
V.35
X.21
HSSI
WAN Provider
(Carrier) Network
Modem
Usually on the
Customers
Premises
DTE
DCE
Data Terminal Equipment
Data Circuit-Terminating Equipment
The Customers
Equipment
The Service Providers

Equipment
Serial Transmission
WAN Serial connectors use serial transmission
Serial transmission uses one bit at time over a
single channel.
Parallel transmission can use 8 bits at a time,
but all WANs use serial transmission.
Cisco Routers use a proprietary 60 pin serial

connector.
Connector at the other end of the cable will

depend on your service provider or end device
requirements.
LAN/WAN Devices
www.cisco.com
LAN/WAN Devices
Hubs
Bridges
Switches
Routers
Hub
Device that serves as the center of a
star topology network, sometimes
referred to as a multiport repeater,
no forwarding intelligence
Hubs
123
126
124
127
Hub
125
128
Amplifies signals
Propagates signals through the network
Does not filter data packets based on destination
No path determination or switching
Used as network concentration point
Hubs Operate at Physical layer
Physical
All devices in the same collision domain

All devices in the same broadcast domain
Devices share the same bandwidth
Hubs: One Collision Domain

More end stations means
more collisions
CSMA/CD is used
Bridge
Device that connects and passes
packets between two network
segments.
More intelligent than hubanalyzes
incoming packets and forwards (or
filters) them based on addressing
information.
Bridge Example
123
126
Bridge
124
127
Hub
Hub
125
128
Segment 1
Corporate Intranet
Segment 2
More intelligent than a hubcan analyze incoming packets and

forward (or filter) them based on addressing information
Collects and passes packets between two network segments
Maintains address tables
Switches
Use bridging technology to
forward traffic between ports.
Provide full dedicated data
transmission rate between two stations
that are directly connected to the switch
ports.
Build and maintain address
tables called content-addressable
memory (CAM).
SwitchingDedicated Media
Workstation
10-Mbps
UTP Cable
Dedicated
31
Switch
34
32
35
100 Mbps
33
100 Mbps
Corporate Intranet
Uses bridging technology to forward traffic (i.e.

maintains address tables, and can filter)
Provides full dedicated transmission rate between
stations that are connected to switch ports
Used in both local-area and in wide-area networking
All types availableEthernet, Token Ring, ATM
36
Switches and Bridges Operate

at Data Link Layer
Data Link
OR
Each segment has its own collision domain
All segments are in the same broadcast domain
Switches
Switch
Memory
Each segment has its

own collision domain
Broadcasts are
forwarded to all
segments
Routers
Interconnect LANs and WANs

Provide path determination using
metrics
Forward packets from one network
to another
Control broadcasts to the network
Network Layer Functions (cont.)

1.1
1.2
1.0
4.0
1.3
E0
2.1
S0
Routing Table
NET INT Metric
1
E0
0
2
S0
0
4
S0
1
2.2
S0
4.3
4.1
4.2
E0
Routing Table
NET INT Metric
1
S0
1
2
S0
0
4
E0
0
Logical addressing allows for hierarchical network

Configuration required
Uses configured information to identify paths to networks
Routers: Operate at the

Network Layer
Broadcast control
Multicast control
Optimal path
determination
Traffic management
Logical addressing
Connects to WAN
services
Using Routers to Provide

Remote Access
Modem or ISDN TA
Telecommuter
Mobile User
Branch Office
Main Office
Internet
Network Device Domains

Hub
Bridge
Switch
Router
Collision Domains:
1
4
Broadcast Domains:
1
Product Selection
Considerations
Provides functionality and features you need today

Capacity and performance
Easy installation and centralized management
Provides network reliability
Investment protection in existing infrastructure

Migration path for change and growth
Seamless access for mobile users and

branch offices
Cisco Router Products

Cisco
12000 GSR
Series
Selection Issues:
Scale of the routing features needed
Port density/variety requirements
Capacity and performance
Common user interface
Cisco
1600/1700
Cisco Series
700/800
Series
Cisco
2500
Series
Cisco
2600
Series
Cisco
3600
Series
AS
5000
Series
Cisco
7000
Series
Cisco
10000
Series
Central Site Solutions
Branch Office Solutions

Small Office Solutions
Home Office Solutions
Visual Objective
Use the product selection tool to

select Cisco Equipment
Router 7200
Router 7300
Router 7500
Router 7600
Router 10000
Router 12000
Fixed and Moduler Interfaces

Some Cisco Routers have fixed interfaces while other are
modular.
2500 series routers have set interfaces that cant be changed.
The 2501 Router has two serial connections one 10BaseT AUI
interface.
If you need to add a third serial connection you need to buy a new
router.
The 1600, 1700, 2600, 3600 and higher routers have modular
interfaces.
These Routers allow you to buy what you need and add almost any
type of interface you may need later.
Fixed Interfaces
2500 Routerrear view
Serial WAN ports can be fixed
Modular Interfaces
WAN
Interface
Card
Serial WAN ports can be modular

1603 Routerrear view
Ethernet 10BaseT
3640 Router
rear view
Ethernet AUI
ISDN BRI S/T
Console
Module
Router Internal Components
RAM
It contains the software and data
structures that allow the router to function.
The principal software running in RAM is
the Cisco IOS image and the running
configuration. Some routers, such as the
2500 series, run IOS from Flash and not
RAM.
ROM Functions
Contains microcode for basic functions
ROM
POST : The microcode used to test the basic
functionality of the router hardware and to
determine what components are present.
ROM
Bootstrap code : the bootstrap code is
used to bring the router up during
initialization. It contains microcode for basic
functions to start and maintain the router. It
reads the configuration register to
determine how to boot and then, if
instructed to do so, loads the IOS
software.
ROM
ROM monitor : A low-level operating system normally
used for manufacturing, testing and troubleshooting.
A partial IOS : This partial IOS can be used to load a
new software image into Flash memory and to perform
some other maintainence operations. It does not
support the IP routing and most other routing
functions. Sometimes, this subset of the IOS is
referred to as RXBOOT code.
Flash memory
Flash memory : is used to contain the IOS
software image. Some router run IOS image
directly from Flash and do not need to
transfer it to RAM.
NVRAM
NVRAM : is used mainly to store the
configuration. NVRAM uses a battery to
maintain the data when the power is removed
from the router.
Configuration Register
Configuration Register : is used to control
how the router boots up.
External Configuration Sources
Configurations can come

from many sources.
Configurations will act in
device memory.
Basics of Cisco IOS

IOS Software delivers Network Services and enables network
services.
Cisco IOS enable the following network services:
Features to carry the chosen network protocols & functions.
Connectivity to provide high-speed traffic between devices.
Security to control access and discourage unauthorized network use.
Scalability to add interfaces and capability as the need for networking
grows.
Reliability to ensure dependable access to networked resources.
Cisco IOS Software Features
Cisco IOS software delivers network

services and enables networked
applications.
Cisco IOS User Interface

Functions
A CLI is used to enter commands.
Operations vary on different
internetworking devices.
Users type or paste entries in the
console command modes.
Enter key instructs device to parse and
execute the command.
Two primary EXEC modes are user
mode and privileged mode.
Command modes have distinctive
prompts.
Setting Up A Console
Connection
Device with Console
PCs require an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter.

COM port settings are 9600 bps, 8 data bits, no parity, 1
stop bit, no flow control.
This provides out-of-band console access.
AUX switch port may be used for a modem-connected
console.
Console
Connection
Console connection is required to configure the router for the
first time.
All Cisco devices are shipped with one Console cable.
It allows you to connect a device and configure, verify and
monitor it.
The cable is a rollover cable with RJ-45 connectors
Pinouts for the rollover cable is:
1-8
4-5
7-2
2-7
5-4
8-1
3-6
6-3
---
Console Connection
Setup terminal emulation program to run at
9600 bps
8 data bits
no parity
1 stop bit
no flow control
Most of the router has an auxiliary port which can connect to a
modem
This will give you console access to a remote router.
The console port and auxiliary port are considered out-of-band
management since you are configuring router out of the network
Telnet is considered in-band.
Initial Startup of the Cisco

Router
System startup routines initiate router software
Router falls back to startup alternatives if needed
Router Power-On/Bootup
Sequence
1.
2.
3.
4.
5.
6.
7.
Perform power-on self test (POST).

Load and run bootstrap code.
Find the Cisco IOS software.
Load the Cisco IOS software.
Find the configuration.
Load the configuration.
Run the configured Cisco IOS software.
Router Configuration from

CLI
First method of Router configuration is Setup utility
allows a basic initial configuration
Command Line Interface (CLI) can be used for more complex and
specific configurations
CLI provides following modes of operation:
User Mode
EXEC Mode
Terminal Configuration / Global Configuration Mode
Terminal configuration Mode gives you access to different
configuration Modes.
Bootup Output from the Router
Unconfigured Versus Configured Router
Setup: The Initial

Configuration Dialog
Router#setup
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity

for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: no
Setup Interface Summary

First, would you like to see the current interface summary? [yes]:
Interface
IP-Address
OK?
Method
Status
Protocol
BRI0
unassigned
YES
unset
administratively down
down
BRI0:1
unassigned
YES
unset
down
BRI0:2
unassigned
YES
unset
down
Ethernet0
unassigned
YES
unset
down
Serial0
unassigned
YES
unset
down
Interfaces Found During Startup
Setup Initial
Global Parameters
Configuring global parameters:
Enter host name [Router]:wg_ro_c
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: sanfran
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: sanjose
Configure SNMP Network Management? [no]:
Setup Initial
Protocol Configurations
Configure LAT? [yes]: no
Configure AppleTalk? [no]:
Configure DECnet? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
Configure CLNS? [no]:
Configure IPX? [no]:
Configure Vines? [no]:
Configure XNS? [no]:
Configure Apollo? [no]:
Setup Interface
Parameters
BRI interface needs isdn switch-type to be configured
Valid switch types are :
[0] none..........Only if you don't want to configure BRI.
[1] basic-1tr6....1TR6 switch type for Germany
[2] basic-5ess....AT&T 5ESS switch type for the US/Canada
[3] basic-dms100..Northern DMS-100 switch type for US/Canada
[4] basic-net3....NET3 switch type for UK and Europe
[5] basic-ni......National ISDN switch type
[6] basic-ts013...TS013 switch type for Australia
[7] ntt...........NTT switch type for Japan
[8] vn3...........VN3 and VN4 switch types for France
Choose ISDN BRI Switch Type [2]:
Configuring interface parameters:
Do you want to configure BRI0 (BRI d-channel) interface? [no]:
Do you want to configure Ethernet0 interface? [no]: yes
Configure IP on this interface? [no]: yes
IP address for this interface: 10.1.1.33
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Do you want to configure Serial0
interface? [no]:
Setup Script
Review and Use
The following configuration command script was created:
hostname Router
interface BRI0
enable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0
shutdown
enable password sanfran
no ip address
line vty 0 4
!
password sanjose
interface Ethernet0
no snmp-server
no shutdown
!
ip address 10.1.1.31 255.255.255.0
no appletalk routing
no mop enabled
no decnet routing
!
ip routing
interface Serial0
no clns routing
shutdown
no ipx routing
no ip address
no vines routing
<text omitted>
no xns routing
end
no apollo routing
isdn switch-type basic-5ess
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]:
Logging In to the Router
Cisco IOS Software EXEC

Mode
There are two main EXEC modes for
entering commands.
Router User-Mode
Command List
wg_ro_c>?
Exec commands:
access-enable
atmsig
cd
clear
connect
dir
disable
disconnect
enable
exit
help
lat
lock
login
logout
-- More --
Create a temporary Access-List entry

Execute Atm Signalling Commands
Change current device
Reset functions
Open a terminal connection
List files on given device
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Exit from the EXEC
Description of the interactive help system
Open a lat connection
Lock the terminal
Log in as a particular user
Exit from the EXEC
You can abbreviate a command to the fewest characters

that make a unique character string.
Cisco IOS Software EXEC

Mode (Cont.)
Router Privileged-Mode
Command List
wg_ro_c#?
Exec commands:
access-enable
access-profile
access-template
bfe
cd
clear
clock
configure
connect
copy
debug
delete
dir
disable
disconnect
enable
erase
exit
help
-- More --

Apply user-profile to interface
For manual emergency modes setting
Change current directory
Reset functions
Manage the system clock
Enter configuration mode
Open a terminal connection
Copy from one file to another
Debugging functions (see also 'undebug')
Delete a file
List files on a filesystem
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Erase a filesystem
Exit from the EXEC
Description of the interactive help system
You can complete a command string by entering the

unique character string, then pressing the Tab key.
Access to Configuration
Interface configuration Mode
Modes
Support commands for per-interface basis configuration
Promp looks like
Router(Config-if)#
Subinterface Configuration Mode

Support command that configures multiple virtual (Logical)
interfaces on single physical interfaces.
Prompts looks like
Router(config-subif)#
Router Configuration Mode
Support commands that configures IP Routing Protocol

Prompt looks like
Router(Config-router)#
IPX-router Configuration Mode

Support command that configures the Novell Network
Layer Protocol
Prompts looks like
Router(config-router)#
Exiting Configuration Mode
Exit command will take you one level back and eventually
allowing you to log out.
CTRL+Z can also be used instead of Exit command
Router Command Line

Help Facilities
Context-Sensitive Help
Console Error Messages
Provides a list of
commands and the
arguments associated
with a specific command.
Identify problems with router

commands incorrectly
entered so that you can alter
or correct them.
Command History Buffer

Allows recall of long or
complex commands or
entries for reentry, review, or
correction.
Router Context-Sensitive Help

Router#
clok
Translating "CLOK"
% Unknown command or computer name, or unable to find computer address
Router#
clear
Router#
cl?
clock
clock
Symbolic translation
% Incomplete command.
Command prompting
Router#
Last command recall
set
Router#
clock ?
Set the time and date
clock set
Router#
hh:mm:ss
<Ctrl-P>clock set ?
Current Time
Router Context-Sensitive Help

(cont.)
Router#
clok
Translating "CLOK"
% Unknown command
or computer
unable to find computer address
Router#
clock name,
set or
19:56:00
Router#
clear
clock
Router#
<1-31>
Router#
MONTH
Command
prompting
clock set 19:56:00 ?

Day of the month
Month of the year
Router#
clock set 19:56:00 04 8

^
Router#
set
Router#
Set%the
time and input
date
Invalid
Router#
detected at the '^' marker
clock set 19:56:00 04 August

command.
% Incomplete
% command.
Incomplete
Router#
Router# clock set 19:56:00 04 August ?

hh:mm:ss <1993-2035>
Current Time Year
Syntax checking
Command
prompting
Using Enhanced Editing

Commands
Router>Shape the future of internetworking by creating unpreced
Shape the future of internetworking by creating

unprecedented value for customers, employees,
and partners.

Commands
Router>$ future of internetworking by creating unprecedented op
(Automatic scrolling of long lines).

Commands
Router>Shape the value of internetworking by creating unpreced

<Ctrl-A>
Move to the beginning of the command line.

Commands
Router>$ value for customers, employees, and partners.

<Ctrl-A>
<Ctrl-E>
Move to the end of the command line.

Commands

<Ctrl-A>
<Ctrl-E>
<Esc-B>
Move back one word.

Commands

<Ctrl-A>
<Ctrl-E>
<Esc-B>
Move back one word.
<Ctrl-F>
Move forward one character.

Commands

<Ctrl-A>
<Ctrl-E>
<Esc-B>
Move back one word.
<Ctrl-F>
<Ctrl-B>
Move back one character.

Commands

<Ctrl-A>
<Ctrl-E>
<Esc-B>
Move back one word.
<Ctrl-F>
<Ctrl-B>
<Esc-F>
Move forward one word.

Commands

<Ctrl-A>
<Ctrl-E>
<Esc-B>
Move back one word.
<Ctrl-F>
<Ctrl-B>
<Esc-F>
Move forward one word.
<Ctrl-D>
Delete a single character.
Reviewing Router Command

History
Ctrl-P or Up arrow
Last (previous) command recall
Ctrl-N or Down arrow
More recent command recall
Router> show history
Show command buffer contents
Router> terminal history size lines
Set session command buffer size
show version Command

wg_ro_a#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 08-Feb-99 18:18 by phanguye
Image text-base: 0x03050C84, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1)
wg_ro_a uptime is 20 minutes
System restarted by reload
System image file is "flash:c2500-js-l_120-3.bin"
(output omitted)
--More-Configuration register is 0x2102
Viewing the Configuration

RAM
NVRAM
Config
Config
IOS
show
running-config
show
startup-config
Console
Setup utility
Setup saves the configuration to NVRAM
show running and show startup

Commands
In RAM
In NVRAM
wg_ro_c#show running-config
Building configuration...
wg_ro_c#show startup-config
Using 1359 out of 32762 bytes
!
version 12.0
!
-- More --
Current configuration:
!
version 12.0
!
-- More --
Display current and saved configuration
Overview of Router Modes

User EXEC mode
Router>enable
Privileged EXEC mode
Router#config term
Global configuration mode
Router(config)#
Configuration
Mode
Ctrl-Z (end)
Exit
Prompt
Interface
Router(config-if)#
Subinterface
Router(config-subif)#
Controller Router(config-controller)#
Line
Router(config-line)#
Router
Router(config-router)#
IPX router
Router(config-ipx-router)#
Saving Configurations
wg_ro_c#
wg_ro_c#copy running-config startup-config
Destination filename [startup-config]?
Building configuration
wg_ro_c#
Copy the current configuration to NVRAM
Configuring Router Identification

Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#
Message of the Day Banner

wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #
Sets local identity or message for the accessed router

or interface
Configuring Router Identification

Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#
Message of the Day Banner

wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #
Interface Description
wg_ro_c(config)#interface ethernet 0
wg_ro_c(config-if)#description Engineering LAN, Bldg. 18
Sets local identity or message for the accessed

router or interface
Router Password Configuration

Console Password
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password cisco
Virtual Terminal Password

Router(config)#line vty 0 4
Router(config-line)#password sanjose
Router Password Configuration

Console Password
Router(config-line)#password cisco
Virtual Terminal Password

Router(config)#line vty 0 4
Router(config-line)#password sanjose
Enable Password
Router(config)#enable password cisco
Secret Password
Router(config)#enable secret sanfran
Other Console Line Commands

Router(config-line)#exec-timeout 0 0
Prevents console session timeout

Router(config-line)#logging synchronous
Redisplays interrupted console input
Configuring an Interface
Router(config)#interface type number
Router(config-if)#
type includes serial, ethernet, token ring, fddi, hssi,

loopback, dialer, null, async, atm, bri, and tunnel
number is used to identify individual interfaces
Router(config)#interface type slot/port
Router(config-if)#
For modular routers

Router(config-if)#exit
Quit from current interface configuration mode
Configuring a Serial Interface

Enter global
configuration mode
Specify interface
Router#configure term
Router(config)#
Router(config)#interface serial 0
Router(config-if)#
Configuring a Serial Interface

Enter global
configuration mode
Router(config)#
Specify interface
Router(config-if)#
Set clock rate

(on DCE interfaces
only)
Router(config-if)#clock rate 64000

Router(config-if)#
Set bandwidth
Router(config-if)#bandwidth 64
Router(config-if)#exit
Router(config)#exit
Router#
Verifying Your Changes

Router#show interface serial 0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address
addressisis10.140.4.2/24
10.140.4.2/24
MTU 1500 bytes, BWBW6464Kbit,
Kbit,DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:09, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
(output omitted)
Disabling or Enabling an
Interface
Router(config-if)#shutdown
%LINK-5-CHANGED: Interface Serial0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
Administratively turns off an interface

Router(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Seria0, changed state to up
%LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up
Enables an interface that is administratively shutdown
Router show interfaces

Command
Router#show interfaces
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f)
Internet address is 10.1.1.11/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
81833 packets input, 27556491 bytes, 0 no buffer
Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort
0 input packets with dribble condition detected
55794 packets output, 3929696 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 4 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Interpreting Interface Status

Router#show interfaces serial 1
Hardware is HD64570
Description: 64Kb Line to San Jose
:: :: :: :: :: :: :: :: ::
Carrier Detect
Operational..................
Connection problem...
Interface problem........
Disabled ......................
Keepalives
Serial1
Serial1
Serial1
Serial1
is
is
is
is
up, line protocol is up

up, line protocol is down
down, line protocol is down
administratively down, line protocol is down
Serial Interface show controller

Command
Router#show controller serial 0
HD unit 0, idb = 0x121C04, driver structure at 0x127078
buffer size 1524 HD unit 0, V.35 DTE cable
.
.
.
Shows cable type of serial cables
ROUTING
What is Routing?
10.120.2.0
172.16.1.0
To route a router need to know:

Destination addresses
Sources it can learn from
Possible routes
Best route
Maintain and verify routing information
What is Routing? (cont.)

10.120.2.0
E0
172.16.1.0
S0
Network
Protocol
Connected
Learned
Destination
Network
10.120.2.0
172.16.1.0
Exit
Interface
E0
S0
Routed Protocol: IP
Routers must learn destinations that are

not directly connected
Identifying Static and Dynamic

Routes
Static Route
Uses a route that a
network administrator
enters into the router
manually
Dynamic Route
Uses a route that a network
routing protocol adjusts
automatically for topology or
traffic changes
STATIC ROUTING
Static Routing: The administrator must handtype all network locations into the routing table.
In Static Routing, the administrator is
responsible for updating all changes by hand
into all routers.
IP Route command
ip route [destination_network ][mask ]

[next_hop_address or exit interface ]
It is a Global configuration mode

command.
Above command is used for configuring
routing table in Static Routing
Static Routing
The following list describes each command in the string:
ip route
The command used to create the static route.
destination network
The network you are placing in the
routing table.
mask
Indicates the subnet mask being used on the
network.
next hop address
The address of the next hop router that
will receive the packet and forward it to the
remote network. This is a router interface
that is on a directly connected network. You
must be able to ping the router interface before
you add the route.
Static Route Example

Stub Network
172.16.1.0
SO
Network
172.16.2.2
172.16.2.1
B
B
ip route 172.16.1.0 255.255.255.0 172.16.2.1
This is a unidirectional route. You must have a route configured in

the opposite direction.
Default Routing
Default routing is used to send packets with a
remote destination network not in the routing
table to the next hop router.
You can only use default routing on stub
networks, which means that they have only
one exit port out of the network.
Default Routes
Stub Network
172.16.1.0
SO
Network
A
172.16.2.2
172.16.2.1
BB
ip route 0.0.0.0 0.0.0.0 172.16.2.2
This route allows the stub network to reach all known networks
beyond router A.
Static Routing
Static Routing is the process of an administrator manually adding routes in each
routers routing table.
Benefits of Static Routing
No overhead on the Router CPU
No Bandwidth usage between routers
Security (Administrator can allow routing to selected networks)
Disadvantage of Static Routing
The administrator must really understand the full internetwork to configure
routes correctly.
If one network is added to the internetwork the administrator must add a route
to it on all routers.
It is not feasible in large networks because it would be a full-time job.
Dynamic Routing Basics
Routed versus Routing

Protocols
Routed protocols
used between
routers to direct user
traffic; also called
network protocols
Examples: IP, IPX,
DECnet, AppleTalk,
NetWare, OSI, VINES
Routing protocols
used between
routers to maintain
routing tables
Examples: RIP, IGRP,
OSPF, BGP, EIGRP
Network
Protocol
Protocol name
Destination Exit Port

Network
to Use
1.0
2.0
3.0
1.1
2.1
3.1
DYNAMIC ROUTING
Dynamic Routing: Dynamic routing is the
process of routing protocols running on the router
communicating with neighbor routers.
If a change occurs in the network the dynamic
routing protocols automatically inform all
routers about the change.
Dynamic Routing
Most internetworks use dynamic routing
X
C
A network change blocks

the established path...
B
C
and an alternate route is

found dynamically.
Routing Protocols
www.cisco.com
What is a Routing Protocol?

10.120.2.0
Routing protocols are

used between
routers to determine
paths and maintain
routing tables.
Once the path is
determined a router can
route a routed protocol.
E0
Network
Protocol
Connected
RIP
IGRP
172.16.1.0
S0
Destination
Network
10.120.2.0
172.16.2.0
172.17.3.0
Exit
Interface
E0
S0
S1
Routed Protocol: IP
Routing protocol: RIP, IGRP
172.17.3.0
Autonomous Systems: Interior or

Exterior Routing Protocols
IGPs: RIP, IGRP
EGPs: BGP
Autonomous System 100
Autonomous System 200
An autonomous system is a collection of networks

under a common administrative domain
IGPs operate within an autonomous system
EGPs connect different autonomous systems
Administrative Distance:
Ranking Routes
I need to send a packet to
Network E. Both router B
and C will get it there.
Which route is best?
IGRP
Administrative
Distance=100
Router A
Router B
RIP
Administrative
Distance=120
Router C
Router D
Distance Vector versus Link

State
Distance vector
Sends routing table info only to neighbors, so change
communication may need one min/router
Also called routing by rumor
Easy to configure, but slow
Link state
Floods routing information about itself to all nodes, so
changes are known immediately
Efficient, but complex to configure
Ciscos EIGRP hybrid
Efficient and easy to configure
Routing Protocol Evolutions

EIGRP
IGRP
RIP
Distance vector
Most common IGP
Uses hop count
Distance vector
Developed by Cisco
Addresses problems in
large, heterogeneous
networks
Hybrid protocol
Developed by Cisco
Superior convergence
and operating efficiency
Merges benefits of link
state & distance vector
OSPF
Distance Vector
Hybrid
Link State
Link state, hierarchical

Successor to RIP
Uses least-cost routing,
multipath routing, and
load balancing
Derived from IS-IS
Classes of Routing Protocols

B
Distance Vector
C
D
Hybrid Routing
B
A
C
D
Link State
Distance Vector Routing

Protocols
B
A
DistanceHow far
VectorIn which direction
Routing
Table
Routing
Table
Routing
Table
Routing
Table
Pass periodic copies of routing table to neighbor

routers and accumulate distance vectors
Distance VectorSources of
Information and Discovering Routes
10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
S0
10.3.0.0
B
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0
E0
10.2.0.0
S0
10.3.0.0
S0
10.2.0.0
S0
10.3.0.0
S1
10.4.0.0
E0
Routers discover the best path to

destinations from each neighbor
10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
S0
10.3.0.0
B
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0
E0
10.2.0.0
S0
10.3.0.0
S0
10.2.0.0
S0
10.3.0.0
S1
10.4.0.0
E0
10.3.0.0
S0
10.4.0.0
S1
10.2.0.0
S0
10.1.0.0
S0

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
S0
10.3.0.0
B
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0
E0
10.2.0.0
S0
10.3.0.0
S0
10.2.0.0
S0
10.3.0.0
S1
10.4.0.0
E0
10.3.0.0
S0
10.4.0.0
S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0
S0
10.1.0.0
S0

Distance VectorSelecting
Best Route with Metrics
A
IGRP
Bandwidth
56
Delay
RIP
Hop count
T1
56
T1
B
Information used to select the best path for routing
Distance VectorMaintaining
Routing Information
Process to
update this
routing
table
Updates proceed step-by-step

from router to router
Topology
change
causes
routing
table
update
Routing Information
Process to
update this
routing
table
Router A sends
out this updated
routing table
after the
next period
expires

Topology
change
causes
routing
table
update
Routing Information
Process to
update this
routing
table
Process to
update this
routing
table
Router A sends
out this updated
routing table
after the
next period
expires

Topology
change
causes
routing
table
update
Maintaining Routing Information

ProblemRouting Loops
10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0
E0
10.2.0.0 S0
10.3.0.0 S0
10.2.0.0
S0
10.3.0.0 S1
10.4.0.0 E0
10.3.0.0
S0
10.4.0.0 S1
10.2.0.0 S0
10.4.0.0
S0
10.1.0.0 S0
10.1.0.0 S0
Each node maintains the distance from itself to each possible

destination network

10.1.0.0
10.2.0.0
A
E0
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0 S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0 E0 Down
10.3.0.0
S0
10.4.0.0 S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0 S0
10.1.0.0
S0
Slow convergence produces inconsistent routing

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0 S0
10.2.0.0
S0
10.3.0.0 S1
10.4.0.0 S0
10.3.0.0
S0
10.4.0.0
S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0
S1
10.1.0.0
S0
Router C concludes that the best path to network

10.4.0.0 is through Router B

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0 S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0 S0
10.3.0.0
S0
10.4.0.0 S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0 S0
10.1.0.0
S0
Router A updates its table to reflect the new but

erroneous hop count
Symptom: Counting to Infinity

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0 S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0 S0
10.3.0.0
S0
10.4.0.0
S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0
S0
10.1.0.0
S0
Packets for network 10.4.0.0 bounce between routers A,

B, and C
Hop count for network 10.4.0.0 counts to infinity
Solution: Defining a Maximum

10.1.0.0
10.2.0.0
E0
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0
S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0
S0
16
10.3.0.0
S0
10.4.0.0
S1
16
10.2.0.0
S0
10.4.0.0
S0
16
10.1.0.0
S0
10.1.0.0
S0
Define a limit on the number of hops to prevent infinite

loops
Solution: Split Horizon

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0
E0
10.2.0.0 S0
10.3.0.0
S0
10.2.0.0
S0
10.3.0.0 S1
10.4.0.0
S0
10.3.0.0
S0
10.4.0.0
S1
10.2.0.0
S0
10.4.0.0
S0
10.1.0.0
E1
10.1.0.0
S0
It is never useful to send information about a route back in

the direction from which the original packet came
Solution: Route Poisoning

10.1.0.0
E0
10.2.0.0
A
S0
Routing Table
10.3.0.0
S0
S1
Routing Table
10.4.0.0
S0
E0
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0
S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0
10.3.0.0
S0
10.4.0.0 S1
10.2.0.0
S0 Infinity
1
S0
10.4.0.0
S0
10.1.0.0 E1
10.1.0.0
S0
Routers set the distance of routes that have gone down to

infinity
Solution: Poison Reverse

10.1.0.0
E0
10.2.0.0
A
S0
10.3.0.0
S0
S1
10.4.0.0
S0
E0
Poison
Reverse
Routing Table
Routing Table
Routing Table
10.1.0.0 E0
10.2.0.0 S0
10.3.0.0
S0
10.2.0.0 S0
10.3.0.0 S1
10.4.0.0
10.3.0.0
S0
10.4.0.0 S1
Possibly
Down
10.2.0.0
S0 Infinity
1
S0
10.4.0.0
S0
10.1.0.0 E1
10.1.0.0
S0
Poison Reverse overrides split horizon
Solution: Hold-Down Timers

Network 10.4.0.0
is unreachable
Update after
hold-down Time
10.1.0.0
10.2.0.0
E0
S0
Update after
hold-down Time
S0
10.3.0.0
B
S1
10.4.0.0
S0
E0
Network 10.4.0.0 is down

then back up
then back down
Router keeps an entry for the network possibly down state,

allowing time for other routers to recompute for this topology
change
Solution: Triggered Updates

Network 10.4.0.0
is unreachable
Network 10.4.0.0
is unreachable
10.1.0.0
E0
Network 10.4.0.0
is unreachable
10.2.0.0
A
S0
S0
10.3.0.0
B
S1
10.4.0.0
S0
E0
Router sends updates when a change in its routing table

occurs
Implementing Solutions in
Multiple Routes
D
10.4.0.0
E
Multiple Routes (cont.)
Holddown
10.4.0.0
E
Holddown
A
Holddown
Holddown
Poison Reverse
D
Poison Reverse
10.4.0.0
E
Holddown
Poison Reverse
Poison Reverse
A
Holddown
Holddown
10.4.0.0
E
Holddown
Packet for
Network 10.4.0.0
Packet for
Network 10.4.0.0
A
Holddown
D
10.4.0.0
E
Link up!
D
10.4.0.0
E
Link up!
Link-State Routing Protocols

B
C
A
D
Link-State Packets
Topological
Database
Routing
Table
SPF
Algorithm
Shortest Path First Tree
After initial flood, pass small event-triggered link-state

updates to all other routers
Hybrid Routing
Choose a
routing path based
on distance vectors
Balanced Hybrid Routing
Converge rapidly using
change-based
updates
Share attributes of both distance-vector

and link-state routing
IP Routing
Configuration Tasks
Network 172.16.0.0
Router configuration
Select routing protocols
Specify networks or
interfaces
RIP
IGRP,
RIP
IGRP
Network
160.89.0.0
RIP
Network 172.30.0.0
Dynamic Routing Configuration

Router(config)#router protocol [keyword]
Defines an IP routing protocol
Router(config-router)#network network-number
Mandatory configuration command for each
IP routing process
Identifies the physically connected network
that routing updates are forwarded to
RIP Overview
19.2 kbps
T1
T1
T1
Hop count metric selects the path

Routes update every 30 seconds
RIP Configuration
Router(config)#router rip
Starts the RIP routing process
Selects participating attached networks
The network number must be a major classful
network number
RIP Configuration Example

E0
172.16.1.0
S2
S2
A
172.16.1.1 10.1.1.1
2.3.0.0
router rip
network 172.16.0.0
network 10.0.0.0
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
2.3.0.0
router rip
network 192.168.1.0
network 10.0.0.0
router rip
network 10.0.0.0
Verifying the Routing Protocol

RIP
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv
Key-chain
Ethernet0
1
1 2
Serial2
1
1 2
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
120
00:00:10
Distance: (default is 120)
192.168.1.0
Displaying the
IP Routing Table
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
C
R
C
R
172.16.0.0/24 is subnetted, 1 subnets

172.16.1.0 is directly connected, Ethernet0
10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2
10.1.1.0 is directly connected, Serial2
192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2
debug ip rip Command

E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
RouterA#debug ip rip
RIP protocol debugging is on
RouterA#
00:06:24: RIP: received v1 update from 10.1.1.2 on Serial2
00:06:24:
10.2.2.0 in 1 hops
00:06:24:
192.168.1.0 in 2 hops
00:06:33: RIP: sending v1 update to 255.255.255.255 via
Ethernet0 (172.16.1.1)
00:06:34:
network 10.0.0.0, metric 1
00:06:34:
00:06:34: RIP: sending v1 update to 255.255.255.255 via
Serial2 (10.1.1.1)
00:06:34:
192.168.1.0
Introduction to IGRP
IGRP
More scalable than RIP

Sophisticated metric
Multiple-path support
IGRP Composite Metric

19.2 kbps
19.2 kbps
Source
Destination
Bandwidth
Delay
Reliability
Loading
MTU
IGRP Unequal Multiple Paths

New Route
Source
Initial
Route
Destination
Maximum six paths

Next-hop router closer to destination
Within metric variance
Configuring IGRP
Router(config)#router igrp autonomous-system

Defines IGRP as the IP routing protocol
Selects participating attached networks
Configuring IGRP (cont.)
Router(config-router)#variance multiplier
Control IGRP load balancing
Router(config-router)#traffic-share
{ balanced | min }
Control how load-balanced traffic is distributed
IGRP Configuration Example

Autonomous System = 100
E0
172.16.1.0
S2
S2
A
172.16.1.1 10.1.1.1
router igrp 100

network 172.16.0.0
network 10.0.0.0
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
router igrp 100

network 192.168.1.0
network 10.0.0.0
router igrp 100

network 10.0.0.0
Verifying the Routing Protocol

IGRP
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols
Routing Protocol is "igrp 100"
Sending updates every 90 seconds, next due in 21 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway
Distance
Last Update
10.1.1.2
100
00:01:01
Distance: (default is 100)
192.168.1.0
Displaying the
IP Routing Table
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
C
I
C
I

172.16.1.0 is directly connected, Ethernet0
10.2.2.0 [100/90956] via 10.1.1.2, 00:00:23, Serial2
192.168.1.0/24 [100/91056] via 10.1.1.2, 00:00:23, Serial2
debug ip igrp transaction

Command
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp transactions

IGRP protocol debugging is on
RouterA#
00:21:06: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:21:06:
network 10.0.0.0, metric=88956
00:21:06:
network 192.168.1.0, metric=91056
00:21:07: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:21:07:
00:21:16: IGRP: received update from 10.1.1.2 on Serial2
00:21:16:
subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:21:16:
network 192.168.1.0, metric 91056 (neighbor 89056)
debug ip igrp events Command

E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp events

IGRP event debugging is on
RouterA#
00:23:44: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:23:44: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes.
00:23:44: IGRP: Total routes in update: 2
Updating Routing Information

Example
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA# debug ip igrp trans

00:31:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down
00:31:15: IGRP: edition is now 3
00:31:15:
network 172.16.0.0, metric=4294967295
00:31:16: IGRP: broadcasting request on Serial2
00:31:16:
subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:31:16:
network 172.16.0.0, metric 4294967295 (inaccessible)
00:31:16:

Example (cont.)
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#debug ip igrp trans

IGRP protocol debugging is on
RouterB#
1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2)
1d19h:
subnet 10.2.2.0, metric=88956
1d19h:
network 192.168.1.0, metric=89056
1d19h:
1d19h:
1d19h: IGRP: received update from 10.1.1.1 on Serial2
1d19h:
network 172.16.0.0, metric 4294967295 (inaccessible)
1d19h: IGRP: edition is now 10
1d19h:
1d19h:
network 172.16.0.0, metric=4294967295
1d19h:
network 192.168.1.0, metric=89056
1d19h:
1d19h:
network 172.16.0.0, metric=4294967295

Example (cont.)
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#sh ip route
I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2

C
C
I
192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:14, Serial3
RouterB#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RouterB#

Example (cont.)
E0
172.16.1.0
S2
A
172.16.1.1 10.1.1.1
S2
10.1.1.2
S3
B
S3
E0
C
10.2.2.2 10.2.2.3 192.168.1.1
RouterB#debug ip igrp transactions

RouterB#
1d20h: IGRP: received update from 10.1.1.1 on Serial2
1d20h:
RouterB#
RouterB#sh ip route

I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2

C
C
I
192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:18, Serial3
RouterB#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
192.168.1.0
EIGRP Overview
www.cisco.com
6-412
What Is Enhanced IGRP

(EIGRP)?
IP Routing
Protocols
AppleTalk
Routing Protocol
IP Routing
Protocols
Enhanced
IGRP
IPX Routing
Protocols
AppleTalk
Routing Protocol
IPX Routing
Protocols
EIGRP supports:
Rapid convergence
Reduced bandwidth usage
Multiple network-layer protocols
EIGRP Features
Advanced distance vector

100% loop free
Fast convergence
Easy configuration
Less network design constraints
than OSPF
EIGRP Features (cont.)

Incremental updates
Supports VLSM and discontiguous networks
Classless routing
Compatible with existing IGRP networks
Protocol independent
(supports IPX and AppleTalk)
Advantages of EIGRP
Uses multicast instead of broadcast
Utilizes link bandwidth and delay
EIGRP metric = IGRP metric x 256
(32 bit vs. 24 bit)
Unequal cost path load balancing

More flexible than OSPF
Manual summarization can be done in
any interface at any router within the
network
EIGRP Support for Route

Summarization
172.16.0.0 /24
172.16.0.0 /16
192.168.42.0 /27
10.0.0.0 /18
172.16.0.0 /16
192.168.42.0 /24
EIGRP performs route summarization

Classful network boundaries (default)
Arbitrary network boundaries (manual)
EIGRP Packets
Hello: Establish neighbor relationships
Update: Send routing updates
Query: Ask neighbors about
routing information
Reply: Response to query about
routing information
ACK: Acknowledgement of a reliable packet
EIGRP Neighbor Relationship

Two routers become neighbors when they see each others
hello packet
Hello address = 224.0.0.10
Hellos sent once every 5 seconds on the following links:
Broadcast media: Ethernet, Token Ring, FDDI
Point-to-point serial links: PPP, HDLC,
point-to-point Frame Relay/ATM subinterfaces
Multipoint circuits with bandwidth greater than T1: ISDN
PRI, Frame Relay

(cont.)
Hellos sent once every 60 seconds on the
following links:
Multipoint circuits with bandwidth less than T1:
ISDN BRI, Frame Relay, and so on
Neighbor declared dead when no EIGRP

packets are received within hold interval
Not only hello can reset the hold timer
Hold time by default is three times the hello

time

(cont.)
EIGRP will form neighbors even though hello
time and hold time dont match
EIGRP sources hello packets from primary
address of the interface
EIGRP will not form neighbor if K-values are
mismatched
EIGRP will not form neighbor if AS numbers
are mismatched
What Is in a Neighbor Table?

p2r2
p2r2#show ip eigrp neighbors

IP-EIGRP neighbors for process 400
H Address
Interface Hold Uptime
(sec)
1 172.68.2.2
To0
13 02:15:30
0 172.68.16.2
Se1
10 02:38:29
SRTT
(ms)
8
29
RTO Q Seq
Cnt Num
200 0 9
200 0 6
EIGRP Reliability
EIGRP reliable packets are packets that require
explicit acknowledgement:
Update
Query
Reply
EIGRP unreliable packets are packets that do not

require explicit acknowledgement:
Hello
ACK
EIGRP Reliability (cont.)

The router keeps a neighbor list and a
retransmission list for every neighbor
Each reliable packet (update, query, reply) will
be retransmitted when packet is
not acknowledged
Neighbor relationship is reset when retry limit
(limit = 16) for reliable packets is reached
Initial Route Discovery

A
1
Hello
B
I am router A, who is on the link?

A
1
Hello
B
Here is my complete routing information. Update

B
A
1
Hello
3
5
Ack
Thanks for the information!

B
A
1
Hello
4
Topology
Table
3
5
Ack

B
A
1
Hello
4
Topology
Table
3
5
Ack
Update Here is my complete route information.

B
A
1
Hello
4
Topology
Table
3
5
Ack
Update Here is my complete route information.
Converged
Ack
EIGRP Route Selection

IP
IP
A
AppleTalk
T1
19.2
T1
AppleTalk
IPX
IPX
T1
C
EIGRP uses a composite metric to

pick the best path
EIGRP Metrics Calculation

Metric = [K1 x BW + (K2 x BW) / (256 - load) +
K3 x delay] x [K5 / (reliability + K4)]
By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0
Delay is sum of all the delays of the links

along the paths
Delay = [Delay in 10s of microseconds] x 256
Bandwidth is the lowest bandwidth of the links

along the paths
Bandwidth = [10000000 / (bandwidth in Kbps)] x 256
By default, metric = bandwidth + delay
EIGRP DUAL
Diffusing Update Algorithm (DUAL)
Finite-state machine
Tracks all routes advertised by neighbors
Select loop-free path using a successor and remember
any feasible successors
If successor lost:
Use feasible successor
If no feasible successor:
Query neighbors and recompute new successor
DUAL Example (Start)

(a)
C
(a)
A
(1)
(1)
B
D
(2)
(2)
via B
via D
via E
FD AD
3
3
1
4
2
4
3
Topology
(fd)
(Successor)
(fs)
D EIGRP
(a)
via B
via C
FD AD
2
2
1
5
3
Topology
(fd)
(Successor)
E EIGRP
(a)
via D
via C
FD AD
3
3
2
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
EIGRP
DUAL Example
(a)
C
(a)
A
(1)
(1)
B
(2)
(2)
via B
via D
via E
FD AD
3
3
1
4
2
4
3
Topology
(fd)
(Successor)
(fs)
D EIGRP
(a)
via B
via C
FD AD
2
2
1
5
3
Topology
(fd)
(Successor)
E EIGRP
(a)
via D
via C
FD AD
3
3
2
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
EIGRP
DUAL Example (cont.)

(a)
C
(a)
via B
via D
via E
A
(1)
D
(2)
(2)
(1)
(1)
C
EIGRP
FD AD
3
3
1
4
D EIGRP
(a) **ACTIVE**
via E
via C
FD AD
-1
E EIGRP
(a)
via D
via C
FD AD
3
3
2
4
3
Topology
(fd)
(Successor)
Topology
(fd)
(q)
(q)
Topology
(fd)
(Successor)

(a)
C
(a)
FD AD
3
3
1
Topology
(fd)
(Successor)
D EIGRP
(a) **ACTIVE**
via E
via C
FD AD
-1
Topology
(fd)
(q)
E EIGRP
(a) **ACTIVE**
via D
via C
FD AD
-1
Topology
(fd)
(q)
via B
via D
via E
A
(1)
D
(2)
(2)
(1)
(1)
C
EIGRP

(a)
C
(a)
(1)
D
(2)
Topology
(fd)
(Successor)
D EIGRP
(a) **ACTIVE**
via E
via C
FD AD
-1
Topology
(fd)
(q)
E EIGRP
(a)
via C
via D
FD AD
4
4
3
(1)
(1)
C
FD AD
3
3
1
via B
via D
via E
(2)
EIGRP
Topology
(fd)
(Successor)

(a)
C
(a)
(1)
D
R
(2)
Topology
(fd)
(Successor)
D EIGRP
(a)
via C
via E
FD AD
5
5
3
5
4
Topology
(fd)
(Successor)
(Successor)
E EIGRP
(a)
via C
via D
FD AD
4
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
FD AD
3
3
1
via B
via D
via E
(2)
EIGRP

(a)
C
(a)
(1)
D
(2)
Topology
(fd)
(Successor)
D EIGRP
(a)
via C
via E
FD AD
5
5
3
5
4
Topology
(fd)
(Successor)
(Successor)
E EIGRP
(a)
via C
via D
FD AD
4
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
FD AD
3
3
1
via B
via D
via E
(2)
EIGRP
DUAL Example (Start)

(a)
C
(a)
A
(1)
(1)
B
D
(2)
(2)
via B
via D
via E
FD AD
3
3
1
4
2
4
3
Topology
(fd)
(Successor)
(fs)
D EIGRP
(a)
via B
via C
FD AD
2
2
1
5
3
Topology
(fd)
(Successor)
E EIGRP
(a)
via D
via C
FD AD
3
3
2
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
EIGRP
DUAL Example (End)

(a)
C
(a)
(1)
D
(2)
Topology
(fd)
(Successor)
D EIGRP
(a)
via C
via E
FD AD
5
5
3
5
4
Topology
(fd)
(Successor)
(Successor)
E EIGRP
(a)
via C
via D
FD AD
4
4
3
Topology
(fd)
(Successor)
(1)
(1)
C
FD AD
3
3
1
via B
via D
via E
(2)
EIGRP
EIGRP Load Balancing

Routes with metric equal to the minimum metric
will be installed in the routing table (equal-cost
load balancing)
Up to six entries in the routing table for the same
destination
Number of entries is configurable
Default is four
EIGRP Unequal-Cost Load

Balancing
EIGRP offers unequal-cost load balancing
variance command
Variance allows the router to include routes

with a metric smaller than multiplier times the
minimum metric route to that destination
Multiplier is the number specified by the
variance command
Variance Example
20
10
E
10
10
A
Network Z
(config)#
variance 2
25
20
D
Router E will choose Router C to get to Network Z

because FD = 20
With variance of 2, Router E will also choose Router B to
get to Network Z (20 + 10) < (2 x [FD])
Router D will not be used to get to Network Z (45 > 40)
Configuring
EIGRP
www.cisco.com
6-446
Configuring EIGRP for IP

AS = 109
10.4.0.0 Token
172.16.6.0
Ring
172.16.7.0
192.168.1.0
S0
172.16.5.0
S1
T0
10.1.0.0
172.16.2.0
S2
172.16.1.0
B
D
10.2.0.0
172.16.3.0
Token
Ring
172.16.4.0
router eigrp 109

network 10.0.0.0
network 172.16.0.0
Network 192.168.0.0 is not configured on Router

A because it is not directly connected to Router A
EIGRP SummarizationAutomatic
Purpose: Smaller routing tables, smaller updates, query
boundary
Autosummarization:
On major network boundaries, subnetworks are summarized to a
single classful (major) network
Autosummarization is turned on by default
172.17.X.X
172.16.X.X
172.16.0.0/16
EIGRP SummarizationManual
Manual summarization
Configurable on a per-interface basis in any
router within network
When summarization is configured on an interface,
the router immediate creates a route pointing to null
zero
Loop prevention mechanism
When the last specific route of the summary goes

away, the summary is deleted
The minimum metric of the specific routes is used
as the metric of the summary route
Configuring Summarization
(config-router)#
no auto-summary
Turns off autosummarization for the

EIGRP process
(config-if)#
ip summary-address eigrp <as-number>

<address> <mask>
Creates a summary address to be generated

by this interface
Summarizing EIGRP Routes

192.168.4.2
172.16.1.0
10.0.0.0
S0
C
172.16.2.0
router eigrp 1
network 10.0.0.0
network 172.16.0.0
no auto-summary
World
Verifying EIGRP
Operation
www.cisco.com
6-452
Verifying EIGRP Operation

Router#
show ip eigrp neighbors

Router#
show ip eigrp topology

Router#
show ip route eigrp

Router#
show ip protocols
Router#
show ip eigrp traffic
Displays the neighbors discovered by

IP EIGRP
Displays the IP EIGRP topology table
Displays current EIGRP entries in the
routing table
Displays the parameters and current
state of the active routing protocol
process
Displays the number of IP EIGRP
packets sent and received
Verifying EIGRP Operation

(cont.)
Router#
debug eigrp packet

Router#
debug eigrp neighbor

Router#
debug ip eigrp route

Router#
debug ip eigrp summary

Router#
show ip eigrp events
Displays all types of EIGRP packets,

both sent and received
Displays the EIGRP neighbor
interaction
Displays advertisements and
changes EIGRP makes to the
routing table
Displays a brief report of the EIGRP
routing activity
Displays the different categories of
EIGRP activity, including route
calculations
ACCESS-LISTS
Why Use Access Lists?
Token
Ring
FDDI
Manage IP Traffic as network access grows
Why Use Access Lists?

172.16.0.0
Internet
Token
Ring
FDDI
172.17.0.0
Manage IP traffic as network access grows

Filter packets as they pass through the router
Access List Applications

Transmission of packets on an interface
Virtual terminal line access (IP)
Permit or deny packets moving through the router

Permit or deny vty access to or from the router
Without access lists all packets could be transmitted onto all
parts of your network
Other Access List Uses

Priority and custom queuing
Queue
List
Special handling for traffic based on packet tests
Other Access List Uses

Priority and custom queuing
Queue
List
Dial-on-demand routing
Special handling for traffic based on packet tests
What Are Access Lists?

E0
Incoming
Packet
Access List Processes

Outgoing
Packet
Source
Permit?
S0
Standard
Checks Source address
Generally permits or denies entire protocol suite

E0
Incoming
Packet
Protocol
Source
and
Destination
Outgoing
Packet
Permit?
S0
Standard
Extended
Checks Source and Destination address
Generally permits or denies specific protocols

E0
Incoming
Packet
Protocol
Source
and
Destination
Outgoing
Packet
Permit?
S0
Standard
Extended
Checks Source and Destination address
Generally permits or denies specific protocols
Inbound or Outbound
Outbound Access Lists

Packet
Inbound
Interface
Packets
Choose
Interface
Outbound
Interfaces
Routing
Table
Entry
?
N
S0
Access N
List
?
Y
Packet Discard Bucket

Packet
Inbound
Interface
Packets
Choose
Interface
Outbound
Interfaces
Test
Access List
Statements
Routing
Table
Entry
S0
Access N
List
?
Y
E0
Packet
Permit
?

Packet
Inbound
Interface
Packets
Choose
Interface
Outbound
Interfaces
Test
Access List
Statements
Routing
Table
Entry
S0
Access N
List
?
E0
Packet
Permit
?
Y
N
Discard Packet
Notify Sender
If no access list statement matches then discard the packet
A List of Tests: Deny or Permit

Packets to interfaces
in the access group
Match
First
Test
Y
Y
?
Deny
Permit
Destination
Interface(s)
Packet
Discard
Bucket
Deny

Match
First
Test
Y
Y
?
N
Packets to Interface(s)
in the Access Group
Deny
Deny
Permit
Y
Match
Next
Test(s)
?
Permit
Destination
Interface(s)
Packet
Discard
Bucket
Deny

Match
First
Test
Y
Y
?
N
in the Access Group
Deny
Deny
Deny
Packet
Discard
Bucket
Permit
Y
Match
Next
Test(s)
?
N
Match
Last
Test
?
Deny
Permit
Destination
Interface(s)
Permit

Match
First
Test
Y
Y
?
N
in the Access Group
Deny
Deny
Deny
Packet
Discard
Bucket
Permit
Y
Match
Next
Test(s)
?
N
Match Y
Last
Test
?
N Implicit
Deny
Deny
Permit
Destination
Interface(s)
Permit
If no match
deny all
Access List Configuration

Guidelines
Access list numbers indicate which protocol is filtered

One access list per interface, per protocol, per direction
The order of access list statements controls testing
Most restrictive statements should be at the top of list
There is an implicit deny any as the last access list test
every list should have at least one permit statement
Create access lists before applying them to interfaces
Access list, filter traffic going through the router; they do not
apply to traffic originated from the router
Access List Command Overview

Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }
Access List Command Overview

Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }
Step 2: Enable an interface to use the specified

access list
Router(config-if)#
{ protocol } access-group access-list-number {in | out}
IP Access lists are numbered 1-99 or 100-199
How to Identify Access Lists

Access List Type
IP
Standard
Number Range/Identifier
1-99
Standard IP lists (1 to 99) test conditions of all IP packets from source

addresses

Access List Type
IP
Standard
Extended
1-99
100-199

addresses
Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports

Access List Type
IP
Standard
Extended
Named
1-99
100-199
Name (Cisco IOS 11.2 and later)
IPX
Standard
Extended
SAP filters
Named
800-899
900-999
1000-1099
Name (Cisco IOS 11.2. F and later)

addresses
Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports
Other access list number ranges test conditions for other networking
protocols
Testing Packets with

Standard Access Lists
Frame
Header
(for example,
HDLC)
Packet
(IP header)
Segment
(for example,
TCP header)
Source
Address
Data
Use
access
list statements
1-99
Deny
Permit
Testing Packets with

Extended Access Lists
An Example from a TCP/IP Packet
Frame
Header
(for example,
HDLC)
Packet
(IP header)
Segment
(for example,
TCP header)
Data
Port
Number
Protocol
Source
Address
Destination
Address
Deny
Use
access
list statements
1-99 or 100-199 to
test the
packet
Permit
Wildcard Bits: How to Check the

Corresponding Address Bits
128
64
32
16
Octet bit position and

address value for bit
Examples
check all address bits
(match all)
ignore last 6 address bits
ignore last 4 address bits
check last 2 address bits
do not check address

(ignore bits in octet)
0 means check corresponding address bit value

1 means ignore value of corresponding address bit
Wildcard Bits to Match a

Specific IP Host Address
Test conditions: Check all the address bits (match all)
An IP host address, for example:
172.30.16.29
Wildcard mask: 0.0.0.0
(checks all bits)
Example 172.30.16.29 0.0.0.0 checks all the

address bits
Abbreviate this wildcard mask using the IP address
preceded by the keyword host (host 172.30.16.29)
Wildcard Bits to Match

Any IP Address
Test conditions: Ignore all the address bits (match any)
Any IP address
0.0.0.0
Wildcard mask: 255.255.255.255

(ignore all)
Accept any address: 0.0.0.0 255.255.255.255

Abbreviate the expression using the
keyword any
Wildcard Bits to Match IP

Subnets
Check for IP subnets 172.30.16.0/24 to 172.30.31.0/24
Address and wildcard mask:
172.30.16.0 0.0.15.255
Network .host
172.30.16.0
Wildcard mask:
|<---- match ---->|<----- dont care ----->|

0
16
17
18
:
0
:
1
31
Configuring Standard
IP Access Lists
www.cisco.com
10-484
Standard IP Access List

Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]
Sets parameters for this list entry
IP standard access lists use 1 to 99
Default wildcard mask = 0.0.0.0
no access-list access-list-number removes entire access-list

Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]
IP standard access lists use 1 to 99
Default wildcard mask = 0.0.0.0
no access-list access-list-number removes entire access-list
Router(config-if)#
ip access-group access-list-number
{ in | out }
Activates the list on an interface

Sets inbound or outbound testing
Default = Outbound
no ip access-group access-list-number removes access-list from the interface

Example 1
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 1 permit 172.16.0.0 0.0.255.255

(implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0
255.255.255.255)

Example 1
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13

(implicit deny all - not visible in the list)
255.255.255.255)
interface ethernet 0
ip access-group 1 out
Permit my network only

Example 2
Non172.16.0.0
172.16.3.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0
Deny a specific host

Example 2
Non172.16.0.0
172.16.3.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0

(implicit deny all)
255.255.255.255)

Example 2
Non172.16.0.0
172.16.3.0
172.16.4.0
S0
E0
E1
172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0

(implicit deny all)
255.255.255.255)

Example 3
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255

access-list 1 permit any
(implicit deny all)
255.255.255.255)
Deny a specific subnet

Example 3
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255

access-list 1 permit any
(implicit deny all)
255.255.255.255)
Deny a specific subnet
Control vty Access

With Access Class
www.cisco.com
10-494
Filter Virtual Terminal (vty)

Access to a Router
e0
console
Console port (direct connect)
0 1 2 34
Physical port e0 (Telnet)
Virtual ports (vty 0 through 4)
Five virtual terminal lines (0 through 4)

Filter addresses that can access into the
routers vty ports
Filter vty access out from the router
How to Control vty Access

e0
0 1 2 34
Physical port (e0) (Telnet)
Router#
Virtual ports (vty 0 through 4)
Setup IP address filter with standard access list

statement
Use line configuration mode to filter access with the
access-class command
Set identical restrictions on all vtys
Virtual Terminal Line

Commands
Router(config)#
line vty#{vty# | vty-range}
Enters configuration mode for a vty or vty range

Router(config-line)#
access-class access-list-number {in|out}
Restricts incoming or outgoing vty connections for

address in the access list
Virtual Terminal Access

Example
Controlling Inbound Access
access-list 12 permit 192.89.55.0

0.0.0.255
!
line vty 0 4
access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to

the routers vtys
Configuring Extended
IP Access Lists
www.cisco.com
10-499
Standard versus External

Access List
Standard
Extended
Filters Based on
Source.
Filters Based on
Source and destination.
Permit or deny entire

TCP/IP protocol suite.
Specifies a specific IP
protocol and port number.
Range is 1 through 99
Range is 100 through 199.
Extended IP Access List

Configuration
Router(config)#
access-list access-list-number { permit | deny } protocol source
source-wildcard [operator port] destination destination-wildcard
[ operator port ] [ established ] [log]
Extended IP Access List

Configuration
Router(config)#
{ permit | deny
[operator port]
[ operator port
access-list access-list-number
} protocol source source-wildcard
destination destination-wildcard
] [ established ] [log]

Router(config-if)# ip access-group access-listnumber { in | out }
Activates the extended list on an interface
Extended Access List

Example 1
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21

Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0

Permit all other traffic

Example 1
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13

access-list 101 permit ip any any
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)


Example 1
172.16.3.0
Non172.16.0.0
S0
E0
E1
172.16.4.0
172.16.4.13

(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)


Example 2
172.16.3.0
Non172.16.0.0
172.16.4.0
S0
E0
E1
access-list 101 deny tcp 172.16.4.0
172.16.4.13
0.0.0.255
any eq 23
Deny only Telnet from subnet 172.16.4.0 out of E0


Example 2
172.16.3.0
Non172.16.0.0
172.16.4.0
S0
E0
E1

(implicit deny all)
172.16.4.13
0.0.0.255
any eq 23


Example 2
172.16.3.0
Non172.16.0.0
172.16.4.0
S0
E0
E1

(implicit deny all)
172.16.4.13
0.0.0.255
any eq 23

Using Named IP Access Lists

Feature for Cisco IOS Release 11.2 or later
Router(config)#
ip access-list { standard | extended } name
Alphanumeric name string must be unique

Router(config)#
ip access-list { standard | extended } name

Router(config {std- | ext-}nacl)#
{ permit | deny } { ip access list test conditions }

no { permit | deny } { ip access list test conditions }
Permit or deny statements have no prepended number

"no" removes the specific test from the named access list

Router(config)# ip access-list { standard | extended } name

Router(config {std- | ext-}nacl)# { permit | deny }
{ ip access list test conditions }

no { permit | deny } { ip access list test conditions }
Permit or deny statements have no prepended number

"no" removes the specific test from the named access list
Router(config-if)# ip access-group name { in | out }
Activates the IP named access list on an interface
Access List Configuration

Principles
Order of access list statements is crucial
Recommended: use a text editor on a TFTP server or use PC to
cut and paste
Top-down processing
Place more specific test statements first
No reordering or removal of statements

Use no access-list number command to remove entire access list
Exception: Named access lists permit removal of individual
statements
Implicit deny all

Unless access list ends with explicit permit any
Where to Place IP Access Lists

S0
E0
E0
S0
S1
S1
To0
Token
Ring
E0
E0
E1
Recommended:
Place extended access lists close to the source
Place standard access lists close to the destination
Verifying Access Lists

wg_ro_a#show ip int e0
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 1
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
<text ommitted>
Monitoring Access List

Statements
wg_ro_a#show {protocol} access-list {access-list number}
wg_ro_a#show access-lists {access-list number}
wg_ro_a#show access-lists
Standard IP access list 1
permit 10.2.2.1
permit 10.3.3.1
permit 10.4.4.1
permit 10.5.5.1
Extended IP access list 101
permit tcp host 10.22.22.1 any eq telnet
permit tcp host 10.33.33.1 any eq ftp
permit tcp host 10.44.44.1 any eq ftp-data
SILICON COMNET PVT `.LTD.
WAN PROTOCOLS
Typical WAN Encapsulation

Protocols: Layer 2
Leased Line
HDLC, PPP, SLIP
X.25, Frame Relay, ATM

Packet-switched
Service
Provider
PPP, SLIP, HDLC

Circuit-switched
Telephone
Company
HDLC Frame Format

Cisco HDLC
Flag
Address
Control
Proprietary
Data
FCS
Flag
Ciscos HDLC has a proprietary data field to support

multiprotocol environments
HDLC
Flag
Address
Control
Data
FCS
Supports only single protocol environments
Flag
HDLC Command
Router(config-if)#encapsulation hdlc
Enable hdlc encapsulation

HDLC is the default encapsulation on
synchronous serial interfaces
An Overview of PPP
Multiple protocol
encapsulations using
NCPs in PPP
TCP/IP
Novell IPX
AppleTalk
PPP Encapsulation
Link setup and control

using LCP in PPP
PPP can carry packets from several protocol suites using

Network Control Programs
PPP controls the setup of several link options using LCP
Layering PPP Elements

IP
IPX
IPCP
PPP
IPXCP
Layer 3 Protocols
Network
Layer
Many Others
Network Control Protocol
Data Link
Layer
Authentication, other options

Link Control Protocol
Synchronous or Asynchronous
Physical Media
Physical
Layer
PPPA data link with network-layer services
PPP LCP Configuration Options

Feature
Authentication
How It Operates
Protocol
Require a password
PAP
Perform Challenge Handshake CHAP
Compression
Compress data at source;

reproduce data at
destination
Stacker or
Predictor
Error
Detection
Monitor data dropped on link
Magic Number
Multilink
Load balancing across

multiple links
Avoid frame looping

Multilink
Protocol (MP)
PPP Authentication Overview

Dialup or
Circuit-Switched
Network
PPP Session Establishment

1
2
3
Link Establishment Phase

Optional Authentication Phase
Network-Layer Protocol Phase
Two PPP authentication protocols:

PAP and CHAP
Selecting a PPP Authentication

Protocol
Remote Router
(SantaCruz)
PAP
2-Way Handshake
Central-Site Router
(HQ)
santacruz, boardwalk
Accept/Reject
Hostname: santacruz
Password: boardwalk
username santacruz
password boardwalk
Passwords sent in clear text

Peer in control of attempts
Selecting a PPP Authentication

Protocol (cont.)
Remote Router
(SantaCruz)
CHAP
3-Way Handshake
Central-Site Router
(HQ)
Challenge
Response
Hostname: santacruz
Password: boardwalk
Accept/Reject
username santacruz
password boardwalk
Use secret known only to authenticator and

peer
Configuring PPP and

Authentication Overview
Verify who
you are.
Service
Provider
Authenticating Router
Router to Be Authenticated
(The router that initiated the call.)
(The router that received the

call.)
Enabling PPP
Enabling PPP
Enabling PPP Authentication
Enabling PPP Authentication
ppp encapsulation
hostname
username / password
ppp authentication
ppp encapsulation
hostname
username / password
ppp authentication
Configuring PPP
Router(config-if)#encapsulation ppp
Enable PPP encapsulation
Configuring PPP
Authentication
Router(config)#hostname name
Assigns a host name to your router

Router(config)#username name password password
Identifies the username and password of

authenticating router
Configuring PPP
Authentication
(cont.)
Router(config-if)#ppp authentication
{chap | chap pap | pap chap | pap}
Enables PAP and/or CHAP authentication
Configuring CHAP Example

Left
router
PSTN/ISDN
hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication CHAP
Right
router
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP
Verifying HDLC and PPP

Encapsulation Configuration
Router#show interface s0
Hardware is HD64570
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
38021 packets input, 5656110 bytes, 0 no buffer
Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38097 packets output, 2135697 bytes, 0 underruns
0 output errors, 0 collisions, 6045 interface resets
0 output buffer failures, 0 output buffers swapped out
482 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying PPP Authentication with the

debug ppp authentication Command
Left
router
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
4d20h:
changed
Service
Provider
Right
router
%LINK-3-UPDOWN: Interface Serial0, changed state to up

Se0 PPP: Treating connection as a dedicated line
Se0 PPP: Phase is AUTHENTICATING, by both
Se0 CHAP: O CHALLENGE id 2 len 28 from left"
Se0 CHAP: I CHALLENGE id 3 len 28 from right"
Se0 CHAP: O RESPONSE id 3 len 28 from left"
Se0 CHAP: I RESPONSE id 2 len 28 from right"
Se0 CHAP: O SUCCESS id 2 len 4
Se0 CHAP: I SUCCESS id 3 len 4
dialer Protocol up for Se0
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
state to up
debug ppp authentication successful CHAP output
Frame Relay Overview

DCE or
Frame
Relay Switch
CSU/DSU
Frame Relay works here.
Virtual circuits make connections

Connection-oriented service
Frame Relay Stack

OSI Reference Model
Frame Relay
Application
Presentation
Session
Transport
Network
IP/IPX/AppleTalk, etc.
Data Link
Frame Relay
Physical
EIA/TIA-232,
EIA/TIA-449, V.35,
X.21, EIA/TIA-530
Frame Relay Terminology

PVC
DLCI: 100
DLCI: 200
LMI
100=Active
400=Active
DLCI: 400
Local Access
Loop=64 kbps
Local
Access
Loop=T1
PVC
DLCI: 500
Local Access
Loop=64 kbps
Frame Relay
Address Mapping
DLCI: 500
PVC
CSU/DSU
Inverse ARP or
Frame Relay map
Frame
Relay DLCI (500)
IP
(10.1.1.1)
Get locally significant DLCIs from provider

Map your network addresses to DLCIs
10.1.1.1
Frame Relay Signaling

DLCI: 500
PVC
10.1.1.1
CSU/DSU
LMI
500=Active
400=Inactive
DLCI: 400
PVC
Keepalive
Cisco supports three LMI standards:

Cisco
ANSI T1.617 Annex D
ITU-T Q.933 Annex A
Frame Relay Inverse ARP and

LMI Operation
1
DLCI=100
172.168.5.5
Frame Relay
Cloud
DLCI=400
172.168.5.7

LMI Operation
1
DLCI=100
172.168.5.5
Status Inquiry
Frame Relay
Cloud
DLCI=400
172.168.5.7
Status Inquiry

LMI Operation
1
Frame Relay
Cloud
DLCI=100
DLCI=400
172.168.5.5
172.168.5.7
Status Inquiry
Local DLCI 100=Active
Status Inquiry
34

LMI Operation
1
Frame Relay
Cloud
DLCI=100
DLCI=400
172.168.5.5
172.168.5.7
Status Inquiry
Status Inquiry
34
Hello, I am 172.168.5.5 on DLCI 100. who r u ?

LMI Operation (cont.)
DLCI=100
Frame Relay
Cloud
DLCI=400
172.168.5.7
172.168.5.5
Frame Relay Map

172.168.5.5 DLCI 400 Active
Hello, I am 172.168.5.7 on DLCI 400.
Frame Relay Map

172.168.5.7 DLCI 100 Active
5
4

DLCI=100
Frame Relay
Cloud
DLCI=400
172.168.5.7
172.168.5.5
Frame Relay Map

172.168.5.5 DLCI 400 Active
Hello, I am 172.168.5.7.
5
6
Frame Relay Map

172.168.5.7 DLCI 100 Active
Hello, I am 172.168.5.5 on DLCI 100.
5
4

DLCI=100
Frame Relay
Cloud
DLCI=400
172.168.5.7
172.168.5.5
Frame Relay Map

172.168.5.5 DLCI 400 Active
Hello, I am 172.168.5.7.
5
6
7
5
4
Frame Relay Map

172.168.5.7 DLCI 100 Active
Hello, I am 172.168.5.5.
Keepalives
Keepalives
Configuring Basic Frame Relay

Rel. 11.2 Router
HQ
interface Serial1
ip address 10.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64
Rel. 10.3 Router

Branch
interface Serial1
ip address 10.16.0.2 255.255.255.0
bandwidth 64
frame-relay lmi-type ansi
Configuring Basic Frame Relay

(cont.)
Rel. 11.2 Router
HQ
Rel. 10.3 Router

Branch
interface Serial1
interface Serial1
ip address 10.16.0.2 255.255.255.0
ip address 10.16.0.1 255.255.255.0
bandwidth 64
bandwidth 64
frame-relay lmi-type ansi
Inverse ARP
Enabled by default
Does not appear in configuration output
Configuring a Static Frame

Relay Map
DLCI=110
IP address=10.16.0.1/24
p1r1
HQ
Branch
DLCI=100
IP address=10.16.0.2/24
interface Serial1
ip address 10.16.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.16.0.2 110 broadcast
Verifying Frame Relay

Operation
Router#show interface s0
Hardware is HD64570
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5
<Output omitted>
Displays line, protocol, DLCI, and LMI information

Operation (cont.)
Router#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100
Num Update Status Rcvd 0 Num Status Timeouts 0
Displays LMI information

Operation (cont.)
Router#show frame-relay pvc 100
PVC Statistics for interface Serial0 (Frame Relay DTE)

DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 28
output pkts 10
in bytes 8398
out bytes 1198
dropped pkts 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 10
out bcast bytes 1198
pvc create time 00:03:46, last time pvc status changed 00:03:47
Displays PVC traffic statistics

Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
Displays the route maps, either static or dynamic

Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
Router#clear frame-relay-inarp
Router#sh frame map
Router#
Clears dynamically created Frame Relay maps

Operation (cont.)
Router#debug Frame lmi
Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
Router#
1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8C 8B
1w2d:
1w2d: Serial0(in): Status, myseq 140
1w2d: RT IE 1, length 1, type 1
1w2d: KA IE 3, length 2, yourseq 140, myseq 140
1w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8D 8C
1w2d:
1w2d: Serial0(in): Status, myseq 142
1w2d: RT IE 1, length 1, type 0
1w2d: KA IE 3, length 2, yourseq 142, myseq 142
1w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0
Displays LMI debug information
Selecting a Frame Relay

Topology
Full Mesh
Partial Mesh
Star (Hub and Spoke)
Frame Relay default: nonbroadcast, multiaccess (NMBA)
Reachability Issues with

Routing Updates
Routing
Update
AA
1
2
B
C
Problem:
Broadcast traffic must be replicated for
each active connection
Resolving Reachability Issues

Logical Interface
S0.1
S0.2
S0.3
Physical
Interface Subnet A
S0
Subnet B
Subnet C
Solution:
Split horizon can cause problems in NBMA environments
Subinterfaces can resolve split horizon issues
A single physical interface simulates multiple logical interfaces
Configuring Subinterfaces
Point-to-Point
Subinterfaces act as leased line
Each point-to-point subinterface requires its own subnet
Applicable to hub and spoke topologies
Multipoint
Subinterfaces act as NBMA network so they do not resolve the split
horizon issue
Can save address space because uses single subnet
Applicable to partial-mesh and full-mesh topology
Configuring Point-to-Point
Subinterfaces
10.17.0.1
s0.2
A
DLCI=110
s0.3
10.18.0.1
interface Serial0
no ip address
!
interface Serial0.2 point-to-point
ip address 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 110
!
interface Serial0.3 point-to-point
ip address 10.18.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 120
!
10.17.0.2
B
10.18.0.2
C
Multipoint Subinterfaces
Configuration Example
B
s2.2=10.17.0.1/24
s2.1=10.17.0.2/24
DLCI=130
RTR1
RTR3
s2.1=10.17.0.3/24
interface Serial2
no ip address
!
interface Serial2.2 multipoint
ip address 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.17.0.2 120
broadcast
broadcast
broadcast
RTR4
s2.1=10.17.0.4/24
OSPF Overview
www.cisco.com
4-562
What Is OSPF?
Has fast convergence

Supports VLSM
Processes updates efficiently
Selects paths based on bandwidth
Supports equal-cost multipath
OSPF in IP Packets
89 - OSPF
6 - TCP
17 - UDP
Frame Payload
Frame
Header
IP
Header
Protocol
Number
Packet Payload
OSPF is a link-state routing protocol

Relies on IP packets for delivery of routing
information
Uses protocol number 89
C
R
C
OSPF
Terminology
www.cisco.com
4-565
OSPF Terminology
Interfaces
Token
Ring
OSPF Terminology
Neighbors
Interfaces
Token
Ring
OSPF Terminology
Neighbors
Interfaces
Cost = 10
Token
Ring
Cost = 1785
Cost = 6
OSPF Terminology
Neighbors
Interfaces
Area 1
Cost = 10
Area 0
Token
Ring
Cost = 1785
Cost = 6
OSPF Terminology
Autonomous System
Neighbors
Interfaces
Area 1
Cost = 10
Area 0
Token
Ring
Cost = 1785
Cost = 6
OSPF Terminology
Autonomous System
Neighbors
Interfaces
Area 1
Cost = 10
Area 0
Token
Ring
Cost = 1785
Cost = 6
Neighborship
Database
Lists Neighbors
OSPF Terminology
Autonomous System
Neighbors
Interfaces
Area 1
Cost = 10
Area 0
Token
Ring
Cost = 1785
Cost = 6
Neighborship
Database
Lists Neighbors
Topology
Database
Lists All Routes
OSPF Terminology
Autonomous System
Neighbors
Interfaces
Area 1
Cost = 10
Area 0
Token
Ring
Cost = 1785
Cost = 6
Neighborship
Database
Lists Neighbors
Topology
Database
Lists All Routes
Routing
Table
Lists Best Routes
OSPF Operation
www.cisco.com
4-574
OSPF Topologies
Broadcast
Multiaccess
Point-to-Point
NBMA
X.25
Frame Relay
OSPF Operation in a
Broadcast Multiaccess
Topology
www.cisco.com
4-576
Neighborship
D
Hello
afadjfjorqpoeru
39547439070713
Router ID
Hello/dead intervals
Neighbors
Area-ID
Router priority
DR IP address
BDR IP address
Authentication password
Stub area flag
Hello
* Entry must match on neighboring routers
Neighborship (cont.)
D
Hello
afadjfjorqpoeru
39547439070713
Router ID
Hello/dead intervals
Neighbors
Area-ID
Router priority
DR IP address
BDR IP address
Authentication password
Stub area flag
Hello
* Entry must match on neighboring routers
DR and BDR
DR
BDR
Hellos elect DR and BDR to represent segment

Each router then forms adjacency with DR and
BDR
Electing the DR and BDR

P=3
P=2
DR
BDR
Hello
P=1
P=1
P=0
Hello packets exchanged via IP multicast

Router with highest OSPF priority elected
Exchange Process
A
172.16.5.1/24
E0
172.16.5.2/24
E1
Down State
Exchange Process
A
172.16.5.1/24
E0
172.16.5.2/24
E1
Down State
I am router ID 172.16.5.1 and I see no one.

Init State
Router B
Neighbors List
172.16.5.1/24, int E1
Exchange Process
A
172.16.5.1/24
E0
172.16.5.2/24
E1
Down State

Init State
Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.
Exchange Process
A
172.16.5.1/24
E0
172.16.5.2/24
E1
Down State

Init State
Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.
Router A
Neighbors List
172.16.5.2/24, int E0
Two-Way State
Discovering Routes
DR
E0
E0
172.16.5.1
afadjfjorqpoeru
39547439070713
Hello
172.16.5.3
Exstart State
I will start exchange because I have router ID 172.16.5.1.
No, I will start exchange because I have a

higher router ID.
afadjfjorqpoeru
39547439070713
Hello
Discovering Routes
DR
E0
E0
172.16.5.1
afadjfjorqpoeru
39547439070713
Hello
172.16.5.3
Exstart State
I will start exchange because I have router ID 172.16.5.1.
No, I will start exchange because I have a

higher router ID.
Exchange State
Here is a summary of my link-state database.
afadjfjorqpoeru
39547439070713
Hello
afadjfjorqpoeru
39547439070713
DBD
afadjfjorqpoeru
39547439070713
DBD
Here is a summary of my link-state database.
Discovering Routes (cont.)

DR
E0
172.16.5.1
E0
172.16.5.3
afadjfjorqpoeru
39547439070713
LSAck
afadjfjorqpoeru
39547439070713
LSAck

DR
E0
172.16.5.1
E0
172.16.5.3
afadjfjorqpoeru
39547439070713
afadjfjorqpoeru
39547439070713
LSAck
LSAck
Loading State
afadjfjorqpoeru
39547439070713
LSR
I need the complete entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713
Here is the entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713
LSAck Thanks for the information!
LSU

DR
E0
172.16.5.1
E0
172.16.5.3
afadjfjorqpoeru
39547439070713
afadjfjorqpoeru
39547439070713
LSAck
LSAck
Loading State
afadjfjorqpoeru
39547439070713
LSR
I need the complete entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713
Here is the entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713
LSAck Thanks for the information!

Full State
LSU
Choosing Routes
10.1.1.0/24
A
Token
Ring
10.2.2.0/24
B
FDDI
10.3.3.0/24
C
Cost=6
Cost=1
Cost=10
10.4.4.0/24
Topology Table
Net
Cost Out Interface
10.2.2.0 6
To0
10.3.3.0 7
To0
This is the best route to 10.3.3.0.
10.3.3.0 10
E0

Link-State Change
DR
1 LSU
A
Router A tells all OSPF DRs on 224.0.0.6

2
Link-State Change
LSU
DR
1 LSU
A

DR tells others on 224.0.0.5

2
Link-State Change
LSU
DR
1 LSU
A
3
LSU


2
Link-State Change
LSU
DR
4 I need to update
my routing table.
1 LSU
A
3
LSU


(cont.)
LSU
LSA
Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
Run SPF to calculate
new routing table
End

(cont.)
LSU
LSA
Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
new routing table
End
Yes
Is seq. #
the same?
Ignore LSA
Yes

(cont.)
LSU
LSA
Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
new routing table
End
Yes
Is seq. #
the same?
No
Is seq. #
higher?
No
Send LSU
with newer
information to
source
End
Ignore LSA
Yes

(cont.)
LSU
LSA
Is entry in
link-state
database?
No
Add to database
Send LSAck
to DR
Flood LSA
new routing table
End
Yes
Is seq. #
the same?
Ignore LSA
Yes
No
Is seq. #
higher?
No
Send LSU
with newer
information to
source
End
Yes
Go
to
A
OSPF Operation in a
Point-to-Point Topology
www.cisco.com
4-599
Point-to-Point Neighborship
Router dynamically detects its neighboring router

using the Hello protocol
No election: Adjacency is automatic as soon as
the two routers can communicate
OSPF packets are always sent as multicast
224.0.0.5
Configuring OSPF
in a Single Area
www.cisco.com
4-601
Configuring OSPF on Internal

Routers
Broadcast Network
E0
Point-to-Point Network
S0
10.64.0.2
10.64.0.1
E0
<Output Omitted>
interface Ethernet0
ip address 10.64.0.1 255.255.255.0
!
<Output Omitted>
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
10.2.1.2
10. 2.1.1
S1
<Output Omitted>
interface Ethernet0
ip address 10.64.0.2 255.255.255.0

!
interface Serial0
ip address 10.2.1.2 255.255.255.0
<Output Omitted>
router ospf 50
network 10.2.1.2 0.0.0.0 area 0
network 10.64.0.2 0.0.0.0 area 0
Can Assign Network or

Interface Address.
Configuring Optional
Commands
Unadvertised Loopback Address
Ex: 192.168.255.254
Not in OSPF table
Saves address space
Cannot use ping
Advertised Loopback Address

Ex: 172.16.17.5
In OSPF table
Uses address space
Can use ping
Network
172.16.0.0
Router ID:
Number by which the router is known to OSPF
Default: The highest IP address on an active interface at the
moment of OSPF process startup
Can be overridden by a loopback interface: Highest IP address of
any active loopback interface
Configuring Optional
Commands (cont.)
Traffic
Token
Ring
Cisco
Non-Cisco
Router(config-if)#
ip ospf cost cost
Assigns a cost to an outgoing interface

May be required for interoperability
Use default cost between Cisco devices
Verifying OSPF
Operation
www.cisco.com
4-605
Verifying OSPF Operation

Router#
show ip protocols
Verifies that OSPF is configured

Router#
show ip route
Displays all the routes learned by the router

Router#
show ip ospf interface
Displays area ID and adjacency information
Verifying OSPF Operation (cont.)

Router#
show ip ospf
Displays
OSPF timers and statistics
Router#
show ip ospf neighbor detail
Displays information about DR, BDR

Router#
and
neighbors
show ip ospf database
Displays the link-state database
Verifying OSPF Operation (cont.)

Router#
clear ip route *
Allows you to clear the IP routing table

Router#
debug ip ospf option
Displays router interaction during the

hello, exchange, and flooding processes
show ip ospf interface

R2#sh ip ospf int e0
Internet Address 192.168.0.12/24, Area 0
Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST,
Cost: 10
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 192.168.0.11, Interface address
192.168.0.11
Backup Designated router (ID) 192.168.0.13, Interface address
192.168.0.13
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:04
Neighbor Count is 3, Adjacent neighbor count is 2
Adjacent with neighbor 192.168.0.13 (Backup Designated Router)
Adjacent with neighbor 192.168.0.11 (Designated Router)
Suppress hello for 0 neighbor(s)
show ip ospf neighbor

Multiaccess and Point-toPoint
Neighbor ID
192.168.0.13
192.168.0.14
192.168.0.11
192.168.0.12
Pri
1
1
1
1
State
2WAY/DROTHER
FULL/BDR
2WAY/DROTHER
FULL/DR
Dead Time
00:00:31
00:00:38
00:00:36
00:00:38
Address
192.168.0.13
192.168.0.14
192.168.0.11
192.168.0.12
Interface
Ethernet0
Ethernet0
Ethernet0
Ethernet0
OSPF over Ethernet - Multiaccess Network
Neighbor ID
192.168.0.11
Pri
1
State
FULL/
Dead Time
00:00:39
Address
10.1.1.2
OSPF over HDLC - Point-to-Point Network
Interface
Serial1
show ip ospf database

R2#show ip ospf database
OSPF Router with ID (192.168.0.12) (Process ID 1)
Router Link States (Area 0)

Link ID
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
ADV Router
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
Age
817
817
816
816
817
Seq#
0x80000003
0x80000003
0x80000003
0x80000003
0x80000003
Checksum
0xFF56
0xFD55
0xFB54
0xF953
0xD990
Net Link States (Area 0)

Link ID
192.168.0.14
ADV Router
192.168.0.14
Age
812
Seq#
0x80000002
Checksum
0x4AC8
Link count
1
1
1
1
1
debug ip ospf adj

192.168.0.14 on Ethernet0, state 2WAY
OSPF: end of Wait on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.14
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id)
BDR: 192.168.0.14 (Id)
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32
state EXSTART
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92
state EXCHANGE
OSPF: Exchange Done with 192.168.0.14 on Ethernet0
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32
OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULL
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.13
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id)
BDR: 192.168.0.13 (Id)
NAT
(NETWORK ADDRESS
TRANSLATION)
Private Addresses
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255
WHY WE NEED NAT ?

Organizations use Private Addresses in their
internal networks.
These addresses will never appear in the
global routing table on any public network.
But if these address are not routable on
public networks how hosts from these internal
networks are able to communicate across the
internet?
WHY WE NEED NAT ?

NAT is a concept which translates layer
three addresses, so it is implemented on
layer three devices.
NAT is used to translate these private
addresses into public addresses.
NAT
NAT is used when a packet is traversing
from one network to another and when the
source address on the transmitting
network is not legal or valid on the
destination network i.e, when a source
corresponds to a private address.
USE NAT IF
You need to connect to the Internet and

your hosts do not have globally unique IP
addresses
You change over to a new ISP that requires
you to renumber your network
Hide intranet addressing information from
outside world.
NAT Operation
Inside
10.1.1.1
Internet
10.1.1.2
Inside Local
IP Address
Inside Global
IP Address
10.1.1.1
10.1.1.2
192.168.2.2
192.168.2.3
NAT table
Addresses used in NAT

Inside local Address of a host on
the private side of the network.
Inside Global Public address into
which the inside local address will be
translated.
Addresses used in NAT
Outside Global Address of a host

that resides on the public network and
a routable IP address.
Outside Local Address used to
translate an outside global IP
address. This may or may not be a
registered IP address, but it must be
routable on the inside network.
TYPES OF NAT
STATIC NAT
DYNAMIC NAT
DYNAMIC NAT WITH OVERLOAD (PATPort Address Translation)
Translating Inside Local

Addresses
(Static
NAT)
Inside
4
DA
192.168.2.2
10.1.1.3
DA
10.1.1.1
Host B
172.20.7.3
SA
192.168.2.2
Internet
10.1.1.2
10.1.1.2
SA
10.1.1.1
10.1.1.1
2 NAT table
Inside Local
IP Address
10.1.1.3
10.1.1.2
10.1.1.1
Inside Global
IP Address
192.168.2.4
192.168.2.3
192.168.2.2
Overloading Inside Global

Addresses
(PAT)
Inside
4
DA
192.168.2.2
10.1.1.3
Host B
172.20.7.3
DA
10.1.1.1
SA
192.168.2.2
Internet
10.1.1.2
1
SA
10.1.1.1
10.1.1.1
2 NAT table
Protocol
TCP
TCP
TCP
Inside Local IP
Address
10.1.1.3
10.1.1.2
10.1.1.1
Inside Global IP
Address: Port
DA
192.168.2.2
Host C
172.21.7.3
Outside Global
IP Address: Port
192.168.2.2:1492 172.21.7.3:23
192.168.2.2:1723 172.21.7.3:23
192.168.2.2:1024 172.20.7.3:23
Static NAT Configuration

Example
ip nat inside source static 10.1.1.1 192.168.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
This interface
connected to
the inside
network.
This
interface
connected to
the outside
world.
Maps the inside local address to the inside global address.
Dynamic NAT Configuration

ip nat pool test 192.168.2.1 192.168.2.254
netmask 255.255.255.0
ip nat inside source list 1 pool test
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
!
This interface
connected to
the inside
network.
This interface
connected to
the outside
world.
Translate between inside hosts addressed from 10.1.1.0/24 to

the globally unique 192.168.2.0/24 network.
Configuring Inside Global

Address Overloading
ip nat pool test 192.168.2.1 192.168.2.2
netmask 255.255.255.0
ip nat inside source list 1 pool test overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
ISDN
(INTEGRATED SERVICES
DIGITAL NETWORK)
What is ISDN?
Small office
Digital
PBX
Provider
network
Telecommuter
Home office
Central site
Voice, data, video, and special services
ISDN Standards
Issue
Protocol
Telephone
Network and
ISDN
ISDN Concepts,
Aspects, and
Interfaces
Switching and
Signaling
Key Examples
E-Series
E.163International Telephone
Numbering Plan
E.164International ISDN Addressing
I-Series
I.100 SeriesConcepts, Structures,

Terminology
I.400User-Network Interfaces (UNIs)
Q-Series
Q.921LAPD (Link Access Procedure

on the D channel)
Q.931ISDN Network Layer between
Terminal and Switch
Standards from the ITU (formerly CCITT)
ISDN Access Options

Channel
Capacity
Mostly Used for
64 kbps
16/64 kbps Signaling information (LAPD)
Circuit-switched data (HDLC, PPP)
NT1
BRI
Service
provider
network
D 2B
PRI
CSU/DSU
D 23 or 30B
BRI and PRI are used globally for ISDN
BRI Call Processing
ISDN
service provider
4
ISDN
Switch
ISDN
Switch
2
SS7
B channel(s)
D channel/SS7 signaling
ISDN Functions and

Reference Points
Local
loop
TE1
NT2 T NT1
ISDN Terminal
TE2
Existing
Terminal
Service
provider
network
TA
Terminal
Adapter
Functions are devices or

hardware
Reference points are
demarcations or interfaces
Cisco ISDN BRI Interfaces

Native ISDN interfaceint bri 0
bri 0
TE1
Service
provider
network
NT1
S/T
bri 0
TE1 U
NT1
TE2
S0
TA
S/T
NT1
Nonnative ISDN interfaceint serial 0

(EIA/TIA-232, V.35, X.21)
ISDN Switch Types

S
CO
S
S
S
S
S
S
CO
Many providers and switch types
Services vary by regions and countries
Configuring ISDN BRI

Step 1: Specify the ISDN switch type
Router(config)#isdn switch-type switch-type
Router(config-if)#isdn switch-type switch-type
Specifies the type of ISDN switch with

which the router communicates
Other configuration requirements vary for specific
providers
Configuring ISDN BRI (cont.)

Step 2: (Optional) Setting SPIDs
Router(config-if)#isdn spid1 spid-number [ ldn ]
Sets a B channel SPID required by many service

providers
Router(config-if)#isdn spid2 spid-number [ ldn ]
Sets a SPID for the second B channel
What Is Dial-on-Demand
Routing?
Dallas
Corporate
PSTN
Chicago
I need to send
data to Dallas.
ISDN
Connect when needed

Disconnect when finished
ISDN or PSTN
When to Use DDR
Telecommuter
Headquarters
Vendor
Periodic connections
Small amounts of data
Generic DDR Operation

Interesting
packet arrives
DCE
1. Route to destination is determined

Interesting
packet arrives
DCE

2. Interesting packets dictate DDR call

Interesting
packet arrives
Dial connection
DCE
ISDN or
Basic
Service

3. Dialer information is looked up

Interesting
packet arrives
Dial connection
DCE
ISDN or
Basic
Service

3. Dialer information is looked up
4. Traffic is transmitted
5. Call is terminated
Configuring Legacy DDR

Interesting
packet arrives
DCE
Define static routesWhat route do I use?

Interesting
packet arrives
DCE
1
2

Specify interesting trafficWhat traffic
enables the link?

Interesting
packet arrives
Dial connection
DCE
1
2
3
ISDN or
Basic
Service

Specify interesting trafficWhat traffic
enables the link?
Configure the dialer informationWhat
number do I call?
Task 1: Defining Static Routes

(Route to Destination)
Subnet
10.40.0.0
10.1.0.1
Home
bri 0
5551000
10.1.0.2
ISDN
bri 0
5552000
Central
Subnets
10.10.0.0
10.20.0.0
ip route 10.40.0.0 255.255.0.0 10.1.0.1
Specify address of
next hop router
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
Network prefix
and prefix mask
Task 2: Specifying Interesting Traffic

(What Enables the Connection?)
Without Access Lists
dialer-list 1 protocol ip permit
Any IP traffic will initiate the link

With Access Lists (for better control)
dialer-list 1 protocol ip list 101
access-list 101 deny tcp any any eq ftp
access-list 101 deny tcp any any eq telnet
Deny FTP
Deny Telnet
Any IP traffic, except FTP and Telnet, will initiate the link
Task 3: Configuring the

Dialer Information
hostname Home
!
!
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
dialer-group 1
no fair-queue
ppp authentication chap
!
router rip
network 10.0.0.0
!
no ip classless
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
!
Applies rules
defined by dialerlist to individual
interfaces
Both values
must match
Task 3: Configuring the

Dialer Information (cont.)
How do I get to
subnetwork 10.10.0.0?
10.1.0.1
Home
bri 0
5551000
10.1.0.2
ISDN
bri 0
5552000
Central
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer-group 1
no fair-queue
Subnets
10.10.0.0
10.20.0.0
Number to dial
Remote host name

Used for PPP CHAP
Legacy DDR Configuration

Tasks Summarized
1
2
hostname Home
!
!
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer-group 1
no fair-queue
!
router rip
network 10.0.0.0
!
no ip classless
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
!
Optional Legacy DDR

Commands
Router(config-if)#dialer load-threshold load
[ outbound | inbound | either ]
Establishes the amount of traffic on link before

a second link is enabled
Router(config-if)#dialer idle-timeout seconds
Establishes the idle time before disconnect
Legacy DDR Using ACLs

Configuration Example
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq telnet
dialer-list 1 list 101
!
ip route 192.168.12.0 255.255.255.0
10.108.126.2
ip route 192.168.14.0 255.255.255.0
10.108.126.2
!
interface bri 0
ip address 10.108.126.1 255.255.255.0
dialer-group 1
dialer map ip 10.108.126.2 name B 5551234
!
10.108.126.1
10.108.126.2
ISDN
Access list defining

interesting packets
on Cisco A
Static routes to
reach destination
Interface
configuration for
DDR
Time to wait
before dropping
call
Subnets
192.168.12.0
192.168.14.0
Verifying Legacy DDR and

ISDN Operation
Router#ping or telnet
Triggers a link (assuming it is part

of interesting traffic)
Router#show dialer
Displays current status of link, including

amount of time link is connected
Router#show isdn active
When using ISDN, displays call

status while call is in progress
Router#show isdn status
Displays the status of an ISDN

connection
Router#show ip route
Displays all routes, including static

routes
Verifying Legacy DDR and

ISDN Operation (cont.)
Router#debug isdn q921
Shows ISDN layer 2 messages
Router#debug isdn q931
Shows ISDN call setup and

teardown activity
Router#debug dialer
Shows call setup and teardown

activity
Router(config-if)#shutdown
Clears currently established

connections from the interface
Understanding LAN
Switching
What is Switching ?
It breaks the Collision Domain
It takes the packet and forwards to destined
port without any modification.
Network still remains in one large Broadcast
Domain.
It increases bandwidth of the network.
Multiple devices can be connected to each
interface.
Collision Domain
All the computers which are physically
connected together and can collide with each
other are part of a single Collision Domain.
To reduce collision increase collision domain
Reducing Collision Domain will increase
collision.
Switching Technology
To understand Switching Technology we
need to understand the following :
Layer 2 Switching
Address Learning
Forward/Filtering Decisions
Loop Avoidance
Spanning-Tree Protocol
LAN Switch Types
Hubs Addressed Many of

These Problems
Ethernet
10
Hub
All nodes share 10 Mbps

One device sending at a time
Ethernet concentrator
Self-contained Ethernet
LAN in a box
Works at physical layer 1
Collisions: Telltale Signs
CRASH
Hub
I could have walked to

Finance by now.
I knew I should have
stayed home.
File transfers take
forever.
Sluggish network response

Increasing user complaints
Im waiting all the time.
Hub-Based LANs
10BaseT
Hub
10BaseT
Hub
Shared resources
Desktop connections wired to
centralized closets
Poor security within shared
segments
Routers provide scalability
Adds, moves, and changes
are easier than without hubs,
but still a hassle
Groups of users determined
by
physical location
SwitchesLayer 2
Switched Ethernet
10
Ethernet
Switch
Each Node has

10 Mbps
Multiple devices sending at the same time
Backbone
Switches versus Hubs

Hub
Ethernet
10
One device
sending at
a time
All nodes share 10 Mbps
Ethernet
Switch
Backbone
Each node has 10 Mbps
Switched Ethernet
10
Multiple
devices
sending at the
same time
Todays LANs
10/100
Switch
10/100
Switch
10-Mbps
Hub
Mostly switched
resources; few
shared
Routers provide
scalability
Groups of users
determined by
physical location
LAN Switching Basics
www.cisco.com
Layer 2 Switching
This is hardware based switching
It uses MAC address to filter the network.
To build Filter Table, it uses ASICs (Applicationspecific Integrated Circuits)
It is like Multiport bridge.
Layer 2 switches do not look at the Network layer
header and hence faster.
Based on hardware address it decides whether to
forward the packet or drop it.
Layer 2 Switching
Layer 2 Switching provides the following:
Hardware-based bridging (MAC)
Wire speed
Layer 2 switch is considered faster because no
modification in the packet.
Low Latency
Because the switching is faster
Low cost
LAN Switching Basics

Enables dedicated
access
Eliminates collisions
and increases
capacity
Supports multiple
conversations at the
same time
Functions of Switch
at Layer 2
There are three main functions at Layer2

Address Learning
Forward / Filter Decisions
Loop Avoidance
Address Learning
Switches and Bridges remember the source address of each frame
received on an interface and enter this information into MAC
database.
Whenever switch receives a packet it makes an entry of the
source address and sends a broadcast for destination.
- The destination machine then responds to broadcast and switch
receives a packet from destination.
Switch again makes entry for the destination machines
hardware address.
Using this method Switch maintains a table stating that which
hardware address is available at which port.
Forward / Filter Decisions

When a frame is received on an interface, the
switch looks at the destination hardware address
and finds the exit interface in the MAC database.
When a frame is reached to the switch the destination
port is checked in MAC database to find out the exit
interface.
If found the packet will be forwarded to the mentioned port
If not found the Broadcast is sent on all the ports and the exit
port for this particular address is determined.
Broadcast / Unicast
When packets are sent to a specific
machine that is called Unicast.
It always knows the destination address
When packets are sent to all that is called

Broadcast.
It the destination address will be all 1s.
Loop Avoidance
If multiple connections between switches are
created for redundancy, network loops can occur.
Most commonly networks are implemented with
redundant links for fault tolerance purpose.
These multiple links may cause loops and broadcast
storm
In a switched network some scheme should be
implemented to avoid these loops.
The Spanning-Tree Protocol (STP) is used to stop
network loops and allow redundancy.
LAN Switch Operation

Forwards packets based
on a forwarding table
10 Mbps
Forwards based on the MAC

(Layer 2) address
Operates at OSI Layer 2

Learns a stations location
by examining source
address
C
3
Data from A to B
10 Mbps
4
B
Interface
1
Stations
Sends out all ports when

destination address is
broadcast, or unknown address
Forwards when destination is
located on different interface

10 Mbps

(Layer 2) address

by examining source
address
C
3
1
10 Mbps
4
B
Interface
1
Stations

broadcast,or unknown address
3
X

Data from A to B
10 Mbps

(Layer 2) address

by examining source
address
C
3
1
Data from
to B
10AMbps
Interface
Stations
1
A
3
X
Data from A to B

broadcast, or unknown address
4
B

10 Mbps

(Layer 2) address

by examining source
address
C
2
Interface
1
A
B
X
X
Data from B to A
10 Mbps
Stations

4
B

10 Mbps

(Layer 2) address

by examining source
address
C
3
1
10 Mbps
Data from B to A
4
B
Interface
1
Stations

A
B
X
X
LAN Switch Types
Switching type basically effects the Latency and the reliability of your
network.
There are three Switching Types:

Store and Forward
Cut-through
FragmentFree
Store and Forward

It is default in Routers & Bridges
In this method the entire data is first stored,
processed for errors, if it is found error free, it
is forwarded otherwise returned.
Uses CRC for error checking.
Latency is high in this case but it is extremely
reliable.
Latency : Time involved in sending the data from
one node to another.
Cut-Through
(Real
Time)
Cut-Through switching is the fastest one, because it
does not check for errors.
It does not store data and process for error.
It just reads the destination address and forwards it.
It begins to forward the frame as soon as it reads the
destination address and determines the outgoing
interface.
It has Lowest Latency and not reliable.
Hence it is also called Wire Speed Switching.
FragmentFree (Modified CutThrough)

It provides us both Low latency as well as Speed.
It is a modified form of Cut Through switching.
It reads the first 64 bytes and then forwards.
It checks 64 bytes because most of the errors occur in these
bytes only. If first 64 bytes are error free FragmentFree
Switching considers entire data error free.
If there is any error in first 64 bytes the packet will be dropped or
else forwarded.
It provides better reliability than the Cut-through with almost same
Latency as in Cut through.
Understanding
Spanning-tree
protocol(802.1d)
The Need for Spanning Tree

Problems with large switched networks
Local multicast, broadcast, and unknown single-destination
event storms become global events
Station A
Segment A
1/1
2/1
Switch 1
Switch 2
1/2
2/2
Segment B
Station B
How does Loop occur
Loop Occuring
In this scenario if no loop avoidance scheme is implemented
the switch will generate a broadcast storm.
A device can receive multiple copy of same frames.
The MAC address table will be continuously updated and the
table itself will be confused, because frames will be received
from more than one link. This is called thrashing MAC Table.
This is how loops within other loop will be generated and no
switching will be performed in the network.
Note : Spanning Tree Protocol is designed to solve this
problem.
Spanning-Tree Protocol
The main function of STP is to maintain a loop free
network.
Originally STP was created by DEC (Now Compaq)
It was modified by IEEE and was published in 802.1d
specification.
DEC and IEEE 802.1d are not compatible
All CISCO switches run on IEEE802.1d version of STP
Bridge Protocol Data Units

Switches and Bridges running STP exchange information
with something called BPDUs.
BPDUs send Broadcast messages using multicast frames.

Bridge ID of each device is sent to other device using
BPDUs.
How STP Works

STP continuously monitors the network for a failure or addition
of a link, switch or bridge.
Whenever there is a change in topology, it reconfigures switch
or bridge to avoid a total loss of connectivity or creation of new
loops.
STP is by-default enabled in Catalyst switches.
STP provides a loop-free network by followin:
Electing a Root Bridge
Root Port for a Non-root Bridge
Designated port for Each Segment
Bridge ID
Bridge ID is used to determine the Root Bridge and Root Port.
The Bridge ID is 8 bytes long.
Bridge ID includes the priority and the MAC Address of the
device.
All devices running IEEE STP version has 32,768 as priority
value.
To Determine Bridge ID the Priorities and MAC address are
combined.
If two switches / Bridges have the same priority then MAC Address
is used to determine Bridge ID.
Eg. If switch A with MAC ID 0000.0c00.1111.1111 and switch B with
MAC IS 0000.0c00.2222.2222 have the same priority then switch
A will become the Root Bridge.
Electing Root Bridge

In one Broadcast Domain only one Bridge is designated as
Root Bridge.
All Ports on the Root Bridge are in Forwarding State and are
called Designated Port
All ports in forwarding state can send and receive traffic.
Bridge ID is used to determine the Root Bridge and Root Port.
Bridge ID includes the priority and the MAC Address of the
device.
Root Port for a Non-root Bridge

The Root Port is the lowest cost path from a
Non-Root Bridge to the Root Bridge.
Spanning Tree Path Cost is an accumulated cost
based on bandwidth.
More Bandwidth - Less Cost
In the event that the cost is the same then the deciding
factor would be the lowest port no.
Root Ports are in forwarding state.
Designated Port
There will be only one Designated Port in one
Segment.
Designated Port is selected on the bridge that has
the lowest cost path to Root Bridge.
Designated Port is in the forwarding state.
Responsible for forwarding traffic for the
segmentation
Nondesignated Ports are normally in the blocking
state to break the loop topology. That means the
Spanning Tree is preventing it from forwarding
traffic.
Spanning Tree Port State

There are four different states for ports on Switch / Bridge
running STP.
Blocking : Wont forward frames; listens to BPDUs. All
ports are in blocking state by default when the switch is
powered up.
Listening : Listens to BPDUs to make sure no loops occur
on the network before passing data frames.
Learning : Learns MAC addresses and builds a filter table
but does not forward frames.
Forwarding : Sends and receives all data on the bridged
port.
Spanning Tree Path Cost

Spanning Tree Path Cost is an accumulated total path cost
based on the bandwidth of all the links in the path. Table
shows some of the path costs specified in IEEE 802.1d
specification
Link Speed
10 Gbps
1 Gbps
100 Mbps
10 Mbps
Cost (Revised IEEE

Specification)
2
4
19
100
Cost (Previous IEEE

Specification)
1
1
10
100
Convegence
Covergence occurs when bridges and switches have
transitioned to either the forwarding or blocking states.
No data is forwarded during this time.
Convergence is important to make sure all devices have the
same database.
Before data can be forwarded, all devices must be updated.
The problem with convergence is the time it takes for these
devices to update.
It usually takes 50 seconds to got from Blocking to forwarding
state.
Forward delay is the time it takes to transition a port from listening
to learning state or from learning to forwarding state.
Spanning Tree Timers

Timer
Primary Function
Default Setting
Hello Time
Time between sending of configuration

BPDUs by the root Bridge
2 seconds
Forward Delay
Duration of listening and learning states
30 seconds
Max Age
Time BPDU stored
20 seconds
It is not recommended that you change the default

STP Timers, but the timers can be adjusted if
necessary.
Spanning Tree Example

Port 0
Switch X
MAC 0c0011111100
Default Priority 32768
Port 0
Switch Z
MAC 0c0011110000
100BaseT
Port 0
Port 1
Port 1
Switch Y
MAC 0c0011111111
100BaseT
Find out the following:
What is the Root Bridge?
What are the Designated, Nondesignated and Root Ports?
What are the Forwarding and Blocking Ports?
Lets verify the answers
Root Bridge: Switch Z, Because it has the lowest bridge ID (priority and
MAC address)
Root Port: Port 0 of Switches X and Y because it is the lowest-cost path to
the root.
Designated Port: Port 0 of Switch Z. All ports on the root are designated
ports. Port 1 of Switch X is a designated port. Because both Switch X and
SwitchY have the same path cost to the Root Bridge, the designated port is
selected to be on switch X because it has a lower bridge ID than Switch Y.
Blocking: Port 1 of Switch Y. The nondesignated port on the segment.
Forwarding: All designated ports and root ports are in the forwarding state.
802.1d Spanning-Tree
Protocol (STP)
Allows redundancy by using parallel links
Shuts down redundant links to eliminate
loops
Switches communicate with each other

using BPDUs (Bridge Protocol Data Units)
Takes 3060 seconds to converge
Cisco refinements:
PortFast
UplinkFast
Understanding
Virtual LANs
Virtual LANs
VLAN 1
VLAN 2
VLAN 3
Server Farm
One broadcast domain

within a switch
VLANs help manage
broadcast domain
Can be defined on
port groups, users, or
protocols
LAN switches and
network management
software provide a
mechanism to create
VLANs
VLAN Definition
VLAN is defined as logical grouping of
network resources & User connected to
predefined ports on a Switch, defined by
Administrator.
VLAN
VLANs are used to create smaller broadcast
domain within a switch.
A Single VLAN is treated as a separate
subnet or broadcast domain.
In layer 2 switched network, broadcast packet transmitted

arrives at every device on the network , whether intended or
not for that device
Drawback of Layer 2 Switched

Network.
Larger the number of Devices and Users, the
more broadcasts and packets are to be handle
by each device
Lack of Security, the only security is assigning
passwords on the Servers and other devices.
The Solution is VLAN
Remove the Physical

Boundaries
Engineering
Marketing
Floor 3
Floor 2
Floor 1
Group users by department, team, or application

Routers provide communication between VLANs
Acctg.
VLAN Benefits
Reduced administrative costs
Simplify moves, adds, and changes
Efficient bandwidth utilization

Better control of broadcasts
Improved network security

Separate VLAN group for high-security users
Relocate servers into secured locations
Scalability and performance

Microsegment with scalability
Distribute traffic load
Advantages of VLAN
Broadcast Control: Multimedia applications use
broadcasts and multicast heavily, moreover,
faulty equipment, inadequate segmentation and
poorly designed Firewalls can be major players
for the above problem.
Switches forwards broadcasts to all segments
and hence called as Flat Network because it is
one Broadcast Domain
Solution :
It is the job of the Administrator to properly do
the segmentation of the network to avoid
problem from propagating throughout the
Network.
Devices in a particular VLAN are members of
same Broadcast Domain and so they receive all
broadcast .
Note: Routers are used along with Switches to
provide connection between VLANs which stops
broadcast from propagating throughout the
entire internetwork.
Security : can be implemented by

connecting hubs and Switches along with
routers.But,
Anyone connecting to the Physical network can
gain access to the network resources.
Plugging a network Analyzer could have
displayed entire traffic of that network to an
intruder.
Joining a workgroup was as easy as plugging
the intruders workstation into existing Hub.
Solution :
Creation of VLANs and multiple broadcast
groups, empowers the Administrator to have
control over each port and user.
Groups are created based on users requirement
for network resources.
If configured, unauthorized access of the
network resources will be reported to the
network management station by Switches.
Contd..
In case of Inter-VLAN communication, restriction
are implemented on the router.
Restriction can also be placed on the Hardware
address, Protocols and Application
Flexibility and Scalability

Layer 2 Switches only read Frames for filtering, which
causes it to forward all Broadcasts.
So, creating VLAN, means creating more
Broadcast Domains.
Assigning Switch ports or users to VLAN groups on a
switch or switch fabric, you have the option to add
selected users in the broadcast domain.
This stops Broadcast Storms caused by faulty
Network Interface Card (NIC) or applications.
VLAN can be kept on multiplying in order to efficiently
utilize the bandwidth.
Functioning of VLANs
Scenario: A collapsed Backbone.
Contd..
With reference to the figure, each network is
attached to the router having its own logical
network number.
Each node attached to a particular network must
match that network number in order to
communicate on the internetwork.
Contd..
With reference to the figure, Switches
removes the physical boundaries, creating
greater flexibility and scalability than
router.
You can group users into communities,
which are known as VLAN Organization.
Contd..
With reference to the figure there are four
VLANs or broadcast domain. Node within a
particular VLAN can communicate with each
other, but not with any other VLAN or node in
other VLAN.
So, communication between VLAN is only
possible through a Layer 3 device.
VLAN Membership
Administrator are responsible for creating
VLANs, which are further assigned to
Switch ports.
Vlan Membership can be configured as
Static or Dynamic.
Static VLAN
This is the basic and most secure type for
creating VLAN.
Port assignment associated with a VLAN is
maintained until and unless modified by the
Administrator.
This type of VLAN configuration is easy to Setup
and Monitor.
Dynamic VLAN
Using intelligent management software, you can
enable MAC address, Protocols or even
Application to create Dynamic VLANs.
For e.g. MAC address might be fed into a
centralized VLAN management application, Now
if a node is attached to an unassigned port, the
VLAN management database will lookup the
MAC address and assign and configure the
Switch port to correct VLAN. Again, if the user
moves, the Switch will automatically assign them
to correct VLAN.
VLAN Identification
VLAN can span multiple connected switches.
Switches must keep a track of Frames and
which VLAN, these Frame belong to.
Frame Tagging performs this function.
Establishing VLAN Membership
Approaches Can Vary Performance

Port driven
Port-Based
MAC address driven
Network address
Layer 3-Based
VLAN 1
driven
VLAN 2
Application type driven
VLAN 3
MAC-Based
MAC
MAC
Addresses Addresses
VLAN 1
VLAN 2
Subnet
198.21.xx
Subnet
198.22.xx
VLAN 1
VLAN 2
Membership by Port
Maximizes Forwarding Performance
VLAN 3
VLAN 1
VLAN 2
Users assigned by port association

Requires no lookup if
done in ASICs
Easily administered via GUIs
Maximizes security between VLANs
Packets do not leak into
other domains
Easily controlled across network
Communicating Between
VLANs
Two Physical Topology Approaches
Logical
Communication
VLANs 1, 2, 3
Cisco Internetworking
Software
Physical Link
per VLAN
VLAN 3
VLAN 2
VLAN 1
Layer 3 links
VLANs together
Adds additional security
and management
Logical links conserve
physical ports
Multimode, depending
on protocol
Controls access by VLAN
Up to 255 VLANs per router
VLAN Technologies
www.cisco.com
Inter-Switch Link
VLAN Tag Added

at Incoming Port
VLAN Tag Stripped

by Forwarding Port
Inter-Switch Link
(ISL) Carries
VLAN Identifier
802.10
ISL
802.1Q
LANE
Interconnects multiple switches

and maintains VLAN information
as traffic goes between switches
Establishes membership
through ASICs
Labels each packet as received
(packet tagging)
Eliminates lookups and tables
Transports multiple VLANs
across links
Protocol, endstation-independent
Easily managed
VLAN Standardization
Packet Tagging as Common VLAN Exchange
Level-1 Explicit Tagging
DES SRC
FCS
DES SRC
DES SRC
FCS
FCS
SRC
DES
Data
VLAN ID
Wide vendor endorsement for 802.1Q tagging standard

Cisco supports across Fast Ethernet, Gigabit uplinks
Cisco maps ISL to 802.1Q dynamically with VTP
VLAN Standard
Implementation
Typical Environment
Cisco
Domain
Cisco environment
uses ISL
802.1Q
Vendor environment uses

an existing, yet different
packet tagging method
Interdomain communication
based on 802.1Q standard
Vendor X
Domain
Si
Si
ISL
Company ABC
Types of Links in Switched

environment
Access Links :
These are part of only one VLAN and are known
as Native VLAN of the port.
Device attached to these link are unaware of
VLAN membership.
VLAN information from the frame are remove
before it is set to an access link device.
Access link devices are not capable of
communicating to device outside the VLAN
unless the packet is routed thru a router.
Trunk Links :
Capable of carrying multiple VLANs
Used to connect Switches to other
Switches or to Routers or even Servers
Supported on Fast or Gigabit ether net
only.
VLAN identification modes

TO identify which frames belongs to
which VLAN, VLAN identification is
used.The multiple types of trunking
methods are:
Inter-Switch Link (ISL)

Proprietary to Cisco Switches
Used for Fast Ethernet and Gigabit
ethernet links only
Used on a Switch port, Router interfaces
and Server Interface Cards to trunk a
server.
IEEE 802.1q
Created by IEEE as standard method for Frame
Tagging.
It inserts a field into Frame to identify the VLAN.
When trunking between Cisco Switches link and
different brand of Switch, it is mandatory to use
802.1q for the trunk to work.
Inter-Switch Link (ISL) Protocol

ISL is an external tagging process, which
means the original frame is not altered but
encapsulated with a new 26 byte ISL
header.
It also adds a second 4 byte FCS field at
the end of the frame.
DrawBack
As the frame is encapsulated with information,
only ISL devices can read it.
Also, the frame can be up to 1522 bytes long,
devices that receive an ISL frame may record
this as giant frame, as it is over the maximum of
1518 bytes allowed on an ethernet segment.
TRUNKING
Trunk Links are 100-1000 Mbps point-to-point
links between two Switches, between a Switch
and Router or between Switch and Server.
Trunk Links carry the traffic of multiple VLANs,
from 1 to 1005 at a time
Cannot run Trunk Links on 10 Mbps.
Virtual Trunk Protocol (VTP)
VLAN administration and configuration protocol

Reduces VLAN setup and administration
VLAN 1
Eliminates configuration errors

Decreases network managers
time adding and managing
VLANs
Maps VLANs across different backbones
(FDDI, Fast Ethernet, ATM)
Maps between ISL and 802.1q
Maintains security between VLANs
VLAN 2
ISL
ISL
LANE
LANE
ATM
Fabric
LANE
802.1Q
VLAN Trunking Protocol

(VTP)
VTP is created by Cisco, to allow
Administrator to add, delete, and rename
VLAN, which are further propagated to all
Switches
Benefits of VTP
Consistent VLAN configuration across all
switches in the network.
Allowing VLANs to be Trunked over mixed
networks, like Ethernet to ATM LANE or FDDI.
Accurate tracking and Monitoring of VLANs.
Dynamic reporting of adding VLAN to all
Switches.
Plug and Play VLAN adding.
VTP Modes
Server Mode
Sends/Forwards
VTP advertisements
Client Mode
Sends/Forwards
VTP advertisements
Transparent Mode
Forwards VTP
advertisements
Syn VLAN
configuration
information with
other switches
VLAN configurations
are saved on
NVRAM
Syn VLAN
configuration
information with
other switches
VLAN configurations
are not saved on
NVRAM
Does not Syn VLAN

configuration
information with
other switches
VLAN configurations
are saved on
NVRAM
VTP Modes
Catalyst Switch can
create VLANs
Catalyst Switch
cannot create
VLANs
Catalyst Switch can

create VLANs
Catalyst Switch can

modify VLANs
Catalyst Switch
cannot modify
VLANs
Catalyst Switch can

modify VLANs
Catalyst Switch can

delete VLANs
Catalyst Switch
cannot delete
VLANs
Catalyst Switch can

delete VLANs
Configuration Revision Number

The revision number is most important
piece in VTP advertisement
With Reference to the figure e.g. shows
how revision number is used in an
advertisement.
Contd..
Figure shows a configuration revision number
as N. As the database is modified, the VTP
server increments the revision number by 1.
The VTP server then advertises the database
with the new configuration revision number.
When Switch receives an advertisement that
has a higher revision number, it overwrites
the database in NVRAM with the new
database being advertised.
VTP Pruning
Pruning is defined as preserving bandwidth by
configuring the VTP to reduce the amount of
broadcast, multicast and other unicast packets
VTP Pruning only sends broadcast to Trunk
Links that must have the information, any Trunk
Link that does not need the broadcast will not
receive them.
VTP Pruning is disabled by default on all
Switches.
Several Facts to remember

before configuring VLAN
The maximum number of VLANs is Switchdependent.The 2950 switch supports 1005 VLANs
with a Spanning Tree support.
VLAN1 is one of the factory default VLANs.
CDP and VTP advertisements are sent on VLAN1.
The 2950 switch IP address is in the VLAN1
broadcast domain.
The Switch must be in VTP server mode or
transparent mode to create,add, or delete VLANs
VTP Configuration Guidelines

The default VTP configuration parameters for
the 2950 Switch are as foolws:
VTP domain name: None
VTP mode: Server
VTP password: None
VTP pruning: Disabled
Vlan Commands
Use the vlan global configuration command to configure a VLAN with a
number & name. Use the no vlan command to delete a VLAN or to negate the
configuration of a translational bridge VLAN.
vlan vlan [name vlan-name]

no vlan vlan
Syntax Description
vlan
vlan-name
Unique ISL VLAN identifier between 1 and

1005.
Unique VLAN name between 1 and 32
alphanumeric characters.
Command Mode
Global configuration
Example
This example shows how to configure VLAN 2 with the name
Engineering:
hostname(config)# vlan 2 name engineering
show (vlan)
Use the show vlan privileged Exec command to display the settings of VLAN
configuration parameters.
show vlan [vlan]
Syntax Description
vlan
Number from 1 to 1005.
Default
This command has no default value.
Command Mode
Privileged Exec
Usage Guidelines
If you do not specify vlan, the system displays all VLAN configuration parameters.
Example
This example shows how to display the settings of the VLAN configuration parameters:
hostname# show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------1
default
active
1-15
2
VLAN0002
active
16-18
3
VLAN0003
active
4
VLAN0004
active
5
VLAN0005
active
Vlan-membership
vlan-membership
Use the vlan-membership interface configuration command to assign a port to
a VLAN. Use the no vlan-membership command to remove a port from a
VLAN.
vlan-membership {static {vlan} | dynamic}
no vlan-membership
Syntax Description
static
Sets VLAN membership type as static.
vlan
Static VLAN number from 1 to 1005.
dynamic
Sets VLAN membership type as dynamic.
Vlan-membership
Default
All nontrunk ports belong to a default VLAN. ISL VLAN ID 1 is the
default VLAN for Ethernet VLANs. The membership type of all
nontrunk ports is static.
Command Mode
Interface configuration
Usage Guidelines
If you want to know the VLAN membership of a port that has been set to
dynanmic but is static by default, query the VLAN Membership Policy
Server (VMPS).
Vlan-membership
Example
This example shows how to configure the interface as a dynamic
VLAN port:
hostname(config)# interface ethernet 0/6
hostname(config-if)# vlan-membership dynamic
show (Vlan-membership)
Use the show vlan-membership privileged Exec command to display

the VLAN assignment and membership type for all switch ports.
show vlan-membership
Syntax Description
This command has no additional arguments or keywords.
Default
Command Mode
Privileged Exec
Usage Guidelines
This command is not functional when bridge groups are enabled.
Example
This example shows how to display the VLAN assignment and
membership type for all switch ports:
hostname# show vlan-membership
VTP
Use the vtp global configuration command to specify the operating

mode, domain name, generation of traps, and pruning capabilities of
VLAN Trunk Protocol (VTP). Also use this command to set a password
for the VTP domain.
vtp [server | transparent] [domain domain-name] [trap {enable |

disable}] [password password] [pruning {enable | disable}]
Syntax Description
server
VTP server operating mode.
If selected, switch updates its VLAN configuration from configurations reported by

other trunked VTP devices and allows configuration to be modified locally. Any
changes are distributed through VTP messages.
transparent
VTP transparent operating mode.
If selected, switch allows configuration to be modified locally but configuration

changes are not advertised by VTP messages. VTP messages received are forwarded to
trunks without being processed.
domain-name
VTP management domain name from 1 to 32

alphanumeric characters.
enable
Enable generation of VTP traps such as Configuration

Revision Error Trap, Configuration Digest Error Trap,
and MTU Too Big Trap. Enable pruning.
disable
Disable generation of VTP traps/pruning.
password
Password between 8 and 64 alphanumeric characters.
Password is case insensitive.
VTP CONFIGURATION
Default
The default VTP mode is server, and the default trap-generation is
enabled. The default VTP pruning mode is enabled.
Usage Guidelines
If you create a VTP password, it generates a secret value. This value is
used in the calculation of the MD5 digest of a VTP advertisement. The
MD5 digest ensures the validity of VTP advertisements.
show (vtp)
Use the show vtp privileged Exec command to display Vlan Trunking Protocol
(VTP) statistics.
Syntax Description
This command has no additional arguments or keywords.
Default
Command Mode
Privileged Exec
Usage Guidelines
Example
This example shows how to display VTP statistics:
hostname# show vtp
VTP version: 1
Configuration revision
: 3
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name
: Zorro
VTP password
: vtp_server
VTP operating mode
: Server
VTP pruning mode
: Enabled
VTP traps generation
: Enabled
Configuration last modified by: 0.0.0.0 at
00-00-0000 00:00:00
Trunk
Use the trunk interface configuration command to set a Fast Ethernet

port to trunk mode with the Dynamic Inter-Switch Link (DISL) protocol.
trunk [on | off | desirable | auto | nonegotiate]
Syntax Description
on
Configures the port into permanent Inter-Switch Link (ISL) trunk
mode and negotiates with the connected device to convert the link to
trunk mode. The port converts to trunk mode even if the other end of the
link does not.
off
Disables port trunk mode and negotiates with the connected
device to convert the link to nontrunk. The port converts to nontrunk
even if the other end of the link does not. Use this state when an ISL port
is connected to another ISL port that does not support the DISL protocol.
desirable
Triggers the port to negotiate the link from nontrunking to
trunk mode. The port negotiates to a trunk port if the connected device is
either in the On, Desirable, or Auto state. Otherwise, the port becomes a
nontrunk port.
Syntax Description
auto Enables a port to become a trunk only if the connected device has
the state set to On or Desirable.
nonegotiate Configures port to permanent ISL trunk mode and no
negotiation takes place with the partner.
Trunk
Default
The default DISL configuration state for a Fast Ethernet port is
off.
Command Mode
Interface configuration
Usage Guidelines
This command applies only to one Fast Ethernet port. If you use
this command for a Fast Ethernet port that is an aggregate port
group member, the newly configured value also applies to all
other aggregate port group members.
Trunk
Example
This example shows how to set the Fast Ethernet port to trunk
mode:
hostname(config)# interface fastethernet
0/26
hostname(config-if)# trunk on

Ccna Slides

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ccna Slides

Hochgeladen von

Copyright:

Verfügbare Formate

2002, Cisco Systems, Inc. All rights reserved.

How a LAN Is Built

1999, Cisco Systems, Inc.

What are the components?

How is a LAN controlled?

Network Operating System (OS)

Network Interface Card

19921 major backbone, 3,000 networks, 200K computers

Doubling every year!

The OSI Model

The Layered Model

1999, Cisco Systems, Inc.

Fax #:--L: Dutch

Fax #:--L: Dutch

Fax #:--L: Dutch

Fax #:--L: Dutch

Fax #:--L: Dutch

Why a Layered Network Model?

Reduces complexity (one big

Devices Function at Layers

Host layers: Provide

Host layers: Provide

Media layers: Control

Provides network services to

Network services to applications

Network services to applications

Network services to applications

Network services to applications

Network services to applications

Addresses and best path

Provides reliable transfer of data

Network services to applications

Addresses and best path

Provides code formatting and

Network File System (NFS)

Segments upper-layer applications

Socket is a software component and points to a particular service running

Port Addresses are reserved for standardization purpose.

This is a mechanism wherein the data is divided into multiple

Connection Oriented Transmission

Connection Oriented Protocol

Connection Less Protocol

It is responsible for communicating Networks

Network Layer: Path

Layer 3 functions to find the best

Network Layer: Communicate

Addresses represent the path of media

AddressingNetwork and Node

Network addressPath part used by the router

Protocol Addressing Variations

Each router provides its services to support

Routed Versus Routing Protocol

Examples: IP, IPX,

Examples: RIP, IGRP, OSPF

Static Versus Dynamic Routes

Static Route Example

Only a single network

Fixed route to address reflects

Adapting to Topology Change

Can an alternate route substitute

Adapting to Topology Change

Adapting to Topology Change

Can an alternate route substitute

Data Link Layer