What is a router?

The router is responsible for the routing of traffic between networks.

routers interconnect the networks at the different sites.

When a packet arrives on a router interface, the router uses its routing table to determine how to reach the
destination network.

The responsibility of routers is deliver those packets efficiently.

A router is essentially a specialized computer. It requires a CPU and memory to temporarily and permanently store
data to execute operating system instructions, such as system initialization, routing functions, and switching
functions.

Composed of:

 Central processing unit (CPU)

 Operating system (OS)

 Memory and storage (RAM, ROM, NVRAM, Flash, hard drive)

Unlike a computer, a router does not have video adapters or sound card adapters. Instead, routers have specialized
ports and network interface cards to interconnect devices to other networks.

How does a router function?

A router connects multiple networks, which means that it has multiple interfaces that each belong to a different IP
network.

When a router receives an IP packet on one interface, it determines which interface to use to forward the packet to
the destination. The interface that the router uses to forward the packet may be the final destination, or it may be a
network connected to another router that is used to reach the destination network.

Packet Forwarding
Process switching (old)

When a packet arrives on an interface,

it is forwarded to the control plane where the CPU matches the destination address with an entry in its routing table,

then determines the exit interface and forwards the packet.

(VERY SLOW AND RARELY IMPLEMENTED)

CISCO FORWARDING METHODS

Fast Switching (common)

When a packet arrives on an interface,

it is forwarded to the control plane

the CPU searches for a match in the fast-switching cache

If it is not there, it is process-switched and forwarded to the exit interface.

stores previous cache, and re-uses the same without using the CPU

CEF (most recent)

Builds Forwarding information Base (FIB) and adjacency table

Tables are not packet-triggered

FIB contains pre-computed reverse lookups, next hop info for routes and layer 2 info.

(Fastest forwarding mechanism and preferred choice of routers)

SUMMARY OF 3 FORWARDING METHODS

 Process switching solves a problem by doing math long hand, even if it is the identical problem.

 Fast switching solves a problem by doing math long hand one time and remembering the answer for
subsequent identical problems.

 CEF solves every possible problem ahead of time in a spreadsheet

WHAT IS ROUTING?
Routing is the process of selecting a path for traffic in a network, or between or across multiple networks.
CHAPTER 1 SUMMARY

PURPOSE OF A ROUTER

 The main purpose of a router is to connect multiple networks and forward packets from one network to the
next. This means that a router typically has multiple interfaces. Each interface is a member or host on a
different IP network.

CISCO IOS

 Cisco IOS uses what is known as the administrative distance (AD) to determine the route to install into the
IP routing table.

WHAT IS A ROUTING TABLE?

 The routing table is a list of networks known by the router.

The routing table includes network addresses for its own interfaces

 directly connected networks

 network addresses for remote networks.

A remote network is a network that can only be reached by forwarding the packet to another router.

Remote networks are added to the routing table in two ways:

1. by the network administrator manually configuring static routes

2. or by implementing a dynamic routing protocol

DIFFERENTIATE STATIC AND DYNAMIC

ROUTING
1. Static
 Static routes do not have as much overhead as dynamic routing protocols
 require more maintenance if the topology is constantly changing or is unstable.
2. Dynamic
 automatically adjust to changes without any intervention from the network administrator.
 require more CPU processing
 uses a certain amount of link capacity for routing updates and messages.
 routing table will contain both static and dynamic routes.
 1. Router Packet Forwarding

 Routers make their primary forwading decision at Layer 3 (Network Layer)

 Router interface participates in Layers 1,2 and 3.
 IP packets are encapsulated into a Layer 2 (Data Link) frame
 Data Link frames are encoded into bit at Layer 1
 The Cisco IP routing table is not a flat database.

The Cisco IP routing table is not a flat database.

The routing table is a hierarchical structure

speed up the lookup process when locating routes and forwarding packets.

Components of the IPv6 routing table are very similar to the IPv4 routing table

ADMINISTRATIVE DISTANCE
the administrative distance (AD) value is a measure of the preference of route sources.

Route sources with low AD values are preferred over routes sources with higher AD values.

The AD value for a static route is 1

Dynamic routes has higher AD than static routes

DEFAULT ROUTE
A default route is a route that matches all packets and is used by the router if a packet does not match any other,
more specific route in the routing table.

Uses:

 Commonly used in connecting a company's edge router to the ISP network.

 When a router has only one other router to which it is connected (Stub network)

SUMMARIZATION OF STATIC ROUTES

Multiple static routes can be summarized into a single static route if:

 The destination networks are contiguous and can be summarized into a single network address.
 The multiple static routes all use the same exit interface or next-hop IP address.

FLOATING STATIC ROUTE

Floating static routes are static routes that are used to provide a backup path to a primary static or dynamic route, in
the event of a link failure.

the floating static route is configured with a higher administrative distance than the primary route.
TROUBLESHOOTING COMMANDS
FOR ROUTES
ommon IOS troubleshooting commands include:

 Ping displays the result of an extended ping from the source interface

 Traceroute displays the result of a traceroute

 show ip route displays the routing table

 show ip interface brief provides a quick status of all interfaces on the router.

 show cdp neighbors detail provides a list of directly connected Cisco devices. Validates layer 2 and layer 1
connectivity

SWITCHING

WHAT IS A SWITCH?
A network switch is a computer networking device that connects devices together on a computer network
by using packet switching to receive, process, and forward data to the destination device

CISCO Switches uses ASIC

WHAT IS ASIC?
ASIC (application-specific integrated circuit) is a microchip designed for a special
application, such as a particular kind of transmission protocol or a hand-held computer

IN A SWITCHED NETWORK EXPLAIN WHAT CISCO BORDERLESS NETWORK

ARCHITECTURE IS

Cisco Borderless Network architecture enables different elements, from access switches to wireless access points, to
work together and allow users to access resources from any place at any time.
Traditional three-layer hierarchical
design model
divides the network into core, distribution, and access layers, and allows each portion of the network to be optimized
for specific functionality.

provides modularity, resiliency, and flexibility,

allows network designers to overlay security, mobility, and unified communication features.

Borderless switched network design

guidelines
 Hierarchical - Facilitates understanding the role of each device at every tier, simplifies deployment, operation,
and management, and reduces fault domains at every tier

 Modularity - Allows seamless network expansion and integrated service enablement on an on-demand basis

 Resiliency - Satisfies user expectations for keeping the network always on

 Flexibility - Allows intelligent traffic load sharing by using all network resources

Access Layer

 The access layer represents the network edge,

 traffic enters or exits the campus network.
 primary function of an access layer switch is to provide network access to the user.

Access layer switches connect to distribution layer switches, which implement network foundation technologies such
as routing, quality of service, and security.

Distribution Layer

 Aggregating large-scale wiring closet networks

 Aggregating Layer 2 broadcast domains and Layer 3 routing boundaries

 Providing intelligent switching, routing, and network access policy functions to access the rest of the network

 Providing high availability through redundant distribution layer switches to the end-user and equal cost paths to
the core

 Providing differentiated services to various classes of service applications at the edge of the network
The distribution layer interfaces between the access layer and the core layer to provide many important functions,
including:

Core Layer

The network backbone.

connects several layers of the network

HOW DO SWITCHES FORWARD A

FRAME?
The source MAC address from incoming frames builds the MAC address table in content-addressable memory
(CAM).

If the destination MAC address is contained in this table

the frame is forwarded only to the specific destination port.

If the destination MAC is not found in the MAC address table, the frames are flooded out all ports.Except the one on
which the frame was received.

SWITCH FORWARDING METHODS

store-and-forward

 reads the entire frame into a buffer and checks the CRC before forwarding the frame.
 cyclic redundancy check (CRC) is an error-detecting code commonly used in digital
networks and storage devices to detect accidental changes to raw data.

cut-through

 only reads the first portion of the frame and starts forwarding it as soon as the destination address is read.
 Fast but no error checking

Switches attempt to autonegotiate full-duplex communication by default

Switch ports do not block broadcasts and connecting switches together can extend the size of the broadcast domain,
often resulting in degraded network performance.

BROADCAST DOMAINS

A collection of interconnected switches forms a single broadcast domain.

Only a network layer device, such as a router, can divide a Layer 2 broadcast domain and a collision domain.
COLLISION DOMAINS

The network segments that share the same bandwidth between devices are known as collision domains.

SWITCH CONFIGURATION

Cisco LAN switch is first powered on it goes through the following boot sequence:

1. First, the switch loads a power-on self-test (POST) program stored in ROM.

It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system.

2. boot loader, a small program stored in ROM and is run immediately after POST successfully
completes.
3. The boot loader initializes the CPU registers, which control where physical memory is mapped, the
quantity of memory, and its speed
4. Boot loader, initializes the flash file system
5. Boot loader, loads the IOS into the memory

SWITCH LED INDICATORS

 PORT STATUS
 DUPLEX
 SPEED

SWITCH CONFIGURATION

An IP address is configured on the SVI of the management VLAN to allow for remote configuration of the device.

A default gateway belonging to the management VLAN must be configured on the switch using the ip default-
gateway command

If no gateway remote is not possible

SSH is recommended for remote management

SWITCH PORT SECURITY

Prevents MAC Address flooding

switch is fed many Ethernet frames, each containing different source MAC addresses, by the
attacker.

DHCP Spoofing
DHCP spoofing occurs when an attacker attempts to respond to DHCP requests and trying to
list themselves (spoofs) as the default gateway or DNS server

Protect – when it reaches the limit allowed on the port, packets with unknown source addresses are dropped until it
is increased

There is no notification that a security violation has occurred.

Restrict – When it reaches the limit allowed on the port, packets with unknown source addresses are dropped until it
is increased

In this mode, there is a notification that a security violation has occurred.

Shutdown - (default) a port security violation causes the interface to immediately become error-disabled and turns off
the port LED.

It increments the violation counter.

A secure port in the error-disabled state, can be brought out of this state by entering the shutdown interface then no
shutdown again

VLANs
VLANs are based on logical connections, instead of physical connections.
A mechanism that allows network administrators to create logical broadcast domains that can span across a single
switch or multiple switches, regardless of physical proximity.

Used to reduce the size of broadcast domains

Allow groups or users to be logically grouped, without the need to be physically located in the same place.

here are several types of VLANs:

 Default VLAN or native (Always 1) not tagged on a trunk

 Management VLAN a good practice used to manage switches remotely separated from other vlan traffic

 User/Data VLANs carry user-generated traffic.

 Voice VLAN enhance VoIP service by configuring ports to carry IP voice traffic from IP
phones on a specific VLAN.

SHOW COMMANDS

Show vlan command to check whether the port belongs to the expected VLAN.

Show mac address-table check which addresses were learned on a particular port of the switch and to which
VLAN that port is assigned.

A port on a switch is either an access port or a trunk port.

Access ports carry traffic from a specific VLAN assigned to the port

A trunk port by default is a member of all VLANs; therefore, it carries traffic for all VLANs.

ACLs
ACL stops traffic or permit only specified traffic on their networks.

An ACL is a series of IOS commands that control whether a router forwards or drops packets based on information
found in the packet header.

An ACL is a sequential list of permit or deny statements, known as access control entries (ACEs)

Most common feature used

ACL can:

 Limit network traffic to increase network performance.

 Provide traffic flow control.
 Provide a basic level of security for network access.
 Filter traffic based on traffic type.
 ACLs can permit or deny a user to access file types, such as FTP or HTTP.
By default routers are not configured with ACL

Packet filtering occurs in layer 3 (Network) and 4 (Transport)

ACL Operation
Inbound ACLs - Incoming packets are processed before they are routed to the outbound interface.

Outbound ACLs - Incoming packets are routed to the outbound interface, and then they are processed through the
outbound ACL.

Each interface would have four ACLs; two ACLs for IPv4 and two ACLs for IPv6.

Types of access list

 Standard Traffic is filtered based on source address of the IP packet.

 Extended Traffic can be filtered based on source address as well as destination address and other
filed in IP header including source and destination protocol and port number, ToS and IP
Precedence bits and TCP flags, TTL value

Numbered and named ACL

 Numbered standard ACLs range 1-to-99 and 1300-to-1999
 extended ACL ranges from 100-to-199 and 2000-to-2699

Where to place ACLS

Extended ACLs

 locate extended ACLs as close as possible to the source of the traffic to be filtered.

Standard ACLs

 Because standard ACLs do not specify destination addresses, place them as close to the destination as
possible.

ACL RULE
 Only one ACL per interface, per protocol, per direction is allowed
 Inbound packets are always processed by an ACL (if applied) before being routed.
 Outbound packets are routed before processed by an ACL (if applied)
  ACLs are processed in sequential order, therefore most specific traffic match must occur in the
beginning of the ACL

ACL BEST PRACTICES

DHCP
There are two methods available for the dynamic configuration of IPv6 global unicast addresses.

 Stateless Address Autoconfiguration (SLAAC)

 Dynamic Host Configuration Protocol for IPv6 (Stateful DHCPv6)

If the DHCP server is located on a different network segment than the DHCP client then it is necessary to configure a
relay agent

The relay agent forwards specific broadcast or multicast messages, including DHCP messages, originating from a
host on a LAN segment and destined for a specific server located on a different LAN segment.

NAT
Network address translation is a method of remapping one IP address space into another by modifying
network address information in Internet Protocol datagram packet headers while they are in transit across
a traffic routing device.
 NAT for IPv4 allows network administrators to use RFC 1918 private address space while providing connectivity to
the Internet, using a single or limited number of public addresses.

RFC 1918
 RFC 1918 is used to create the standards by which networking equipment assigns IP addresses in a private
network.
 Reserves the following ranges of IP addresses that cannot be routed on the Internet: 10.0.0.0 -
10.255.255.255 (10/8 prefix)

NAT and PAT can be implemented to conserve public address space without affecting the ISP connection.

Different types of NAT

static NAT useful when a network device inside a private network needs to be accessible
from internet.

dynamic NAT can

be defined as mapping of a private IP address to a public IP address
from a group of public IP addresses called as NAT pool.

PAT Port Address Translation (PAT) an extension to network address translation (NAT) that
permits multiple devices on a local area network (LAN) to be mapped to a single public IP
address.

DEVICE DISCOVERY, MANAGEMENT AND MAITENACE

CDP CISCO Discovery Protocol

 Cisco proprietary protocol for network discovery on the data link layer.
 It can share information such as device names and IOS versions, with other physically connected Cisco
devices.

LLDP Link Layer Discovery Protocol

 vendor-neutral protocol on the data link layer for network discovery.

Network devices advertise information, such as their identities and capabilities to their neighbors.

NTP Network Time Protocol

 networking protocol for clock synchronization between computer systems over packet-switched, variable-
latency data networks.
  This allows networking devices to agree on the time a specific event occurred, such as the lose of
connectivity between a router and a switch.
 Syslog messages can be trapped and sent to a syslog server

Device Maintenance

backing up

restoring

upgrading IOS images and configuration files.