Beruflich Dokumente
Kultur Dokumente
When a packet arrives on a router interface, the router uses its routing table to determine how to reach the
destination network.
A router is essentially a specialized computer. It requires a CPU and memory to temporarily and permanently store
data to execute operating system instructions, such as system initialization, routing functions, and switching
functions.
Composed of:
Unlike a computer, a router does not have video adapters or sound card adapters. Instead, routers have specialized
ports and network interface cards to interconnect devices to other networks.
When a router receives an IP packet on one interface, it determines which interface to use to forward the packet to
the destination. The interface that the router uses to forward the packet may be the final destination, or it may be a
network connected to another router that is used to reach the destination network.
Packet Forwarding
Process switching (old)
it is forwarded to the control plane where the CPU matches the destination address with an entry in its routing table,
stores previous cache, and re-uses the same without using the CPU
FIB contains pre-computed reverse lookups, next hop info for routes and layer 2 info.
Process switching solves a problem by doing math long hand, even if it is the identical problem.
Fast switching solves a problem by doing math long hand one time and remembering the answer for
subsequent identical problems.
WHAT IS ROUTING?
Routing is the process of selecting a path for traffic in a network, or between or across multiple networks.
CHAPTER 1 SUMMARY
PURPOSE OF A ROUTER
The main purpose of a router is to connect multiple networks and forward packets from one network to the
next. This means that a router typically has multiple interfaces. Each interface is a member or host on a
different IP network.
CISCO IOS
Cisco IOS uses what is known as the administrative distance (AD) to determine the route to install into the
IP routing table.
The routing table includes network addresses for its own interfaces
A remote network is a network that can only be reached by forwarding the packet to another router.
speed up the lookup process when locating routes and forwarding packets.
Components of the IPv6 routing table are very similar to the IPv4 routing table
ADMINISTRATIVE DISTANCE
the administrative distance (AD) value is a measure of the preference of route sources.
Route sources with low AD values are preferred over routes sources with higher AD values.
DEFAULT ROUTE
A default route is a route that matches all packets and is used by the router if a packet does not match any other,
more specific route in the routing table.
Uses:
Multiple static routes can be summarized into a single static route if:
The destination networks are contiguous and can be summarized into a single network address.
The multiple static routes all use the same exit interface or next-hop IP address.
the floating static route is configured with a higher administrative distance than the primary route.
TROUBLESHOOTING COMMANDS
FOR ROUTES
ommon IOS troubleshooting commands include:
Ping displays the result of an extended ping from the source interface
show ip interface brief provides a quick status of all interfaces on the router.
show cdp neighbors detail provides a list of directly connected Cisco devices. Validates layer 2 and layer 1
connectivity
SWITCHING
WHAT IS A SWITCH?
A network switch is a computer networking device that connects devices together on a computer network
by using packet switching to receive, process, and forward data to the destination device
WHAT IS ASIC?
ASIC (application-specific integrated circuit) is a microchip designed for a special
application, such as a particular kind of transmission protocol or a hand-held computer
Cisco Borderless Network architecture enables different elements, from access switches to wireless access points, to
work together and allow users to access resources from any place at any time.
Traditional three-layer hierarchical
design model
divides the network into core, distribution, and access layers, and allows each portion of the network to be optimized
for specific functionality.
allows network designers to overlay security, mobility, and unified communication features.
Modularity - Allows seamless network expansion and integrated service enablement on an on-demand basis
Flexibility - Allows intelligent traffic load sharing by using all network resources
Access Layer
Access layer switches connect to distribution layer switches, which implement network foundation technologies such
as routing, quality of service, and security.
Distribution Layer
Providing intelligent switching, routing, and network access policy functions to access the rest of the network
Providing high availability through redundant distribution layer switches to the end-user and equal cost paths to
the core
Providing differentiated services to various classes of service applications at the edge of the network
The distribution layer interfaces between the access layer and the core layer to provide many important functions,
including:
Core Layer
If the destination MAC is not found in the MAC address table, the frames are flooded out all ports.Except the one on
which the frame was received.
reads the entire frame into a buffer and checks the CRC before forwarding the frame.
cyclic redundancy check (CRC) is an error-detecting code commonly used in digital
networks and storage devices to detect accidental changes to raw data.
cut-through
only reads the first portion of the frame and starts forwarding it as soon as the destination address is read.
Fast but no error checking
Switch ports do not block broadcasts and connecting switches together can extend the size of the broadcast domain,
often resulting in degraded network performance.
BROADCAST DOMAINS
Only a network layer device, such as a router, can divide a Layer 2 broadcast domain and a collision domain.
COLLISION DOMAINS
The network segments that share the same bandwidth between devices are known as collision domains.
SWITCH CONFIGURATION
Cisco LAN switch is first powered on it goes through the following boot sequence:
1. First, the switch loads a power-on self-test (POST) program stored in ROM.
It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system.
2. boot loader, a small program stored in ROM and is run immediately after POST successfully
completes.
3. The boot loader initializes the CPU registers, which control where physical memory is mapped, the
quantity of memory, and its speed
4. Boot loader, initializes the flash file system
5. Boot loader, loads the IOS into the memory
PORT STATUS
DUPLEX
SPEED
SWITCH CONFIGURATION
An IP address is configured on the SVI of the management VLAN to allow for remote configuration of the device.
A default gateway belonging to the management VLAN must be configured on the switch using the ip default-
gateway command
switch is fed many Ethernet frames, each containing different source MAC addresses, by the
attacker.
DHCP Spoofing
DHCP spoofing occurs when an attacker attempts to respond to DHCP requests and trying to
list themselves (spoofs) as the default gateway or DNS server
Protect – when it reaches the limit allowed on the port, packets with unknown source addresses are dropped until it
is increased
Restrict – When it reaches the limit allowed on the port, packets with unknown source addresses are dropped until it
is increased
Shutdown - (default) a port security violation causes the interface to immediately become error-disabled and turns off
the port LED.
A secure port in the error-disabled state, can be brought out of this state by entering the shutdown interface then no
shutdown again
VLANs
VLANs are based on logical connections, instead of physical connections.
A mechanism that allows network administrators to create logical broadcast domains that can span across a single
switch or multiple switches, regardless of physical proximity.
Allow groups or users to be logically grouped, without the need to be physically located in the same place.
Management VLAN a good practice used to manage switches remotely separated from other vlan traffic
Voice VLAN enhance VoIP service by configuring ports to carry IP voice traffic from IP
phones on a specific VLAN.
SHOW COMMANDS
Show vlan command to check whether the port belongs to the expected VLAN.
Show mac address-table check which addresses were learned on a particular port of the switch and to which
VLAN that port is assigned.
Access ports carry traffic from a specific VLAN assigned to the port
A trunk port by default is a member of all VLANs; therefore, it carries traffic for all VLANs.
ACLs
ACL stops traffic or permit only specified traffic on their networks.
An ACL is a series of IOS commands that control whether a router forwards or drops packets based on information
found in the packet header.
An ACL is a sequential list of permit or deny statements, known as access control entries (ACEs)
ACL can:
ACL Operation
Inbound ACLs - Incoming packets are processed before they are routed to the outbound interface.
Outbound ACLs - Incoming packets are routed to the outbound interface, and then they are processed through the
outbound ACL.
Each interface would have four ACLs; two ACLs for IPv4 and two ACLs for IPv6.
locate extended ACLs as close as possible to the source of the traffic to be filtered.
Standard ACLs
Because standard ACLs do not specify destination addresses, place them as close to the destination as
possible.
ACL RULE
Only one ACL per interface, per protocol, per direction is allowed
Inbound packets are always processed by an ACL (if applied) before being routed.
Outbound packets are routed before processed by an ACL (if applied)
ACLs are processed in sequential order, therefore most specific traffic match must occur in the
beginning of the ACL
DHCP
There are two methods available for the dynamic configuration of IPv6 global unicast addresses.
If the DHCP server is located on a different network segment than the DHCP client then it is necessary to configure a
relay agent
The relay agent forwards specific broadcast or multicast messages, including DHCP messages, originating from a
host on a LAN segment and destined for a specific server located on a different LAN segment.
NAT
Network address translation is a method of remapping one IP address space into another by modifying
network address information in Internet Protocol datagram packet headers while they are in transit across
a traffic routing device.
NAT for IPv4 allows network administrators to use RFC 1918 private address space while providing connectivity to
the Internet, using a single or limited number of public addresses.
RFC 1918
RFC 1918 is used to create the standards by which networking equipment assigns IP addresses in a private
network.
Reserves the following ranges of IP addresses that cannot be routed on the Internet: 10.0.0.0 -
10.255.255.255 (10/8 prefix)
NAT and PAT can be implemented to conserve public address space without affecting the ISP connection.
static NAT useful when a network device inside a private network needs to be accessible
from internet.
PAT Port Address Translation (PAT) an extension to network address translation (NAT) that
permits multiple devices on a local area network (LAN) to be mapped to a single public IP
address.
Cisco proprietary protocol for network discovery on the data link layer.
It can share information such as device names and IOS versions, with other physically connected Cisco
devices.
Network devices advertise information, such as their identities and capabilities to their neighbors.
networking protocol for clock synchronization between computer systems over packet-switched, variable-
latency data networks.
This allows networking devices to agree on the time a specific event occurred, such as the lose of
connectivity between a router and a switch.
Syslog messages can be trapped and sent to a syslog server
Device Maintenance
backing up
restoring