Beruflich Dokumente
Kultur Dokumente
Application Upper
Presentation Upper
OSI Layers
OSI Layer Purpose Examples
TCP/IP Layers
Protocol OSI Reference Function
IP Protocols
Protocol Purpose
Internet Control
Message Protocol Provides control and feedback messages between IP devices.
(ICMP)
Address Resolution Using a destination IP address, ARP resolves or discovers the appropriate destination MAC
Protocol (ARP) (layer 2) address to use. Map a Layer 3 address to a Layer 2 address.
Reverse Address Using a source MAC address, RARP retrieves an IP address form the RARP Server. Map
Resolution Protocol sources Layer 2 address to a Layer 3 address. RARP is an early form of BOOTP and
(RARP) DHCP.
IP Addresses
First Number of Number of Number of
Numerical Number of
Class Binary Hosts per Network Hosts
Range Networks
Bits Network Octets Octets
A 0xxx 1 – 126* 126 16.5 million 1 (N.H.H.H) 3
6 Steps to Subnetting
Step Rule What is learned
1 Divide VLSM notation (CIDR) by 8 What octet to work with
2 Plug remainder into subnet chart Multiplier and subnet
3 Plug working octet into chart and do ANDing Base address
4 Add Multiplier to base address and subtract 1 Broadcast Address
5 Use remainder and use as exponent for (2n-2) Number of Networks
6 Take remainder and subtract from 8, take that number for (2h-2) Number of Host
Subnetting Chart
Definitions Number of BITS
Exponents 7 6 5 4 3 2 1 0
Subnet mask 192 224 240 248 252 254 255
128 64 32 16 8 4 2 1
Possible Subnet Mask Values for One Octet
Decimal Mask Binary Mask Network Bits Host Bits
0 00000000 0 8
128 10000000 1 7
192 11000000 2 6
224 11100000 3 5
240 11110000 4 4
248 11111000 5 3
252 11111100 6 2
254 11111110 7 1
255 11111111 8 0
Port Numbers
Well-known port numbers are 1 – 1023 (typically used for well-known applications), random port numbers are 1024 and
above (typically random numbers are used by the client in a client/server application).
Examines destination MAC address and makes filtering/forwarding decisions based on it.
Bridge Unknown, Broadcast, and Multicast frames are flooded out all ports except the originator. Each
port of a bridge is a collision domain.
Examines destination MAC address and makes filtering/forwarding decisions based on it.
Unknown, Broadcast, and Multicast frames are flooded out all ports within that VLAN except the
Switch originator. Each port of a switch is a collision domain. Each VLAN is a broadcast domain. Benefits
include simplifying moves, adds, and changes, reducing administrative costs, controlling
broadcasts, tightened security, load distribution, and moving servers into a secure location.
Examines destination network (logical – layer3) address and makes filtering/forwarding decisions
Router based on it. Unknown and broadcast frames are discarded. Each port of a router is both a collision
and broadcast domain.
Comparison of Bridges and Switches
Bridges Switches
Software Based Hardware-based (port-level ASICs)
Relatively Slow Comparatively fast
One STP per Bridge Possibly many STPs per switch (possibly one per VLAN)
Typically up to 16 Ports Possibly hundreds of ports
Address Dynamically learns MAC addresses that arrive in the switch by reading the sources MAC
address of each arriving frame. If this address is not in the current MAC table, and there is
Learning enough space to store it, the address and the inbound port are stored.
Compare the destination MAC address of the arriving frame to the dynamically-learned MAC
table. If the address is in the table only forward the frame out the port specified in the table,
Forward/Filter thus filtering it from other ports. If the MAC address is not in the MAC table (unknown MAC
address) or it is a broadcast or multicast frame, the frame is flooded out every other port
except the one it arrived from.
Since the default behavior of a switch is to forward unknown unicast, broadcast, and
Loop multicast frames, it is possible for one frame to Loop endlessly through a redundant (multiple
Avoidance path) network. Thus the Spanning Tree Protocol (STP) is turned on to discourage loops in a
redundant switch network.
The BPDU carries the Bridge ID and the Root ID Each bridge/switch has a unique Bridge ID,
which is the priority (or priority and extend system ID) followed by the base MAC address of the
bridge/switch. Only the priority (or priority and extend system ID) can be modified.
The device with the lowest Bridge ID becomes the Root. Only the Root is allowed to send BPDUs.
Initially, prior to receiving any BPDUs from other devices, every bridge/switch thinks it is the
Root, and thus sends a BPDU to every other Bridge/switch. This always occurs when a new
802.1d Spanning Tree Protocol (STP)
ROM IOS subset (RxBoot) (only if the hardware supports it ROM Monitor (ROMMON)
Compressed IOS (non-compressed if 2500 series) Binary file storage capabilities (if enough
Flash
space)
PCMCIA Like Flash, some machines have multiple PCMCIA slots available
Share I/O I/O buffer for interfaces
Operating Modes
Mode Prompt Sample Functions
• Read-only privileges
User Router> • Examine Interface status
• Examine router status
Example:
Example:
Configuration Router(config)#
Router# configure terminal
Router(config)#
Some Miscellaneous IOS Commands
Function Mode Syntax
Configure a Banner Config Router(config)# banner motd # banner #
Display the contents of Flash memory User of Privileged Router> show flash
Save the active configuration to NVRAM Privileged Router# copy running-config startup-config
Restore the backup configuration to RAM Privileged Router# copy startup-config running-config
Save the active configuration to a TFTP
Privileged Router# copy running-config tftp
Server
Restore a configuration file from a TFTP
Privileged Router# copy tftp running-config
Server
Write the current IOS out to a TFTP Server Privileged Router# copy flash tftp
Load a different IOS into the router Privileged Router# copy tftp flash
Erase the backup configuration from NVRAM Privileged Router# erase startup-config
Boot using a different IOS in Flash Config Router(config)# boot system flash filename
Display directly-connected Cisco neighbors User or Privileged Router> show cdp neighbor
Display the command history buffer User or Privileged Router> show history
Configure the length of the history buffer Privileged Router# terminal history size line-count
Display the current IOS, router run-time,
User or Privileged Router> show version
amount of memory, and interfaces installed
Router(config-line)# exec-timeout minutes
Configure logout delay Line Config
seconds
Configure clocking on a DCE interface Interface Config Router(config-if)# clock rate bps-value
Encrypting Service
N/A Router(config)# service-password encrypt
Passwords
• exit-interface is the network in question -either the next-hop or exit-interface are used, but not both
Example:
Example 1:
Router# configure terminal
Router(config)# router rip
Router(config-router)# network 172.16.0.0
Router(config-router)# network 192.168.20.0
Example 2:
Router(config)# router OSPF 100
Router(config-router)# network 172.16.0.0 0.0.255.255 area 0
Router(config-router)# network 192.168.20.0 0.0.0.255 area 0
Types of Routing Protocol
Type Description
Class Description
• Maintains a vector (direction and distance) to each network in the routing table
• Typically sends periodic (update interval) routing updates
• Typically sends entire routing table during update cycle
• Routing updates are processed and then resent by each router, thus the updates are second-hand
information (routing by rumor)
Distance Vector
• Typically prone to routing loops (disagreement between routers) and count to infinity (routing metrics
continue to accumulate indefinitely)
• Solutions to these problems include:
Spilt Horizon – do not send updates back to where they came from
– eliminates back-to-back router loops
Define a maximum metric – eliminates count to infinity problem
Route poisoning – set the advertised metric to the maximum value on routes that have gone down
Poison reverse – overrides split horizon by informing the source of a route that it has gone down
Hold-down timers – eliminates long-distance loops by ignoring updates about “possibly down” routes
that have metrics worse than the current metric
Triggered updates – send an individual update immediately when a route is thought to be down,
rather than wait for the periodic update timer (also called flash updates)
• Maintains a complete topological map (database) of entire network, separate from the routing table
(forwarding table)
• Sends updates only when necessary
• Only sends information that has changed, not the entire database
Link State
• Does not send information from the routing table, but rather from the database
• The initial routing update is sent to every link state router in the network (flooding) via a multicast IP
address, not a processed copy as with distance vector protocols
• Routing table is individually calculated on each router from its database. This process is called
Shortest Path First or SPF
• The database typically requires as much memory as the routing table
• When SPF runs, it is CPU intensive
• Uses “hello” packets to maintain a database of link state neighbors throughout the network
Examples of Routing Protocols
DV Internal
Protocol or or Characteristics
LS External
• Sends periodic updates every 30 seconds by default
• Sends the entire routing table out every interface, minus the routes
Routing learned from that interface (split horizon)
• Uses hop count as a metric
Information DV Internal
• Has a maximum reachable hop count of 15 (16 is the defined
Protocol (RIP) maximum)
• Sends updates out as a broadcast (RIP V1)
• RIP V2 uses a multicast address of 244.0.0.10
• Source IP address
• Destination IP address
• Source protocol number
100 – 199
Extended • Destination protocol Close to the source
2000 – 2699
number
• Source port number
• Destination port number
Wildcard Masks
Mask Match Don’t Care Example
0.0.0.0 Every octet N/A 172.16.10.1 = 172.16.10.1
0.0.0.255 First three octets Last octet 172.16.10.1 = 172.16.10.0
0.0.255.255 First two octets Last two octets 172.16.10.1 = 172.16.0.0
0.255.255.255 First octet Last three octet 172.16.10.1 = 172.0.0.0
255.255.255.255 N/A Every octet 172.16.10.1 = 0.0.0.0
• Each site only uses one physical connection into the provider’s network, however there
may be multiple virtual circuits to various destinations
• Typically less expensive than leased lines, because you are mixing various data streams
Packet Switching across a single link
• Used when a dedicated connection is needed, but cost savings is important
• Examples – Frame Relay, X.25
• Each site only uses one physical connection into the provider’s network, however there
may be multiple virtual circuits to various destinations
• Typically less expensive than leased lines, because you are mixing various data streams
Cell Switching across a single link
• Uses fixed-size packets called cells to achieve faster and more predicable transport
through the network
• Examples – ATM, SMDS
• The line between the customer site and the provider network
Demarcation Point
• Inside of the demarc is the CPE
(Demarc)
• Outside of the demarc is the local loop
Terminal Endpoint 1 (TE-1) A devices that has an ISDN interface, such as a router
A device that does not have any ISDN interfaces and requires a TA to access the
Terminal Endpoint 2 (TE-2)
ISDN network, such as a PC
• network is the other side of the ISDN cloud, since there is no dynamic
Create a static route config
routing protocol running across the ISDN network
• mask is the subnet mask to specify the distant network
• destination-IP is the IP address of the BRI interface of the remote site
Router(config)# dialer-list number protocol protocol permit
Create a dialer list config
• number can be from 1 – 10
• protocol can be any protocol, such as IP or IPX
Assign SPID numbers interface config • spid-number is the logical circuit ID assigned by the ISDN provider
• there might be two SPID numbers, thus the second one would be
referenced as “spid2”
Router(config-if)# dialer-group number
Reference the dialer
interface config
list
• number is the dialer list created earlier
Router(config-if)# dialer map protocol destination-ip dial-number
Create a map to point • protocol is the protocol being mapped across the ISND cloud, such as IP
to and dial the remote interface config or IPX
site • destination-IP is the IP address of the BRI port on the other side of the
ISDN cloud, specified by the static route
• dial-number is the ISDN phone number of the remote site
Frame Relay Terms
Term Definition
Connection rate between a frame relay site and the frame relay provider. Many virtual
Local Access Rate
circuits run across a single access point.
Logical connection between two end points
• Permanent Virtual Circuit (PVC) – the circuit is always available, and the bandwidth for
Virtual Circuit the circuit is always allocated
• Switched Virtual Circuit (SVC) – the circuit is built when needed, and the bandwidth is
returned when the circuit is closed
Data Link Connection The local reference to one end of a virtual circuit. The DLCI numbers are assigned by the
Identifier (DLCI) frame relay providers.
Committed Information The maximum allowed bandwidth through the PVC from one end to the other. Each PVC
Rate (CIR) can have a unique CIR.
Inverse Address
The process of a frame relay device, such as a router, discovering the network-layer
Resolution Protocol
information about the devices at the other end of the PVCs.
(IARP)
Local Management Signaling between the frame relay device (the router) and the frame relay switch (the
Interface (LMI) provider). LMI does not travel across the entire PVC from one end to the other.
specify the LMI type interface config • lmi-type can be Cisco, ansi, or q933a
• this command is normally not needed, as the router will automatically
sense the LMI type if configured by the provider
Router(config-if)# frame-relay interface-dlci local-dlci
• local-dlci is the DLCI number of the PVC that terminates on this interface.
assign the local DLCI interface config
There can be more than on DLCI on an interface.
• this command is not needed with a major interface, since the router will
automatically retrieve the DLCIs from the frame relay switch.
• protocol is the protocol being mapped across the frame relay cloud, such
as IP or IPX
create a static map interface config • destination-IP is the IP address of the frame relay interface at the other
end of the PVC
• local-DLCI is the local DLCI needed to access the remote site
• this command is not needed if inverse-ARP is properly configured, and
the interface-dlci command is used