IOS Commands

Privileged Mode
   enable - get to privileged mode
   disable - get to user mode
   enable password <password_here> - sets privileged mode password
   enable secret <password_here> - sets encrypted privileged mode password

Setting Passwords
   enable secret <password_here> - set encrypted password for privilegedaccess
   enable password <password_here> - set password for privileged access (used when there is no
enable secret and when using older software)
Set password for console access:
   (config)#line console 0
   (config-line)#login 
   (config-line)#password <password_here>
Set password for virtual terminal (telnet) access (password must be set to access router through
telnet):
    (config)#line vty 0 4 
    (config-line)#login 
    (config-line)#password <password_here> 
Set password for auxiliary (modem) access:
    (config)#line aux 0
    (config-line)#login 
    (config-line)#password <password_here>

Configuring the Router

   sh running-config - details the running configuration file (RAM)
   sh startup-config - displays the configuration stored in NVRAM
   setup - Will start the the automatic setup; the same as when you first boot the router
   config t - use to execute configuration commands from the terminal
   config mem - executes configuration commands stored in NVRAM; copies startup-config to
running-config
   config net - used to retrieve configuration info from a TFTP server
   copy running-config startup-config - copies saved config in running config (RAM) to NVRAM or
"write memory" for IOS under ver.11
   copy startup-config running-config - copies from non-volatile (NVRAM) to current running config
(RAM)
   boot system flash <filename_here> - tells router which IOS file in flash to boot from
   boot system tftp - tells router which IOS file on the tftp server to boot from
   boot system rom - tell router to boot from ROM at next boot
   copy flash tftp - Copies flash to tftp server
   copy tftp flash - Restores flash from tftp server
   copy run tftp - Copies the current running-config to tftp server
   copy tftp run - Restores the running-config from tftp server
General Commands
   no shutdown - (enables the interface)
   reload - restarts the router
   sh ver - Cisco IOS version, uptime of router, how the router started, where system was loaded from,
the interfaces the POST found, and the configuration register
   sh clock - shows date and time on router
   sh history - shows the history of your commands
   sh debug - shows all debugging that is currently enabled
   no debug all - turns off all debugging
   sh users - shows users connected to router
   sh protocols - shows which protocols are configured
   banner motd # Your_message # - Set/change banner
   hostname <router_name_here> - use to configure the hostname of the router
   clear counters  - clear interface counters

Processes & Statistics

   sh processes - shows active processes running on router
   sh process cpu - shows cpu statistics
   sh mem - shows memory statistics
   sh flash - describes the flash memory and displays the size of files and the amount of free flash
memory
   sh buffers - displays statistics for router buffer pools; shows the size of the Small, Middle, Big, Very
Big, Large and Huge Buffers
   sh stacks - shows reason for last reboot, monitors the stack use of processes and interrupts routines

CDP Commands (Cisco Discovery Protocol uses layer 2 multicast over a SNAP-capable link to send
data):
   sh cdp neighbor - shows directly connected neighbors
   sh cdp int - shows which interfaces are running CDP
   sh cdp int eth 0/0 - show CDP info for specific interface
   sh cdp entry <cdp_neighbor_here> - shows CDP neighbor detail
   cdp timer 120 - change how often CDP info is sent (default cdp timer is 60)
   cp holdtime 240 - how long to wait before removing a CDP neighbor (default CDP holdtime is 180)
   sh cdp run - shows if CDP turned on
   no cdp run - turns off CDP for entire router (global config)
   no cdp enable - turns off CDP on specific interface

Miscellaneous Commands
   sh controller t1  - shows status of T1 lines
   sh controller serial 1 - use to determine if DCE or DTE device
   (config-if)#clock rate 6400 - set clock on DCE (bits per second)
   (config-if)#bandwidth 64 - set bandwidth (kilobits)

IP Commands
Configure IP on an interface:
    int serial 0
    ip address 157.89.1.3 255.255.0.0
    int eth 0 
    ip address 2008.1.1.4 255.255.255.0
Other IP Commands:
    sh ip route - view ip routing table
    ip route <remote_network> <mask> <default_gateway> [administrative_distance] - configure a
static IP route
    ip route 0.0.0.0 0.0.0.0 <gateway_of_last_resort> - sets default gateway
    ip classless - use with static routing to allow packets destined for unrecognized subnets to use the
best possible route
    sh arp - view arp cache; shows MAC address of connected routers
    ip address 2.2.2.2 255.255.255.0 secondary - configure a 2nd ip address on an interface
    sh ip protocol
 IPX Commands

Enable IPX on router:

    ipx routing
Configure IPX + IPX-RIP on an int:
    int ser 0
    ipx network 4A
Other Commands:
    sh ipx route - shows IPX routing table
    sh ipx int e0 - shows ipx address on int
    sh ipx servers - shows SAP table
    sh ipx traffic - view traffic statistics
    debug ipx routing activity - debugs IPS RIP packets
    debug ipx sap - debugs SAP packets

Routing Protocols
Configure RIP:
    router rip
    network 157.89.0.0
    network 208.1.1.0
Other RIP Commands:
    debug ip rip - view RIP debugging info
Configure IGRP:
    router IGRP 200
    network 157.89.0.0
    network 208.1.1.0
Other IGRP Commands:
    debug ip igrp events - view IGRP debugging info
    debug ip igrp transactions - view IGRP debugging info

Access Lists
sh ip int ser 0 - use to view which IP access lists are applies to which int
sh ipx int ser 0 - use to view which IPX access lists are applies to which int
sh appletalk int ser 0 - use to view which AppleTalk access lists are applies to which int
View access lists:
    sh access-lists
    sh ip access-lists
    sh ipx access-lists
    sh appletalk access-lists
Apply standard IP access list to int eth 0:
    access-list 1 deny 200.1.1.0 0.0.0.255
    access-list 1 permit any
    int eth 0
    ip access-group 1 in
Apply Extended IP access list to int eth 0:
    access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23
    access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80
    int eth 0
    ip access-group 100 out
Apply Standard IPX access list to int eth 0:
    access-list 800 deny 7a 8000
    access-list 800 permit -1
    int eth 0
    ipx access-group 800 out
Apply Standard IPX access list to int eth 0:
    access-list 900 deny sap any 3378 -1
    access-list 900 permit sap any all -1
    int eth 0
    ipx access-group 900 out
 Wan Configurations

PPP Configuration
   encapsulation ppp
   ppp authentication <chap_or_pap_here>
   ppp chap hostname <routername_here>
   ppp pap sent-username <username_here>
   sh int ser 0 - use to view encapsulation on the interface

Frame-Relay Configuration
   encapsulation frame-relay ietf - use IETF when setting up a frame-relay network between a Cisco
router and a non-Cisco router
   frame-relay lmi-type ansi - LMI types are Cisco, ANSI, Q933A; Cisco is the default; LMI type is
auto-sensed in IOS v11.2 and up
   frame-relay map ip 3.3.3.3 100 broadcast - if inverse ARP won't work, map Other IP to Your
DLCI # (local)
   keepalive 10 - use to set keepalive
   sh int ser 0 - use to show DLCI, LMI, and encapsulation info
   sh frame-relay pvc - shows the configured DLCI's; shows PVC traffic stats
   sh frame-relay map - shows route maps
   sh frame-relay lmi - shows LMI info

Keyboard Shortcuts
   CTRL-P - show previous command
   CTRL-N - show next command
   SHIFT-CTRL-6 - Break 

Static and Dynamic Routing 

Static Routing - manually assigned by the Admin user entering the routes (Routed Protocols - IP, IPX
and AppleTalk)
Dynamic Routing - generated/determined by a Routing Protocol (Routing Protocols - RIP I, RIP II,
IGRP, EIGRP, OSPF, NLSP, RTMP)

Dynamic
1) With Dynamic Routing, routers pass information between each other so that routing tables are
regularly maintained. 
2) The routers then determine the correct paths packets should take to reach their destinations. 
3) Information is passed only between routers. 
4) A routing domain is called an Autonomous System, as it is a portion of the Internetwork under
common admin authority. 
5) Consists of routers that share information over the same protocol. Can be split into routing areas. 

 
 Distance Vector and Link-State Routing

Routing Protocols
I) Interior (within an autonomous system - AS - group of routers under the same administrative
authority) 
    a) Distance Vector - understands the direction and distance to any network connection on the
internetwork. Knows how 
    many hops (the metric) to get there. All routers w/in the internetwork listen for messages from other
routers, which are sent 
    every 30 to 90 seconds. They pass their entire routing tables. Uses hop count for measurement. 1)
Used in smaller networks 
    that are have fewer than 100 routers.  2) Easy to configure and use.  3) As routers increase in
number, you need to consider 
    CPU utilization, convergence time, and bandwidth utilization.  4) Convergence is due to routing
updates at set intervals.  5) When
    a router recognizes a change it updates the routing table and sends the whole table to all of its
neighbors. 
            1) RIP - 15 hop count max 
            2) IGRP - 255 hop count max, uses reliability factor (255 optimal), and bandwidth
            3) RTMP
    b) Link State - understands the entire network, and does not use secondhand information. Routers
exchange LSP?s (hello 
    packets). Each router builds a topographical view of the network, then uses SPF (shortest path first)
algorithm to determine the 
    best route. Changes in topology can be sent out immediately, so convergence can be quicker. Uses
Bandwidth, congestion for measurement; Dijkstra's algorithm;
    1) Maintains Topology Database.  2) Routers have formal neighbor relationship.  3) Exchanges LSA
(Link State Advertisement) or 
    hello packets with directly connected interfaces.  4) These are exchanged at short intervals (typically
10 sec).  5) Only new info is 
    exchanged.  6) Scales well, however link?state protocols are more complex. 7) Requires more
processing power, memory, and bandwidth.
            1) OSPF - decisions based on cost of route (metric limit of 65,535)
            2) EIGRP - hybrid protocol (both Distance-Vector and Link State), Cisco proprietary
            3) NLSP
            4) IS-IS
II) Exterior 
            1) EGP (Exterior Gateway Protocol) 
            2) BGP (Border Gateway Protocol) 

Routing Protocols used for each Routed Protocol

IP - RIP, IGRP, OSPF, IS-IS, EIGRP
IPX - IPX RIP, NLSP, EIGRP
AppleTalk - RTMP, AURP, EIGRP
 Problems with Routing Protocols
1) Routing Loops - occur when routing tables are not updated fast enough when one of the networks
becomes unreachable. Due to the slow convergence (updates of routing table between all routers),
some routers will end up with incorrect routing table and will broadcast that routing table to other
routers. This incorrect routing tables will cause packets to travel repeatedly in circles.
2) Counting to infinity - occurs when packets end up in a routing loop; hop count increases with every
pass through a router on the network
Solutions to Problems with Routing Protocols
1) Define the maximum number of hops - When the number of hops reaches this predefined value,
the distance is considered infinite, thus the network is considered unreachable. This does stop routing
loops, but only limit the time that packet can travel inside the loop.
2) Split horizon - The packets can not be sent back to the same interface that they originally came
from. During the updates, one router does not send updates to the router that it received the information
from.
3) Route poisoning - The router sets the cost/distance of routes that are unreachable to infinity.  Used
with hold-down timers
4) Triggered updates - The router sends updates of the routing table as soon as it detects changes in
the network.  Does not wait for the prescribed time to expire.
5) Hold-Downs - After the router detects  unreachable network, the routers waits for a specified time
before announcing that a network is unreachable. The router will also wait for a period of time before it
updates its routing table after it detects that another router came online (Router keeps an entry for the
network possibly down state, allowing time for other routers to re-compute for this topology change). 
Hold-downs can only partially prevent counting to infinity problem. Prevents routes from changing too
rapidly in order to determine if a link has really failed, or is back up

Encapsulation Types

  Encapsulation
802.2 sap
802.3 novell-ether
Ethernet II arpa (Internet Standard)
Snap snap

Wan Service Providers

1) Customer premises equipment (CPE) - Devices physically located at subscriber?s location;
examples: CSU/DSU, modem, wiring on the customer's location
2) Demarcation (or demarc) - The place where the CPE ends and the local loop portion of the service
begins. (Usually in the "phone closet"). 
3) Local loop - Cabling from the demarc into the WAN service provider?s central office; wiring from
customer's location to the nearest CO
4) Central Office switch (CO) - Switching facility that provides the nearest point of presence for the
provider?s WAN service; location of telephone company's equipment where the phone line connects to
the high speed line (trunk); Regional Telco Office where the local loop terminates (the Telco location
nearest you)
5) Toll network - The switches and facilities, (trunks), inside the WAN provider?s "cloud." 

DTE - the router side and receive clocking

DCE - the CSU/DSU side and provide clocking
 WAN Devices

Routers - Offer both internetwork and WAN interface controls

ATM Switches - High-speed cell switching between both LANs and WANs
X.25 and Frame-Relay Switches - Connect private data over public circuits using digital signals
Modems - Connect private data over public telephone circuits using analog signals
CSU/DSU (Channel Service Units/Data Service Units) - Customer Premises Equipment (CPE)
which is used to terminate a digital circuit at the customer site
Communication Servers - Dial in/out servers that allow dialing in from remote locations and attach to
the LAN
Multiplexors - Device that allows more than one signal to be sent out simultaneously over one
physical circuit

ISDN

ISDN BRI (Basic Rate Interface) - 2 64K B channels, plus 1 16K D channel 
ISDN PRI (Primary Rate Interface) - 23 64K B channels, plus 1 64K D channel (North America &
Japan), 30 64K B channels, plus 1 64K D channel (Europe & Australia) 

Classful and Classless Protocols

Classful - summarizes routing info by major network numbers; ex. RIP, IGRP
Classless - BGP, OSPF

Administrative Distances for IP Routes

Administrative Distances are configured using ip route command:

Example: ip route 154.4.55.0 255.255.255.0 195.23.55.1 85  (where 85 is the administrative distance)

IP Route Administrative Distance

Directly connected interface 0

Static route using connected interface 0

Static route using IP address 1

EIGRP summary route 5

External BGP route 20

Internal EIGRP route 90

IGRP route 100

OSPF route 110

IS-IS route 115

RIP route 120

EGP route 140

External EIGRP route 170

Internal BGP route 200

Route of unknown origin 255

Switching Terminology
Store-and-Forward ? copies entire frame into buffer, checks for CRC errors before forwarding.
Higher latency. 
Cut-Through ? reads only the destination address into buffer, and forwards immediately; Low latency;
"wire-speed"
Fragment free ? modified form of cut-through; switch will read into the first 64 bytes before
forwarding the frame. Collisions will usually occur within the first 64 bytes. (default for 1900 series).

Access Lists

1-99 IP Standard Access List

100-199 IP Extended Access List
200-299 Protocol Type-code Access List
300-399 DECnet Access List
600-699 Appletalk Access List
700-799 48-bit MAC Address Access List
800-899 IPX Standard Access List
900-999 IPX Extended Access List
1000-1099 IPX SAP Access List
1100-1199 Extended 48-bit MAC Address Access List
1200-1299 IPX Summary Address Access List

Access
Filters Wildcard Masks Additional Notes
List

Standard Source IP address To put simply, when Wildcard mask examples: 0.0.0.0=entire
IP field in the packet's the IP is broken down address must match. 0.255.255.255=only
IP header to binary, the 1's allow the first octet must match, the rest will
everything and the 0's allow everything.
 must match exactly. 255.255.255.255=allow everything

Source IP or
Destination IP, or The key word ANY implies any IP value
Extended
TCP or UDP Source Same as standard is allowed, the keyword HOST implies
IP
or Destination Ports, the IP exactly has to match
or Protocol

Packets sent by
Configured as a
Standard clients and servers, -1 means any and all network numbers
hexadecimal number
IPX and SAP updates sent ( works like ANY)
instead of binary
by servers and routers

Source Network or
Match multiple
Node, or Destination
Extended networks with one The most practical use of the protocol
Network or Node, or
IPX statement, again in type is for NetBIOS
IPX Protocol, or IPX
hexadecimal
Socket, or SAP

Sent and received Updates its own SAP tables. Again uses
SAP N/A
SAP traffic -1 to mean "ANY"

Troubleshooting Tools:

Ping Results

! success
, timeout
U destination unreachable
? unknown packet type
& TTL exceeded

Traceroute Results

!H router rec'd, but didn't forward because of access-list

P protocol unreachable
N network unreachable
U port unreachable
, timeout

Accessing Router with Terminal Emulation

Using HyperTerminal on a Windows machine adjust the following settings:
    VT100 Emulation
    Connection Speed: 9600 Baud
    Data Bits: 8
    Parity: None
    Stop Bits: 1
    Flow Control: None
On a Linux machine you may use Seyon or Minicom (at least one should come with your distribution).

 
Router Startup Sequence
POST
Bootstrap program loaded from ROM
IOS is loaded from either flash (default), TFTP, or ROM
IOS image loaded into low-addressed memory; hardware and software is determined
Config file is load from NVRAM; if no configuration exists in NVRAM, the initial configuration
dialog will begin

Miscellaneous Notes

Multiple Loop Problems ? complex topology can cause multiple loops to occur. Layer 2 has no
mechanism to stop the loop. This is the main reason for Spanning ? Tree Protocol. 

Spanning-Tree Protocol (STP) IEEE 802.1d. ? developed to prevent routing loops; uses STA
(Spanning-Tree Algorithm) to calculate a loop-free network topology; allows redundant paths without
suffering the effects of loops in the network

Virtual LAN?s (VLAN's) ? sets different ports on a switch to be part of different sub-networks. Some
benefits: simplify moves, adds, changes; reduce administrative costs; have better control of broadcasts;
tighten security; and distribute load. Relocate the server into a secured location. 

HDLC (High-Level Data Link Control) - Link layer protocol for Serial links. Cisco Default.
Supports the following modes: Normal Response Mode ? as per Secondary under SDLC;
Asynchronous Response Mode allows secondary to communicate without permission; Asynchronous
Balanced mode combines the two stations. Has lower overhead than LAPB but less error checking.

Modular Switch/VIP Syntax

type slot/port   (example:  e 2/1)
type slot/port-adapter/port    (example:  e 2/0/1)

Classes

The following are the classes of IP addresses.

 Class A "The first octet denotes the network address, and the last three octets are the host
portion. Any IP address whose first octet is between 1 and 126 is a Class A address. Note that
0 is reserved as a part of the default address, and 127 is reserved for internal loopback testing.
 Class B "The first two octets denote the network address, and the last two octets are the host
portion. Any address whose first octet is in the range 128 to 191 is a Class B address.

 Class C "The first three octets denote the network address, and the last octet is the host
portion. The first octet range of 192 to 223 is a Class C address.

 Class D "Used for multicast. Multicast IP addresses have their first octets in the range 224 to
239.

 Class E "Reserved for future use and includes the range of addresses with a first octet from
240 to 255.

Subnetting and Tables

Subnetting is the concept of dividing the network into smaller portions called subnets. This is done by
borrowing bits from the host portion of the IP address, enabling more efficient use of the network
address. A subnet mask defines which portion of the address is used to identify the network and which
denotes the hosts.

The following tables show all possible ways a major network can be subnetted, and, in each case, how
many effective subnets and hosts are possible.

There are three tables, one for each class of addresses.

 The first column shows how many bits are borrowed from the host portion of the address for
subnetting.
 The second column shows the resulting subnet mask in dotted decimal format.

 The third column shows how many subnets are possible.

 The fourth column shows how many valid hosts are possible on each of these subnets.

 The fifth column shows the number of subnet mask bits.

Class A Host/Subnet Table

Class A Subnet Effective Effective Number of Subnet

Bits Mask Subnets Hosts Mask Bits
------- --------------- --------- --------- --------------
1 255.128.0.0 2 8388606 /9
2 255.192.0.0 4 4194302 /10
3 255.224.0.0 8 2097150 /11
4 255.240.0.0 16 1048574 /12
5 255.248.0.0 32 524286 /13
6 255.252.0.0 64 262142 /14
7 255.254.0.0 128 131070 /15
8 255.255.0.0 256 65534 /16
9 255.255.128.0 512 32766 /17
10 255.255.192.0 1024 16382 /18
11 255.255.224.0 2048 8190 /19
12 255.255.240.0 4096 4094 /20
13 255.255.248.0 8192 2046 /21
14 255.255.252.0 16384 1022 /22
15 255.255.254.0 32768 510 /23
16 255.255.255.0 65536 254 /24
17 255.255.255.128 131072 126 /25
18 255.255.255.192 262144 62 /26
19 255.255.255.224 524288 30 /27
20 255.255.255.240 1048576 14 /28
21 255.255.255.248 2097152 6 /29
22 255.255.255.252 4194304 2 /30
 23 255.255.255.254 8388608 2* /31

Class B Host/Subnet Table

Class B Subnet Effective Effective Number of Subnet

Bits Mask Subnets Hosts Mask Bits
------- --------------- --------- --------- --------------
1 255.255.128.0 2 32766 /17
2 255.255.192.0 4 16382 /18
3 255.255.224.0 8 8190 /19
4 255.255.240.0 16 4094 /20
5 255.255.248.0 32 2046 /21
6 255.255.252.0 64 1022 /22
7 255.255.254.0 128 510 /23
8 255.255.255.0 256 254 /24
9 255.255.255.128 512 126 /25
10 255.255.255.192 1024 62 /26
11 255.255.255.224 2048 30 /27
12 255.255.255.240 4096 14 /28
13 255.255.255.248 8192 6 /29
14 255.255.255.252 16384 2 /30
15 255.255.255.254 32768 2* /31

Class C Host/Subnet Table

Class C Subnet Effective Effective Number of Subnet

Bits Mask Subnets Hosts Mask Bits
------- --------------- --------- --------- --------------
1 255.255.255.128 2 126 /25
2 255.255.255.192 4 62 /26
3 255.255.255.224 8 30 /27
4 255.255.255.240 16 14 /28
5 255.255.255.248 32 6 /29
6 255.255.255.252 64 2 /30
7 255.255.255.254 128 2* /31

Subnetting Example

The first entry in the Class A table (/10 subnet mask) borrows two bits (the leftmost bits) from the host
portion of the network for subnetting, then with two bits you have four (22) combinations, 00, 01, 10,
and 11. Each of these will represent a subnet.

Binary Notation Decimal

Notation
-------------------------------------------------------------------
xxxx xxxx. 0000 0000.0000 0000.0000 0000/10 ------> X.0.0.0/10
xxxx xxxx. 0100 0000.0000 0000.0000 0000/10 ------> X.64.0.0/10
xxxx xxxx. 1000 0000.0000 0000.0000 0000/10 ------> X.128.0.0/10
xxxx xxxx. 1100 0000.0000 0000.0000 0000/10 ------> X.192.0.0/10

Understanding IP Addresses

An IP address is an address used to uniquely identify a device on an IP network. The address is made
up of 32 binary bits which can be divisible into a network portion and host portion with the help of a
subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to
decimal and separated by a period (dot). For this reason, an IP address is said to be expressed in dotted
decimal format (for example, 172.16.81.100). The value in each octet ranges from 0 to 255 decimal, or
00000000 - 11111111 binary.

Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet
holds a value of 20. The bit just to the left of that holds a value of 21. This continues until the left-most
bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal
equivalent would be 255 as shown here:

1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.

0 1 0 0 0 0 0 1
0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)

And this is sample shows an IP address represented in both binary and decimal.

10. 1. 23. 19 (decimal)

00001010.00000001.00010111.00010011 (binary)

Network Masks

A network mask helps you know which portion of the address identifies the network and which portion
of the address identifies the node. Class A, B, and C networks have default masks, also known as
natural masks, as shown here:

Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0

An IP address on a Class A network that has not been subnetted would have an address/mask pair
similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you identify the network and node parts of
the address, convert the address and mask to binary numbers.

8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000

Once you have the address and the mask represented in binary, then identifying the network and host
ID is easier. Any address bits which have corresponding mask bits set to 1 represent the network ID.
Any address bits that have corresponding mask bits set to 0 represent the node ID.

8.20.15.1 = 00001000.00010100.00001111.00000001
255.0.0.0 = 11111111.00000000.00000000.00000000
-----------------------------------
 net id | host id

netid = 00001000 = 8
hostid = 00010100.00001111.00000001 = 20.15.1

Understanding Subnetting

Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C
network. If you do not subnet, you are only able to use one network from your Class A, B, or C
network, which is unrealistic.

Each data link on a network must have a unique network ID, with every node on that link being a
member of the same network. If you break a major network (Class A, B, or C) into smaller
subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on this
network would then have a unique network/subnetwork ID. Any device, or gateway, connecting n
networks/subnetworks has n distinct IP addresses, one for each network / subnetwork that it
interconnects.

In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of
the address to create a subnetwork ID. For example, given a Class C network of 204.17.5.0 which has a
natural mask of 255.255.255.0, you can create subnets in this manner:

204.17.5.0 - 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
--------------------------|sub|----

By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub") from the
original host portion of the address and used them to make subnets. With these three bits, it is possible
to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host
addresses, 30 of which can actually be assigned to a device since host ids of all zeros or all ones are
not allowed (it is very important to remember this). So, with this in mind, these subnets have been
created.

204.17.5.0 255.255.255.224 host address range 1 to 30

204.17.5.32 255.255.255.224 host address range 33 to 62
204.17.5.64 255.255.255.224 host address range 65 to 94
204.17.5.96 255.255.255.224 host address range 97 to 126
204.17.5.128 255.255.255.224 host address range 129 to 158
204.17.5.160 255.255.255.224 host address range 161 to 190
204.17.5.192 255.255.255.224 host address range 193 to 222
204.17.5.224 255.255.255.224 host address range 225 to 254

Note: There are two ways to denote these masks. First, since you are using three bits more than the
"natural" Class C mask, you can denote these addresses as having a 3-bit subnet mask. Or, secondly,
the mask of 255.255.255.224 can also be denoted as /27 as there are 27 bits that are set in the mask.
This second method is used with CIDR. Using this method, one of these networks can be described
with the notation prefix/length. For example, 204.17.5.32/27 denotes the network 204.17.5.32
255.255.255.224. When appropriate the prefix/length notation is used to denote the mask throughout
the rest of this document.

The network subnetting scheme in this section allows for eight subnets, and the network might appear
as:

Figure 2
Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is common
to both routers. Also, each router has an IP address for each subnetwork to which it is attached. Each
subnetwork could potentially support up to 30 host addresses.

This brings up an interesting point. The more host bits you use for a subnet mask, the more subnets you
have available. However, the more subnets available, the less host addresses available per subnet. For
example, a Class C network of 204.17.5.0 and a mask of 255.255.255.224 (/27) allows you to have
eight subnets, each with 32 host addresses (30 of which could be assigned to devices). If you use a
mask of 255.255.255.240 (/28), the break down is:

204.17.5.0 - 11001100.00010001.00000101.00000000
255.255.255.240 - 11111111.11111111.11111111.11110000
--------------------------|sub |---

Since you now have four bits to make subnets with, you only have four bits left for host addresses. So
in this case you can have up to 16 subnets, each of which can have up to 16 host addresses (14 of which
can be assigned to devices).

Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then you
know that its natural mask is 255.255.0.0 or 172.16.0.0/16. Extending the mask to anything beyond
255.255.0.0 means you are subnetting. You can quickly see that you have the ability to create a lot
more subnets than with the Class C network. If you use a mask of 255.255.248.0 (/21), how many
subnets and hosts per subnet does this allow for?

172.16.0.0 - 10101100.00010000.00000000.00000000
255.255.248.0 - 11111111.11111111.11111000.00000000
-----------------| sub |-----------

You are using five bits from the original host bits for subnets. This allows you to have 32 subnets (2 5).
After using the five bits for subnetting, you are left with 11 bits for host addresses. This allows each
subnet so have 2048 host addresses (211), 2046 of which could be assigned to devices.

Note: In the past, there were limitations to the use of a subnet 0 (all subnet bits are set to zero) and all
ones subnet (all subnet bits set to one). Some devices would not allow the use of these subnets. Cisco
Systems devices allow the use of these subnets when theip subnet zero command is configured.

Examples

Sample Exercise 1

Now that you have an understanding of subnetting, put this knowledge to use. In this example, you are
given two address / mask combinations, written with the prefix/length notation, which have been
assigned to two devices. Your task is to determine if these devices are on the same subnet or different
subnets. You can do this by using the address and mask of each device to determine to which subnet
each address belongs.

DeviceA: 172.16.17.30/20
DeviceB: 172.16.28.15/20

Determining the Subnet for DeviceA:

172.16.17.30 - 10101100.00010000.00010001.00011110
255.255.240.0 - 11111111.11111111.11110000.00000000
-----------------| sub|------------
subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0

Looking at the address bits that have a corresponding mask bit set to one, and setting all the other
address bits to zero (this is equivalent to performing a logical "AND" between the mask and address),
shows you to which subnet this address belongs. In this case, DeviceA belongs to subnet 172.16.16.0.

Determining the Subnet for DeviceB:

172.16.28.15 - 10101100.00010000.00011100.00001111
255.255.240.0 - 11111111.11111111.11110000.00000000
-----------------| sub|------------
subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0

From these determinations, DeviceA and DeviceB have addresses that are part of the same subnet.

Sample Exercise 2

Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in
Figure 3 with the host requirements shown.

Figure 3

Looking at the network shown in Figure 3, you can see that you are required to create five subnets. The
largest subnet must support 28 host addresses. Is this possible with a Class C network? and if so, then
how?
You can start by looking at the subnet requirement. In order to create the five needed subnets you
would need to use three bits from the Class C host bits. Two bits would only allow you four subnets
(22).

Since you need three subnet bits, that leaves you with five bits for the host portion of the address. How
many hosts does this support? 25 = 32 (30 usable). This meets the requirement.

Therefore you have determined that it is possible to create this network with a Class C network. An
example of how you might assign the subnetworks is:

netA: 204.15.5.0/27 host address range 1 to 30

netB: 204.15.5.32/27 host address range 33 to 62
netC: 204.15.5.64/27 host address range 65 to 94
netD: 204.15.5.96/27 host address range 97 to 126
netE: 204.15.5.128/27 host address range 129 to 158

VLSM Example

In all of the previous examples of subnetting, notice that the same subnet mask was applied for all the
subnets. This means that each subnet has the same number of available host addresses. You can need
this in some cases, but, in most cases, having the same subnet mask for all subnets ends up wasting
address space. For example, in the Sample Exercise 2 section, a class C network was split into eight
equal-size subnets; however, each subnet did not utilize all available host addresses, which results in
wasted address space. Figure 4 illustrates this wasted address space.

Figure 4
Figure 4 illustrates that of the subnets that are being used, NetA, NetC, and NetD have a lot of unused
host address space. It is possible that this was a deliberate design accounting for future growth, but in
many cases this is just wasted address space due to the fact that the same subnet mask is being used for
all the subnets.

Variable Length Subnet Masks (VLSM) allows you to use different masks for each subnet, thereby
using address space efficiently.

VLSM Example

Given the same network and requirements as in Sample Exercise 2 develop a subnetting scheme with
the use of VLSM, given:

netA: must support 14 hosts

netB: must support 28 hosts
netC: must support 2 hosts
netD: must support 7 hosts
netE: must support 28 host

Determine what mask allows the required number of hosts.

netA: requires a /28 (255.255.255.240) mask to support 14 hosts

netB: requires a /27 (255.255.255.224) mask to support 28 hosts
netC: requires a /30 (255.255.255.252) mask to support 2 hosts
netD*: requires a /28 (255.255.255.240) mask to support 7 hosts
netE: requires a /27 (255.255.255.224) mask to support 28 hosts

* a /29 (255.255.255.248) would only allow 6 usable host addresses

therefore netD requires a /28 mask.

The easiest way to assign the subnets is to assign the largest first. For example, you can assign in this
manner:

netB: 204.15.5.0/27 host address range 1 to 30

netE: 204.15.5.32/27 host address range 33 to 62
netA: 204.15.5.64/28 host address range 65 to 78
netD: 204.15.5.80/28 host address range 81 to 94
netC: 204.15.5.96/30 host address range 97 to 98

This can be graphically represented as shown in Figure 5:

Figure 5

Figure 5 illustrates how using VLSM helped save more than half of the address space.

CIDR

Classless Interdomain Routing (CIDR) was introduced to improve both address space utilization and
routing scalability in the Internet. It was needed because of the rapid growth of the Internet and growth
of the IP routing tables held in the Internet routers.

CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and so on). In CIDR , an
IP network is represented by a prefix, which is an IP address and some indication of the length of the
mask. Length means the number of left-most contiguous mask bits that are set to one. So network
172.16.0.0 255.255.0.0 can be represented as 172.16.0.0/16. CIDR also depicts a more hierarchical
Internet architecture, where each domain takes its IP addresses from a higher level. This allows for the
summarization of the domains to be done at the higher level. For example, if an ISP owns network
172.16.0.0/16, then the ISP can offer 172.16.1.0/24, 172.16.2.0/24, and so on to customers. Yet, when
advertising to other providers, the ISP only needs to advertise 172.16.0.0/16.

Appendix
Sample Config

Routers A and B are connected via serial interface.

Router A

hostname routera
!
ip routing
!
int e 0
ip address 172.16.50.1 255.255.255.0
!(subnet 50)
int e 1 ip address 172.16.55.1 255.255.255.0
!(subnet 55)
int t 0 ip address 172.16.60.1 255.255.255.0
!(subnet 60) int s 0
ip address 172.16.65.1 255.255.255.0 (subnet 65)
!S 0 connects to router B
router rip
network 172.16.0.0

Router B

hostname routerb
!
ip routing
!
int e 0
ip address 192.1.10.200 255.255.255.240
!(subnet 192)
int e 1
ip address 192.1.10.66 255.255.255.240
!(subnet 64)
int s 0
ip address 172.16.65.2 (same subnet as router A's s 0)
!Int s 0 connects to router A
router rip
network 192.1.10.0
network 172.16.0.0

Host/Subnet Quantities Table

Class B Effective Effective

# bits Mask Subnets Hosts
------- --------------- --------- ---------
1 255.255.128.0 2 32766
2 255.255.192.0 4 16382
 3 255.255.224.0 8 8190
4 255.255.240.0 16 4094
5 255.255.248.0 32 2046
6 255.255.252.0 64 1022
7 255.255.254.0 128 510
8 255.255.255.0 256 254
9 255.255.255.128 512 126
10 255.255.255.192 1024 62
11 255.255.255.224 2048 30
12 255.255.255.240 4096 14
13 255.255.255.248 8192 6
14 255.255.255.252 16384 2

Class C Effective Effective

# bits Mask Subnets Hosts
------- --------------- --------- ---------
1 255.255.255.128 2 126
2 255.255.255.192 4 62
3 255.255.255.224 8 30
4 255.255.255.240 16 14
5 255.255.255.248 32 6
6 255.255.255.252 64 2

*Subnet all zeroes and all ones included. These

might not be supported on some legacy systems.
*Host all zeroes and all ones excluded.

Requirement Cisco Command

Set a console password to cisco Router(config)#line con 0

Router(config-line)#login
Router(config-line)#password
cisco
Set a telnet password Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password
cisco

Stop console timing out Router(config)#line con 0

Router(config-line)#exec-timeout 0
0

Set the enable password to cisco Router(config)#enable password

cisco

Set the enable secret password to peter. Router(config)#enable secret

peter
This password overrides the enable password
and is encypted within the config file

Enable an interface Router(config-if)#no shutdown

To disable an interface Router(config-if)#shutdown

Set the clock rate for a router with a DCE cable to 64K Router(config-if)clock rate 64000

Set a logical bandwidth assignment of 64K to the serial interface Router(config-if)bandwidth 64

Note that the zeroes are not
missing

To add an IP address to a interface Router(config-if)#ip addr 10.1.1.1

255.255.255.0

To enable RIP on all 172.16.x.y interfaces Router(config)#router rip

Router(config-router)#network
172.16.0.0

Disable RIP Router(config)#no router rip

To enable IRGP with a AS of 200, to all interfaces Router(config)#router igrp 200

Router(config-router)#network
172.16.0.0

Disable IGRP Router(config)#no router igrp 200

Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop Router(config)#ip route 172.16.1.0
is 172.16.2.1, at a cost of 5 hops 255.255.255.0 172.16.2.1 5

Disable CDP for the whole router Router(config)#no cdp run

Enable CDP for he whole router Router(config)#cdp run

Disable CDP on an interface Router(config-if)#no cdp enable

Requirement Cisco Command

View version information show version

View current configuration (DRAM) show running-config

View startup configuration (NVRAM) show startup-config

Show IOS file and flash space show flash

Shows all logs that the router has in its memory show log

View the interface status of interface e0 show interface e0

Overview all interfaces on the router show ip interfaces brief

View type of serial cable on s0 show controllers 0 (note the space between the 's' and the
'0')

Display a summary of connected cdp devices show cdp neighbor

Display detailed information on all devices show cdp entry *

Display current routing protocols show ip protocols

Display IP routing table show ip route

Display access lists, this includes the number of displayed show access-lists
matches

Check the router can see the ISDN switch show isdn status

Check a Frame Relay PVC connections show frame-relay pvc

show lmi traffic stats show frame-relay lmi

Display the frame inverse ARP table show frame-relay map

 Requirement Cisco Command

Enable Enter privileged mode

Return to user mode from privileged disable

Exit Router Logout or exit or quit

Recall last command up arrow or <Ctrl-P>

Recall next command down arrow or <Ctrl-N>

Suspend or abort <Shift> and  <Ctrl> and 6 then x

Refresh screen output <Ctrl-R>

Compleat Command TAB

Save the current configuration from DRAM to copy running-config startup-config

NVRAM

Merge NVRAM configuration to DRAM copy startup-config running-config

Copy DRAM configuration to a TFTP server copy runing-config tftp

Merge TFTP configuration with current router copy tftp runing-config

configuration held in DRAM

Backup the IOS onto a TFTP server copy flash tftp

Upgrade the router IOS from a TFTP server copy tftp flash

Enable debug for RIP debug ip rip

Enable summary IGRP debug information debug ip igrp events

Enable detailed IGRP debug information debug ip igrp transactions

Debug IPX RIP debug ipx routing activity

Debug IPX SAP debug IPX SAP

Enable debug for CHAP or PAP debug ppp authentication

Switch all debugging off no debug all

undebug all