Network+ Study Guide (N10-002

Types of Networks

Peer to Peer - A peer to peer network is one in which lacks a dedicated server and
every computer acts as both a client and a server. This is a good networking solution when
there are 10 or less users that are in close proximity to each other. A peer to peer network
can be a security nightmare, because the people setting permissions for shared resources
will be users rather than administrators and the right people may not have access to the
right resources. More importantly the wrong people may have access to the wrong
resources, thus, this is only recommended in situations where security is not an issue.
Client/Server - This type of network is designed to support a large number of users
and uses dedicated server/s to accomplish this. Clients log in to the server/s in order to run
applications or obtain files. Security and permissions can be managed by 1 or more
administrators which cuts down on network users medling with things that they shouldn't
be. This type of network also allows for convenient backup services, reduces network traffic
and provides a host of other services that comes with the network operating system(NOS).
Centralized - This is also a client/server based model that is most often seen in UNIX
environments, but the clients are "dumb terminals". This means that the client may not
have a floppy drive, hard disk or CDROM and all applications and processing occur on the
server/s. As you can imagine, this requires fast and expensive server/s. Security is very
high on this type of network.

Network Topologies
Bus - This topology is an old one and essentially has each of the computers on the
network daisy-chained to each other. This type of network is usually peer-to-peer and uses
Thinnet (10base2) cabling. It is configured by connecting a "T-connector" to the network
adapter and then connecting cables to the T-connectors on the computers on the right and
left. At both ends of the chain, the network must be terminated with a 50 ohm impedance
terminator. If a failure occurs with a host, it will prevent the other computers from
communicating with each other. Missing terminators or terminators with an incorrect
impedance will also cause problems.

As you can see if computer #1 sends a packet to computer #4, it must pass through
computers #2 and #3, creating excess traffic.
ADVANTAGES: Cheap, simple to set up.
DISADVANTAGES: Excess network traffic, a failure may affect many users, problems are
difficult to troubleshoot.
Star - The star topology uses twisted pair (10baseT or 100baseT) cabling and requires
that all devices are connected to a hub.
ADVANTAGES: centralized monitoring, failures do not affect others unless it is the hub, easy
to modify.
DISADVANTAGES: If the hub fails then everything connected to it is down. This is like if you
were to burn down the phone company's central office, then anyone connected to it
wouldn't be able to make any phone calls.
Ring - The ring topology looks the same as the star, except that it uses special hubs and
ethernet adapters. The ring topology is used with Token Ring networks.
ADVANTAGES: Equal access.
DISADVANTAGES: Difficult to troubleshoot, network changes affect many users, failures
affect many users.
Hybrid - Hybrid topologies are combinations of the above and are common on very
large networks. For example, a star bus network has hubs connected in a row (like a bus
network) and has computers connected to each hub as in the star topology.

Mesh - In a true mesh topology every node has a connection to every other node in the
network. A full mesh network can be very expensive, but provides redundancy in case of a
failure between links.
Wireless - As the name implies, wireless networks allow computers to comunicate
without the use of cables. IEEE 802.11b defines two pieces of equipment, a wireless station,
which is usually a PC or a Laptop with a wireless network interface card (NIC), and an
Access Point (AP),which acts as a bridge between the wireless stations and Distribution
System (DS) or wired networks. An 802.11b wireless network adapter can operate in two
modes, Ad-Hoc and Infrastructure. In infrastructure mode, all your traffic passes through a
wireless ?access point?. In Ad-hoc mode your computers talk directly to each other and do
not need an access point at all. 802.11b delivers data throughput of 11 Mbps.
ADVANTAGES: World-wide acceptance. Ranges over 150 feet. Freedom to move about and
no cables (obvious).
DISADVANTAGES: Susceptible to interference from objects such as microwave ovens and
cordless phones.
 CABLING
The table below lists some of the various cable types.
Cable Type Also Known As Connector Maximum Length Speed
RG-8 or RG-11,
10Base5 AUI/DIX 500 meters(1640 ft) 10 mbps
Thicknet coax
10Base2 RG-58, thinnet coax BNC connector 185 meters(607 ft) 10 mbps
10BaseT Cat 3, 4, 5 twisted pair RJ-45 100 meters(328 ft) 10 mbps
100Base-TX Cat 5 twisted pair RJ-45 100 meters(328 ft) 100 mbps

2 Kilometers(6562
100Base-FX Fiber Optic ST, SC 200 mbps
feet)

1000Base-T - Gigabit
CAT5/CAT5e RJ-45 100 meters(328 ft) 1 gbps
Ethernet

No cabling. Uses Access Point

802.11b Wireless / WiFi 150+ feet 11 mbps
(AP) for connection

This next table lists the transmission speeds of the various cable types.
Transmission Medium Transmission Speed
Thicknet 10mbps
Thinnet 10 mbps
cat 2 twisted pair 4 mbps
cat 3 twisted pair 10 mbps
cat 4 twisted pair 16 mbps
cat 5 twisted pair 1000 mbps
Fiber Optic 100 mbps - 1 gbps
802.11b 11 mbps

Miscellaneous Cable Info

Shielded twisted pair (STP) differs from UTP in that it has a foil jacket that helps
prevent crosstalk. Crosstalk is signal overflow from an adjacent wire.
The 5-4-3 rule: this rule states that a 10base2 network can have 5 cable segments
connected with 4 repeaters, but only 3 of these segments can be occupied by computers.
There is also a maximum of 30 computers per segment.
Thicknet cables are 0.5 inches thick and have a 50 ohm impedance.
Thinnet cables are 0.25 inches thick and have a 50 ohm impedance.
Plenum grade cabling is required if the cabling will be run between the ceiling and the
next floor (this is called the plenum). Plenum grade cabling is resistant to fire and does not
emit poisonous gasses when burned.
Thicknet is often used as a backbone. A transceiver with a vampire tap penetrates the
core of the cable. From the transceiver a DB-15 connector plugs into the AUI port on a given
device.
Fiber Optic cabling has an built in security as you can't intercept data as you can with
other cable mediums.
Network Hardware
Below are some of the common hardware devices found on a network. NOTE: The higher
the network device is in the OSI layer the more intelligent the device is.

• Network Interface Card: - A Network Interface Card, often abbreviated as NIC, is

an expansion board you insert into a computer so the computer can be connected to
a network. Most NICs are designed for a particular type of network, protocol and
media, although some can serve multiple networks.

• Hub: - A hub is used to connect computers on an ethernet network.

• Repeater: - Boosts signals in order to allow a signal to travel farther and prevent
attenuation. Attentuation is the degradation of a signal as it travels farther from its
origination. Repeaters do not filter packets and will forward broadcasts. Both
segments must use the same access method, which means that you can't connect a
token ring segment to an Ethernet segment. Repeaters can connect different cable
types.

• Bridge - Functions the same as a repeater, but can also divide a network in order to
reduce traffic problems. A bridge can also connect unlike network segments (ie.
token ring and ethernet). Bridges create routing tables based on the source address.
If the bridge can't find the source address it will forward the packets to all segments.
Bridging methods:

o Transparent - Only one bridge is used.

o Source-Route - Bridging address tables are stored on each PC on the network

o Spanning Tree - Prevents looping where there exists more than one path
between segments

• Switch - A switch prevents traffic jams by ensuring that data goes straight from its
origin to its proper destination, with no wandering in between. Switches remember
the address of every node on the network, and anticipate where data needs to go. It
only operates with the computers on the same LAN. It isn't smart enough to send
data out to the internet, or across a WAN. These functions require a router.

• Router - A router is similar to a switch, but it can also connect different logical
networks or subnets and enable traffic that is destined for the networks on the other
side of the router to pass through. Routers can connect networks that use disimilar
protocols. Routers also typically provide improved security functions over a switch.
Unroutable protocols can't be fowarded.

• Gateway - Often used as a connection to a mainframe or the internet. Gateways

enable communications between different protocols, data types and environments.
This is achieved via protocol conversion, whereby the gateway strips the protocol
stack off of the packet and adds the appropriate stack for the other side.

• Modem - The modem is a device that converts digital information to analog by

MODulating it on the sending end and DEModulating the analog information into
digital information at the receiving end. Most modern modems are internal, however,
they can be internal or external. External modems are connected to the back of the
system board via a RS-232 serial connection. Internal modems are installed in one of
 the motherboard's PCI or ISA expansion slots depending on the modem. The modem
contains an RJ-11 connection that is used to plug in the telephone line. Modems have
different transmission modes as follows:

o Simplex - Signals can be passed in one direction only.

o Half Duplex - Half duplex means that signals can be passed in either direction,
but not in both simultaneously. Half-duplex modems can work in full-duplex
mode.

o Full Duplex - Full duplex means that signals can be passed in either direction
simultaneously.
Modems can also be classified by their speed which is measured by the BAUD rate.
One baud is one electronic state change per second. Since a single state change can
involve more than a single bit of data, the Bits Per Second(BPS) unit of measurement
has replaced it as a better expression of data transmission speed. Common modem
speeds are V.34 at 28.8 kbps, V.34+ at 33.6 kbps and V.90 at 56 Kbps.
• ISDN Adapter - ISDN service is an older, but still viable technology offered by
phone companies in some parts of the U.S. ISDN requires an ISDN adapter instead
of a modem, and a phone line with a special connection that allows it to send and
receive digital signals.

• CSU/DSU - A CSU/DSU (Channel Service Unit / Data Service Unit) is a piece of

equipment that connects a leased line from the telephone company to the customer's
equipment (such as a router). Although CSU/DSU's look similar to modems, they are
not modems, and they don't modulate or demodulate between analog and digital. All
they really do is interface between a 56K, T1, or T3 line and serial interface (typically
a V.35 connector) that connects to the router. Many newer routers have 56K or T1
CSU/DSUs build into them.

• Wireless Access Point - A Wireless Access Point is a radio frequency transceiver

which allows your wireless devices to connect with your home network and to the
internet. A wireless access point will support up to 32 wireless devices. The data rate
through this wireless network is 11 MegaBits per second.

• Proxy - A proxy server acts as a middle-man between clients and the Internet
providing security, administrative control, and caching services. When a user makes
a request for an internet service and it passes filtering requirements, the proxy
server looks in its local cache of previously downloaded web pages. If the item is
found in cache, the proxy server forwards it to the client. This reduces bandwidth
through the gateway. If the page is not in the cache, the proxy server uses Network
Address Translation (NAT) to use one of its own IP addresses to request the page
from the appropriate server.

• Firewall - Either a hardware or software entity that protects a network by stopping

network traffic from passing through it. In most cases, a firewall is placed on the
network to allow all internal traffic to leave the network (emails to the outside world,
web access, etc.), but stop unwanted traffic from the outside world from entering the
internal network.
OSI 7 Layer Model
The OSI networking model is divided into 7 layers. Each layer has a different responsibility,
and all the layers work together to provide network data communication.
 • Physical - The Physical layer is the specification for the hardware connection, the
electronics, logic circuitry, and wiring that transmit the actual signal. It is only
concerned with moving bits of data on and off the network medium. Most network
problems occur at the Physical layer.

• Data Link - The Data Link layer is the interface between the upper "software" layers
and the lower "hardware" Physical layer. One of its main tasks is to create and
interpret different frame types based on the network type in use. The Data Link layer
is divided into two sub-layers: the Media Access Control (MAC) sub-layer and the
Logical Link Control (LLC) sub-layer.

o LLC sub-layer starts maintains connections between devices (e.g. server -

workstation).

o MAC sub-layer enables multiple devices to share the same medium. MAC sub-
layer maintains physical device (MAC) addresses for communicating locally
(the MAC address of the nearest router is used to send information onto a
WAN).

• Network - The Network layer addresses messages and translates logical addresses
and names into physical addresses. It also manages data traffic and congestion
involved in packet switching and routing. It enables the option of specifying a service
address (sockets, ports) to point the data to the correct program on the destination
computer.

• Transport - The Transport layer provides flow control, error handling, and is
involved in correction of transmission/reception problems. It also breaks up large
data files into smaller packets, combines small packets into larger ones for
transmission, and reassembles incoming packets into the original sequence.

• Session - The Session layer handles security and name recognition to enable two
applications on different computers to communicate over the network. Manages
dialogs between computers by using simplex(rare), half-duplex or full-duplex. The
phases involved in a session dialog are as follows: establishment, data-transfer and
termination.

• Presentation- The Presentation layer determines data exchange formats and

translates specific files from the Application layer format into a commonly recognized
data format. It provides protocol conversion, data translation, encryption, character-
set conversion, and graphics-command expansion.

• Application - The Application layer represents user applications, such as software

for file transfers, database access, and e-mail. It handles general network access,
flow control, and error recovery. Provides a consistent neutral interface for software
to access the network and advertises the computers resources to the network.
Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence:
All People Seem To Need Data Processing. The first letter of each word corresponds to
the first letter of the layers starting with Application and ending with the physical layer.

Here are some examples of items that operate at each layer:

 Layer Device
Application Gateway
Presentation Gateway
Session Gateway
Transport Gateway
Network Routers, Layer 3 Switches
Data Link Network Interface Card, Bridges, Layer 2 Switches
Physical Hub, Repeater, cabling

Frame Types
A frame type is the format of the packet that your Operating System will use to
communicate over your network. Below is a table of the different types:
802.1 Internetworking
Logical link control - LLC adds header information that identifies the upper layer
802.2
protocols sending the frame.
Ethernet - Media Access Control (MAC) sub-layer uses Carrier Sense Multiple Access
802.3
with Collision Detection(CSMA/CD)
802.4 Token bus LAN
802.5 Token Ring BUS
802.6 Metropolitan Area network (MAN)
802.7 Broadband
802.8 Fiber optic
802.9 Integrated voice/Data
802.10 Network Security
802.11 Wireless Networks
802.12 Demand Priority. Like 100VG-Any LAN

Protocols
Protocols are the special set of rules that end points use in a telecommunication connection
when they communicate. These rules allow computers with dissimilar operating sytems,
network topologies, hardware, etc. to communicate. Next is a description of some of the
more common protocols:
• TCP/IP - TCP/IP is the protocol suite of the internet and will be covered in the next
section.

• IPX/SPX - These protocols were developed by Novell and are/were used with Novell
Netware. IPX is the fastest routable protocol and is not connection oriented. IPX
addresses are up to 8 characters in hexadecimal format. SPX is connection oriented.

• NetBeui - Stands for "NetBIOS Extended User Interface". It is the standard protocol
used by Microsoft's operating systems. It is NetBEUI that allows the "shares'
between machines. In reference to the NetBIOS distinction, NetBIOS is the
applications programming interface and NetBEUI is the transport protocol. NetBEUI is
a non-routable protocol meaning it will not allow communication through a router.

• Appletalk - AppleTalk is the name given to the set of protocol and networking
standards created by Apple Computer for use with the Macintosh family of
computers. AppleTalk is routable and automatically handles such things as assigning
of workstation and network addresses, message routing between networks, etc.
TCP/IP
TCP/IP Protocol Suite The TCP/IP protocol suite is made of many other protocols that
perform different functions. Below is a list of some of them:
• TCP - TCP breaks data into manageable packets and tracks information such as
source and destination of packets. It is able to reroute packets and is responsible for
guaranteed delivery of the data.

• IP - This is a connectionless protocol, which means that a session is not created

before sending data. IP is responsible for addressing and routing of packets between
computers. It does not guarantee delivery and does not give acknowledgement of
packets that are lost or sent out of order as this is the responsibility of higher layer
protocols such as TCP.

• UDP - A connectionless, datagram service that provides an unreliable, best-effort

delivery.

• ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to

share status and error information such as with the use of PING and TRACERT
utilities.

• SMTP - Used to reliably send and receive mail over the Internet.

• FTP - File transfer protocol is used for transferring files between remote systems.
Must resolve host name to IP address to establish communication. It is connection
oriented (i.e. verifies that packets reach destination).

• TFTP - Same as FTP but not connection oriented.

• ARP - provides IP-address to MAC address resolution for IP packets. A MAC address
is your computer's unique hardware number and appears in the form 00-A0-F1-27-
64-E1 (for example). Each computer stores an ARP cache of other computers ARP-IP
combinations.

• POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation is
ready to receive it.

• IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for
accessing e-mail from your local server. IMAP (the latest version is IMAP4) is a
client/server protocol in which e-mail is received and held for you by your Internet
server.

• TELNET - Provides a virtual terminal or remote login across the network that is
connection-based. The remote server must be running a Telnet service for clients to
connect.

• HTTP - The Hypertext Transfer Protocol is the set of rules for exchanging files (text,
graphic images, sound, video, and other multimedia files) on the World Wide Web. It
is the protocol controlling the transfer and addressing of HTTP requests and
responses.

• HTTPS - Signifies that a web page is using the Secure Sockets Layer (SSL) protocol
and is providing a secure connection. This is used for secure internet business
transactions.
 • NTP - Network Time Protocol is a protocol that is used to synchronize computer clock
times in a network of computers.

• SNMP - Stands for Simple Network Management Protocol and is used for monitoring
and status information on a network. SNMP can be used to monitor any device that is
SNMP capable and this can include computers, printers, routers, mainframes,
gateways and many more.
TCP/IP Ports
Ports are what an application uses when communicating between a client and server
computer. Some common ports are:
• 21 FTP

• 23 TELNET

• 25 SMTP

• 69 TFTP

• 80 HTTP

• 110 POP3
TCP/IP Addressing
Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host
ID(hostid). All hosts on the same network must have the same netid. Each of these hosts
must have a hostid that is unique in relation to the netid. IP addresses are divided into 4
octets with each having a maximum value of 255. We view IP addresses in decimal notation
such as 124.35.62.181, but it is actually utilized as binary data.

IP addresses are divided into 3 classes as shown below:

Class Range
A 1-126
B 128-191
C 192-223

NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live
systems. The following address ranges are reserved for private networks:
10.0.0.0 - 10.254.254.254
172.16.0.0 - 172.31.254.254
192.168.0.0 - 192.168.254.254

IP addresses can be class A, B or C. Class A addresses are for networks with a large number
of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B
addresses are used in medium to large networks with the first 2 octets making up the netid
and the remaining 2 are the hostid. Class C is for smaller networks with the first 3 octets
making up the netid and the last octet comprising the hostid. The Network ID and the Host
ID are determined by a subnet mask. The default subnet masks are as follows:
CLASS DEFAULT SUBNET # OF SUBNETS # OF HOSTS PER SUBNET
Class A 255.0.0.0 126 16,777,214
Class B 255.255.0.0 16,384 65,534
Class C 255.255.255.0 2,097,152 254

What if you wanted more than 1 subnet? Subnetting allows you to create multiple logical
networks that exist within a single Class A, B, or C network. If you don't subnet, you will
only be able to use one network from your Class A, B, or C network. When subnetting is
employed, the multiple networks are connected with a router which enables data to find its
way between networks. On the client side, a default gateway is assigned in the TCP/IP
properties. The default gateway tells the client the IP address of the router that will allow
their computer to communicate with clients on other networks.

IPv6
The previous information on TCP/IP has referred to IPv4, however, this addressing scheme
has run out of available IP addresses due to the large influx of internet users and expanding
networks. As a result, the powers that be had to create a new addressing scheme to deal
with this situation and developed IPv6. This new addressing scheme utilizes a 128 bit
address (instead of 32) and utilizes a hex numbering method in order to avoid long
addresses such as 132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address
format will appear in the form of 3FFE:B00:800:2::C for example.

DHCP
DHCP stands for Dynamic Host Configuration Protocol and provides a solution that
automatically assigns IP addresses to computers on a network. When a client is configured
to receive an IP address automatically, It will send out a broadcast to the DHCP server
requesting an address. The server will then issue a "lease" and assign it to that client. The
time period that a lease will last can be specified on the server. Some of the benefits of
DHCP include the following:
• Prevents users from making up their own IP addresses.

• Prevents incorrect gateway or subnet masks from being entered by your helpdesk.

• Decreases amount of time spent configuring computers especially in environments

where computers get moved around all the time.

• Handy in situations where you have a large sales staff that only have to work 1 day a
week. On that one day they bring their laptops and they can just plug them into the
network and they are all set.
DHCP clients will attempt to renew their leases when %50 of the lease has expired. The
client will send a message to the server that assigned the lease. Assuming the DHCP server
isn't on fire or anything it will return a message with the new lease. If the server is
unavailable, then the client can continue functioning as it has %50 remaining still. The client
will continue as normal until the lease reaches %87.5 used at which time it broadcast to all
DHCP servers and attempt to get a new lease. If the client receives a rejection message or
the lease expires then the client must start all over again and will get a different IP address.
If the lease expires and the client is unable to get a new one then the user will not be able
to communicate over the network.

NETBIOS
There are several different methods of resovling names to IP addresses. Before getting into
the different methods, it is important to understand the role of NetBIOS. When talking
about Netbios, we typically refer to the concept of Netbios name which is the name assigned
to your computer. Netbios allows applications to talk to each other using protocols such as
TCP/IP that support Netbios. Netbios is typically seen in other forms such as Netbeui and
NetBT. These are the main functions that Netbios serves:
• Starting and stopping sessions.

• Name registration

• Session layer data transfer(reliable)

• Datagram data transfer(unreliable)

• Protocol driver and network adapter management functions.

NETBIOS Naming:
A Netbios name is either a unique name or a group name, the difference being that a unique
name is used for communication with a specific process on a computer, whereas a group
name is for communication with multiple clients. Netbios name resolution resolves a
computer's Netbios name to an IP address. Microsoft offers several different ways to resolve
Netbios names and each will be disscussed below.
• Local Broadcast - If the destination host is local, then first the Netbios name cache
is checked and a broadcast is not sent. If it is not found here, then a name query
broadcast is sent out that includes the destination Netbios name. Each computer that
receives the broadcast checks to see if it belongs to the name requested. The
computer that owns the name then uses ARP to determine the MAC address of the
source host. Once obtained a name query response is sent. NOTE: Some routers do
not support the fowarding of these broadcasts as they use UDP ports 137 and 138.

• NETBIOS Name Server - When using a Netbios name server, the cache is checked
first and if the name is not found the destination host's name is sent to the name
server. After the name server resolves the name to an IP address, it is returned to
the source host. When the source host receives the information it uses ARP to
resolve the IP address of the destination host to it's MAC address. Microsoft uses
WINS as a NETBIOS name server.

• LMHOSTS File - An lmhosts file is a text file that is used to manually configure
Netbios names. In order to work, each entry in the lmhosts file must be unique, have
a valid IP address for the Netbios name and be spelled correctly. On large networks
configuring LMHOSTS files on all clients is not feasible, so these are not used much
anymore.

• Hosts File - The hosts file is a little different than the lmhosts file in that it will
resolve both local and remote names. If the host name can't be resolved and no
other alternative name resolution processes are in place, the user will receive an
error. Once the host name is parsed from the host file, ARP takes over and attempts
to resolve the IP address to a MAC address. Like the lmhosts method, this is static
name resolution.

• DNS - More on this later...

WINS
Microsoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by
Microsoft to eliminate broadcast traffic associated with the B-node implementation of
NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses
for both local and remote hosts." If a WINS server is configured, then name resolution
requests are sent directly to it and in turn the WINS server will send the IP address to the
requesting client. If the WINS server can't resolve the name for some reason, then it will
use a broadcast to try to resolve the name. A secondary WINS server can be configured to
prevent such situations. WINS is dynamically updated which gets rid of the need for lmhosts
files. If a client is configured to use WINS then it will register it's name and IP address with
the WINS server. When the computer is turned off, it releases its lease on that name which
may be used by a different computer. With Windows 2000, Microsoft has introduced
Dynamic DNS (DDNS) which may be the beginning of the end for WINS and NETBIOS.

DNS
TCP/IP networks used to use hosts files to resolve IP addresses to host names or domain
names. Networks began growing to the point where the administration and the traffic
needed to maintain this file became unbearable and DNS was born. A DNS client(aka
resolver) sends requests to the DNS nameserver which responds with the requested info,
another server to query or a failure message. This process is very similar to calling
information. You call them with a name, they check their database and give you the phone
number. There are a variety of roles a nameserver can satisfy within the zone that they are
responsible for:
• Primary Nameserver - Gathers DNS information from local files and is a focal point
for adding hosts and domains.

• Secondary Nameserver - Gathers the data for its' zone(s) from another DNS
server. Secondary nameservers provide redundancy, traffic on primary server and
quicker access for locations that are remote in regards to the primary server.

• Caching Only Nameserver - These do not have a zone that they are responsible
for. Their databases only contain info that is received from resolutions that it has
made since the server was last started.
Nameservers are distributed into tiers called domains.

Domains:
Microsoft discusses domains in terms of a hierarchical "domain name space" which they
refer to as being like a tree structure. There are several different domain levels as listed
below:
• Root level domains - The top of the tree.

• Top level domains - These are divided into different categories. Com, net, mil, edu,
org and gov are the most common.

• Second level domains - These domains make up the rest of networks as all sub-
domains are categorized under this heading. So if you visit Intel's site, you are
visiting the sub-domain intel.com. Within intel.com many other sub-domains may
also exist.

• Hosts - Hosts are the final level in the hierarchy as they are the individual
computers that occupy or comprise a domain.
DNS Records:
Below are some of the common DNS records and their purpose:
• A - The A-record is used for hosts on a network. It is used to translate human
friendly domain names such as "www.mcmcse.com" into an IP-addresses such as
206.67.72.48.
 • CNAME - CNAME (canonical name) records are used to create aliases. Often
computers on the Internet have multiple functions such as web server, FTP server,
mail server etc. To mask this, CNAME-records can be used to give a single computer
multiple names (aliases). For example computer "xyz.com" may be both a web-
server and an ftp-server, so two CNAME-records are defined: "www.xyz.com" =
"xyz.com" and "ftp.xyz.com" = "xyz.com".

• MX - MX (mail exchanger) records identify mail server(s) responsible for a domain

name. When sending an e-mail to "user@xyz.com", your mail server must first look
up the MX record for "xyz.com" to see which mail server actually handles mail for
"xyz.com".

• NS - NS (name server) records identify DNS servers responsible (authoritative) for a

zone.

• PTR - PTR (pointer) records map IP addresses to domain names which is the reverse
of A-records.
NAT/ICS
NAT stands for Network Address Translation and is a commonly used IP translation and
mapping technology. Using a device (such as a router) or piece of software that implements
NAT allows an entire home or office network to share a single internet connection over a
single IP address. A single cable modem, DSL modem, or even 56k modem could connect all
the computers to the internet simultaneously. Additionally, NAT keeps your home network
fairly secure from hackers. NAT is built in to the most common Internet Connection Sharing
technologies around. Microsoft's implementation of NAT is called Internet Connection
Sharing (ICS) and is supported by Windows 98SE and Windows 2000. ICS is a NAT based
routing application, designed to share an Internet connection among multiple computers
connected via a LAN. ICS can handle both dial-up and broadband based Internet
connections. ICS can handle networks with clients running any operating system, as long as
the OS supports the TCP/IP protocol. The clients can have their TCP/IP information assigned
manually or they can run as DHCP clients, obtaining their TCP/IP settings from ICS' built-in
DHCP server.

Troubleshooting TCP/IP
TCP/IP offers several tools that are helpful in the troubleshooting process and provide
information to help locate and correct problems. Some of these are listed below:
• ARP - Provides a mapping from the logical 32-bit TCP/IP address to the physical 48-
bit MAC address (i.e. translates a IP address into MAC address).

• TELNET - Provides a virtual terminal or remote login across the network that is
connection-based and handles its own session negotiation. The remote server must
be running a Telnet service for clients to connect. Defaults settings are Port 23 VT100
terminal emulation.

• NBTSTAT - Is used to troubleshoot connectivity problems between 2 computers

communicating via NetBT, by displaying protocol statistics and current connections.
NBTSTAT examines the contents of the NetBIOS name cache and gives MAC address.

• TRACERT - By sending out ICMP packets, it determines the path taken by a data
packet to reach it?s destination and can help determine at what point a network
connection is now longer active. Can help troubleshoot network response time
issues.
 • NETSTAT - Displays in-depth detail about TCP/IP protocol status and statistics.

• WINIPCFG - Displays current TCP/IP configurations on Windows workstations(see

also IPCONFIG on Windows NT).

• IPCONFIG - Below are the ipconfig switches that can be used at a command
prompt.
- ipconfig /all will display all of your IP settings.
- ipconfig /renew forces the DHCP server, if available to renew a lease.
- ipconfig /release forces the release of a lease.

• PING - Uses ICMP to verify a connection to a remote host by sending echo requests
and "listening" for reply packets.

• NSLOOKUP - This tool queries a DNS database for information about DNS objects
and can be used to troubleshoot name resolution problems.
General troubleshooting strategy includes the following steps:
1. Establish the symptoms

2. Identify the affected areas

3. Establish what has changed

4. Select the most probable cause

5. Implement a solution

6. Test the result

7. Recognize the potential effects of the solution

8. Document the solution

Basic TCP/IP troubleshooting steps include:
1. Ping 127.0.0.1 - This is the loopback address and verifies that the computer that you
are pinging from can communicate via TCP/IP with its own ethernet adapter.

2. Ping own IP address - Verifies that a valid IP address was entered for this computer.

3. Ping default gateway - Typically this would be the near side of a router. If you can
ping this address, then you should be able to ping other hosts on your same subnet.

4. Ping far side of router - This will verify that the routing table is correct.

5. Ping remote host - If this works then it would appear that there are valid
communications.

6. If you are unable to connect to a host via host or domain name, see if you can
connect to it using its IP address. If so, then you are likely having name resolution
problems and should check your DNS configuration.
For the exam troubleshooting section, you will need to know how to solve various problems
based on information such as PING/TRACERT/IPCONFIG output, topology type, operating
system, network configuration, visual indicators (link lights, collision lights), etc. There will
most likely be diagrams that you will have to glean information from.
WAN Technologies
This section outlines some common WAN technologies you will need to know:
• Packet and Circuit Switching - Packet switching refers to protocols in which
messages are divided into packets before they are sent. Each packet is then
transmitted individually and can even follow different routes to its destination. Once
all the packets forming a message arrive at the destination, they are recompiled into
the original message. Most modern Wide Area Network (WAN) protocols, including
TCP/IP and Frame Relay are based on packet-switching technologies. In contrast,
normal telephone service is based on a circuit-switching technology, in which a
dedicated line is allocated for transmission between two parties. Circuit-switching is
ideal when data must be transmitted quickly and must arrive in the same order in
which it is sent. This is the case with most real-time data, such as live audio and
video. Packet switching is more efficient and robust for data that can withstand some
delays in transmission, such as e-mail messages and Web pages.

• ISDN - Integrated Services Digital Network (ISDN) is comprised of digital telephony

and data-transport services offered by regional telephone carriers. ISDN involves the
digitalization of the telephone network, which permits voice, data, text, graphics,
music, video, and other source materials to be transmitted over existing telephone
wires. There are 2 types of ISDN channels:

o B (bearer) - Transfers data at 64Kbps. An ISDN usually contains 2 B channels

for a total of 128kbps.

o D (data) - Handles signalling at either 16Kbps or 64Kbps(sometimes limited

to 56Kbps) which enables the B channel to strictly pass data

• FDDI - Fiber Distributed Data Interface (FDDI) is an appealing choice for high-speed
data networking. Essentially, it is a very high-speed token ring network connected by
optical fibers. With a data transfer rate of 100Mbps, the ring can support up to 500
nodes with as much as 2 km of spacing between adjacent nodes.

• ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-
switching technique that uses short fixed length packets called cells. ATM can
transmit voice, video, and data over a variable-speed LAN and WAN connections at
speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting
a wide range of traffic types such as voice, video, image and data.

• Frame Relay - Frame relay is a secure, private network that utilizes a logical path or
?virtual circuit? to allocate bandwidth for high performance transmissions. Frame
relay is the premier high-speed packet-switching protocol communicating data,
imaging, and voice between multiple locations. Frame relay is available in a range of
bandwidths from 56 Kbps to full T1 (1.54 Mbps).

• T-1/T-3 - A T-1 is a dedicated phone connection supporting data rates of

1.544Mbps. A T-1 line actually consists of 24 individual channels, each of which
supports 64Kbits per second. Each 64Kbit/second channel can be configured to carry
voice or data traffic. Most telephone companies allow you to buy just some of these
individual channels, known as fractional T-1 access. T-1 lines are a popular leased
line option for businesses connecting to the Internet and for Internet Service
Providers (ISPs) connecting to the Internet backbone. The Internet backbone itself
consists of faster T-3 connections. T-1 comes in either copper or fiber optics.
 • SONET - SONET and SDH are a set of related standards for synchronous data
transmission over fiber optic networks. SONET is short for Synchronous Optical
NETwork and SDH is an acronym for Synchronous Digital Hierarchy. SONET is the
United States version of the standard and SDH is the international version. SONET
defines a base rate of 51.84 Mbps and a set of multiples of the base rate known as
"Optical Carrier levels." (OCx). Speeds approaching 40 gigabits per second are
possible.
The following table displays information about the various WAN connection types.
Connection Speed Medium Description
Dial-up connection Rapidly being replaced by faster
Up to 56 Kbps Twisted pair
(POTS) technologies.
Twisted-pair, coaxial Large company to ISP
T-1 1.544 Mbps
cable, or optical fiber ISP to Internet infrastructure
Twisted-pair, coaxial Large company to ISP
T-2 6.312 Mbps
cable, or optical fiber ISP to Internet infrastructure
Digital Subscriber Line 256 Kbps to 8 Home, small business, and enterprise access
Twisted-pair
(DSL) Mbps using existing phone lines
512 Kbps to
Cable modem Coaxial cable Home, business, school access
52 Mbps
ISP to Internet infrastructure
T-3 44.736 Mbps Coaxial cable
Smaller links within Internet infrastructure
ISP to Internet infrastructure
OC-1 51.84 Mbps Optical fiber
Smaller links within Internet infrastructure
Large company backbone
OC-3 155.52 Mbps Optical fiber
Internet backbone
Asynchronous Transfer
622.08 Mbps Optical fiber Internet backbone
Mode (ATM)

Remote Access Protocols and Services

This section describes some of the various protocols and services used for remote and
secure connections.
• RAS - RAS stands for "Remote Access Service", Microsoft's term for modem pools.
This service provides dial-in access to networks and to the Internet.

• PPP - Point-to-point Protocol (PPP) is a method for connecting a personal computer

to the Internet using a standard phone line and a modem. The difference between
PPP and other, older dial-up procedures is that a PPP setup will establish a direct
Internet connection that allows the PC to use TCP/IP (Internet-based) applications.

• PPTP - The Point to Point Tunneling Protocol (PPTP) provides for the secure transfer
of data from a remote client to a private server by creating a multi-protocol Virtual
Private Network(VPN) by encapsulating PPP packets into IP datagrams. Setting Up
PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS). PPTP
does not support the Appletalk protocol.

• IPsec - IPSec is a suite of Internet-standard protocols that allow secure, encrypted

communications between two computers over an insecure network. IPSec provides
end-to-end security, meaning that the IP packets are encrypted by the sending
computer, are unreadable en route, and can be decrypted only by the recipient
computer.
 • L2TP - L2TP creates a tunnel through a public network that is authenticated on both
ends, uses header compression, and relies on IPSec for encryption of data passed
through the tunnel. L2TP works like PPTP in that it creates a "tunnel", but uses IPSec
encryption in order to support non-IP protocols and authentication.

• SSL - SSL (Secure Sockets Layer) uses a technique called public-key cryptography to
provide encrypted connections. This enables you to move information across the
Internet with confidence that it will not be intercepted or modified in transit. This is
heavily used in e-commerce and can be identified by a URL that begins with HTTPS.

• Kerberos - This form of security has been evolving in the Unix world for a long time
and is now becoming a standard. Kerberos provides mutual authentication between a
client and a server or between servers before a network connection is opened
between them. Rather than sharing a password, computers share a cryptographic
key, and they use knowledge of this key to verify each other's identities. Kerberos
security only works with computers running Kerberos security software.
Network Management
This section discusses network management, storage and recovery concepts:
• VLAN - A virtual LAN is a local area network with a definition that maps workstations
on some other basis than geographic location (for example, by department, type of
user, or primary application). The virtual LAN controller can change or add
workstations and manage loadbalancing and bandwidth allocation more easily than
with a physical picture of the LAN. Network management software keeps track of
relating the virtual picture of the local area network with the actual physical picture.

• Fault Tolerance - Fault-tolerance describes a computer system or component

designed so that, in the event that a component fails, a backup component or
procedure can immediately take its place with no loss of service. Fault tolerance can
be provided with software, or embedded in hardware, or provided by some
combination. This is an important component of disaster recovery which is being
included more and more in operating system software. For example, Windows 2000
includes RAID and tape backup functions although additional hardware is required.

• Network Attached Storage - Network Attached Storage, or NAS, is a data storage

mechanism that uses special devices connected directly to the network media. These
devices are assigned an IP address and can then be accessed by clients via a server
that acts as a gateway to the data, or in some cases allows the device to be accessed
directly by the clients without an intermediary. Some of the big advantages of NAS
include the expandability; need more storage space, add another NAS device and
expand the available storage. NAS also brings an extra level of fault tolerance to the
network. In a direct attached storage environment, a server going down means that
the data that that server holds is no longer available. With NAS, the data is still
available on the network and accessible by clients. Fault tolerant measures such as
RAID can be used to make sure that the NAS device does not become a point of
failure.
Diagnostic Tools
• Network Monitor - Tracks usage of network resources(good for establishing a
network baseline).

• Performance Monitor - Tracks usage of various resources over time(good for

establishing a general baseline).
• Tone Generator - Used to test cabling. Identifies which cable or wire is being tested
by generating different tones.

• TDR (Time Domain Reflectometer): Sends a signal down a cable and measures
the distance that the signal travelled before bouncing back(like sonar). Used to find
opens and shorts in cables.

• Oscilloscope - Tests cable by determining where there are shorts, crimps or

attenuation.

• Protocol Analyzers - This tool is used to monitor network traffic and display packet
and protocol statistics and information.

• Optical Testers - A tool used to monitor and troubleshoot the performance of a

fiber optic network.

• Crimping Tools - Crimping tools are used to connect cabling to their appropriate
connectors. There are different crimping tools for different types of connections.

• Punch Down Tool - A punch down tool is used to connect cabling such as telephone
and ethernet to wall jacks.
 CCNA Study Notes for Exam 640-607

OSI Model
LAN Design
Network Devices
Bridging/Switching
VLANs
Lan Protocols
TCP/IP
IPX/SPX
WAN Protocols
Frame Relay
ISDN
ATM
PPP
Cisco IOS
Security
Routing
RIP
OSPF
IGRP and EIGRP
Other Routing Info
Additional Links

OSI Model:
The OSI model is a layered model and a conceptual standard used for defining standards to
promote multi-vendor integration as well as maintain constant interfaces and isolate
changes of implementation to a single layer. It is NOT application or protocol specific. In
order to pass any Cisco exam, you need to know the OSI model inside and out.

The OSI Model consists of 7 layers.

Layer Description Device Protocol
Provides network access for applications, flow control and error
NCP, SMB,
recovery. Provides communications services to applications by
SMTP, FTP,
Application identifying and establishing the availability of other computers as well Gateway
SNMP, Telnet,
as to determine if sufficient resources exist for communication
Appletalk
purposes.
 Gateway and
Presentation Performs protocol conversion, encryption and data compression NCP, AFP, TDI
redirectors
Allows 2 applications to communicate over a network by opening a
Session session and synchronizing the involved computers. Handles Gateway NetBios
connection establishment, data transfer and connection release
NetBEUI, TCP,
Repackages messages into smaller formats, provides error free
Transport Gateway SPX, and
delivery and error handling functions
NWLink

IP, IPX,
Handles addressing, translates logical addresses and names to physical Router and
Network NWLink,
addresses, routing and traffic management. brouter
NetBEUI
Packages raw bits into frames making it transmitable across a network
link and includes a cyclical redundancy check(CRC). It consists of the
LLC sublayer and the MAC sublayer. The MAC sublayer is important
Switch, bridge
**Data Link to remember, as it is responsible for appending the MAC address of None
and brouter
the next hop to the frame header. On the contrary, LLC sublayer uses
Destination Service Access Points and Source Service Access Points
to create links for the MAC sublayers.
Physical layer works with the physical media for transmitting and
receiving data bits via certain encoding schemes. It also includes Multiplexer
Physical None
specifications for certain mechanical connection features, such as the and repeater
adaptor connector.

Here is an easy way to memorize the order of the layers:

All People Seem To Need Data Processing. The first letter of each word corresponds to the
first letter of one of the layers. It is a little corny, but it works.

The table above mentions the term "MAC Address". A MAC address is a 48 bit address for
uniquely identifying devices on the network. Something likes 00-00-12-33-FA-BC, we call
this way of presenting the address a 12 hexadecimal digits format. The first 6 digits specify
the manufacture, while the remainders are for the host itself. ARP Protocol is used to
determine the IP to MAC mapping. And of course, MAC addresses cannot be duplicated in
the network or problems will occur.

Data encapsulation takes place in the OSI model. It is the process in which the information
in a protocol is wrapped in the data section of another protocol. The process can be broken
down into the following steps:

User information -> data -> segments -> packets/datagrams -> frames -> bits.

When discussing the OSI model it is important to keep in mind the differences between
"Connection-oriented" and "Connectionless" communications. A connection oriented
communication has the following characteristics:

A session is guaranteed.
Acknowledgements are issued and received at the transport layer, meaning if the
sender does not receive an acknowledgement before the timer expires, the packet is
retransmitted.
Phrases in a connection-oriented service involves Call Setup, Data transfer and Call
termination.
 All traffic must travel along the same static path.
A failure along the static communication path can fail the connection.
A guaranteed rate of throughput occupies resources without the flexibility of dynamic
allocation.
Reliable = SLOW (this is always the case in networking).

In contrast, a connectionless communication has the following characteristics:

Often used for voice and video applications.

NO guarantee nor acknowledgement.
Dynamic path selection.
Dynamic bandwidth allocation.
Unreliable = FAST.

(Note: Connectionless communication does have some reliability PROVIDED by upper layer
Protocols.)

LAN Design:
Ethernet
When we talk about a LAN, Ethernet is the most popular physical layer LAN technology
today. Its standard is defined by the Institute for Electrical and Electronic Engineers as IEEE
Standard 802.3, but was originally created by Digital Intel Xerox (DIX). According to IEEE,
information for configuring an Ethernet as well as specifying how elements in an Ethernet
network interact with one another is clearly defined in 802.3.

For half-duplex Ethernet 10BaseT topologies, data transmissions occur in one direction at a
time, leading to frequent collisions and data retransmission. In contrast, full-duplex devices
use separate circuits for transmitting and receiving data and as a result, collisions are
largely avoided. A collision is when two nodes are trying to send data at the same time. On
an Ethernet network, the node will stop sending when it detects a collision, and will wait for
a random amount of time before attempting to resend, known as a jam signal. Also, with
full-duplex transmissions the available bandwidth is effectively doubled, as we are using
both directions simultaneously. You MUST remember: to enjoy full-duplex transmission, we
need a switch port, not a hub, and NICs that are capable of handling full duplex. Ethernet?s
media access control method is called Carrier sense multiple access/ collision dectect
(CSMA/CD). Because of Ethernets collision habits it is also known as the ?best effort
delivery system.? Ethernet cannot carry data over 1518 bytes, anything over that is broken
down into ?travel size packets.?

Click here for a website with tons of information related to ethernet.

Fast Ethernet
For networks that need higher transmission speeds, there is the Fast Ethernet standard
called IEEE 802.3u that raises the Ethernet speed limit to 100 Mbps! Of course, we need
new cabling to support this high speed. In 10BaseT network we use Cat3 cable, but in
100BaseT network we need Cat 5 cables. The three types of Fast Ethernet standards are
100BASE-TX for use with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and
100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable.

Gigabit Ethernet
Gigabit Ethernet is an emerging technology that will provide transmission speeds of
1000mbps. It is defined by the IEEE standard The 1000BASE-X (IEEE 802.3z). Just like all
other 802.3 transmission types, it uses Ethernet frame format, full-duplex and media access
control technology.

Token Ring
Token Ring is an older standard that isn't very widely used anymore as most have migrated
to some form of Ethernet or other advanced technology. Ring topologies can have
transmission rates of either 4 or 16mbps. Token passing is the access method used by token
ring networks, whereby, a 3bit packet called a token is passed around the network. A
computer that wishes to transmit must wait until it can take control of the token, allowing
only one computer to transmit at a time. This method of communication aims to prevent
collisions. Token Ring networks use multistation access units (MSAUs) instead of hubs on an
Ethernet network. For extensive information on Token Ring, visit Cisco's website.

Network Devices:
In a typical LAN, there are various types of network devices available as outlined below.
• Hub Repeat signals received on each port by broadcasting to all the other connected
ports.

• Repeaters Used to connect two or more Ethernet segments of any media type, and
to provide signal amplification for a segment to be extended. In a network that uses
repeater, all members are contending for transmission of data onto a single network.
We like to call this single network a collision domain. Effectively, every user can only
enjoy a percentage of the available bandwidth. Ethernet is subject to the "5-4-3" rule
regarding repeater placement, meaning we can only have five segments connected
using four repeaters with only three segments capable of accommodating hosts.

• Bridge A layer 2 device used to connect different networks types or networks of the
same type. It maps the Ethernet addresses of the nodes residing on each segment
and allows only the necessary traffic to pass through the bridge. Packet destined to
the same segment is dropped. This "store-and-forward" mechanism inspects the
whole Ethernet packet before making a decision. Unfortunately, it cannot filter out
broadcast traffic. Also, it introduces a 20 to 30 percent latency when processing the
frame. Only 2 networks can be linked with a bridge.

• Switch Can link up four, six, eight or even more networks. Cut-through switches run
faster because when a packet comes in, it forwards it right after looking at the
destination address only. A store-and-forward switch inspects the entire packet
before forwarding. Most switches cannot stop broadcast traffic. Switches are layer 2
devices.

• Routers Can filter out network traffic also. However, they filter based on the protocol
addresses defined in OSI layer 3(the network layer), not based on the Ethernet
packet addresses. Note that protocols must be routable in order to pass through the
routers. A router can determine the most efficient path for a packet to take and send
packets around failed segments.

• Brouter Has the best features of both routers and bridges in that it can be
configured to pass the unroutable protocols by imitating a bridge, while not passing
broadcast storms by acting as a router for other protocols.

• Gateway Often used as a connection to a mainframe or the internet. Gateways

enable communications between different protocols, data types and environments.
This is achieved via protocol conversion, whereby the gateway strips the protocol
 stack off of the packet and adds the appropriate stack for the other side. Gateways
operate at all layers of the OSI model without making any forwarding decisions.
The goal of LAN segmentation is to effectively reduce traffic and collisions by segmenting
the network. In a LAN segmentation plan, we do not consider the use of gateways and hubs
at all and the focus turns to device such as switches and routers.

Bridging/Switching:
Bridge - A layer 2 device used to connect different networks types or networks of the
same type. It maps the Ethernet addresses of the nodes residing on each segment and
allows only the necessary traffic to pass through the bridge. Packet destined to the same
segment is dropped. This "store-and-forward" mechanism inspects the whole Ethernet
packet before making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it
introduces a 20 to 30 percent latency when processing the frame. Only 2 networks can be
linked with a bridge.
Switch - Switches are layer 2 devices that can link up four, six, eight or even more
networks. Switches are the only devices that allow for microsegmentation. Cut-through
switches run faster because when a packet comes in, it forwards it right after looking at the
destination address only. A store-and-forward switch inspects the entire packet before
forwarding. Most switches cannot stop broadcast traffic. Switches are considered dedicated
data link device because they are close to a 100 % of the bandwidth. While bridging does
most of its work by hardware, switches use fabric/software to handle most of its work.

Store-and-forward - The entire frame is received before any forwarding takes place. The
destination and/or the source addresses are read and filters are applied before the frame is
forwarded. Latency occurs while the frame is being received; the latency is greater with
larger frames because the entire frame takes longer to read. Error detection is high because
of the time available to the switch to check for errors while waiting for the entire frame to
be received. This method discards frames smaller than 64 bytes (runts) and frames larger
than 1518 bytes (giants).

Cut-Through - The switch reads the destination address before receiving the entire frame.
The frame is then forwarded before the entire frame arrives. This mode decreases the
latency of the transmission and has poor error detection. This method has two forms, Fast-
forward and fragment-free.
• Fast-forward switching - Fast-forward switching offers the lowest level of latency
by immediately forwarding a packet after receiving the destination address. Because
fast-forward switching does not check for errors, there may be times when frames
are relayed with errors. Although this occurs infrequently and the destination
network adapter discards the fault frame upon receipt. In networks with high
collision rates, this can negatively affect available bandwidth.

• Fragment Free Switching - Use the fragment-free option to reduce the number of
collisions frames forwarded with errors. In fast-forward mode, latency is measured
from the first bit received to the first bit transmitted, or first in, first out (FIFO).
Fragment-free switching filters out collision fragments, which are the majority of
packets errors, before forwarding begins. In a properly functioning network, collision
fragments must be smaller then 64 bytes. Anything greater than 64 byes is a valid
packet and is usually received without error. Fragment-free switching waits until the
received packet has been determined not to be a collision fragment before
forwarding the packet. In fragment-free, latency is measured as FIFO.
Spanning-Tree Protocol - Allows duplicate switched/bridged paths without incurring the
latency effects of loops in the network.

The Spanning-Tree Algorithm, implemented by the Spanning-Tree Protocol, prevents loops

by calculating stable spanning-tree network topology. When creating a fault-tolerant
network, a loop-free path must exist between all nodes in the network The Spanning-Tree
Algorithm is used to calculate a loop-free paths. Spanning-tree frames, called bridge
protocol data units (BPDUs), are sent and received by all switches in the network at regular
intervals and are used to determine the spanning-tree topology. A switch uses Spanning-
Tree Protocol on all Ethernet-and Fast Ethernet-based VLANs. Spanning-tree protocol
detects and breaks loops by placing some connections in standby mode, which are activated
in the event of an active connection failure. A separate instance Spanning-Tree Protocol runs
within each configured VLAN, ensuring topologies, mainly Ethernet topologies that conform
to industry standards throughout the network. These modes are as follows:
• Blocking- NO frames forwarded, BPDUs heard.

• Listening ? No frames forwarded, listening for frames

• Learning- No frames forwarded, learning addresses.

• Forwarding- Frames forwarded, learning addresses.

• Disabled- No frames forwarded, no BPDUs heard.

The state for each VLAN is initially set by the configuration and later modified by the
Spanning-Tree Protocol process. You can determine the status, cost and priority of ports and
VLANs, by using the show spantree command. After the port-to-VLAN state is set,
Spanning-Tree Protocol determines whether the port forwards or blocks frames.

VLANs:
A VLAN is a logical grouping of devices or users. These devices or users can be grouped by
function, department application and so on, regardless of their physical segment location.
VLAN configuration is done at the switch via switching fabric. A VLAN can be used to reduce
collisions by separating broadcast domains within the switch. In other words, VLANs create
separate broadcast domains in a switched network. Frame tagging at layer 2 does this.
Frame tagging is a gaining recognition as the standard for implementing VLANs, and is
recognized by IEEE 802.1q. Frame tagging uniquely assigns a VLAN ID to each frame. This
identifier is understood and examined by each switch prior to any broadcasts or
transmissions to other switches, routers, and end-stations devices. When the frame exits
the network backbone, the switch removes the identifier before the frame is transmitted to
the target end station. This effectively creates an environment with fewer collisions. The key
to this is that ports in a VLAN share broadcasts, while ports not in that VLAN cannot share
the broadcasts. Thus users in the same physical location can be members of different
VLANs. We can plug existing hubs into a switch port and assign them a VLAN of their own to
segregates users on the hubs. Frame filtering examines particular information about each
frame. A filtering table is developed for each switch; this provides a high level of
administrative control because it can examine many attributes of each frame. Frame
filtering is slowly being erased and replaced by the frame tagging method.

VLANs can be complicated to set up. VLANs use layer 2 addressing, meaning that routers
are required between separate VLANs. The advantage of deploying layer 2 addresses is that
layer 2 addressing is faster to process. It is also quite common for administrators to set up
multiple VLANs with multiple access lists to control access. Layer 3 routing provides the
ability for multiple VLANs to communicate with each other, which means that users in
different locations can reside on the same VLAN. This is a flexible approach to network
design.

VLANs are configured on the switch three ways, port centric, static and dynamically. In port-
centric VLANs, all the nodes connected to ports in the same VLAN are assigned the same
VLAN ID. Packets do not ?leak? into other domains, and are easily administered and provide
great security between VLANs. Some say that static configured VLANs are the same as port
centric, because static VLANs use the port centric method for assigning them to switch
ports. Dynamic VLANs are ports on a switch that can automatically determine their VLAN
assignments. Dynamic VLAN functions are based on MAC addresses, logical addressing, or
protocol type of the data packets. When a station is initially connected to an unassigned
switch port, the appropriate switch checks the MAC entry in the management database and
dynamically configures the port with the corresponding VLAN configuration. The major high
points of this method are less administration overhead, of course only after the first
administration of the database within the VLAN management software.
VLAN Switching
VLAN Considerations

Lan Protocols:
The following sections will introduce the core LAN protocols that you will need to know for
the exam.

TCP/IP:
Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host
ID(hostid). All hosts on the same network must have the same netid. Each of these hosts
must have a hostid that is unique in relation to the netid. IP addresses are divided into 4
octets with each having a maximum value of 255. We view IP addresses in decimal notation
such as 124.35.62.181, but it is actually utilized as binary data so one must be able to
convert addresses back and forth.

The following table explains how to convert binary into decimal and visa versa:
Decimal Binary When converting binary data to decimal, a
128 10000000 "0" is equal to 0. "1" is equal to the number
that corresponds to the field it is in. For
64 01000000 example, the number 213 would be
32 00100000 11010101 in binary notation. This is
16 00010000 calculated as follows:
8 00001000 128+64+0+16+0+4+0+1=213. Remember
that this only represents 1 octet of 8 bits,
4 00000100
while a full IP address is 32 bits made up of
2 00000010 4 octets. This being true, the IP address
213.128.68.130 would look like 11010101
1 00000001
10000000 01000100 10000010.

IP addresses are divided into 3 classes as shown below:

Class Range
A 1-126
B 128-191 IP addresses can be class A, B or C. Class A addresses are for networks with a large
number of hosts. The first octet is the netid and the 3 remaining octets are the hostid.
C 192-223
Class B addresses are used in medium to large networks with the first 2 octets making
224-239 up the netid and the remaining 2 are the hostid. A class C is for smaller networks with
D
Multicasting the first 3 octets making up the netid and the last octet comprising the hostid. The later
240-255 two classes aren?t used for networks.
E
Experimental

A subnet mask blocks out a portion of an IP address and is used to differentiate between
the hostid and netid. The default subnet masks are as follows:
Class Default Subnet # of Subnets # of Hosts Per Subnet
Class A 255.0.0.0 126 16,777,214
Class B 255.255.0.0 16,384 65,534
Class C 255.255.255.0 2,097,152 254
In these cases, the part of the IP address blocked out by 255 is the netid.

In the table above, the it shows the default subnet masks. What subnet mask do you use
when you want more that 1 subnet? Lets say, for example, that you want 8 subnets and will
be using a class C address. The first thing you want to do is convert the number of subnets
into binary, so our example would be 00001000. Moving from left to right, drop all zeros
until you get to the first "1". For us that would leave 1000. It takes 4 bits to make 8 in
binary so we add a "1" to the first 4 high order bits of the 4th octet of the subnet
mask(since it is class C) as follows: 11111111.11111111.11111111.11110000 =
255.255.255.240. There is our subnet mask.
Lets try another one...Lets say that you own a chain of stores that sell spatulas in New York
and you have stores in 20 different neighborhoods and you want to have a separate subnet
on your network for each neighborhood. It will be a class B network. First, we convert 20 to
binary - 00010100. We drop all zeros before the first "1" and that leaves 10100. It takes 5
bits to make 20 in binary so we add a "1" to the first 5 high order bits which gives:
11111111.11111111.11111000.00000000 = 255.255.248.0. The following table shows a
comparison between the different subnet masks.
Mask # of Subnets Class A Hosts Class B Hosts Class C Hosts
192 2 4,194,302 16,382 62
224 6 2,097,150 8,190 30
240 14 1,048,574 4,094 14
248 30 524,286 2,046 6
252 62 262,142 1,022 2
254 126 131,070 510 Invalid
255 254 65,534 254 Invalid

Note: 127.x.x.x is reserved for loopback testing on the local system and is not used on live
systems.

TCP/IP Ports - Ports are what an application uses when communicating between a client and
server computer. Some common TCP/IP ports are:
20 FTP-DATA
21 FTP
23 TELNET
 25 SMTP
69 TFTP
70 GOPHER
80 HTTP
110 POP3
137 NetBIOS name service
138 NetBIOS datagram service
139 NetBIOS
161 SNMP

You need to understand Buffering, Source quench messages and Windowing. Buffering
allows devices to temporarily store bursts of excess data in memory. However, if data keep
arriving at high speed, buffers can go overflow. In this case, we use source quench
messages to request the sender to slow down.

Windowing is for flow-control purpose. It requires the sending device to send a few packets
to the destination device and wait for the acknowledgment. Once received, it sends the
same amount of packets again. If there is a problem on the receiving end, obviously no
acknowledgement will ever come back. The sending source will then retransmits at a slower
speed. This is like trial and error, and it works. Note that the window size should never be
set to 0 - a zero window size means to stop transmittion completely.

3COM?s IP addressing tutorial is just superior. It covers basic IP addressing options as well
as subnetting and VLSM/CIDR.

IPX/SPX:
IPX will also be an important issue to consider in network management given the fact there
many companies still use Netware servers. There are two parts to every IPX Network
address - the Network ID and the Host ID. The first 8 hex digits represent the network ID,
while the remaining hex digits represent the host ID, which is most likely the same as the
MAC address, meaning we do not need to manually assign node addresses. Note that valid
hexadecimal digits range from 0 through 9, and hexadecimal letters range from A through F.
FFFFFFFF in hexadecimal notation = 4292967295 in decimal.

Sequenced Packet Exchange(SPX) belongs to the Transport layer, and is connection-

oriented. It creates virtual circuits between hosts, and that each host is given a connection
ID in the SPX header for identifying the connection. Service Advertisement Protocol(SAP) is
used by NetWare servers to advertise network services via broadcast at an interval of every
60 minutes by default.

WAN Protocols:
In general, there are three broad types of WAN access technology. With Leased Lines, we
have point-to-point dedicated connection that uses pre-established WAN path provided by
the ISP. With Circuit Switching such as ISDN, a dedicated circuit path exist only for the
duration of the call. Compare to traditional phone service, ISDN is more reliable and is
faster. With Packet Switching, all network devices share a single point-to-point link to
transport packets across the carrier network - this is known as virtual circuits.

When we talk about Customer premises equipment(CPE), we are referring to devices

physically located at the subscriber?s location. Demarcation is the place where the CPE ends
and the local loop begins. A Central Office(CO) has switching facility that provides point of
presence for its service. Data Terminal Equipment(DTE) are devices where the switching
application resides, and Date Circuit-terminating Equipment(DCE) are devices that convert
user data from the DTE into the appropriate WAN protocol. A router is a DTE, while a
DSU/CSU device or modem are often being referred to as DCEs.

Frame Relay:
Frame Relay has the following characteristics:
successor to X.25
has less overhead than X.25 because it relies on upper layer protocols to perform error
checking.
Speed in between the range of 56 Kbps to 2.078 Mbps.
uses Data Link Connection Identifiers(DLCI) to identify virtual circuits, with DLCI
number between 16 and 1007.
uses Local Management Interfaces(LMI) to provide info on the DLCI values as well as
the status of virtual circuits. Cisco routers support Cisco(Default), ANSI and Q933a.
to set up frame relay, we need to set the encapsulation to frame-relay in either the
Cisco(Default) mode or the IETF mode, although Cisco encapsulation is required to connect
two Cisco devices.
LMI type is configurable, but by default it is being auto-sensed.
generally transfer data with permanent virtual circuits (PVCs), although we can use
switched virtual circuits (SVCs) as well.
SVC is for transferring data intermittently.
PVC does not have overhead of establishing and terminating a circuit each time
communication is needed.
Committed Information Rate(CIR) is the guaranteed minimum transfer rate of a
connection

Cisco has a web page that describes the configuration and troubleshooting of Frame relay at
http://www.cisco.com/warp/public/125/13.html

ISDN:
ISDN has the following characteristics:
Works at the Physical, Data Link, and Network Layers.
Often used in backup DDR Dial on Demand Routing.
Makes use of existing telephone.
Supports simultaneous data and voice.
Max speed at 125 Kbps with PPP Multilink.
Call setup and data transfer is faster than typical modems.
BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for control
PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel and one D
Channel in Europe.
E protocol specifies ISDN on existing telephone network
I protocol specifies Concepts, terminology, and Services
Q protocol specifies switching and signaling
ISDN Reference Points include R(between non ISDN equipment and TA), S(between
user terminals and NT2), T(between NTI and NT2 devices) and U(between NTI devices and
Line Termination Equipment in North America)
router always connected by the U interface into NT1
BRI interface is considered Terminal Equipment type 1 TE1
TE1 is built into the ISDN standards
Needs to have Terminal Adapter TA to use TE2
Cisco has a web page with links about the configuration and troubleshooting of ISDN here

ATM:
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching
technique that uses short fixed length packets called cells which are about 53 bits in length.
ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at
speeds ranging from 1.544Mbps to as high as 622Mbps. I recently read that the new
standard may be 2Gbps. ATM's speed is derived from the use of short fixed length cells,
which reduce delays, and the variance of delay for delay-sensitive services such as voice
and video. ATM is capable of supporting a wide range of traffic types such as voice, video,
image and data.

PPP:
As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) was
mainly for the transfer of data over slower serial interfaces. It is better than SLIP because it
provides multiprotocol support, error correction as well as password protection. It is a Data
Link Layer protocol used to encapsulate higher protocols to pass over synchronous or
asynchronous communication lines. PPP is capable of operating across any DTE/DCE device,
most commonly modems, as long as they support duplex circuits. There are 3 components
to PPP:

HDLC(High-level Data Link Control) - Encapsulates the data during transmission and is
a link layer protocol which is also the default Cisco encapsulation protocol for synchronous
serial links. HDLC is supposed to be an open standard, but Cisco's version is proprietary,
meaning it can only function with Cisco routers.
LCP(Link Control Protocol) - Establishes, tests and configures the data link connection.
NCPs(Network Control Protocols) - Used to configure the different communication
protocols, allowing them on the same line simultaneously. Microsoft uses 3 NCPs for the 3
protocols at the Network Layer (IP, IPX and NetBEUI)

PPP communication occurs in the following manner: PPP sends LCP frames to test and
configure the data link. Next, authentication protocols are negotiated to determine what sort
of validation is used for security. Below are 2 common authentication protocols:

PAP is similar to a network login but passwords are sent as clear text. It is normally
only used on FTP sites.
CHAP uses encryption and is a more secure way of sending passwords.

Then NCP frames are used to setup the network layer protocols to be used. Finally, HDLC is
used to encapsulate the data stream as it passes through the PPP connection.

Point-to-Point Tunneling Protocol(PPTP) provides for the secure transfer of data from a
remote client to a private server by creating a multi-protocol Virtual Private Network(VPN)
by encapsulating PPP packets into IP datagrams. There are 3 steps to setup a secure
communication channel:
1. PPP connection and communication to the remote network are established.

2. PPTP creates a control connection between the client and remote PPTP server

3. PPTP creates the IP datagrams for PPP to send.

The packets are encrypted by PPP and sent through the tunnel to the PPTP server which
decrypts the packets, disassembles the IP datagrams and routes them to the host. Setting
Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS).

There is a very helpful web site with detailed tutorials on ISDN, Frame Relay, X.25, ATM and
other serial WAN technologies located here.

Cisco IOS:
Cisco routers use the Internetworking Operating System(IOS) which stores the configuration
information in Non-Volatile RAM(NVRAM) and the IOS itself is stored in flash. The IOS can
be accessed via Telnet, console connection(such as hyperterminal) or dialin connection. You
can also configure the router as a web server and then access a web-based configuration
panel via http.

There are a variety of sources for booting include Flash memory, TFTP and ROM. It is always
recommended that new image of IOS be loaded on a TFTP server first, and then copy the
image from the TFTP server to the flash memory as a backup mechanism. The copy
command such as "copy tftp flash" allows us to copy the IOS image from TFTP server to the
Flash memory. And of course, we can always do the reverse. Now, we need to inform the
router to boot from the correct source. The following commands are examples of what we
should type in depending on the situation. Typically, it is a good idea to specify multiple boot
options as a fall back mechanism.

boot system flash {filename}

boot system tftp {filename} {tftp server IP address}
boot system rom

After the boot up process we can prepare to login. The User EXEC is the first mode we
encounter. It gives us a prompt of "Router>". To exit this mode means to log out
completely, this can be done with the logout command. If we want to proceed to the
Privileged EXEC, we need to use the enable EXEC command. Once entered, the prompt will
be changed to ?Router#". To go back to user EXEC mode, we need to use the disable
command. Note that all the configuration works requires the administrator to be in the
Privileged mode first. Put it this way, Privileged EXEC mode includes support for all
commands in user mode plus those that provide access to global and system settings.

The setup command facility is for making major changes to the existing configurations, such
as adding a protocol suite, modifying a major addressing scheme changes, or configuring a
newly installed interface.

If you aren't big on reading manuals, finding out the way to access help information is a
MUST. To display a list of commands available for each command mode, we can type in a ?
mark. IOS also provides context-sensitive help feature to make life easier. In order to pass
this exam, you will need to be able to find your away around the IOS. We will list some the
information here, but there is too much to list all of it. You will definitely need access to a
router or get the software listed at the beginning of this study guide so that you can
practice.

Useful editing commands include:

Command Purpose
Recall commands in the history buffer starting with the
Crtl-P
most recent command.
Crtl-N Return to more recent commands in the history buffer
after recalling commands with Crtl-P or the up arrow
 key.
Crtl-B Move the cursor back one character
Crtl-F Move the cursor forward one character
Crtl-A Move the cursor to the beginning of the command line
Crtl-E Move the cursor to the end of the command line
Esc B Move the cursor back one word
Esc F Move the cursor forward one word
Crtl-R or
Redisplay the current command line
Crtl-L

You will find most of the IOS commands at the following 2 links:
Router and Switch Commands
http://www.cisco.com/warp/cpropub/45/tutorial.htm

Security:
Access Lists allow us to implement some level of security on the network by inspecting and
filtering traffic as it enters or exits an interface. Each router can have many access lists of
the same or different types. However, only one can be applied in each direction of an
interface at a time (keep in mind that inbound and outbound traffic is determined from the
router's perspective). The two major types of access lists that deserve special attention are
the IP Access Lists and the IPX Access Lists.

Standard IP access lists can be configured to permit or deny passage through a router
based on the source host's IP address. Extended IP access list uses destination address, IP
protocol and port number to extend the filtering capabilities. Access can be configured to be
judged based on a specific destination address or range of addresses, on an IP protocol such
as TCP or UDP, or on port information such as http, ftp, telnet or snmp. We use access list
number to differentiate the type of access list. In standard IP access lists we have numbers
from 1 through 99, and in extended IP access lists we have numbers from 100 through 199:

1-99 Standard IP

100-199 Extended IP

200-299 Protocol type-code

300-399 DECnet

600-699 Appletalk

700-799 Standard 48-bit MAC Address

800-899 Standard IPX

900-999 Extended IPX

1000-1099 IPX SAP

1100-1199 Extended 48-bit MAC Address

1200-1299 IPX Summary Address

When dealing with Access Control Lists or preparing for your CCNA exam, you have to deal
with a 32-bit wild card address in dotted-decimal form, known as your inverse mask. By
Cisco?s definition it is called inverse, but you can think of it as the ?reverse? of your subnet
mask in most cases. When dealing with your wild card mask, you have two values that you
are working with. Like subnetting you have a 0 as "off" and a 1 as the "on" value. Wild
cards deal with the 0 value as ?match? and the 1 value as "ignore". What do I mean by
ignore or match? If you have studied ACLs you should know that your goal is to set criteria
to deny or permit and that is where your Inverse mask comes into play. It tells the router
which values to seek out when trying to deny or permit in your definition. If you have dealt
with subnetting you know that most of your address ended with an even number. With your
inverse mask you will end up with an odd number. There are several different ways to come
up with your inverse mask; the easiest is to subtract your subnet mask from the all routers
broadcast address of 255.255.255.255.

Example: You have a subnet mask of 255.255.255.0. To get your wild card mask all you
have to do is:

255.255.255.255.
-255.255.255.0
0.0.0.255

Then you can apply it to the definition, whether using a standard or extended ACL.

Standard example:
Router(config)# access-list 3 deny 170.10.1.0 0.0.0.255

How you would read this list. With this wild card you told the router to ?match? the first
three octets and you don?t care what?s going on in the last octet.

Extended example:
Router(config)# access-list 103 permit 178.10.2.0 0.0.0.255 170.10.1.0 0.0.0.255 eq 80

How you would read this list? With this wild card you have told the router to match The first
three octets and you don?t care what?s going on in the last octet.

Thank of it this way. If you had broken the decimal form down to binary. The wild card mask
would look like this. 00000000.00000000.00000000.11111111 As you know the ?1? means
ignore and ?0? means match. So in that last octet it could have been any value on that
subnet line ranging from 0-255.

For more information on IP Access Lists, read Configuring IP Access Lists

For IPX access list configuration, read Control Access to IPX Networks

Routing:
There are 2 main types of routing, which are static and dynamic, the third type of routing is
called Hybrid. Static routing involves the cumbersome process of manually configuring and
maintaining route tables by an administrator. Dynamic routing enables routers to "talk" to
each other and automatically update their routing tables. This process occurs through the
use of broadcasts. Next is an explanation of the various routing protocols.

RIP:
Routing Information Protocol(RIP) is a distance vector dynamic routing protocol. RIP
measures the distance from source to destination by counting the number of hops(routers
or gateways) that the packets must travel over. RIP sets a maximum of 15 hops and
considers any larger number of hops unreachable. RIP's real advantage is that if there are
multiple possible paths to a particular destination and the appropriate entries exist in the
routing table, it will choose the shortest route. Routers can talk to each other, however, in
the real routing world, there are so many different routing technologies available, that it is
not as simple as just enabling Routing Information Protocol (RIP).

For information on RIP configuration, read Configuring RIP

OSPF:
Open Shortest Path First (OSPF) is a link-state routing protocol that converges faster than a
distance vector protocol such as RIP. What is convergence? This is the time required for all
routers to complete building the routing tables. RIP uses ticks and hop counts as
measurement, while OSPF also uses metrics that takes bandwidth and network congestion
into making routing decisions. RIP transmits updates every 30 seconds, while OSPF
transmits updates only when there is a topology change. OSPF builds a complete topology
of the whole network, while RIP uses second handed information from the neighboring
routers. To summarize, RIP is easier to configure, and is suitable for smaller networks. In
contrast, OSPF requires high processing power, and is suitable if scalability is the main
concern.

We can tune the network by adjusting various timers. Areas that are tunable include: the
rate at which routing updates are sent, the interval of time after which a route is declared
invalid, the interval during which routing information regarding better paths is suppressed,
the amount of time that must pass before a route is removed from the routing table, and
the amount of time for which routing updates will be postponed. Of course, different setting
is needed in different situation. In any case, we can use the "show ip route" command to
display the contents of routing table as well as how the route was discovered.

For commands and methods to configure OSPF read Configuring OSPF on Cisco Routers

IGRP and EIGRP:

RIP and OSPF are considered "open", while IGRP and EIGRP are Cisco proprietary. Interior
Gateway Routing Protocol(IGRP) is a distance vector routing protocol for the interior
networks, while Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid that
combines distance vector and link-state technologies. Do not confuse these with NLSP. Link
Services Protocol (NLSP) is a proprietary link-state routing protocol used on Novell NetWare
4.X to replace SAP and RIP. For IGRP, the metric is a function of bandwidth, reliability, delay
and load. One of the characteristics of IGRP is the deployment of hold down timers. A hold-
down timer has a value of 280 seconds. It is used to prevent routing loops while router
tables converge by preventing routers from broadcasting another route to a router which is
off-line before all routing tables converge. For EIGRP, separate routing tables are maintained
for IP, IPX and AppleTalk protocols. However, routing update information is still forwarded
with a single protocol.

(Note: RIPv2, OSPF and EIGRP include the subnet mask in routing updates which allows for
VLSM (Variable Length Subnet Mask), hence VLSM is not supported by RIP-1 or IGRP.)
For more information about IGRP, read Configuring IGRP
For a detailed guideline on configuring EIGRP, read Configuring IP Enhanced IGRP

Other Routing Info:

In the routing world, we have the concept of autonomous system AS, which represents a
group of networks and routers under a common management and share a common routing
protocol. ASs are connected by the backbone to other ASs. For a device to be part of an AS,
it must be assigned an AS number that belongs to the corresponding AS.

Route poisoning intentionally configure a router not to receive update messages from a
neighboring router, and sets the metric of an unreachable network to 16. This way, other
routers can no longer update the originating router's routing tables with faulty information.

Hold-downs prevent routing loops by disallowing other routers to update their routing tables
too quickly after a route goes down. Instead, route can be updated only when the hold-
down timer expires, if another router advertises a better metric, or if the router that
originally advertised the unreachable network advertises that the network has become
reachable again. Note that hold down timers need to work together with route poisoning in
order to be effective.

Split horizon simply prevents a packet from going out the same router interface that it
entered. Poison Reverse overrides split horizon by informing the sending router that the
destination is inaccessible, while Triggered Updates send out updates whenever a change in
the routing table occurs without waiting for the preset time to expire.

Router and Switch Commands

By Jamison Schmidt

This reference guide provides router and switch commands to help you prepare for Cisco's
CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get
VLSM and Supernetting commands added for the new 640-801 CCNA exam.

ROUTER COMMANDS
Router Commands
Show Commands
Catalyst Commands

TERMINAL CONTROLS:
Config# terminal editing - allows for enhanced editing commands
Config# terminal monitor - shows output on telnet session
Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format
of subnet masks

HOST NAME:
Config# hostname ROUTER_NAME

BANNER:
Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character,
must start and finish the message
DESCRIPTIONS:
Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level

CLOCK:
Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003

CHANGING THE REGISTER:

Config# config-register 0x2100 - ROM Monitor Mode
Config# config-register 0x2101 - ROM boot
Config# config-register 0x2102 - Boot from NVRAM

BOOT SYSTEM:
Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp
2600_ios.bin 192.168.14.2
Config# boot system ROM
Config# boot system flash - Then - Config# reload

CDP:
Config# cdp run - Turns CDP on
Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
Config# cdp timer 30 - Sets the update timer.The default is 60
Config# int Ethernet 0
Config-if# cdp enable - Enables cdp on the interface
Config-if# no cdp enable - Disables CDP on the interface
Config# no cdp run - Turns CDP off

HOST TABLE:
Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
-or-
Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a
192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)

DOMAIN NAME SERVICES:

Config# ip domain-lookup - Tell router to lookup domain names
Config# ip name-server 122.22.2.2 - Location of DNS server
Config# ip domain-name cisco.com - Domain to append to end of names

CLEARING COUNTERS:
# clear interface Ethernet 0 - Clears counters on the specified interface
# clear counters - Clears all interface counters
# clear cdp counters - Clears CDP counters

STATIC ROUTES:
Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0
255.255.255.0 205.5.5.2
Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
Config# ip default-network Net_Add - Gateway LAN network

IP ROUTING:
Config# ip routing - Enabled by default
 Config# router rip
-or-
Config# router igrp 100
Config# interface Ethernet 0
Config-if# ip address 122.2.3.2 255.255.255.0
Config-if# no shutdown

IPX ROUTING:
Config# ipx routing
Config# interface Ethernet 0
Config# ipx maximum-paths 2 - Maximum equal metric paths used
Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on
Ethernet. Encapsulation HDLC on serial
Config-if# no shutdown

ACCESS LISTS:
IP Standard 1-99
IP Extended 100-199
IPX Standard 800-899
IPX Extended 900-999
IPX SAP Filters 1000-1099

IP STANDARD:
Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip?s on network
133.2.2.0
-or-
Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
Config# access-list 10 permit any - allows any address

Config# int Ethernet 0

Config-if# ip access-group 10 in - also available: out

IP EXTENDED:
Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
Config# access-list 101 permit ip any any

Config# interface Ethernet 0

Config-if# ip access-group 101 out

IPX STANDARD:
Config# access-list 801 permit 233 AA3 - source network/host then destination
network/host
-or-
 Config# access-list 801 permit -1 -1 - ?-1? is the same as ?any? with network/host
addresses

Config# interface Ethernet 0

Config-if# ipx access-group 801 out

IPX EXTENDED:
Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-?all? includes all sockets, or can use socket numbers
-or-
Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere

Config# interface Ethernet 0

Config-if# ipx access-group 901 in

IPX SAP FILTER:

Config# access-list 1000 permit 4aa 3 - ?3? is the service type
-or-
Config# access-list 1000 permit 4aa 0 - service type of ?0? matches all services

Config# interface Ethernet 0

Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets

NAMED ACCESS LISTS:

Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list
Config# permit any

Config-if# ip access-group LISTNAME in

-use the list name instead of a list number
-allows for a larger amount of access-lists

PPP SETUP:
Config-if# encapsulation ppp
Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
Config-if# exit
Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
Config-if# ppp chap hostname ROUTER
Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
 -set same on all for easy configuration

ISDN SETUP:
Config# isdn switch-type basic-5ess - determined by telecom
Config# interface serial 0
Config-if# isdn spid1 2705554564 - isdn ?phonenumber? of line 1
Config-if# isdn spid2 2705554565 - isdn ?phonenumber? of line 2
Config-if# encapsulation PPP - or HDLC, LAPD

DDR - 4 Steps to setting up ISDN with DDR

1. Configure switch type
Config# isdn switch-type basic-5ess - can be done at interface config

2. Configure static routes

Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for
123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network
192.3.5.5 (through bri0)

3. Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
can also use ?dialer string 5551212? instead if there is only one router to connect
to

4. Specify interesting traffic

Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list

5. Other Options
Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-?125? is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
Config# interface serial 0
Config-if# encapsulation frame-relay - cisco by default, can change to ietf
Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
Config-if# bandwidth 56

Config-if# interface serial 0.100 point-to-point - subinterface

 Config-if# ip address 122.1.1.1 255.255.255.0
Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end

Config-if# interface serial 1.100 multipoint

Config-if# no inverse-arp - turns IARP off; good to do
Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional
Config-if# frame-relay map ip 122.1.1.3 54 broadcast

SHOW COMMANDS

Show access-lists - all access lists on the router

Show cdp - cdp timer and holdtime frequency
Show cdp entry * - same as next
Show cdp neighbors detail - details of neighbor with ip add and ios version
Show cdp neighbors - id, local interface, holdtime, capability, platform portid
Show cdp interface - int?s running cdp and their encapsulation
Show cdp traffic - cdp packets sent and received
Show controllers serial 0 - DTE or DCE status
Show dialer - number of times dialer string has been reached, other stats
Show flash - files in flash
Show frame-relay lmi - lmi stats
Show frame-relay map - static and dynamic maps for PVC?s
Show frame-relay pvc - pvc?s and dlci?s
Show history - commands entered
Show hosts - contents of host table
Show int f0/26 - stats of f0/26
Show interface Ethernet 0 - show stats of Ethernet 0
Show ip - ip config of switch
Show ip access-lists - ip access-lists on switch
Show ip interface - ip config of interface
Show ip protocols - routing protocols and timers
Show ip route - Displays IP routing table
Show ipx access-lists - same, only ipx
Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
Show ipx route - ipx routes in the table
Show ipx servers - SAP table
Show ipx traffic - RIP and SAP info
Show isdn active - number with active status
Show isdn status - shows if SPIDs are valid, if connected
Show mac-address-table - contents of the dynamic table
Show protocols - routed protocols and net_addresses of interfaces
Show running-config - dram config file
Show sessions - connections via telnet to remote device
Show startup-config - nvram config file
Show terminal - shows history size
Show trunk a/b - trunk stat of port 26/27
Show version - ios info, uptime, address of switch
Show vlan - all configured vlan?s
 Show vlan-membership - vlan assignments
Show vtp - vtp configs

CATALYST COMMANDS
For Native IOS - Not CatOS

SWITCH ADDRESS:
Config# ip address 192.168.10.2 255.255.255.0
Config# ip default-gateway 192.168.10.1

DUPLEX MODE:
Config# interface Ethernet 0/5 - ?fastethernet? for 100 Mbps ports
Config-if# duplex full - also, half | auto | full-flow-control

SWITCHING MODE:
Config# switching-mode store-and-forward - also, fragment-free

MAC ADDRESS CONFIGS:

Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on
this port
Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security

Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this
port

VLANS:
Config# vlan 10 name FINANCE
Config# interface Ethernet 0/3
Config-if# vlan-membership static 10

TRUNK LINKS:
Config-if# trunk on - also, off | auto | desirable | nonegotiate
Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port

CONFIGURING VTP:
Config# delete vtp - should be done prior to adding to a network
Config# vtp server - the default is server, also client and transparent
Config# vtp domain Camp - name doesn?t matter, just so all switches use the same
Config# vtp password 1234 - limited security
Config# vtp pruning enable - limits vtp broadcasts to only switches affected
Config# vtp pruning disable

FLASH UPGRADE:
Config# copy tftp://192.5.5.5/configname.ios opcode - ?opcode? for ios upgrade, ?
nvram? for startup config

DELETE STARTUP CONFIG:

Config# delete nvram
Cisco IOS Command Line Interface Tutorial
Abstract
The focus of this document is to introduce a new Cisco Internetworking Operating
System (IOS) user to the IOS command line interface (CLI). After reading this
document, a new user will understand how to use the IOS CLI to configure and
manage an IOS router. For easier reference, Table 1 displays a collection of
important terms and acronyms that are used throughout the document.
Table 1 - Glossary Of Important Terms And Acronyms Used In This Tutorial
Cisco IOS - Cisco Internetworking Operating System
CLI - Command Line Interface
EXEC - Command line session to the router (could be console, modem, or telnet)
Flash - Non-Volatile Memory used to store IOS software image
NVRAM - Non-Volatile RAM used to store router configuration
RAM - Random Access Memory

CLI Architecture
A Cisco IOS router command line interface can be accessed through either a
console connection, modem connection, or a telnet session. Regardless of which
connection method is used, access to the IOS command line interface is generally
referred to as an EXEC session.
As a security feature, Cisco IOS separates EXEC sessions into two different
access levels - user EXEC level and privileged EXEC level. User EXEC level
allows a person to access only a limited amount of basic monitoring commands.
Privileged EXEC level allows a person to access all router commands (e.g.
configuration and management) and can be password protected to allow only
authorized users the ability to configure or maintain the router.
For example, when an EXEC session is started, the router will display a
"Router>" prompt. The right arrow (>) in the prompt indicates that the router is at
the user EXEC level. The user EXEC level does not contain any commands that
might control (e.g. reload or configure) the operation of the router. To list the
commands available at the user EXEC level, type a question mark (?) at the
Router> prompt. (This feature is referred to as context sensitive help.)
Critical commands (e.g. configuration and management) require that the user be
at the privileged EXEC level. To change to the privileged EXEC level, type
"enable" at the Router> prompt. If an enable password is configured, the router
will then prompt for that password. When the correct enable password is entered,
the router prompt will change to "Router#" indicating that the user is now at the
privileged EXEC level. To switch back to user EXEC level, type "disable" at the
Router# prompt. Typing a question mark (?) at the privileged EXEC level will
now reveal many more command options than those available at the user EXEC
level. The text below illustrates the process of changing EXEC levels.
Router> enable
Password: [enable password]
Router# disable
Router>
Note: For security reasons, the router will not echo the password that is entered.
Also, be advised that if configuring a router via telnet, the password is sent in
clear text. Telnet does not offer a method to secure packets.
Once an EXEC session is established, commands within Cisco IOS are
hierarchically structured. In order to successfully configure the router, it is
important to understand this hierarchy. To illustrate this hierarchy, Figure 1
provides a simple high-level schematic diagram of some IOS commands.
 Figure 1 - IOS CLI hierarchy
Command options and applications vary depending on position within this
hierarchy. Referring to the diagram in figure 1, configuration command options
will not be available until the user has navigated to the configuration branch of the
IOS CLI structure. Once in the configuration branch, a user may enter system
level configuration commands that apply to the entire router at the global
configuration level. Interface specific configuration commands are available once
the user has switched to the particular interface configuration level. More detailed
information and examples on how to navigate through the IOS CLI hierarchy are
offered in the Router Configuration section.
To assist users in navigation through IOS CLI, the command prompt will change
to reflect the position of a user within the command hierarchy. This allows users
to easily identify where within the command structure they are at any given
 moment. Table 2 is a summary of command prompts and the corresponding
location within the command structure.
Table 2 - IOS Command Prompt Summary
Router> - User EXEC mode
Router# - Privileged EXEC mode
- Configuration mode (notice the # sign indicates this is only accessible at privileged
Router(config)#
EXEC mode.)
Router(config-if)# - Interface level within configuration mode.
Router(config-
- Routing engine level within configuration mode.
router)#
Router(config-line)# - Line level (vty, tty, async) within configuration mode.

CLI Editor Features

Context Sensitive Help
Cisco IOS CLI offers context sensitive help. This is a useful tool for a new user
because at any time during an EXEC session, a user can type a question mark (?)
to get help. Two types of context sensitive help are available - word help and
command syntax help.
Word help can be used to obtain a list of commands that begin with a particular
character sequence. To use word help, type in the characters in question followed
immediately by the question mark (?). Do not include a space before the question
mark. The router will then display a list of commands that start with the characters
that were entered. The following is an example of word help:
Router# co?
configure connect copy
Command syntax help can be used to obtain a list of command, keyword, or
argument options that are available based on the syntax the user has already
entered. To use command syntax help, enter a question mark (?) in the place of a
keyword or argument. Include a space before the question mark. The router will
then display a list of available command options with <cr> standing for carriage
return. The following is an example of command syntax help:
Router# configure ?
memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host=20
terminal Configure from the terminal
<cr>
Command Syntax Check
If a command is entered improperly (e.g. typo or invalid command option), the
router will inform the user and indicate where the error has occurred. A caret
symbol (^) will appear underneath the incorrect command, keyword, or argument.
The following example displays what happens if the keyword "ethernet" is spelled
incorrectly.
 Router(config)#interface ethernat
^
% Invalid input detected at '^' marker.
Command Abbreviation
Commands and keywords can be abbreviated to the minimum number of
characters that identifies a unique selection. For example, you can abbreviate the
"configure" command to "conf" because "configure" is the only command that
begins with "conf". You could not abbreviate the command to "con" because more
than one command could fit this criteria. The router will issue the following error
message if you do not supply enough characters.
cisco(config)#i
% Ambiguous command: "i"
Hot Keys
For many editing functions, the IOS CLI editor provides hot keys. The following
table lists some editing shortcuts that are available.
Table 3 - Summary Of Hot Keys
Delete - Removes one character to the right of the cursor.
Backspace - Removes one character to the left of the cursor.
TAB - Finishes a partial command.
Ctrl-A - Moves the cursor to the beginning of the current line.
Ctrl-R - Redisplays a line.
Ctrl-U - Erases a line.
Ctrl-W - Erases a word.
Ctrl-Z - Ends configuration mode and returns to the EXEC.
Up Arrow - Allows user to scroll forward through former commands.
Down Arrow - Allows user to scroll backward through former commands.

Router Configuration
Entering Configurations
Perhaps the best way to illustrate IOS CLI navigation is by walking through a
simple router configuration. The comments in the example do not attempt to
explain the meaning of each individual command, but rather intend to display
where configuration commands are entered within the IOS command structure.
Pay particular attention to how the command prompt changes as the user
navigates through the IOS CLI hierarchy. Also notice that global parameters are
configured at the global configuration level (indicated by the "Router(config)#"
prompt) whereas interface specific commands are entered after switching to the
particular interface (indicated by the "Router(config-if)#" prompt). Global
parameters and interface parameters are discussed further in the Displaying
Configurations section under Router Management.
Router> enable - switches to privileged EXEC level
Router# configure terminal - switches to global configuration level
Router(config)# enable secret cisco - configures router with an enable secret
(global)
Router(config)# ip route 0.0.0.0 0.0.0.0
20.2.2.3 - configures a static IP route (global)
Router(config)# interface ethernet0 - switches to configure the ethernet0 interface
Router(config-if)# ip address 10.1.1.1 - configures an IP address on ethernet0
255.0.0.0 (interface)
Router(config-if)# no shutdown - activates ethernet0 (interface)
Router(config-if)# exit - exits back to global configuration level
Router(config)# interface serial0 - switches to configure the serial0 interface
Router(config-if)# ip address 20.2.2.2 - configures an IP address on serial0
255.0.0.0 (interface)
Router(config-if)# no shutdown - activates serial0 (interface)
Router(config-if)# exit - exits back to global configuration level
Router(config)# router rip - switches to configure RIP routing engine
Router(config-router)# network 10.0.0.0 - adds network 10.0.0.0 to RIP engine
(routing engine)
Router(config-router)# network 20.0.0.0 - adds network 20.0.0.0 to RIP engine
(routing engine)
Router(config-router)# exit - exits back to global configuration level
Router(config)# exit - exits out of configuration level
Router# copy running-config startup-
config - saves configuration into NVRAM
Router# disable - disables privileged EXEC level
Router> - indicates user is back to user EXEC level
In the above example, notice how the exit command is used to back up a level
within the IOS hierarchy. For example, if in the interface configuration level (i.e.
Router (config-if)# prompt), typing exit will put the user back in the global
configuration level (i.e. Router (config)# prompt).
Taking Interfaces Out Of Shutdown
Routers ship from the factory with all interfaces deactivated. Deactivated
interfaces are referred to as being in a shutdown state. Before an interface can be
used, it must be taken out of the shutdown state. To take an interface out of
shutdown, type "no shutdown" at the appropriate interface configuration level.
The example above includes these commands for both the ethernet and serial
interfaces.
Removing Commands / Resetting Default Values
IOS provides an easy way to remove commands from a configuration. To remove
a command from the configuration, simply navigate to the proper location and
type "no" followed by the command to be removed. The following example
displays how to remove an IP address from the ethernet0 interface.
Router> enable - switches to privileged EXEC level
Router# configure terminal - switches to global configuration level
Router(config)# interface ethernet0 - switches to configure the ethernet0 interface
Router(config-if)# no ip address - removes IP address
Router(config-if)# exit - exits back to global configuration level
Router(config)# exit - exits out of configuration level
 Router# disable - disables privileged EXEC level
Router> - prompt indicates user is back to user EXEC level
Some configuration commands in IOS are enabled by default and assigned a
certain default value. When left at the default value, these commands will not be
displayed when the configuration is listed. If the value is altered from the default
setting, issuing a "no" form of the command will restore the value to the default
setting.
Saving Configurations
A Cisco IOS router stores configurations in two locations - RAM and NVRAM.
The running configuration is stored in RAM and is used by the router during
operation. Any configuration changes to the router are made to the running-
configuration and take effect immediately after the command is entered. The
startup-configuration is saved in NVRAM and is loaded into the router's running-
configuration when the router boots up. If a router loses power or is reloaded,
changes to the running configuration will be lost unless they are saved to the
startup-configuration. To save the running-configuration to the startup
configuration, type the following from privileged EXEC mode (i.e. at the
"Router#" prompt.)
Router# copy running-config startup-config

Note: Prior to 11.x software, the command to save the running-configuration to

the startup-configuration was different. Use the following command if your IOS
version is prior to 11.x:
Router#write memory

IMPORTANT: When editing a configuration, SAVE the configuration often!

Router Management
IOS supports many different types of show commands. This section covers a few
of the common show commands used to both manage and troubleshoot a router.
The scope of this document is not to instruct how to use these commands to
troubleshoot a router, but to make the user aware that these management options
exist. For specific information about troubleshooting a network using these
commands, refer to the appropriate
troubleshooting document.
Displaying Configurations
To display the running-configuration, type the following command in privileged
EXEC mode:
Router#show running-config
To display the startup-configuration that is stored in NVRAM, type the following
command in privileged EXEC mode:
Router#show startup-config

The following is the show running-config output from the example used in the
Router Configuration section.
Current configuration:
!
version 11.2
!
hostname cisco
!
enable password cisco
!
interface Ethernet0
ip address 10.1.1.1 255.0.0.0
!
interface Serial0
ip address 20.2.2.2 255.0.0.0
!
router rip
network 10.0.0.0
network 20.0.0.0
!
ip route 0.0.0.0 0.0.0.0 20.2.2.3
!
line vty 0 4
password telnet
login
!
end
When displaying a configuration, the exclamation marks (!) function as line
separators to make reading easier. Referring to the above example, notice how
commands entered at the interface configuration level appear indented underneath
the respective interface (e.g. interface Ethernet0). Likewise, commands entered
underneath the routing engine configuration level appear indented underneath the
routing engine (e.g. router rip). Global level commands are not indented. This
type of display allows a user to easily identify which configuration parameters are
set at the global configuration level and which are set at the various configuration
sub-levels.
Note: If an interface was in a shutdown state, the word 'shutdown' would appear
indented under the particular interface in shutdown state. Also, commands that
are enabled by default are not displayed in the configuration listing.
Displaying Software Version And More
The show version command provides a lot of information in addition to the
version of software that is running on the router. The following information can
be collected with the show version command:
Software Version - IOS software version (stored in flash)
Bootstrap Version - Bootstrap version (stored in Boot ROM)
System up-time - Time since last reboot
System restart info - Method of restart (e.g. power cycle, crash)
Software image name - IOS filename stored in flash
Router Type and Processor type - Model number and processor type
- Main Processor RAM
Memory type and allocation (Shared/Main)
- Shared Packet I/O buffering
Software Features - Supported protocols / feature sets
Hardware Interfaces - Interfaces available on router
Configuration Register - Bootup specifications, console speed setting, etc.

The following is a sample output of a show version command.

Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-J-M), Version 11.2(6)P,
SHARED PLATFORM,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Mon 12-May-97 15:07 by tej
Image text-base: 0x600088A0, data-base: 0x6075C000

ROM: System Bootstrap, Version 11.1(7)AX [kuong

(7)AX], EARLY DEPLOYMENT
RELEASE SOFTWARE (fc2)

Router uptime is 1 week, 1 day, 38 minutes

System restarted by power-on
System image file is "flash:c3640-j-mz_112-6_P.bin",
booted
via flash
Host configuration file is "3600_4-confg", booted via
tftp
from 171.69.83.194

cisco 3640 (R4700) processor (revision 0x00) with

107520K/23552K bytes
of memory.
Processor board ID 03084730
R4700 processor, Implementation 33, Revision 1.0
Bridging software.
SuperLAT software copyright 1990 by Meridian
Technology Corp).
X.25 software, Version 2.0, NET2, BFE and GOSIP
compliant.
TN3270 Emulation software.
Primary Rate ISDN software, Version 1.0.
2 Ethernet/IEEE 802.3 interface(s)
97 Serial network interface(s)
4 Channelized T1/PRI port(s)
DRAM configuration is 64 bits wide with parity
disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash
(Read/Write)

Configuration register is 0x2102

Displaying Interface States
To view information about a particular interface, use the show interface
command. The show interface command provides the following list of important
information:
Interface State (e.g. UP, DOWN, LOOPED)
Protocol addresses
Bandwidth
Reliability and Load
Encapsulation type
Packet Rates
Error Rates
Signaling Status (i.e. DCD,DSR,DTR,RTS,CTS)
The following is an example of a "show interface serial0" output:
Router#show interface serial 0
Serial0 is up, line protocol is down
Hardware is QUICC Serial
Internet address is 10.1.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely
255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive
set (10 sec)
LMI enq sent 207603, LMI stat recvd 113715, LMI upd
recvd 0, DTE LMI
down
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0,
interface broadcasts
62856
Last input 1w, output 00:00:08, output hang never
Last clearing of "show interface" counters never
 Input queue: 0/75/0 (size/max/drops); Total output
drops: 0
Queueing strategy: weighted fair
Output queue: 0/64/0 (size/threshold/drops)
Conversations 0/1 (active/max active)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1012272 packets input, 91255488 bytes, 0 no buffer
Received 916 broadcasts, 0 runts, 0 giants
18519 input errors, 0 CRC, 17796 frame, 0 overrun, 0
ignored, 723 abort
283132 packets output, 13712011 bytes, 0 underruns
0 output errors, 0 collisions, 31317 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

Gems – Hcl Router details as on 01-12-2003

gems_hcl>en
gems_hcl#sh int ser0
Serial0 is up, line protocol is up
Hardware is PowerQUICC Serial
Description: LL link to HCL infinet,Chennai
Internet address is 10.194.2.78/30
Backup interface BRI0, failure delay 5 sec, secondary disable delay 5 sec,
kickin load not set, kickout load not set
MTU 1500 bytes, BW 832 Kbit, DLY 20000 usec,
reliability 255/255, txload 75/255, rxload 28/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/11/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 624 kilobits/sec
5 minute input rate 92000 bits/sec, 44 packets/sec
5 minute output rate 246000 bits/sec, 54 packets/sec
75769 packets input, 27930029 bytes, 0 no buffer
Received 290 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort
88311 packets output, 42938899 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
 0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

gems_hcl#sh int bri0

BRI0 is standby mode, line protocol is down
Hardware is PQUICC BRI
Description: ISDN backup for LL link to HCl Infinet,Chennai
Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:31:27
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 48 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
gems_hcl#sh run
Building configuration...

Current configuration : 5578 bytes

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname gems_hcl
!
enable secret 5 $1$GQ0j$VCuBojf50TF1LYaZOBUcc.
!
username all
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
ip host delhi 10.65.2.126
ip host mumbai 10.129.2.232
ip host kol 10.76.2.102
ip host pune 10.132.2.32
ip host ahm 10.130.2.34
ip host hyd 10.195.2.74
ip host ban 10.193.2.50
ip host rayala 10.194.2.82
!
isdn switch-type basic-net3
!
!
!
interface Loopback0
ip address 10.194.7.121 255.255.255.252
!
interface Tunnel0
description ISDNBACK TUNNEL TO CAMS@HCLROUTER
ip address 4.4.4.2 255.255.255.0
tunnel source BRI0
tunnel destination 10.194.2.58
!
interface Tunnel1
description Tunnel from Gems to Mumbai HDFC
ip address 100.100.100.1 255.255.255.252
tunnel source Loopback0
tunnel destination 10.129.6.217
!
interface Tunnel2
description tunnel to Chennai HDFC
ip address 100.100.100.5 255.255.255.252
tunnel source Loopback0
tunnel destination 10.194.7.97
!
interface Tunnel3
description Tunnel to delhi HDFC
ip address 100.100.100.9 255.255.255.252
tunnel source Loopback0
tunnel destination 10.65.7.57
!
interface Tunnel4
description Tunnel to Kolkatta HDFC
ip address 100.100.100.13 255.255.255.252
tunnel source Loopback0
tunnel destination 10.76.6.113
!
interface Tunnel5
description Tunnel to Bangalore HDFC
ip address 100.100.100.17 255.255.255.252
tunnel source Loopback0
tunnel destination 10.193.7.41
!
interface Tunnel6
description Tunnel from GEMS to Jaipur HDFC
ip address 100.100.100.22 255.255.255.252
tunnel source Loopback0
tunnel destination 10.70.3.161
!
interface Tunnel7
description Tunnel to Ahemadabad HDFC
ip address 100.100.100.25 255.255.255.252
tunnel source Loopback0
tunnel destination 10.130.4.25
!
interface Tunnel8
description ***Tunnel To Surat HDFC***
ip address 100.100.100.29 255.255.255.252
tunnel source Loopback0
tunnel destination 10.131.3.113
!
interface BRI0
description ISDN backup for LL link to HCl Infinet,Chennai
ip address negotiated
encapsulation ppp
dialer idle-timeout 10000
dialer string 28517252
dialer string 28299339
dialer hold-queue 60
dialer load-threshold 10 either
dialer-group 1
isdn switch-type basic-net3
ppp chap hostname che1cam1@vpn
ppp chap password 7 1047070F00040606090A3E
ppp pap sent-username che1cam1@vpn password 7 0945401F1C16031F0E0210
ppp multilink
!
interface FastEthernet0
ip address 10.194.4.193 255.255.255.248 secondary
ip address 192.168.25.250 255.255.255.0
speed auto
!
interface Serial0
description LL link to HCL infinet,Chennai
bandwidth 832
backup delay 5 5
backup interface BRI0
ip address 10.194.2.78 255.255.255.252
down-when-looped
!
router rip
network 10.0.0.0
network 192.168.25.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.194.2.77
ip route 0.0.0.0 0.0.0.0 BRI0 100
ip route 10.2.5.0 255.255.255.0 Tunnel1
ip route 10.10.0.0 255.255.255.0 Tunnel1
ip route 10.16.0.0 255.255.255.0 Tunnel1
ip route 10.17.2.0 255.255.255.0 Tunnel1
ip route 10.41.1.0 255.255.255.0 Tunnel1
ip route 10.95.1.0 255.255.255.0 Tunnel1
ip route 10.97.6.0 255.255.255.0 Tunnel1
ip route 10.111.0.0 255.255.255.0 Tunnel1
ip route 10.114.14.0 255.255.255.0 Tunnel6
ip route 10.123.8.0 255.255.255.0 Tunnel3
ip route 10.129.6.32 255.255.255.224 10.194.2.77
ip route 10.153.1.0 255.255.255.0 Tunnel1
ip route 10.153.6.0 255.255.255.0 Tunnel1
ip route 10.153.11.0 255.255.255.0 Tunnel4
ip route 10.161.1.0 255.255.255.0 Tunnel1
ip route 10.161.7.0 255.255.255.0 Tunnel1
ip route 10.171.14.0 255.255.255.0 Tunnel7
ip route 10.195.14.0 255.255.255.0 Tunnel8
ip route 10.217.2.0 255.255.255.0 Tunnel1
ip route 10.217.7.0 255.255.255.0 Tunnel5
ip route 132.66.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.81.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.102.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.147.0.0 255.255.0.0 10.194.5.96 permanent
ip route 132.205.0.0 255.255.0.0 10.193.5.5 permanent
ip route 150.1.0.0 255.255.0.0 Tunnel1
ip route 172.16.0.0 255.255.0.0 Tunnel1
ip route 192.168.0.0 255.255.255.0 10.194.2.77
ip route 192.168.0.0 255.255.255.0 BRI0 50
ip route 192.168.1.0 255.255.255.0 10.194.2.77
ip route 192.168.1.0 255.255.255.0 BRI0 50
ip route 192.168.2.0 255.255.255.0 192.168.25.175
ip route 192.168.4.0 255.255.255.0 3.3.3.1
ip route 192.168.5.0 255.255.255.0 2.2.2.1
ip route 192.168.8.0 255.255.255.0 1.1.1.1
ip route 192.168.35.0 255.255.255.0 10.194.2.77
ip route 192.168.35.0 255.255.255.0 BRI0 50
ip route 200.1.2.0 255.255.255.0 Tunnel1
ip route 200.1.2.7 255.255.255.255 Tunnel1
ip route 200.1.6.0 255.255.255.0 Tunnel1
ip route 200.1.7.0 255.255.255.0 Tunnel1
ip route 200.1.8.0 255.255.255.0 Tunnel1
ip route 200.1.9.0 255.255.255.0 Tunnel1
ip route 200.1.11.0 255.255.255.0 Tunnel1
ip route 200.2.3.0 255.255.255.0 Tunnel1
ip route 200.2.4.0 255.255.255.0 Tunnel1
ip route 200.2.5.0 255.255.255.0 Tunnel1
ip route 200.2.6.0 255.255.255.0 Tunnel1
ip route 200.3.2.0 255.255.255.0 Tunnel2
ip route 200.3.4.0 255.255.255.0 Tunnel1
ip route 200.3.5.0 255.255.255.0 Tunnel1
ip route 200.3.6.0 255.255.255.0 Tunnel1
ip route 202.71.148.162 255.255.255.255 192.168.25.175
ip route 202.71.148.164 255.255.255.255 202.71.148.162
ip route 203.90.70.137 255.255.255.255 BRI0
ip route 203.90.87.134 255.255.255.255 BRI0
no ip http server
!
logging trap alerts
logging 192.168.2.174
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
login
line aux 0
line vty 0 4
 exec-timeout 3 0
password Gemhcl!@#25250
login
!
no scheduler allocate
end

Gems - Net4indiaRouter details as on 01-12-2003

User Access Verification

Password:
camsindia>en
Password:
camsindia#sh int bri0
BRI0 is standby mode, line protocol is down
Hardware is PQUICC BRI
Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Last input 00:02:05, output never, output hang never
Last clearing of "show interface" counters 00:07:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
692 packets input, 5695 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
692 packets output, 5695 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions
camsindia#sh int ser0
Serial0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 202.71.149.50/30
Backup interface BRI0, failure delay 10 sec, secondary disable delay 5 sec,
kickin load not set, kickout load not set
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 3/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/4/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 19000 bits/sec, 5 packets/sec
5 minute output rate 11000 bits/sec, 6 packets/sec
2074 packets input, 954775 bytes, 0 no buffer
Received 16 broadcasts, 0 runts, 0 giants, 0 throttles
24762 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 24762 abort
2107 packets output, 461542 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

camsindia#sh run
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname camsindia
!
enable secret 5 $1$IpjB$rmQoorXaA8uJN35k2ULZF1
!
username camsindia password 7 1322121F0509107E6D757E6275
username gokulnath password 7 135743405B5B547D
username mvk password 7 0023160B0A5E1F5249701A1F
!
!
!
!
memory-size iomem 25
ip subnet-zero
ip name-server 202.71.144.67
ip name-server 202.71.128.225
ip name-server 202.71.128.33
ip name-server 202.71.136.167
!
isdn switch-type basic-net3
!
!
!
interface Serial0
backup delay 10 5
backup interface BRI0
ip address 202.71.149.50 255.255.255.252
!
interface BRI0
ip address negotiated
ip nat outside
 encapsulation ppp
no ip route-cache
dialer idle-timeout 3000
dialer string 52197877
dialer-group 1
isdn switch-type basic-net3
ppp pap sent-username camsisdn password 7 121A041A010509107E28252520
ppp multilink
!
interface FastEthernet0
ip address 202.71.148.161 255.255.255.240
ip nat inside
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.71.149.49
ip route 0.0.0.0 0.0.0.0 BRI0
ip route 192.168.0.0 255.255.255.0 202.71.148.162
ip route 202.71.148.163 255.255.255.255 202.71.148.162
ip route 202.71.148.164 255.255.255.255 202.71.148.162
ip route 202.71.148.165 255.255.255.255 202.71.148.162
no ip http server
!
access-list 1 permit any
access-list 101 permit icmp any any
access-list 101 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq telnet
access-list 101 deny ip any host 202.71.149.50
access-list 101 permit ip any any
access-list 101 permit tcp host 202.71.148.162 any eq www
access-list 101 permit tcp any any
access-list 102 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq telnet
access-list 105 permit icmp any any
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq smtp
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq pop3
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq www
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq domain
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq 443
access-list 105 permit udp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 1604
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 1494
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 8080
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 256
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 900
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 259
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 18208
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 18181
access-list 110 deny icmp any host 202.71.148.163 echo-reply
access-list 110 deny icmp any host 202.71.148.162 echo-reply
access-list 110 permit ip any any
access-list 130 deny ip 10.0.0.0 0.255.255.255 any
access-list 130 deny ip 172.16.0.0 0.15.255.255 any
access-list 130 deny ip 192.168.0.0 0.0.255.255 any
access-list 130 deny udp any host 202.71.148.162 eq 18264
access-list 130 deny tcp any host 202.71.148.162 eq 18264
access-list 130 permit tcp any host 202.71.148.162 eq domain
access-list 130 permit udp any host 202.71.148.162 eq domain
access-list 130 permit tcp any host 202.71.148.162 eq 18208
access-list 130 permit tcp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18208
access-list 130 permit udp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18234
access-list 130 permit udp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18234
access-list 130 permit tcp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18211
access-list 130 permit tcp any host 202.71.148.162 eq 18191
access-list 130 permit udp any host 202.71.148.162 eq 18211
access-list 130 permit udp any host 202.71.148.162 eq 18191
access-list 130 permit tcp any host 202.71.148.162 eq 500
access-list 130 permit tcp any host 202.71.148.162 eq 256
access-list 130 permit tcp any host 202.71.148.162 eq 900
access-list 130 permit tcp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 257
access-list 130 permit tcp any host 202.71.148.162 eq 258
access-list 130 permit tcp any host 202.71.148.162 eq 1494
access-list 130 permit tcp any host 202.71.148.162 eq 9999
access-list 130 permit udp any host 202.71.148.162 eq 1604
access-list 130 permit tcp any host 202.71.148.162 eq 264
access-list 130 permit tcp any host 202.71.148.162 eq 265
access-list 130 permit tcp any host 202.71.148.162 eq 18231
access-list 130 permit udp any host 202.71.148.162 eq isakmp
access-list 130 permit udp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 18263
access-list 130 permit tcp any host 202.71.148.162 eq 18262
access-list 130 permit udp any host 202.71.148.162 eq 18263
access-list 130 permit udp any host 202.71.148.162 eq 18262
access-list 130 permit tcp any host 202.71.148.162 eq smtp
access-list 130 permit tcp any host 202.71.148.163 eq smtp
access-list 130 permit tcp any host 202.71.148.162 eq pop3
access-list 130 permit tcp any host 202.71.148.162 eq www
access-list 130 permit tcp any host 202.71.148.162 eq 443
access-list 130 permit tcp any host 202.71.148.163 eq 443
access-list 130 permit tcp any host 202.71.148.162 eq 8443
access-list 130 permit tcp any host 202.71.148.163 eq 8443
access-list 130 permit icmp any any
access-list 130 permit ip any any
access-list 150 deny tcp any host 202.71.148.162 eq 165
access-list 150 permit tcp any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 3 0
transport input none
line aux 0
line vty 0 4
exec-timeout 3 0
password 7 1322121F0509107E6A046B626373
login
!
end