Beruflich Dokumente
Kultur Dokumente
By SemSim.com
Core layer: This layer is considered the backbone of the network and includes the
high-end switches and high-speed cables such as fiber cables. This layer of the
network does not route traffic at the LAN. In addition, no packet manipulation is
done by devices in this layer. Rather, this layer is concerned with speed and ensures
reliable delivery of packets.
Distribution layer: This layer includes LAN-based routers and layer 3 switches. This
layer ensures that packets are properly routed between subnets and VLANs in your
enterprise. This layer is also called the Workgroup layer.
Access layer: This layer includes hubs and switches. This layer is also called the
desktop layer because it focuses on connecting client nodes, such as workstations to
the network. This layer ensures that packets are delivered to end user computers.
Figure INT.2.1 displays the three layers of the Cisco hierarchical model.
When you implement these layers, each layer might comprise more than two devices
or a single device might function across multiple layers.The benefits of the Cisco
hierarchical model include:
• High Performance: You can design high performance networks, where only
certain layers are susceptible to congestion.
• Efficient management & troubleshooting: Allows you to efficiently organize
network management and isolate causes of network trouble.
• Policy creation: You can easily create policies and specify filters and rules.
• Scalability: You can grow the network easily by dividing your network into
functional areas.
• Behavior prediction: When planning or managing a network, the model allows
you determine what will happen to the network when new stresses are placed
on it.
Core Layer
The core layer is responsible for fast and reliable transportation of data across a
network. The core layer is often known as the backbone or foundation network
because all other layers rely upon it. Its purpose is to reduce the latency time in the
delivery of packets. The factors to be considered while designing devices to be used
in the core layer are:
• High data transfer rate: Speed is important at the core layer. One way that
core networks enable high data transfer rates is through load sharing, where
traffic can travel through multiple network connections.
Low latency period: The core layer typically uses high-speed low latency
circuits which only forward packets and do not enforcing policy.
• High reliability: Multiple data paths ensure high network fault tolerance; if one
path experiences a problem, then the device can quickly discover a new
route.
At the core layer, efficiency is the key term. Fewer and faster systems create a more
efficient backbone. There are various equipments available for the core layer.
Examples of core layer Cisco equipment include:
Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
T-1 and E-1 lines, Frame relay connections, ATM networks, Switched
Multimegabit Data Service (SMDS)
Distribution Layer
The distribution layer is responsible for routing. It also provides policy-based network
connectivity, including:
It is at this layer where you begin to exert control over network transmissions,
including what comes in and what goes out of the network. You will also limit and
create broadcast domains, create virtual LANs, if necessary, and conduct various
management tasks, including obtaining route summaries. In a route summary, you
consolidate traffic from many subnets into a core network connection. In Cisco
routers, the command to obtain a routing summary is:
You can practice viewing routing information using a free CCNA exam router
simulator available from SemSim.com. You can also determine how routers update
each other’s routing tables by choosing specific routing protocols.
Access Layer
The access layer contains devices that allow workgroups and users to use the
services provided by the distribution and core layers. In the access layer, you have
the ability to expand or contract collision domains using a repeater, hub, or standard
switch. In regards to the access layer, a switch is not a high-powered device, such as
those found at the core layer.
IP, IPX,
Handles addressing, translates logical addresses and names to Router and
Network NWLink,
physical addresses, routing and traffic management. brouter
NetBEUI
Packages raw bits into frames making it transmitable across a
network link and includes a cyclical redundancy check(CRC).
It consists of the LLC sublayer and the MAC sublayer. The
Switch,
MAC sublayer is important to remember, as it is responsible
**Data Link bridge and None
for appending the MAC address of the next hop to the frame
brouter
header. On the contrary, LLC sublayer uses Destination
Service Access Points and Source Service Access Points to
create links for the MAC sublayers.
Physical layer works with the physical media for transmitting
and receiving data bits via certain encoding schemes. It also Multiplexer
Physical None
includes specifications for certain mechanical connection and repeater
features, such as the adaptor connector.
The table above mentions the term "MAC Address". A MAC address is a 48 bit
address for uniquely identifying devices on the network. Something likes 00-00-12-
33-FA-BC, we call this way of presenting the address a 12 hexadecimal digits format.
The first 6 digits specify the manufacture, while the remainders are for the host
itself. The ARP Protocol is used to determine the IP to MAC mapping. And of course,
MAC addresses cannot be duplicated in the network or problems will occur. For more
information about ARP and related protocols, read Guide To ARP, IARP, RARP, and
Proxy ARP.
Data encapsulation takes place in the OSI model. It is the process in which the
information in a protocol is wrapped in the data section of another protocol. The
process can be broken down into the following steps:
User information -> data -> segments -> packets/datagrams -> frames -> bits.
When discussing the OSI model it is important to keep in mind the differences
between "Connection-oriented" and "Connectionless" communications. A connection
oriented communication has the following characteristics:
A session is guaranteed.
Acknowledgements are issued and received at the transport layer, meaning if
the sender does not receive an acknowledgement before the timer expires, the
packet is retransmitted.
Phrases in a connection-oriented service involves Call Setup, Data transfer and
Call termination.
All traffic must travel along the same static path.
A failure along the static communication path can fail the connection.
A guaranteed rate of throughput occupies resources without the flexibility of
dynamic allocation.
Reliable = SLOW (this is always the case in networking).
LAN Design:
Ethernet
When we talk about a LAN, Ethernet is the most popular physical layer LAN
technology today. Its standard is defined by the Institute for Electrical and Electronic
Engineers as IEEE Standard 802.3, but was originally created by Digital Intel Xerox
(DIX). According to IEEE, information for configuring an Ethernet as well as
specifying how elements in an Ethernet network interact with one another is clearly
defined in 802.3.
Fast Ethernet
For networks that need higher transmission speeds, there is the Fast Ethernet
standard called IEEE 802.3u that raises the Ethernet speed limit to 100 Mbps! Of
course, we need new cabling to support this high speed. In 10BaseT network we use
Cat3 cable, but in 100BaseT network we need Cat 5 cables. The three types of Fast
Ethernet standards are 100BASE-TX for use with level 5 UTP cable, 100BASE-FX for
use with fiber-optic cable, and 100BASE-T4 which utilizes an extra two wires for use
with level 3 UTP cable.
Gigabit Ethernet
Gigabit Ethernet is an emerging technology that will provide transmission speeds of
1000mbps. It is defined by the IEEE standard The 1000BASE-X (IEEE 802.3z). Just
like all other 802.3 transmission types, it uses Ethernet frame format, full-duplex and
media access control technology.
Token Ring
Token Ring is an older standard that isn't very widely used anymore as most have
migrated to some form of Ethernet or other advanced technology. Ring topologies
can have transmission rates of either 4 or 16mbps. Token passing is the access
method used by token ring networks, whereby, a 3bit packet called a token is passed
around the network. A computer that wishes to transmit must wait until it can take
control of the token, allowing only one computer to transmit at a time. This method
of communication aims to prevent collisions. Token Ring networks use multistation
access units (MSAUs) instead of hubs on an Ethernet network. For extensive
information on Token Ring, visit Cisco's website.
Network Devices:
In a typical LAN, there are various types of network devices available as outlined
below.
• Hub Repeat signals received on each port by broadcasting to all the other
connected ports.
• Repeaters Used to connect two or more Ethernet segments of any media
type, and to provide signal amplification for a segment to be extended. In a
network that uses repeater, all members are contending for transmission of
data onto a single network. We like to call this single network a collision
domain. Effectively, every user can only enjoy a percentage of the available
bandwidth. Ethernet is subject to the "5-4-3" rule regarding repeater
placement, meaning we can only have five segments connected using four
repeaters with only three segments capable of accommodating hosts.
• Bridge A layer 2 device used to connect different networks types or networks
of the same type. It maps the Ethernet addresses of the nodes residing on
each segment and allows only the necessary traffic to pass through the
bridge. Packet destined to the same segment is dropped. This "store-and-
forward" mechanism inspects the whole Ethernet packet before making a
decision. Unfortunately, it cannot filter out broadcast traffic. Also, it introduces
a 20 to 30 percent latency when processing the frame. Only 2 networks can
be linked with a bridge.
• Switch Can link up four, six, eight or even more networks. Cut-through
switches run faster because when a packet comes in, it forwards it right after
looking at the destination address only. A store-and-forward switch inspects
the entire packet before forwarding. Most switches cannot stop broadcast
traffic. Switches are layer 2 devices.
• Routers Can filter out network traffic also. However, they filter based on the
protocol addresses defined in OSI layer 3(the network layer), not based on
the Ethernet packet addresses. Note that protocols must be routable in order
to pass through the routers. A router can determine the most efficient path
for a packet to take and send packets around failed segments.
• Brouter Has the best features of both routers and bridges in that it can be
configured to pass the unroutable protocols by imitating a bridge, while not
passing broadcast storms by acting as a router for other protocols.
• Gateway Often used as a connection to a mainframe or the internet.
Gateways enable communications between different protocols, data types and
environments. This is achieved via protocol conversion, whereby the gateway
strips the protocol stack off of the packet and adds the appropriate stack for
the other side. Gateways operate at all layers of the OSI model without
making any forwarding decisions.
Bridging/Switching:
Bridge - A layer 2 device used to connect different networks types or networks of
the same type. It maps the Ethernet addresses of the nodes residing on each
segment and allows only the necessary traffic to pass through the bridge. Packet
destined to the same segment is dropped. This "store-and-forward" mechanism
inspects the whole Ethernet packet before making a decision. Unfortunately, it
cannot filter out broadcast traffic. Also, it introduces a 20 to 30 percent latency when
processing the frame. Only 2 networks can be linked with a bridge.
Switch - Switches are layer 2 devices that can link up four, six, eight or even
more networks. Switches are the only devices that allow for microsegmentation. Cut-
through switches run faster because when a packet comes in, it forwards it right
after looking at the destination address only. A store-and-forward switch inspects the
entire packet before forwarding. Most switches cannot stop broadcast traffic.
Switches are considered dedicated data link device because they are close to a 100
% of the bandwidth. While bridging does most of its work by hardware, switches use
fabric/software to handle most of its work.
Cut-Through - The switch reads the destination address before receiving the entire
frame. The frame is then forwarded before the entire frame arrives. This mode
decreases the latency of the transmission and has poor error detection. This method
has two forms, Fast-forward and fragment-free.
VLANs:
A VLAN is a logical grouping of devices or users. These devices or users can be
grouped by function, department application and so on, regardless of their physical
segment location. VLAN configuration is done at the switch via switching fabric. A
VLAN can be used to reduce collisions by separating broadcast domains within the
switch. In other words, VLANs create separate broadcast domains in a switched
network. Frame tagging at layer 2 does this. Frame tagging is a gaining recognition
as the standard for implementing VLANs, and is recognized by IEEE 802.1q. Frame
tagging uniquely assigns a VLAN ID to each frame. This identifier is understood and
examined by each switch prior to any broadcasts or transmissions to other switches,
routers, and end-stations devices. When the frame exits the network backbone, the
switch removes the identifier before the frame is transmitted to the target end
station. This effectively creates an environment with fewer collisions. The key to this
is that ports in a VLAN share broadcasts, while ports not in that VLAN cannot share
the broadcasts. Thus users in the same physical location can be members of different
VLANs. We can plug existing hubs into a switch port and assign them a VLAN of their
own to segregates users on the hubs. Frame filtering examines particular information
about each frame. A filtering table is developed for each switch; this provides a high
level of administrative control because it can examine many attributes of each frame.
Frame filtering is slowly being erased and replaced by the frame tagging method.
VLANs can be complicated to set up. VLANs use layer 2 addressing, meaning that
routers are required between separate VLANs. The advantage of deploying layer 2
addresses is that layer 2 addressing is faster to process. It is also quite common for
administrators to set up multiple VLANs with multiple access lists to control access.
Layer 3 routing provides the ability for multiple VLANs to communicate with each
other, which means that users in different locations can reside on the same VLAN.
This is a flexible approach to network design.
VLANs are configured on the switch three ways, port centric, static and dynamically.
In port-centric VLANs, all the nodes connected to ports in the same VLAN are
assigned the same VLAN ID. Packets do not “leak” into other domains, and are easily
administered and provide great security between VLANs. Some say that static
configured VLANs are the same as port centric, because static VLANs use the port
centric method for assigning them to switch ports. Dynamic VLANs are ports on a
switch that can automatically determine their VLAN assignments. Dynamic VLAN
functions are based on MAC addresses, logical addressing, or protocol type of the
data packets. When a station is initially connected to an unassigned switch port, the
appropriate switch checks the MAC entry in the management database and
dynamically configures the port with the corresponding VLAN configuration. The
major high points of this method are less administration overhead, of course only
after the first administration of the database within the VLAN management software.
VLAN Switching
VLAN Considerations
Lan Protocols:
The following sections will introduce the core LAN protocols that you will need to
know for the exam.
TCP/IP:
Every IP address can be broken down into 2 parts, the Network ID(netid) and the
Host ID(hostid). All hosts on the same network must have the same netid. Each of
these hosts must have a hostid that is unique in relation to the netid. IP addresses
are divided into 4 octets with each having a maximum value of 255. We view IP
addresses in decimal notation such as 124.35.62.181, but it is actually utilized as
binary data so one must be able to convert addresses back and forth.
The following table explains how to convert binary into decimal and visa versa:
Decimal Binary When converting binary data to decimal,
a "0" is equal to 0. "1" is equal to the
128 10000000 number that corresponds to the field it is
64 01000000 in. For example, the number 213 would
32 00100000 be 11010101 in binary notation. This is
calculated as follows:
16 00010000 128+64+0+16+0+4+0+1=213.
8 00001000 Remember that this only represents 1
4 00000100 octet of 8 bits, while a full IP address is
32 bits made up of 4 octets. This being
2 00000010 true, the IP address 213.128.68.130
would look like 11010101 10000000
1 00000001
01000100 10000010.
In the table above, the it shows the default subnet masks. What subnet mask do you
use when you want more that 1 subnet? Lets say, for example, that you want 8
subnets and will be using a class C address. The first thing you want to do is convert
the number of subnets into binary, so our example would be 00001000. Moving from
left to right, drop all zeros until you get to the first "1". For us that would leave 1000.
It takes 4 bits to make 8 in binary so we add a "1" to the first 4 high order bits of the
4th octet of the subnet mask(since it is class C) as follows:
11111111.11111111.11111111.11110000 = 255.255.255.240. There is our subnet
mask.
Lets try another one...Lets say that you own a chain of stores that sell spatulas in
New York and you have stores in 20 different neighborhoods and you want to have a
separate subnet on your network for each neighborhood. It will be a class B network.
First, we convert 20 to binary - 00010100. We drop all zeros before the first "1" and
that leaves 10100. It takes 5 bits to make 20 in binary so we add a "1" to the first 5
high order bits which gives: 11111111.11111111.11111000.00000000 =
255.255.248.0. The following table shows a comparison between the different subnet
masks.
Mask # of Subnets Class A Hosts Class B Hosts Class C Hosts
192 2 4,194,302 16,382 62
224 6 2,097,150 8,190 30
240 14 1,048,574 4,094 14
248 30 524,286 2,046 6
252 62 262,142 1,022 2
254 126 131,070 510 Invalid
255 254 65,534 254 Invalid
Note: 127.x.x.x is reserved for loopback testing on the local system and is not used
on live systems.
TCP/IP Ports - Ports are what an application uses when communicating between a
client and server computer. Some common TCP/IP ports are:
20 FTP-DATA
21 FTP
23 TELNET
25 SMTP
69 TFTP
70 GOPHER
80 HTTP
110 POP3
137 NetBIOS name service
138 NetBIOS datagram service
139 NetBIOS
161 SNMP
Windowing is for flow-control purpose. It requires the sending device to send a few
packets to the destination device and wait for the acknowledgment. Once received, it
sends the same amount of packets again. If there is a problem on the receiving end,
obviously no acknowledgement will ever come back. The sending source will then
retransmits at a slower speed. This is like trial and error, and it works. Note that the
window size should never be set to 0 - a zero window size means to stop
transmittion completely.
IPX/SPX:
IPX will also be an important issue to consider in network management given the fact
there many companies still use Netware servers. There are two parts to every IPX
Network address - the Network ID and the Host ID. The first 8 hex digits represent
the network ID, while the remaining hex digits represent the host ID, which is most
likely the same as the MAC address, meaning we do not need to manually assign
node addresses. Note that valid hexadecimal digits range from 0 through 9, and
hexadecimal letters range from A through F. FFFFFFFF in hexadecimal notation =
4292967295 in decimal.
WAN Protocols:
In general, there are three broad types of WAN access technology. With Leased
Lines, we have point-to-point dedicated connection that uses pre-established WAN
path provided by the ISP. With Circuit Switching such as ISDN, a dedicated circuit
path exist only for the duration of the call. Compare to traditional phone service,
ISDN is more reliable and is faster. With Packet Switching, all network devices share
a single point-to-point link to transport packets across the carrier network - this is
known as virtual circuits.
Frame Relay:
Frame Relay has the following characteristics:
successor to X.25
has less overhead than X.25 because it relies on upper layer protocols to
perform error checking.
Speed in between the range of 56 Kbps to 2.078 Mbps.
uses Data Link Connection Identifiers(DLCI) to identify virtual circuits, with
DLCI number between 16 and 1007.
uses Local Management Interfaces(LMI) to provide info on the DLCI values as
well as the status of virtual circuits. Cisco routers support Cisco(Default), ANSI and
Q933a.
to set up frame relay, we need to set the encapsulation to frame-relay in either
the Cisco(Default) mode or the IETF mode, although Cisco encapsulation is required
to connect two Cisco devices.
LMI type is configurable, but by default it is being auto-sensed.
generally transfer data with permanent virtual circuits (PVCs), although we can
use switched virtual circuits (SVCs) as well.
SVC is for transferring data intermittently.
PVC does not have overhead of establishing and terminating a circuit each time
communication is needed.
Committed Information Rate(CIR) is the guaranteed minimum transfer rate of a
connection
Cisco has a web page that describes the configuration and troubleshooting of Frame
relay at http://www.cisco.com/warp/public/125/13.html
ISDN:
ISDN has the following characteristics:
Works at the Physical, Data Link, and Network Layers.
Often used in backup DDR Dial on Demand Routing.
Makes use of existing telephone.
Supports simultaneous data and voice.
Max speed at 125 Kbps with PPP Multilink.
Call setup and data transfer is faster than typical modems.
BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for
control
PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel and
one D Channel in Europe.
E protocol specifies ISDN on existing telephone network
I protocol specifies Concepts, terminology, and Services
Q protocol specifies switching and signaling
ISDN Reference Points include R(between non ISDN equipment and TA),
S(between user terminals and NT2), T(between NTI and NT2 devices) and
U(between NTI devices and Line Termination Equipment in North America)
router always connected by the U interface into NT1
BRI interface is considered Terminal Equipment type 1 TE1
TE1 is built into the ISDN standards
Needs to have Terminal Adapter TA to use TE2
Cisco has a web page with links about the configuration and troubleshooting of ISDN
here.
ATM:
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching
technique that uses short fixed length packets called cells which are about 53 bits in
length. ATM can transmit voice, video, and data over a variable-speed LAN and WAN
connections at speeds ranging from 1.544Mbps to as high as 622Mbps. I recently
read that the new standard may be 2Gbps. ATM's speed is derived from the use of
short fixed length cells, which reduce delays, and the variance of delay for delay-
sensitive services such as voice and video. ATM is capable of supporting a wide range
of traffic types such as voice, video, image and data.
PPP:
As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point Protocol
(PPP) was mainly for the transfer of data over slower serial interfaces. It is better
than SLIP because it provides multiprotocol support, error correction as well as
password protection. It is a Data Link Layer protocol used to encapsulate higher
protocols to pass over synchronous or asynchronous communication lines. PPP is
capable of operating across any DTE/DCE device, most commonly modems, as long
as they support duplex circuits. There are 3 components to PPP:
PPP communication occurs in the following manner: PPP sends LCP frames to test
and configure the data link. Next, authentication protocols are negotiated to
determine what sort of validation is used for security. Below are 2 common
authentication protocols:
PAP is similar to a network login but passwords are sent as clear text. It is
normally only used on FTP sites.
CHAP uses encryption and is a more secure way of sending passwords.
Then NCP frames are used to setup the network layer protocols to be used. Finally,
HDLC is used to encapsulate the data stream as it passes through the PPP
connection.
Point-to-Point Tunneling Protocol(PPTP) provides for the secure transfer of data from
a remote client to a private server by creating a multi-protocol Virtual Private
Network(VPN) by encapsulating PPP packets into IP datagrams. There are 3 steps to
setup a secure communication channel:
The packets are encrypted by PPP and sent through the tunnel to the PPTP server
which decrypts the packets, disassembles the IP datagrams and routes them to the
host. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access
Server(NAS).
There is a very helpful web site with detailed tutorials on ISDN, Frame Relay, X.25,
ATM and other serial WAN technologies located here.
Cisco IOS:
Cisco routers use the Internetworking Operating System(IOS) which stores the
configuration information in Non-Volatile RAM(NVRAM) and the IOS itself is stored in
flash. The IOS can be accessed via Telnet, console connection(such as hyperterminal)
or dialin connection. You can also configure the router as a web server and then
access a web-based configuration panel via http.
There are a variety of sources for booting include Flash memory, TFTP and ROM. It is
always recommended that new image of IOS be loaded on a TFTP server first, and
then copy the image from the TFTP server to the flash memory as a backup
mechanism. The copy command such as "copy tftp flash" allows us to copy the IOS
image from TFTP server to the Flash memory. And of course, we can always do the
reverse. Now, we need to inform the router to boot from the correct source. The
following commands are examples of what we should type in depending on the
situation. Typically, it is a good idea to specify multiple boot options as a fall back
mechanism.
After the boot up process we can prepare to login. The User EXEC is the first mode
we encounter. It gives us a prompt of "Router>". To exit this mode means to log out
completely, this can be done with the logout command. If we want to proceed to the
Privileged EXEC, we need to use the enable EXEC command. Once entered, the
prompt will be changed to ‘Router#". To go back to user EXEC mode, we need to use
the disable command. Note that all the configuration works requires the
administrator to be in the Privileged mode first. Put it this way, Privileged EXEC mode
includes support for all commands in user mode plus those that provide access to
global and system settings.
The setup command facility is for making major changes to the existing
configurations, such as adding a protocol suite, modifying a major addressing
scheme changes, or configuring a newly installed interface.
If you aren't big on reading manuals, finding out the way to access help information
is a MUST. To display a list of commands available for each command mode, we can
type in a ? mark. IOS also provides context-sensitive help feature to make life easier.
In order to pass this exam, you will need to be able to find your away around the
IOS. We will list some the information here, but there is too much to list all of it. You
will definitely need access to a router or get the software listed at the beginning of
this study guide so that you can practice.
You will find most of the IOS commands at the following 2 links:
Router and Switch Commands
http://www.cisco.com/warp/cpropub/45/tutorial.htm
Security:
Access Lists allow us to implement some level of security on the network by
inspecting and filtering traffic as it enters or exits an interface. Each router can have
many access lists of the same or different types. However, only one can be applied in
each direction of an interface at a time (keep in mind that inbound and outbound
traffic is determined from the router's perspective). The two major types of access
lists that deserve special attention are the IP Access Lists and the IPX Access Lists.
1-99 Standard IP
100-199 Extended IP
200-299 Protocol type-code
300-399 DECnet
600-699 Appletalk
700-799 Standard 48-bit MAC
Address
800-899 Standard IPX
900-999 Extended IPX
1000- IPX SAP
1099
1100- Extended 48-bit MAC
1199 Address
1200- IPX Summary Address
1299
When dealing with Access Control Lists or preparing for your CCNA exam, you have
to deal with a 32-bit wild card address in dotted-decimal form, known as your
inverse mask. By Cisco’s definition it is called inverse, but you can think of it as the
“reverse” of your subnet mask in most cases. When dealing with your wild card
mask, you have two values that you are working with. Like subnetting you have a 0
as "off" and a 1 as the "on" value. Wild cards deal with the 0 value as “match” and
the 1 value as "ignore". What do I mean by ignore or match? If you have studied
ACLs you should know that your goal is to set criteria to deny or permit and that is
where your Inverse mask comes into play. It tells the router which values to seek out
when trying to deny or permit in your definition. If you have dealt with subnetting
you know that most of your address ended with an even number. With your inverse
mask you will end up with an odd number. There are several different ways to come
up with your inverse mask; the easiest is to subtract your subnet mask from the all
routers broadcast address of 255.255.255.255.
Example: You have a subnet mask of 255.255.255.0. To get your wild card mask all
you have to do is:
255.255.255.255.
-255.255.255.0
0.0.0.255
Then you can apply it to the definition, whether using a standard or extended ACL.
Standard example:
Router(config)# access-list 3 deny 170.10.1.0 0.0.0.255
How you would read this list. With this wild card you told the router to “match” the
first three octets and you don’t care what’s going on in the last octet.
Extended example:
Router(config)# access-list 103 permit 178.10.2.0 0.0.0.255 170.10.1.0 0.0.0.255
eq 80
How you would read this list? With this wild card you have told the router to match
The first three octets and you don’t care what’s going on in the last octet.
Thank of it this way. If you had broken the decimal form down to binary. The wild
card mask would look like this. 00000000.00000000.00000000.11111111 As you
know the “1” means ignore and “0” means match. So in that last octet it could have
been any value on that subnet line ranging from 0-255.
Routing:
There are 2 main types of routing, which are static and dynamic, the third type of
routing is called Hybrid. Static routing involves the cumbersome process of manually
configuring and maintaining route tables by an administrator. Dynamic routing
enables routers to "talk" to each other and automatically update their routing tables.
This process occurs through the use of broadcasts. Next is an explanation of the
various routing protocols.
RIP:
Routing Information Protocol(RIP) is a distance vector dynamic routing protocol. RIP
measures the distance from source to destination by counting the number of
hops(routers or gateways) that the packets must travel over. RIP sets a maximum of
15 hops and considers any larger number of hops unreachable. RIP's real advantage
is that if there are multiple possible paths to a particular destination and the
appropriate entries exist in the routing table, it will choose the shortest route.
Routers can talk to each other, however, in the real routing world, there are so many
different routing technologies available, that it is not as simple as just enabling
Routing Information Protocol (RIP).
OSPF:
Open Shortest Path First (OSPF) is a link-state routing protocol that converges faster
than a distance vector protocol such as RIP. What is convergence? This is the time
required for all routers to complete building the routing tables. RIP uses ticks and
hop counts as measurement, while OSPF also uses metrics that takes bandwidth and
network congestion into making routing decisions. RIP transmits updates every 30
seconds, while OSPF transmits updates only when there is a topology change. OSPF
builds a complete topology of the whole network, while RIP uses second handed
information from the neighboring routers. To summarize, RIP is easier to configure,
and is suitable for smaller networks. In contrast, OSPF requires high processing
power, and is suitable if scalability is the main concern.
We can tune the network by adjusting various timers. Areas that are tunable include:
the rate at which routing updates are sent, the interval of time after which a route is
declared invalid, the interval during which routing information regarding better paths
is suppressed, the amount of time that must pass before a route is removed from
the routing table, and the amount of time for which routing updates will be
postponed. Of course, different setting is needed in different situation. In any case,
we can use the "show ip route" command to display the contents of routing table as
well as how the route was discovered.
For commands and methods to configure OSPF read Configuring OSPF on Cisco
Routers
Route poisoning intentionally configure a router not to receive update messages from
a neighboring router, and sets the metric of an unreachable network to 16. This way,
other routers can no longer update the originating router's routing tables with faulty
information.
Split horizon simply prevents a packet from going out the same router interface that
it entered. Poison Reverse overrides split horizon by informing the sending router
that the destination is inaccessible, while Triggered Updates send out updates
whenever a change in the routing table occurs without waiting for the preset time to
expire.