Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Title: Cisco CCNA Study Guide
Description: Cisco CCNA Study Complete Guide. With Command and Examples and Graphics. The Complete Study Guide For CCNA Exam with 25 Chapters.
Description: Cisco CCNA Study Complete Guide. With Command and Examples and Graphics. The Complete Study Guide For CCNA Exam with 25 Chapters.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
CCNA Study Guide v2
...
0 © 2014
Er
...
com
http://www
...
webs
...
This is not a comprehensive
document containing all the secrets of the CCNA, nor is it a “braindump” of
questions and answers
...
However, the
contents of this document cannot be altered, without my written consent
...
I sincerely hope that this document provides some assistance and clarity in your
studies
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
more material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Switches vs
...
11 Wireless
Part II - The Cisco IOS
Section 10
Section 11
Section 12
Router Components
Introduction to the Cisco IOS
Advanced IOS Functions
Part III - Routing
Section 13
Section 14
Section 15
Section 16
Section 17
Section 18
Section 19
Section 20
The Routing Table
Static vs
...
Classless Routing
Configuring Static Routes
RIPv1 & RIPv2
IGRP
EIGRP
OSPF
Part IV - VLANs, Access-Lists, and Services
Section 21
Section 22
Section 23
VLANs and VTP
Access-Lists
DNS and DHCP
Part V - WANs
Section 24
Section 25
Section 26
Section 27
Basic WAN Concepts
PPP
Frame-Relay
NAT
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
3
Part I
General Networking Concepts
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
4
Section 1
- Introduction to Networks What is a Network?
network is simply defined as something that connects things together for a
specific purpose
...
A computer network connects two or more devices together to share a
nearly limitless range of information and services, including:
Documents
Email and messaging
Websites
Databases
Music
Printers and faxes
Telephony and videoconferencing
Protocols are rules that govern how devices communicate and share
information across a network
...
Protocols are covered in
great detail in other guides
...
A network reference model
serves as a blueprint, detailing standards for how protocol communication
should occur
...
Both are covered in
great detail in another guide
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The two most common
categories of networks are:
LANs (Local Area Networks)
WANs (Wide Area Networks)
A LAN is generally a high-speed network that covers a small geographic
area, usually contained within a single building or campus
...
Ethernet is the
most common LAN technology
...
The book definition of a WAN is a
network that spans large geographical locations, usually to connect multiple
LANs
...
A more practical definition of a WAN is a network that traverses a public or
commercial carrier, using one of several WAN technologies
...
A MAN (Metropolitan Area Network) is another category of network,
though the term is not prevalently used
...
An internetwork is a general term describing multiple networks connected
together
...
Some networks are categorized by their function, as opposed to their size
...
A VPN (Virtual Private Network) allows for information to be securely
sent across a public or unsecure network, such as the Internet
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
6
Network Architectures
A host refers to any device that is connected to a network
...
A host can serve one or more functions:
A host can request data, often referred to as a client
...
A host can both request and provide data, often referred to as a peer
...
For example, two Windows XP
workstations configured to share files would be considered a peer-to-peer
network
...
Data is difficult to manage and back-up, as it is
spread across multiple devices
...
In a client/server architecture, hosts are assigned specific roles
...
An example of a client/server
network would be Windows XP workstations accessing files off of a
Windows 2003/2008 server
...
Data and
services are now centrally located on one or more servers, consolidating the
management and security of that data
...
One key disadvantage of the client/server architecture is that the server can
present a single point of failure
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
7
Network Architectures (continued)
In a mainframe/terminal architecture, a single device (the mainframe)
stores all data and services for the network
...
Additionally, the mainframe performs all processing functions for the dumb
terminals that connect to the mainframe
...
In simpler terms, the mainframe handles all thinking for the dumb terminals
...
The traditional mainframe architecture is less prevalent now than in the early
history of networking
...
A thin-client can be implemented as either a
hardware device, or software running on top of another operating system
(such as Windows or Linux)
...
User sessions are spawned and managed completely
within the server system
...
For environments with a large number of client devices, the
thin-client architecture provides high scalability, with a lower total cost of
ownership
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Multiple networks connected together form an
internetwork
...
Network reference
models were developed to address these challenges
...
The two most recognized network reference models are:
The Open Systems Interconnection (OSI) model
The Department of Defense (DoD) model
Without the framework that network models provide, all network hardware and
software would have been proprietary
...
Network models are organized into layers, with each layer representing a
specific networking function
...
Protocols on one layer will interact with protocols on the layer above and
below it, forming a protocol suite or stack
...
A network model is not a physical entity - there is no OSI device
...
Some
protocols can function across multiple layers
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
It provided the first framework governing how information should be sent
across a network
...
Various mnemonics make it easier to
remember the order of the OSI model‟s layers:
7
6
5
4
3
2
1
Application
Presentation
Session
Transport
Network
Data-link
Physical
All
People
Seem
To
Need
Data
Processing
Away
Pizza
Sausage
Throw
Not
Do
Please
ISO further developed an entire protocol suite based on the OSI model;
however, the OSI protocol suite was never widely implemented
...
This is especially true of the upper three layers
...
Many protocols and
devices are described by which lower layer they operate at
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The function of the upper layers of the OSI model can be difficult to
visualize
...
OSI Model - The Application Layer
The Application layer (Layer-7) provides the interface between the user
application and the network
...
The user application itself does not reside at the Application layer - the
protocol does
...
Examples of Application layer protocols include:
FTP, via an FTP client
HTTP, via a web browser
POP3 and SMTP, via an email client
Telnet
The Application layer provides a variety of functions:
Identifies communication partners
Determines resource availability
Synchronizes communication
The Application layer interacts with the Presentation layer below it
...
(Reference: http://docwiki
...
com/wiki/Internetworking_Basics)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
11
OSI Model - The Presentation Layer
The Presentation layer (Layer-6) controls the formatting and syntax of user data
for the application layer
...
Standards have been developed for the formatting of data types, such as text,
images, audio, and video
...
Additionally, the Presentation layer can perform encryption and
compression of data, as required
...
For example, the Network layer can
perform encryption, using IPSec
...
If a session is broken, this
layer can attempt to recover the session
...
Connection management is often controlled by lower layers, such
as the Transport layer
...
Reliance on lower-layer protocols for session
management offers less flexibility than a strict adherence to the OSI model
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
OSI Model - The Transport Layer
The Transport layer (Layer-4) does not actually send data, despite its
name
...
Transport layer communication falls under two categories:
Connection-oriented - requires that a connection with specific
agreed-upon parameters be established before data is sent
...
Connection-oriented protocols provide several important services:
Segmentation and sequencing - data is segmented into smaller
pieces for transport
...
Connection establishment - connections are established, maintained,
and ultimately terminated between devices
...
Otherwise, data is retransmitted, guaranteeing
delivery
...
The TCP/IP protocol suite incorporates two Transport layer protocols:
Transmission Control Protocol (TCP) - connection-oriented
User Datagram Protocol (UDP) - connectionless
(Reference: http://www
...
com/free/t_TransportLayerLayer4-2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Routing - determines the best path to a particular destination
network, and then routes data accordingly
...
IPX is almost entirely deprecated
...
OSI Model - The Data-Link Layer
While the Network layer is concerned with transporting data between
networks, the Data-Link layer (Layer-2) is responsible for transporting data
within a network
...
It ensures that protocols like IP can function regardless of
what type of physical technology is being used
...
The MAC sublayer controls access to the physical medium, serving as
mediator if multiple devices are competing for the same physical link
...
Ethernet is covered in great detail in another guide
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
This packaging process is referred to as
framing or encapsulation
...
Common Data-link layer technologies include following:
Ethernet - the most common LAN data-link technology
Token Ring - almost entirely deprecated
FDDI (Fiber Distributed Data Interface)
802
...
Hardware addresses uniquely identify a host within a
network, and are often hardcoded onto physical network interfaces
...
The most common hardware address is the Ethernet MAC address
...
The Physical layer is closely related to the Data-link
layer, as many technologies (such as Ethernet) contain both datalink and physical
functions
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
15
Encapsulation and Layered Communication
As data is passed from the user application down the virtual layers of the
OSI model, each layer adds a header (and sometimes a trailer) containing
protocol information specific to that layer
...
Note that in the TCP/IP protocol suite only the lower layers
perform encapsulation, generally
...
The Network layer
header contains logical addressing information, and the Data-link header
contains physical addressing and other hardware specific information
...
For example, on the sending device, source and destination hardware addressing
is placed in a Data-link header
...
Network devices are commonly identified by the OSI layer they operate at; or,
more specifically, what header or PDU the device processes
...
Similarly, routers are identified as Layer3
devices, as routers process logical addressing information in the Network header
of a packet, such as IP addresses
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The Transport layer adds a header containing protocol-specific
information, and then hands the segment to the Network layer
...
The Data-Link layer adds a header containing source and destination
physical addressing and other hardware-specific information
...
During decapsulation on the receiving host, the reverse occurs:
The frame is received from the physical medium
...
The Network layer processes its header, strips it off, and then hands it
off to the Transport layer
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
17
OSI Reference Model Example
A web browser serves as a good practical illustration of the OSI model and the
TCP/IP protocol suite:
he web browser serves as the user interface for accessing a website
...
Instead, the
web browser invokes the Hyper Text Transfer Protocol (HTTP) to
interface with the remote web server, which is why http:// precedes every
web address
...
Common formats on the Internet include HTML,
XML, PHP, GIF, and JPEG
...
The Session layer is responsible for establishing, maintaining, and
terminating the session between devices, and determining whether the
communication is half-duplex or full-duplex
...
HTTP utilizes the TCP Transport layer protocol to ensure the reliable
delivery of data
...
A sequence number is assigned to each segment so that data
can be reassembled upon arrival
...
IP is also responsible for
the assigned logical addresses on the client and server, and for
encapsulating segments into packets
...
As packets travel from
network to network, IP addresses are translated to hardware addresses,
which are a function of the Data-Link layer
...
The data is finally transferred onto the network medium at the Physical
layer, in the form of raw bits
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
18
IP and the DoD Model
The Internet Protocol (IP) was originally developed by the Department of
Defense (DoD), and was a cornerstone for a group of protocols that became
known as the TCP/IP protocol suite
...
It consists of four layers:
OSI Model
7
6
5
4
3
2
1
Application
Presentation
Session
Transport
Network
Data-link
Physical
DoD Model
4
Application
3
2
Host-to-Host
Internet
1
Network Access
The consolidated DoD model is generally regarded as more practical than
the OSI model
...
A converged Data-link and Physical layer is also sensible,
as many technologies provide specifications for both layers, such as
Ethernet
...
So, Please Do Not Throw Sausage Pizza Away
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
It has
emerged as the dominant technology used in LAN networking
...
94Mbps
...
In the mid 1980s, the Institute of Electrical and Electronic Engineers
(IEEE) published a formal standard for Ethernet, defined as the IEEE 802
...
The original 802
...
Ethernet has several benefits over other LAN technologies:
Simple to install and manage
Inexpensive
Flexible and scalable
Easy to interoperate between vendors
(References: http://docwiki
...
com/wiki/Ethernet_Technologies; http://www
...
com/networking/lan/ethernet1
...
The shield helps
protect against electromagnetic interference (EMI), which can cause
attenuation, a reduction of the strength and quality of a signal
...
Coax is commonly used to deploy cable television to homes and businesses
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, it is less flexible than the smaller thinnet, and thus more
difficult to work with
...
Twisted-pair cable consists of two or four pairs of copper wires in a plastic
sheath
...
Twisted-pair is the most common Ethernet cable
...
Shielded twistedpair is
more resistant to external EMI; however, all forms of twisted-pair suffer from
greater signal attenuation than coax cable
...
Cat5 - five twists per inch
...
Cat6 - six twists per inch, with improved insulation
...
The
layout of the wires in the connector dictates the function of the cable
...
Ethernet supports two fiber specifications:
Singlemode fiber - consists of a very small glass core, allowing only
a single ray or mode of light to travel across it
...
Multimode fiber - consists of a larger core, allowing multiple modes
of light to traverse it
...
Singlemode fiber requires more precise electronics than multimode, and thus is
significantly more expensive
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
21
Network Topologies
A topology defines both the physical and logical structure of a network
...
Ethernet Bus Topology
In a bus topology, all hosts share a single physical segment (the bus or the
backbone) to communicate:
A frame sent by one host is received by all other hosts on the bus
...
Bus topologies are inexpensive to implement, but are almost entirely
deprecated in Ethernet
...
Adding or removing hosts to the bus can be difficult
...
Such faults are often very difficult to
troubleshoot
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
22
Ethernet Star Topology
In a star topology, each host has an individual point-to-point connection to a
centralized hub or switch:
A hub provides no intelligent forwarding whatsoever, and will always
forward every frame out every port, excluding the port originating the frame
...
Otherwise, it will
discard the frame
...
A frame can then
be forwarded out only the appropriate destination port, instead of all ports
...
Adding or removing hosts is very simple in a star topology
...
There are two disadvantages to the star topology:
The hub or switch represents a single point of failure
...
However, the star is still the dominant topology in modern Ethernet
networks, due to its flexibility and scalability
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
23
The Ethernet Frame
An Ethernet frame contains the following fields:
Field
Length
Preamble
Start of Frame
MAC Destination
MAC Source
802
...
It is followed by an 8-bit start of
frame delimiter (10101011) that indicates a valid frame is about to begin
...
Ethernet uses the 48-bit MAC address for hardware addressing
...
The destination MAC address identifies who is to receive the frame - this
can be a single host (a unicast), a group of hosts (a multicast), or all hosts (a
broadcast)
...
The 802
...
VLANs are covered in great detail other section
...
3
...
However, Ethernet II is almost entirely
deprecated
...
3, the field identifies the length of the payload
...
(Reference: http://www
...
com/networking/lan/ethernet2
...
dcs
...
ac
...
htm)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
24
The Ethernet Frame (continued)
Field
Length
Preamble
Start of Frame
MAC Destination
MAC Source
802
...
A frame that is smaller than 64 bytes will be discarded as a
runt
...
If the payload does not meet this minimum, the payload is padded
with 0 bits until the minimum is met
...
1Q tag is used, the Ethernet header size will total
22 bytes, requiring a minimum payload of 42 bytes
...
1Q tag
...
With both
runts and giants, the receiving host will not notify the sender that the frame was
dropped
...
Some Ethernet devices support jumbo frames of 9216 bytes, which provide
less overhead due to fewer frames
...
The 32-bit Cycle Redundancy Check (CRC) field is used for errordetection
...
This field is a trailer, and not a header, as it follows the payload
...
(Reference: http://www
...
com/networks/ethernet/frame
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
This allowed two or more hosts to use the same physical network medium
...
Carrier
sense specifies that a host will monitor the physical link, to determine
whether a carrier (or signal) is currently being transmitted
...
If two hosts transmit a frame simultaneously, a collision will occur
...
Once a collision is detected, both
hosts will send a 32-bit jam sequence to ensure all transmitting hosts are
aware of the collision
...
Both devices will then wait a random amount of time before resending their
respective frames, to reduce the likelihood of another collision
...
Hosts must detect a collision before a frame is finished transmitting,
otherwise CSMA/CD cannot function reliably
...
A host must continue to transmit a frame for a minimum of the slot time
...
The slot time effectively limits the physical length of the
network - if a network segment is too long, a host may not detect a collision
within the slot time period
...
For 10 and 100Mbps Ethernet, the slot time was defined as 512 bits, or 64 bytes
...
The slot time actually defines this minimum
...
(Reference: http://www
...
com/networking/lan/ethernet3
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
This
effectively doubles the throughput of a network interface
...
3x, and does not use
CSMA/CD or slot times
...
Greater distances are supported when using full-duplex over
half-duplex
...
Thus, a bus topology using coax cable does not support full-duplex
...
A host connected to a hub is limited to half-duplex
...
Categories of Ethernet
The original 802
...
These revisions or amendments are identified by the letter appended to the
standard, such as 802
...
3z
...
For example, 100baseT represents the
following:
The first part (100) represents the transmission rate, in Mbps
...
The last part (T) represents the physical media type (twisted-pair)
...
In broadband, multiple signals or
channels can share the same link, through the use of modulation (usually
frequency modulation)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, Ethernet traditionally referred to the original 802
...
Ethernet supports coax, twisted-pair,
and fiber cabling
...
Common Ethernet physical standards include:
IEEE
Standard
802
...
3
802
...
3j
Physical
Standard
10base2
10base5
10baseT
10baseF
Cable Type
Coaxial (thinnet)
Coaxial (thicknet)
Twisted-pair
Fiber
Maximum
Speed
10 Mbps
10 Mbps
10 Mbps
10 Mbps
Maximum
Cable Length
185 meters
500 meters
100 meters
2000 meters
Both 10baseT and 10baseF support full-duplex operation, effectively
doubling the bandwidth to 20 Mbps
...
The
maximum distance of an Ethernet segment can be extended through the use of a
repeater
...
Fast Ethernet (100 Mbps)
In 1995, the IEEE formalized 802
...
Fast Ethernet supports both twisted-pair
copper and fiber cabling, and supports both half-duplex and full-duplex
...
3u
802
...
3u
802
...
100baseTX is the dominant Fast Ethernet physical standard
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
28
Speed and Duplex Autonegotiation
Fast Ethernet is backwards-compatible with the original Ethernet standard
...
Fast Ethernet also introduced the ability to autonegotiate both the speed and
duplex of an interface
...
Speed and duplex can also be hardcoded, preventing negotiation
...
Either
both sides must be configured to autonegotiate, or both sides must be
hardcoded with identical settings
...
For example, if a workstation‟s NIC is configured to autonegotiate, and the
switch interface is hardcoded for 100Mbps and full-duplex, then a duplex
mismatch will occur
...
If the duplex is mismatched, collisions will occur
...
These issues can be difficult to troubleshoot, as the network
connection will still function, but will be excruciatingly slow
...
This resulted in frequent mismatch issues, and a
sentiment of distrust towards autonegotiation
...
Another common practice is to
hardcode server and datacenter connections, but to allow user devices to
autonegotiate
...
Most
manufacturers recommend autonegotiation on Gigabit Ethernet interfaces as a
best practice
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
3ab) and fiber cabling (802
...
Gigabit over twisted-pair uses all four
pairs, and requires Category 5e cable for reliable performance
...
A device that supports all three is often referred to as a
10/100/1000 device
...
Full-duplex Gigabit Ethernet effectively provides 2000 Mbps of
throughput
...
3ab
802
...
3z
802
...
10 Gigabit Ethernet
10 Gigabit Ethernet operates at 10000 Mbps, and supports both twisted-pair
(802
...
3ae)
...
Common Gigabit Ethernet physical standards include:
IEEE
Standard
802
...
3ae
802
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
30
Twisted-Pair Cabling Overview
A typical twisted-pair cable consists of four pairs of copper wires, for a total
of eight wires
...
When the connector is crimped onto the cable, these
pins make contact with each wire
...
The color is
dictated by the cabling standard - TIA/EIA-568B is the current standard:
Color
White Orange
Orange
White Green
Blue
White Blue
Green
White Brown
Brown
Pin#
1
2
3
4
5
6
7
8
Each wire is assigned a specific purpose
...
For communication to occur, transmit pins must connect to the receive pins
of the remote host
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
31
Twisted-Pair Cabling - Cable and Interface Types
The layout or pinout of the wires in the RJ45 connector dictates the function of
the cable
...
Twisted-Pair Cabling - Straight-Through Cable
A straight-through cable is used in the following circumstances:
From a host to a hub - MDI to MDIX
From a host to a switch - MDI to MDIX
From a router to a hub - MDI to MDIX
From a router to a switch - MDI to MDIX
Essentially, a straight-through cable is used to connect any device to a hub or
switch, except for another hub or switch
...
The pinout on each end of a straight-through cable must be identical
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
32
Twisted-Pair Cabling - Crossover Cable
A crossover cable is used in the following circumstances:
From a host to a host - MDI to MDI
From a hub to a hub - MDIX to MDIX
From a switch to a switch - MDIX to MDIX
From a hub to a switch - MDIX to MDIX
From a router to a router - MDI to MDI
Remember that a hub or a switch will provide the crossover function
...
A crossover cable is often required to uplink a hub to another hub, or to
uplink a switch to another switch
...
Modern devices can now automatically detect whether the crossover
function is required, negating the need for a crossover cable
...
AutoMDIX requires that autonegotiation be enabled
...
The
first connector is using the TIA/EIA-568B standard, while the second
connector is using the TIA/EIA-568A standard
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A rollover cable
is often referred to as a console cable, and its sheathing is usually flat and
light-blue in color
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
34
Power over Ethernet (PoE)
Power over Ethernet (PoE) allows both data and power to be sent across the
same twisted-pair cable, eliminating the need to provide separate power
connections
...
PoE can be used to power many devices, including:
Voice over IP (VoIP) phones
Security cameras
Wireless access points
Thin clients
PoE was originally formalized as 802
...
802
...
Ethernet, Fast Ethernet, and Gigabit Ethernet all support PoE
...
Gigabit Ethernet requires the
phantom power method, as it uses all eight wires in a twisted-pair cable
...
PoE can be supplied using an external power injector,
though each powered device requires a separate power injector
...
3af-compliant network switch is used to provide
power to many devices simultaneously
...
(Reference: http://www
...
com/docs/upload/PoE_Basics_WP
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Switches vs
...
The
OSI model specifically consists of seven layers, with each layer
representing a specific networking function
...
As data is passed from the user application down the virtual layers of the
OSI model, each of the lower layers adds a header (and sometimes a
trailer) containing protocol information specific to that layer
...
The PDU of each lower layer is identified with a unique term:
#
7
6
5
4
3
2
1
Layer
Application
Presentation
Session
Transport
Network
Data-link
Physical
PDU Name
Segments
Packets
Frames
Bits
Commonly, network devices are identified by the OSI layer they operate at (or,
more specifically, what header or PDU the device processes)
...
Similarly, routers are identified as Layer-3
devices, as routers process logical addressing information in the Network
header of a packet (such as IP addresses)
...
For example, the term switch can now refer
to devices that operate at layers higher than Layer-2
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
36
Icons for Network Devices
The following icons will be used to represent network devices for all guides on
routeralley
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Hubs can also be referred to as repeaters
...
Hubs are incapable of
processing either Layer-2 or Layer-3 information, and thus cannot make
decisions based on hardware or logical addressing
...
Hubs do not differentiate between frame types, and thus
will always forward unicasts, multicasts, and broadcasts out every port but the
originating port
...
Ethernet utilizes Carrier Sense
Multiple Access with Collision Detect (CSMA/CD) to control
media access
...
However, if two devices transmit a frame simultaneously, a collision will
occur
...
Both devices will wait a random amount of time before
resending their respective frames
...
Thus, all ports on a hub belong to the same
collision domain
...
Multiple hubs that are uplinked together still all belong to one collision
domain
...
Hubs also belong to only one broadcast domain - a hub will forward both
broadcasts and multicasts out every port but the originating port
...
Only a Layer-3 device, such as a router, can separate broadcast domains
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A frame can then be
forwarded out only the appropriate destination port, instead of all ports
...
Bridging is a
largely deprecated term (mostly for marketing purposes), and Layer-2
forwarding is now commonly referred to as switching
...
Switches usually have a higher port-density, and can perform
forwarding decisions at wire speed, due to specialized hardware circuits
called ASICs (Application-Specific Integrated Circuits)
...
Ethernet switches build MAC-address tables through a dynamic learning
process
...
The
switch will flood every frame, including unicasts, out every port but the
originating port
...
Consider the following diagram:
Switch
Fa0/10
Computer A
Fa0/11
Computer B
When ComputerA sends a frame to
ComputerB, the switch will add ComputerA‟s
MAC address to its table, associating it with port
fa0/10
...
Switches always learn from the source
MAC address
...
However, as the MAC-address table
becomes populated, the flooding of frames will decrease, allowing the switch to
perform more efficient forwarding decisions
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Each individual port on a switch belongs to its own
collision domain
...
Like hubs though, switches belong to only one broadcast domain
...
Only Layer-3 devices separate broadcast domains
...
The Layer-2 header provides no mechanism to differentiate one
network from another, only one host from another
...
If only hardware addressing existed, all
devices would technically be on the same network
...
Imagine if the entire Internet existed purely as a Layer-2 switched
environment
...
Even with a conservative estimate of a billion devices on the Internet, the
resulting broadcast storms would be devastating
...
Both hubs and switches are susceptible to switching loops, which result in
destructive broadcast storms
...
STP is covered in great detail in
another guide
...
At one time, switches were more expensive and introduced
more latency (due to processing overhead) than hubs, but this is no longer
the case
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Each method copies
all or part of the frame into memory, providing different levels of latency
and reliability
...
The Store-and-Forward method copies the entire frame into memory, and
performs a Cycle Redundancy Check (CRC) to completely ensure the
integrity of the frame
...
The Cut-Through (Real Time) method copies only enough of a frame‟s
header to determine its destination address
...
This method allows frames to be transferred at wire
speed, and has the least latency of any of the three methods
...
The Fragment-Free (Modified Cut-Through) method copies only the first
64 bytes of a frame for error-checking purposes
...
Fragment-Free represents a
compromise between reliability (store-and-forward) and speed (cut-through)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Routers build routing
tables to perform forwarding decisions, which contain the following:
The destination network and subnet mask
The next hop router to get to the destination network
Routing metrics and Administrative Distance
Note that Layer-3 forwarding is based on the destination network, and not the
destination host
...
The routing table is concerned with two types of Layer-3 protocols:
Routed protocols - assigns logical addressing to devices, and routes
packets between networks
...
Routing protocols - dynamically builds the information in routing
tables
...
Each individual interface on a router belongs to its own collision domain
...
Unlike Layer-2 switches, Layer-3 routers also separate broadcast domains
...
☺
Routers will not forward multicasts either, unless configured to participate in a
multicast tree
...
Traditionally, a router was required to copy each individual packet to its buffers,
and perform a route-table lookup
...
Thus, routing was generally
considered slower than switching
...
This has blurred the line between routing and
switching, from both a technological and marketing standpoint
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
42
Collision vs
...
Remember that:
Routers separate broadcast and collision domains
...
Hubs belong to only one collision domain
...
In the above example, there are THREE broadcast domains, and EIGHT
collision domains:
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
43
VLANs - A Layer-2 or Layer-3 Function?
By default, a switch will forward both broadcasts and multicasts out every port
but the originating port
...
VLANs are covered in
extensive detail in another guide
...
Traffic between devices in different VLANs requires a Layer-3
device to communicate
...
This
separation provided by VLANs is not a Layer-3 function
...
Thus, a switch that supports VLANs is not necessarily a Layer-3 switch
...
Remember, though VLANs provide separation for Layer-3 broadcast
domains, and are often associated with IP subnets, they are still a Layer-2
function
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The switch must cache network traffic flows, so that Layer-3
forwarding can occur in hardware
...
Layer-2 and Layer-3 processors can act
independently within a single switch chassis, with each packet requiring a
route-table lookup on the route processor
...
For the first packet of a particular traffic flow, the Layer-3 switch
will perform a standard route-table lookup
...
Subsequent packets of that flow will bypass the route-table lookup, and will be
forwarded based on the cached information, reducing latency
...
Layer-3 switches are predominantly used to route between VLANs:
Traffic between devices within the same VLAN, such as ComputerA and
ComputerB, is switched at Layer-2 as normal
...
The switch
will then cache that IP traffic flow, and subsequent packets in that flow will be
switched in hardware
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Routing - End the Confusion!
The evolution of network technologies has led to considerable confusion
over the terms switch and router
...
The traditional definition of a router is a device that performs Layer-3
forwarding decisions
...
This
resulted in a widespread perception that switching was fast, and routing was slow
(and expensive)
...
Though
Layer-3 forwarding in hardware is still routing in every technical sense, such
devices were rebranded as Layer-3 switches
...
A Layer-3 switch is still a router
...
Thus, both Layer-3
switches and Layer-3 routers perform nearly identical functions at the same
performance
...
Layer-3 switches can also provide
Layer-2 functionality for intra-VLAN traffic
...
Routers support a large number of WAN technologies, while Layer-3
switches generally do not
...
Layer-3 switches are often deployed as the backbone of LAN or campus
networks
...
(Fantastic Reference: http://blog
...
info/2011/02/how-did-we-ever-get-into-this-switching
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Thus, a Layer-3 switch is
considered a multilayer switch, as it forwards frames at Layer-2 and packets at
Layer-3
...
By caching application flows, QoS (Quality of Service) functions can be
applied to preferred applications
...
If the traffic to the Webserver is preferred,
then a higher QoS priority can be assigned to that application flow
...
These switches are
sometimes referred to as Layer-7 switches
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
When a loop is introduced into the network, a highly destructive broadcast
storm can develop within seconds
...
Consider the following looped environment:
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5
If the computer connected to Switch 4 sends out a broadcast, the switch will
forward the broadcast out all ports, including the ports connecting to Switch 2
and Switch 5
...
The broadcast will loop around the switches infinitely
...
Only powering off the switch or physically removing the loop will stop the
storm
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
1D) was developed
...
STP-enabled switches communicate to form a topology of the entire
switching network, and then shutting down (or blocking) a port if a loop
exists
...
Once all switches agree on
the topology database, the switches are considered converged
...
BPDU‟s are sent out all ports every two
seconds, are forwarded to a specific MAC multicast address:
0180
...
0000
...
1D STP exist, including:
Common Spanning Tree (CST) - A single STP process is used for
all VLANs
...
Per-VLAN Spanning Tree Plus (PVST+) - Enhanced version of
PVST that allows CST-enabled switches and PVST-enabled switches
to interoperate
...
The STP Process
To maintain a loop-free environment, STP performs the following functions:
A Root Bridge is elected
Root Ports are identified
Designated Ports are identified
If a loop exists, a port is placed in Blocking state
...
If multiple loops exist in the switching environment, multiple ports will be
placed in a blocking state
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Good design practice dictates that the Root
Bridge be placed closest to the center of the STP topology
...
The default priority is
32,768, and the lowest priority wins
...
The combination
of a switch‟s priority and MAC address make up that switch‟s Bridge ID
...
Switches 2, 3,
and 5 have the default priority set
...
However, Switch 1 will become the root bridge, as it has the lowest
MAC address
...
By default, all
switches “believe” they are the Root Bridge, until a switch with a lower Bridge
ID is discovered
...
If a new switch with a lower
Bridge ID is added to the topology, it will be elected as the new Root
Bridge
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Each
switch has only one Root Port, and the Root Bridge cannot have a Root Port
...
The
higher the bandwidth, the lower the Path Cost:
Bandwidth
4 Mbps
10 Mbps
16 Mbps
100 Mbps
1 Gbps
Cost
250
100
62
19
4
Consider the following example:
Assume the links between all switches are 10Mbps Ethernet, with a Path
Cost of 100
...
For Switch 4, the port leading up to Switch 2 has a Path Cost of 200, and
becomes the Root Port
...
The Root Port is said to have received the most superior BPDU to the Root
Bridge
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
51
Identifying Designated Ports
The third and final step in the STP process is to identify Designated Ports
...
This port will not be placed in a
blocking state
...
Consider the following example:
Ports on the Root Bridge are never placed in a blocking state, and thus
become Designated Ports for directly attached segments
...
The ports on Switch 2 and Switch 3 have the
lowest Path Cost to the Root Bridge for the two respective
segments, and thus both become Designated Ports
...
One
of the ports must be elected the Designated Port for that segment, and the other
must be placed in a blocking state
...
However, the
ports connecting Switches 4 and 5 have the same Path Cost to reach the Root
Bridge (200)
...
Whichever switch has the highest Bridge ID has its port placed
in a blocking state
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
52
Port ID
In certain circumstances, a tie will occur in both Path Cost and Bridge ID
...
Which interface will become the
Root Port? The tiebreaker should be the lowest Bridge ID, but that cannot be
used in this circumstance (unless Switch 2 has become schizophrenic)
...
An interface‟s Port
ID consists of two parts - a 6-bit port priority value, and the MAC address for
that port
...
By default, the port priority of an interface is 128
...
STP
decides Root and Designated Ports based on the following criteria, and in this
order:
Lowest Path Cost to the Root Bridge
Lowest Bridge ID
Lowest Port ID
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
53
Extended System IDs
Normally, a switch‟s Bridge ID is a 64-bit value that consists of a 16-bit
Bridge Priority value, and a 48-bit MAC address
...
Instead of adding bits to the existing Bridge ID, 12 bits of the
Bridge Priority value are used for this System ID, which identifies the VLAN this
STP process represents
...
Normally, the Bridge Priority can range from 0
(or off) to 65,535, with a default value of 32,768
...
To enable the extended System ID:
Switch(config)# spanning-tree extend system-id
Enabling extended System ID accomplishes two things:
Increases the amount of supported VLANs on the switch from 1005 to
4094
...
Thus, when this command is enabled, the 64-bit Bridge ID will consist of the
following:
4-bit Priority Value
12-bit System ID value (VLAN ID)
48-bit MAC address
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
54
Per-VLAN Spanning Tree (PVST) Example
Remember that PVST+ is the default implementation of STP on Catalyst
switches
...
Consider the following example:
With Common Spanning Tree (CST), all VLANS would belong to the same STP
process
...
For efficiency
purposes, this may not be ideal
...
STP runs a
separate process for each VLAN, allowing a port to enter a blocking state only
for that specific VLAN
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
55
STP Port States
Switch ports participating in STP progress through five port states:
Blocking - The default state of an STP port when a switch is powered on,
and when a port is shut down to eliminate a loop
...
It will still listen for BPDUs from other
switches, to learn about changes to the switching topology
...
The port
will listen for BPDU‟s to participate in the election of a Root
Bridge, Root Ports, and Designated Ports
...
Learning - After a brief period of time, called a Forward Delay, a port
listening state will be elected either a Root Port or Designated Port,
placed in a learning state
...
However, ports in a learning state will
not forward frames
...
)
Forwarding - After another Forward Delay, a port in learning mode will be
placed in forwarding mode
...
All designated,
root, and non-uplink ports will eventually be placed in a forwarding state
...
On average, a port in a blocking state will take 30 to 50 seconds to reach a
forwarding state
...
cisco
...
1/8aew/configuration/guide/spantree
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Hello Timer - Default is 2 seconds
...
Forward Delay - Default is 15 seconds
...
This delay ensures STP has ample time to detect and
eliminate loops
...
Indicates how long a switch will
keep BPDU information from a neighboring switch before discarding
it
...
All timer values can be adjusted, and should only be adjusted on the Root
Bridge
...
Non-Root switches will ignore their locally
configured timers
...
The above examples represent the
maximum value each timer can be configured to
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
STP Topology Changes
Root Port
Switch 1
Root Bridge
Root Port
Switch 2
Switch 3
Root Port
Switch 4
57
Root Port
Switch 5
An STP topology change will occur under two circumstances:
When an interface is placed into a Forwarding state
...
The switch recognizing this topology change will send out a TCN
(Topology Change Notification) BPDU, destined for the Root Bridge
...
For example, if the interface on Switch 4 connecting to Switch 5 went down,
Switch 4 would send a TCN out its Root Port to Switch 2
...
Switch 2 would then
forward the TCN out its Root Port to Switch 1 (the Root Bridge)
...
When a switch receives this Root
BPDU, it will temporarily lower its MAC-address Aging Timer from 300
seconds to 15 seconds, so that any erroneous MAC addresses can be quickly
flushed out of the CAM table
...
(Reference: http://www
...
com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
If another switch on the network has a lower priority
than 24,576, the above command will lower the priority by 4096 less than the
priority of the other switch
...
To force a
switch to become a Secondary Root Bridge:
Switch(config)# spanning-tree vlan 10 root secondary
The root secondary parameter in the above command automatically lowers the
switch‟s priority to 28,672
...
The maximum (and default) value for the
diameter is 7
...
The diameter command will also adjust the Hello, Forward Delay, and Max
Age timers
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
59
STP PortFast
PortFast allows switch ports that connect a host device (such as a printer or a
workstation), to bypass the usual progression of STP states
...
Thus, Port Fast
allows the interface to move from a blocking state to a forwarding state
immediately, eliminating the normal 30 second STP delay
...
Note that PortFast does not disable STP
on an interface - it merely speeds up the convergence
...
STP UplinkFast
Switches can have multiple uplinks to other upstream switches
...
If a directly-connected interface goes down, STP needs to perform a
recalculation to bring the other interface out of a blocking state
...
UplinkFast allows the port in a blocking state to be held in standby-mode,
and activated immediately if the forwarding interface fails
...
The Root Bridge cannot have UplinkFast enabled
...
cisco
...
2_35_se/configuration/guide/swstpopt
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
For example, if the Root Bridge fails, another switch will be elected the
Root
...
By default,
the Max Age timer is 20 seconds
...
It will update itself with the new Root info
immediately
...
The Root Bridge is always determined by the lowest Bridge ID
...
This may result in a suboptimal or unstable STP
topology
...
When enabled, these mechanisms apply to all VLANs for
that particular interface
...
cisco
...
2_35_se/configuration/guide/swstpopt
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Switch(config)# interface fa0/10
Switch(config-if)# spanning-tree guard root
The above command will prevents the switch from accepting a new Root
Bridge off of the fa0/10 interface
...
Under
normal circumstances, a PortFast-enabled interface connects to a host device,
and thus the interface should never receive a BPDU
...
More accurately, if an interface configured for BPDU Guard receives a
BPDU, then the errdisable state will occur
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
STP requires that
switches send BPDU‟s bi-directionally to build the topology database
...
Unidirectional Link Detection (UDLD) periodically tests ports to ensure
bi-directional communication is maintained
...
If the
remote switch does not respond, UDLD assumes the interface has
malfunctioned and become unidirectional
...
UDLD can run in two modes:
Normal Mode - If a unidirectional link is detected, the port is not
shut down, but merely flagged as being in an undetermined state
Aggressive Mode - If a unidirectional link is detected, the port is
placed in an errdisable state
UDLD can be enabled globally (but only for Fiber ports on the switch):
Switch(config)# udld enable message time 20
Switch(config)# udld aggressive message time 20
The enable parameter sets UDLD into normal mode, and the aggressive
parameter is for aggressive mode (obviously)
...
UDLD can be configured on individual interfaces:
Switch(config-if)# udld enable
Switch(config-if)# udld aggressive
Switch(config-if)# udld disable
To view UDLD status on ports, or re-enable UDLD errdisabled ports:
Switch# show udld
Switch# udld reset
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
63
STP Troubleshooting Commands
To view STP information for a specific VLAN:
Switch# show spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID
Priority
24576
Address
00a
...
90ab
Cost
19
Port
24 (FastEthernet0/24)
Hello Time 2 sec
Max Age 20
Bridge ID
Priority
Address
Hello Time
Aging Time
sec
Forward
Delay
15
sec
32768
(priority 32768 sys-id-ext 1)
000c
...
abcd
2 sec
Max Age 20 sec
Forward Delay 15 sec
300
Interface
Role
Sts
Fa0/24
Fa0/23
Root
Altn
FWD
BLK
Cost
19
19
Prio
...
24
128
...
1234
...
23
...
5678
...
5678
...
23, designated path cost 0
(Reference: http://www
...
com/en/US/docs/switches/lan/catalyst6500/ios/12
...
html#wp1026768)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
64
Rapid Spanning Tree Protocol (RSTP)
To further alleviate the 30 to 50 second convergence delays with STP,
enhancements were made to the original IEEE 802
...
The result was
802
...
RSTP is similar in many respects to STP
...
Root
Ports and Designated Ports are also elected
...
Alternate Port - A backup Root Port, that has a less desirable Path
Cost
...
Designated Port - Non-Root port that represents the best Path Cost
for each network segment to the Root Bridge (same as STP)
...
Backup Port - A backup Designated Port, that has a less desirable
Path Cost
...
Edge Port - A port connecting a host device, which is moved to a
Forwarding state immediately
...
On
Cisco Catalyst switches, any port configured with PortFast becomes
an Edge Port
...
Switches no longer
require artificial Forwarding Delay timers to ensure a loop-free environment
...
During initial convergence, the Root Bridge and its
directly-connected switches will place their interfaces in a discarding
state
...
Each switch will then perform the same handshaking process with their
downstream neighbors
...
(Reference: http://www
...
com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
1D STP
...
1D STP, a switch recognizing a topology change will send
out a TCN (Topology Change Notification) BPDU, destined for the Root
Bridge
...
When a switch receives this Root
BPDU, it will temporarily lower its MAC-address Aging Timer from 300
seconds to 15 seconds, so that any erroneous MAC addresses can be quickly
flushed out of the CAM table
...
Any switch can generate and forward a TC BPDU
...
RSTP incorporates the features of UplinkFast by allowing Alternate and
Backup ports to immediately enter a Forwarding state, if the primary Root or
Designated port fails
...
802
...
1D STP
...
1D specifications
...
Multiple Spanning Tree (MST) - The IEEE 802
...
(Reference: http://www
...
com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, each VLAN must run its own separate STP process, often
placing an extreme burden on the switch‟s processor
...
Each STP process is called an instance
...
VLAN-to-Instance Mappings
Each region runs its own Internal Spanning Tree (IST) to eliminate loops
within that region
...
MST is fully compatible with all other implementations of STP
...
cisco
...
2/31sg/configuration/guide/spantree
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
By default, all VLANs belong
to instance 0
...
To view the changes to the configuration:
Switch(config-mst)# show pending
Pending MST configuration
Name [MYMSTNAME]
Revision 10
Instance
Vlans mapped
0
2
101-4094
1-100
All other configuration of MST is identical to standard STP, with two
exceptions
...
Switch(config)# spanning-tree mst 2 root primary
Switch(config)# spanning-tree mst 2 priority 32000
The above two configurations are applied to MST Instance 2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Hardware addressing is a function of the Data-Link layer of the OSI
model (Layer-2)
...
The
MAC address is often hardcoded on physical network interfaces, though
some interfaces support changing the MAC address using special utilities
...
A MAC address is most often represented in hexadecimal, using one of two
accepted formats:
00:43:AB:F2:32:13
0043
...
3213
The first six hexadecimal digits of a MAC address identify the manufacturer of
the physical network interface
...
The last six digits uniquely identify the
host itself, and are referred to as the host ID
...
MAC
addresses provide no mechanism to create boundaries between networks
...
This lack of hierarchy poses significant difficulties to network scalability
...
Internetworks like the Internet could not exist, as it would be
impossible to separate my network from your network
...
Switches, as a rule, will forward a broadcast out every port
...
The Internet would simply collapse
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
69
Logical Addressing
Logical addressing is a function of the Network layer of the OSI Model
(Layer-3), and provides a hierarchical structure to separate networks
...
A logical address contains two components:
Network ID - identifies which network a host belongs to
...
Examples of logical addressing protocols include Internetwork Packet
Exchange (IPX) and Internet Protocol (IP)
...
IP is the most
widely-used logical address, and is the backbone protocol of the Internet
...
When this proved to be an inflexible solution, those functions were
separated - with the Internet Protocol (IP) providing Network layer services,
and TCP providing Transport layer services
...
IP provides two fundamental Network layer services:
Logical addressing - provides a unique address that identifies both
the host, and the network that host exists on
...
IP was originally defined in RFC 760, and has been revised several times
...
IPv4 will be the focus of this guide
...
IPv4 will eventually be replaced by IP Version 6
(IPv6), due to a shortage of available IPv4 addresses
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
70
IPv4 Addressing
A core function of IP is to provide logical addressing for hosts
...
An IP address is most often represented in decimal, in the following format:
158
...
164
...
The smallest
possible value of an octet is 0, or 00000000 in binary
...
The above IP address represented in binary would look as follows:
First Octet
Second Octet
Third Octet
Fourth Octet
10011110
01010000
10100100
00000011
Decimal to Binary Conversion
The simplest method of converting between decimal and binary is to
remember the following table:
128
64
32
16
8
4
2
1
To convert a decimal number of 172 to binary, start with the leftmost
column
...
Next, add
the value of the next column (128 + 64 = 192)
...
Again, add the value of the next column (128 + 32 = 160)
...
Continue this process until the
columns with binary bits set to 1 add up to 172:
Decimal
Binary
128
1
64
0
32
1
16
0
8
1
4
1
2
0
1
0
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
71
Binary to Decimal Conversion
Converting from binary back to decimal is even simpler
...
For example, consider the binary number of 11110001:
Decimal
Binary
128
1
64
1
32
1
16
1
8
0
4
0
2
0
1
1
By adding 128 + 64 + 32 + 16+ 1, it can be determined that 11110001
equals 241
...
The other part of the address
identifies the host
...
80
...
3 255
...
0
...
255
...
0
...
If a binary bit is set to a 0 (or off) in a subnet mask, the corresponding
bit in the address identifies the host
...
01010000
...
00000011
11111111
...
00000000
...
Thus, the first 16 bits of the
address (158
...
The last 16 bits of the subnet mask are set to
0
...
3) identify the unique host on that
network
...
For example, a
subnet mask of 255
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
72
The Subnet Mask (continued)
Hosts on the same logical network will have identical network addresses, and
can communicate freely
...
80
...
100 255
...
0
...
80
...
101 255
...
0
...
80), which is determined by the
255
...
0
...
Hosts that are on different networks cannot
communicate without an intermediating device
...
80
...
100 255
...
0
...
85
...
101 255
...
0
...
80 and 158
...
Thus, the two hosts are not on
the same network, and cannot communicate without a router between them
...
Consider the following, trickier example:
Host A:
Host B:
158
...
1
...
248
...
0
158
...
1
...
248
...
0
The specified subnet mask is now 255
...
0
...
To determine if these hosts are on separate networks, first
convert everything to binary:
Host A Address:
Host B Address:
Subnet Mask:
10011110
...
00000001
...
01001111
...
00000001
11111111
...
00000000
...
In this example, the first 13 bits (the 8 bits of the first octet, and the
first 5 bits of the second octet) identify the network
...
01010
10011110
...
Thus, these two hosts are on
separate networks, and require a router to communicate
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The value
of the first octet of an address determines the class of the network:
Class
First Octet Range
Default Subnet Mask
Class A
Class B
Class C
Class D
1 - 127
128 - 191
192 - 223
224 - 239
255
...
0
...
255
...
0
255
...
255
...
The range of “127” reserved
for Loopback addressing, so we can’t use 127
...
0
...
255
...
255
...
0
...
0
...
This results in a maximum of 127 Class A
networks, with 16,777,214 hosts per network!
Example of a Class A address:
Address:
Subnet Mask:
64
...
254
...
0
...
0
Class B networks range from 128 to 191
...
255
...
0
...
This results in a maximum of 16,384 Class B networks,
with 65,534 hosts per network
...
41
...
195
255
...
0
...
The default subnet mask is
255
...
255
...
Thus, by default, the first three octets define the network, and
the last octet defines the host
...
Example of a Class C address:
Address:
Subnet Mask:
207
...
233
...
255
...
0
Class D networks are reserved for multicast traffic
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
74
CIDR (Classless Inter-Domain Routing)
Classless Inter-Domain Routing (CIDR) is a simplified method of
representing a subnet mask
...
For example, a subnet mask of 255
...
255
...
11111111
...
11110000
The first 28 bits of the above subnet mask are set to 1
...
The CIDR mask is often appended to the IP address
...
168
...
1 and a subnet mask of 255
...
255
...
168
...
1 /24
Address Classes vs
...
The subnet mask determines what part of an address identifies the
network, and what part identifies the host
...
A network using its default
subnet mask is referred to as a classful network
...
1
...
1 is a Class A address, and its default subnet mask is
255
...
0
...
It is entirely possible to use subnet masks other than the default
...
1
...
1 /16
However, this does not change the class of the above address
...
Remember, the only thing that determines the class of an IP address is the first
octet of that address
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
75
Subnet and Broadcast Addresses
On each IP network, two host addresses are reserved for special use:
The subnet (or network) address
The broadcast address
Neither of these addresses can be assigned to an actual host
...
A routing table
contains a list of known networks, and each network is identified by its
subnet address
...
For example, 192
...
1
...
This can be determined by
looking at the address and subnet mask in binary:
IP Address:
Subnet Mask:
11000000
...
00000001
...
11111111
...
00000000
Note that all host bits in the address are set to 0
...
A packet
sent to the broadcast address will be received and processed by every host on that
network
...
For example, 192
...
1
...
Note that all host bits are
set to 1:
IP Address:
Subnet Mask:
11000000
...
00000001
...
11111111
...
00000000
Broadcasts are one of three types of IP packets:
Unicasts are packets sent from one host to one other host
Multicasts are packets sent from one host to a group of hosts
Broadcasts are packets sent from one host to all other hosts on the
local network
A router, by default, will never forward a multicast or broadcast packet
from one interface to another
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
76
Subnetting
Subnetting is the process of creating new networks (or subnets) by stealing bits
from the host portion of a subnet mask
...
Consider the following Class C network:
192
...
254
...
255
...
0
...
For example, assume a
minimum of 10 new networks are required
...
The default Class C mask (255
...
255
...
1111111
...
00000000
There are a total of 24 bits set to 1, which are used to identify the network
...
Stealing bits essentially involves changing host bits (set to 0 or off) in the
subnet mask to network bits (set to 1 or on)
...
Consider the result if three bits are stolen
...
Consider the result if four bits are stolen:
2n
=
24
=
16
=
16 new networks created
A total of 16 new networks does meet the original requirement
...
11111111
...
11110000 = 255
...
255
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
255
...
240 (or /28 in CIDR)
...
To determine the number of hosts this results in, for each of the new 16
networks, a slightly modified formula is required:
2n - 2
Consider the result if four bits are available for hosts:
2n - 2
=
24 - 2
=
16 - 2
=
14 usable hosts per network
Thus, subnetting a Class C network with a /28 mask creates 16 new
networks, with 14 usable hosts per network
...
These are reserved for the subnet and broadcast addresses,
respectively
...
The 2n-2 Rule and Subnetted Networks
To avoid confusion, it was historically unacceptable to use the first and last new
networks created when subnetting, as it is possible for a classful
network to have the same subnet and broadcast address as its subnetted
networks
...
However, this is no longer a restriction for modern equipment and routing
protocols
...
Thus, the formula for calculating
the number of new networks created is simply 2n
...
(Reference: http://www
...
com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f18
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The long method involves some binary magic
...
168
...
0 network again, which was subnetted
using a 255
...
255
...
168
...
0:
255
...
255
...
10101000
...
00000000
11111111
...
11111111
...
Looking at only the fourth octet, the first newly created network is
0000
...
Calculating all possible
permutations of the four stolen bits:
Binary
...
0001 xxxx
...
0011 xxxx
...
0101 xxxx
Decimal
...
16
...
48
...
80
Binary
...
0111 xxxx
...
1001 xxxx
...
1011 xxxx
Decimal
...
112
...
144
...
176
Binary
...
1101 xxxx
...
1111 xxxx
Decimal
...
208
...
240
Note that this equates to exactly 16 new networks
...
To
determine the range for the hosts of the first new network:
Binary
...
0000 0001
...
0000 0011
...
0000 0101
Decimal
...
1
...
3
...
5
Binary
...
0000 0111
...
0000 1001
...
0000 1011
Decimal
...
7
...
9
...
11
Binary
...
0000 1101
...
0000 1111
Decimal
...
13
...
15
The binary value has been split to emphasize the separation of the stolen
network bits from the host bits
...
The last address
has all 1 bits in the host portion, and thus is the broadcast address for this
network
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
79
Determining the Range of Subnetted Networks (continued)
Calculating the ranges of subnetted networks can quickly become tedious
when using the long binary method
...
255
...
240 from the previous example), and subtracting the
subnetted octet (240) from 256
...
Then,
simply continue adding 16 to identify the first address of each new network:
0
16
32
48
64
80
96
112 128 144 160 176 192 208 224 240
Knowing the first address of each new network makes it simple to determine
the last address of each network:
First address of network
0
16
32
48
64
80
96
Last address of network
15
31
47
63
79
95
111 127 143 159
112 128 144
Only the first 10 networks were calculated, for brevity
...
The last address of each
network becomes the broadcast address for that network
...
168
...
2 and 192
...
254
...
Hosts on different networks (such as 192
...
254
...
168
...
66)
require a router to communicate
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
0
...
0 255
...
248
...
0
...
0 network has a subnet mask of 255
...
0
...
To
determine the number of bits stolen:
255
...
0
...
255
...
0:
11111111
...
00000000
...
11111111
...
00000000
Clearly, 13 bits have been stolen to create the new subnet mask
...
Using the shortcut method, subtract the third
octet (248) of the subnet mask (255
...
248
...
256 - 248 = 8
The first network will begin at 0, again
...
The ranges of the first three networks look as follows:
Subnet address
10
...
0
...
0
...
0
10
...
16
...
0
...
1
10
...
8
...
0
...
1
10
...
7
...
0
...
254
10
...
23
...
0
...
255
10
...
15
...
0
...
255
Usable Range
Broadcast address
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
81
Private vs
...
In response, a specific subset of the IPv4 address space was
designated as private, to temporarily alleviate this problem
...
Thus, hosts that must be
Internet-accessible must be configured with (or reachable by) public
addresses
...
A private address is intended for internal use within a home or
organization, and can be freely used by anyone
...
In fact, Internet routers are configured to
immediately drop traffic with private addresses
...
x
...
x /8
Class B - 172
...
x
...
168
...
x /24
It is possible to translate between private and public addresses, using
Network Address Translation (NAT)
...
It is also possible to translate multiple
privately-addressed hosts to a single public address, which conserves the
public address space
...
Note: NAT is not restricted to private-to-public address translation, though that is
the most common application
...
NAT is only a temporarily solution to the address shortage problem
...
Both NAT and IPv6 are covered extensively in other guides
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
0
...
0 /0 network is used to identify all networks, and is referred
to as the default route
...
Routing and default routes are covered extensively in
another guide
...
0
...
0 /8 range is used to identify hosts on the local network
...
The
most commonly used address in this range is 0
...
0
...
DHCP is covered
extensively in another guide
...
x
...
x /8 range is reserved for diagnostic purposes
...
0
...
1, which
identifies the local host, and is referred to as the loopback or
localhost address
...
254
...
x /16 range is reserved for Automatic Private IP
Addressing (APIPA)
...
The 224
...
x
...
x
...
x ranges are reserved for multicast, and are
referred to as Class D addresses
...
x
...
x - 255
...
x
...
The 255
...
255
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
83
The IPv4 Header
The IPv4 header is comprised of 12 required fields and 1 optional field
...
Field
Length
Version
Internet Header Length
DSCP
Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
Source Address
Destination Address
Options
4 bits
4 bits
8 bits
16 bits
16 bits
3 bits
13 bits
8 bits
8 bits
16 bits
32 bits
32 bits
Variable
Description
Version of IP (in this case, IPv4)
Specifies the length of the IP header (minimum 160 bits)
Classifies traffic for QoS
Specifies the length of both the header and data payload
Uniquely
identifies
fragments
of
a
packet
Flags for fragmentation
Identifies the fragment relative to the start of the packet
Decremented by each router traversed
Specifies the next upper layer protocol
Checksum for error checking
Source IPv4 address
Destination IPv4 address
Optional field for various parameters
The 4-bit Version field is set to a value of 4 for IPv4
...
The minimum of length of an IPv4 header is
160 bits, or 5 words (32 x 5 = 160)
...
QoS is covered in
great detail in other guides
...
The 16-bit Total Length field identifies the total packet size, measured in
bytes, including both the IPv4 header and the data payload
...
The
maximum packet size is 65,535 bytes
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
By default, the MTU for
Ethernet is 1500 bytes
...
Each fragment of the packet is marked with the same Identification
number
...
The Flags field dictates two conditions:
Don’t Fragment (DF) - indicates the packet cannot be fragmented
...
An ICMP error message will then be sent back to the
source host
...
This allows the
destination host to know when it has received all fragments
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
When a router forwards a
packet, it will decrement the TTL value by one
...
The 8-bit Protocol field identifies the next upper-layer header, and is
covered in the next section
...
The
receiving host will discard the packet if it fails the checksum
calculation
...
The 32-bit
Destination Address field identifies the receiving host
...
The variable-length Options field provides additional optional IPv4
parameters, outside the scope of this guide
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
These upper-layer protocols are identified using IP
Protocol Numbers
...
(Reference: http://www
...
org/assignments/protocol-numbers)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
87
Resolving Logical Addresses to Hardware Addresses
A host cannot directly send data to another host‟s logical address
...
The Address Resolution Protocol (ARP) provides this mechanism for IPv4 on
Ethernet networks
...
Consider the above diagram
...
1
...
6 is
itself
...
In this example, 10
...
1
...
Next, HostA will determine if the 10
...
1
...
HostA consults its local routing table to
make this determination
...
Thus, HostA‟s IP address of 10
...
1
...
1
...
6 are on the same network (10
...
Because HostA and HostB are on the same network, HostA will then
broadcast an ARP request, asking for the MAC address of the
10
...
1
...
HostB responds to the ARP request with an ARP reply, containing its
MAC address (AAAA
...
CCCC)
...
HostA forwards this frame to the switch,
which then forwards the frame to HostB
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
2
...
5
is itself
...
2
...
5 is not locally configured on HostA
...
2
...
5 address is on the same
network or subnet as itself
...
Thus, HostA‟s IP address of 10
...
1
...
2
...
5 are not on the same network
...
2
...
x/16
...
HostA determines that the 10
...
1
...
HostA will then broadcast an ARP request, asking for the
MAC address of the 10
...
1
...
RouterA responds to the ARP request with an ARP reply containing
its MAC address (4444
...
6666)
...
Once RouterA receives the frame, it will parse its own routing table
for a route to the destination network of 10
...
x
...
It determines that
this network is directly attached off of its Ethernet2 interface
...
2
...
5 address
...
BBBB
...
RouterA can now construct a
Layer-2 frame, with a destination of HostB‟s MAC address
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, both the source and destination MAC address did
change
...
In the above scenario, HostA and HostB could
not communicate directly using Layer-2 addressing
...
The source and destination IP address will only be changed if NAT is used
...
The ARP table is only locally significant to that host
...
More commonly, ARP tables are built
dynamically by caching ARP replies
...
The aging time will vary depending on the
operating system, and can range from several seconds to several hours
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The following is a list of common ICMP types and codes:
Type
0
3
5
8
11
Code
0
0
1
2
3
4
6
7
9
10
Description
Echo Reply
Destination Unreachable
Network Unreachable
Host Unreachable
Protocol Unreachable
Port Unreachable
Fragmentation Needed - Don’t Fragment Flag Set
Destination Network Unknown
Destination Host Unknown
Destination Network Administratively Prohibited
Destination Host Administratively Prohibited
Redirect
Echo
TTL Exceeded
The two most common troubleshooting tools that utilize ICMP are:
Packet Internet Groper (ping)
Traceroute
Ping is a core connectivity troubleshooting tool, which utilizes the Echo
Request and Echo Reply ICMP messages to determine if an IP address is
reachable and responding
...
Traceroute determines the routing path a packet takes to reach its
destination
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
91
Section 7
- TCP and UDP Transport Layer Protocols
The Transport layer (OSI Layer-4) does not actually transport data,
despite its name
...
The Transport layer is referred to as the Host-to-Host layer in the
Department of Defense (DoD) reference model
...
Connectionless - requires no connection before data is sent
...
Segmentation and sequencing - data is segmented into smaller
pieces for transport
...
Acknowledgments - receipt of data is confirmed through the use of
acknowledgments
...
Flow control (or windowing) - data transfer rate is negotiated to
prevent congestion
...
When a host
receives a packet, the port number tells the transport layer which higherlayer
application to hand the packet off to
...
Please note that
the best resource on the Internet for TCP/UDP information is the exemplary
TCP/IP Guide, found here: http://www
...
com/free/index
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
When a
host receives a segment, the port number tells the transport layer which
higher-layer application to hand the packet off to
...
The range for port numbers is 0 - 65535, for both TCP and UDP
...
168
...
125:443
Note the colon separating the IP address (192
...
60
...
The first 1024 ports (0-1023) have been reserved for widely-used services, and
are recognized as well-known ports
...
Ports ranging from 49152 - 65535
cannot be registered, and are considered dynamic
...
For a complete list of assigned port numbers, refer to the IANA website:
http://www
...
org/assignments/service-names-port-numbers/service-names-port-numbers
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Together, TCP and IP provide the core functionality for the
TCP/IP or Internet protocol suite
...
When this proved to be an
inflexible solution, those functions were separated - with IP providing
Network layer services, and TCP providing Transport layer services
...
Because TCP is connection-oriented, parameters must be agreed upon by
both the sending and receiving devices before a connection is established
...
Control
messages are passed between the two hosts as the connection is set up:
HostA sends a SYN (short for synchronize) message to HostB to
initiate a connection
...
The two
messages are combined to form a single SYN+ACK message
...
The TCP header contains six different flags, including a SYN flag and an ACK
flag
...
A SYN+ACK message has
both flags set to on (1)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Before a host can accept a request for a TCP connection, the host must enter a
listen state, also known as a passive open
...
A
host must listen on each port it wishes to accept connections on
...
The sending host will remain in this
state as it waits for the remote host‟s ACK message
...
The sending host will respond to the SYN+ACK message with its own ACK
message and enter an Established state
...
An Established state indicates that data transfer can occur
...
TCP can support many simultaneous connections, and must track and
maintain each connection individually
...
(Reference: http://www
...
com/free/t_TCPConnectionEstablishmentProcessTheThreeWayHandsh-3
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
This allows the application layer
to send a continuous stream of unstructured data and rely on TCP to package
the data as segments, regardless of the amount of data
...
Note though that this
sequence number identifies the data (bytes) within the segment rather than the
segment itself
...
It allows receipt of data within a segment to be acknowledged, thus
providing a mechanism for dropped segments to be detected and
resent
...
The ISN is chosen from a randomizing timer, to prevent
accidental overlap or predictability
...
In the above
example, HostB‟s acknowledgment number would thus be 1001
...
HostA would respond to this sequence number with
an acknowledgement number of 4501
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
96
TCP Sliding Window
Once the TCP connection is established, the sequence numbers are used to
identify the data within the segment
...
Note that
this is HostB‟s acknowledgment number, which essentially identifies which
byte the receiving host is expecting next
...
Note that each individual byte of data is not assigned a sequence number
and acknowledged independently, as this would introduce massive overhead
...
The window size can never exceed the maximum segment size
(MSS), which is 536 bytes by default
...
This window size can be dynamically changed to provide
a measure of flow control, preventing buffer congestion on the receiving
host
...
TCP employs a sliding window mechanism
...
Bytes that have been sent, but not acknowledged
...
Bytes that have not yet been sent, and the receiving host is not ready
for
...
tcpipguide
...
htm;
http://docwiki
...
com/wiki/Internet_Protocols#Transmission_Control_Protocol_
...
29)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
97
TCP Sliding Window (continued)
Consider the following conceptual example:
Byte #
TCP
Window
1-50
51-75
76-100
101-200
Category
Bytes sent and acknowledged
Bytes sent and not yet acknowledged
Bytes not sent, receiving host is ready
Bytes not sent, receiving host is not ready
Several determinations can be made:
The TCP stream is 200 bytes total
...
The sending host can immediately send another 25 bytes of data
(bytes 76-100)
Once bytes 51-75 are acknowledged, and bytes 76-100 are sent, the window will
slide down:
Byte #
TCP
Window
1-75
76-100
101-125
126-200
Category
Bytes sent and acknowledged
Bytes sent and not yet acknowledged
Bytes not sent, receiving host is ready
Bytes not sent, receiving host is not ready
This assumes that that TCP window stays at 50 bytes
...
For efficiency, TCP will generally wait to send a segment until the agreedupon
TCP window size is full
...
The TCP header provides a PSH (Push) flag to accommodate this, allowing
data to be sent immediately, regardless if the TCP window has been filled
...
The URG flag
must be used with the Urgent Pointer field, which identifies the last byte of
urgent data, to identify where non-urgent data begins in a segment
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, during data transfer, the
acknowledgement number is used to acknowledge receipt of a group of data
bytes
...
HostB
acknowledges receipt of these 50 data bytes with an acknowledgement
number of 1051 (for the mathematically disinclined, this is 1001 + 50)
...
HostB acknowledges receipt again,
with an ACK number of 1101
...
HostA‟s next segment will thus only contain 25 bytes of data, with a
sequence number of 1101
...
Every time a segment is sent, the sending host starts a retransmission
timer, dynamically determined (and adjusted) based on the round-trip time
between the two hosts
...
This allows TCP to
guarantee delivery, even when segments are lost
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The most common reason for connection termination is that both
hosts have finished sending data
...
Hosts can terminate an established TCP connection by sending a message with
the FIN (Finish) flag set:
Once HostA sends the FIN message, it will enter a FIN-Wait-1 state,
waiting for the FIN to be acknowledged
...
HostA receives the ACK
and enters a FIN-Wait-2 state, waiting for HostB to send a FIN message of its
own, indicating it is safe to close the connection
...
HostA receives the FIN message and responds with an ACK message
...
HostB receives the ACK message and enters a Closed state
...
The
connection is now gracefully terminated
...
tcpipguide
...
htm)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
100
Less than Graceful TCP Connection Termination
A TCP connection can become half-open, indicating that one host is an
established state while the other is not
...
TCP utilizes the Reset message, using the RST flag, to address half-open
connections
...
There are a few scenarios in which a RST might be sent:
A host receives a TCP segment from a host that it does not have a
connection with
...
A host receives a SYN request on a port it is not listening on
...
The host will respond with an equal
number of SYN+ACK messages, and will wait for the final ACK message
that never comes
...
Modern firewalls can detect SYN flood attacks and minimize the number of
accepted half-open connections
...
tcpipguide
...
htm)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
101
The TCP Header
The TCP header is comprised of 12 fields, and has a minimum size of 160
bits (20 bytes):
Field
Length
Source Port
Destination Port
Sequence Number
Ack Number
Data Offset
Reserved
Control Bits
Window
Checksum
Urgent Pointer
Options
Padding
16 bits
16 bits
32 bits
32 bits
4 bits
6 bits
6 bits
16 bits
16 bits
16 bits
Variable
Variable
Description
Source TCP Port
Destination TCP Port
Sequence Number
Acknowledgement Number
Indicates where the data begins in a TCP segment
Always set to 0
URG, ACK, PSH, RST, SYN, and FIN flags
Used for Flow Control
Used for Error-Checking
Identifies last byte of Urgent traffic
To ensure the TCP header ends at a 32-bit boundary
The 16-bit Source Port field identifies the application service on the
sending host
...
The 32-bit Sequence Number field is used both during connection
establishment, and during data transfer
...
Subsequently, sequence numbers are used to identify data bytes in a stream
...
During connection setup, this is set to the
sending host‟s initial sequence number + 1
...
The 4-bit Data Offset field indicates where data begins in a TCP segment, by
identifying the number of 32-bit multiples in the TCP header
...
Following the data offset field is the 6-bit Reserved (for future use) field,
which is always set to zeroes
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
ACK (Acknowledgment) - acknowledges a SYN or receipt of data
...
RST (Reset) - forcefully terminates an improper connection
...
FIN (Finish) - gracefully terminates a connection when there is
further data to send
...
The 16-bit Checksum field is used for error-checking, and is computed
using both the TCP segment and select fields from the IP header
...
The 16-bit Urgent Pointer field is used to identify the last byte of
prioritized traffic in a segment, when the URG flag is set
...
The variable-length Padding field ensures the TCP header ends on a 32-bit
boundary, and is always set to zeroes
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
UDP, above all, is simple
...
UDP
essentially forwards the segment and takes no further interest
...
However, UDP experiences less latency
than TCP, due to the reduced overhead
...
For example, DNS primarily uses UDP as its
transport protocol, though it supports TCP as well
...
The UDP header has only 4 fields:
Field
Length
Source Port
Destination Port
Length
Checksum
16 bits
16 bits
16 bits
16 bits
Description
Source UDP Port
Destination UDP Port
Length of the header and the data
Used for Error-Checking
The following provides a quick comparison of TCP and UDP:
TCP
UDP
Connection-oriented
Guarantees delivery
Sends acknowledgments
Reliable, but slower than UDP
Segments and sequences data
Resends dropped segments
Provides flow control
Performs CRC on data
Uses port numbers
Connectionless
Does not guarantee delivery
Does not send acknowledgments
Unreliable, but faster than TCP
Does not provide sequencing
Does not resend dropped segments
Does not provide flow control
Also performs CRC on data
Also uses port numbers
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
104
Section 8
- IPv6 Addressing IPv6 Basics
The most widespread implementation of IP currently is IPv4, which utilizes a
32-bit address
...
Practically, the number of usable IPv4
addresses is much lower, as many addresses are reserved for diagnostic,
experimental, or multicast purposes
...
Various solutions were developed to alleviate this
shortage, including CIDR, NAT, and Private Addressing
...
In response to the address shortage, IPv6 was developed
...
This
provides roughly 50 octillion addresses per person alive on Earth today, or
roughly 3
...
(References: http://cc
...
edu/cnews/spring2001/whatsipv6
...
wikipedia
...
Simplified Configuration - allows hosts to auto-configure their IPv6
addresses, based on network prefixes advertised by routers
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Also
unlike IPv4, the IPv6 address is represented in hexadecimal notation, separate
by colons
...
The hexadecimal values of an IPv6 address are
not case-sensitive
...
For
example, consider the following address:
1423:0021:0C13:CC1E:3142:0001:2222:3333
We can condense that address to: 1423:21:C13:CC1E:3142:1:2222:3333
Only leading zeros can be condensed
...
We can only condense one set of contiguous zero
fields
...
Remember that we can only use one set of
double colons in an IPv6 address!
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
106
The IPv6 Prefix
IPv4 utilizes a subnet mask to define the network “prefix” and “host”
portions of an address
...
IPv6 always use CIDR notation to determine what bits notate the prefix of an
address:
Full Address:
Prefix ID:
Host ID:
1254:1532:26B1:CC14:123:1111:2222:3333/64
1254:1532:26B1:CC14:
123:1111:2222:3333
The /64 indicates that the first 64 bits of this address identify the prefix
...
IPv4 relies on Address Resolution Protocol (ARP) to map
between the logical IP address and the 48-bit hardware MAC address
...
The interface ID is based on the interface‟s hardware address
...
Since most interfaces still use the 48-bit MAC address, the
MAC must be converted into the EUI-64 format
...
2222
...
The first 24 bits, the
Organizationally Unique Identifier (OUI), identify the manufacturer
...
To convert this to EUI-64 format:
1
...
2
...
3
...
4
...
Thus, the MAC address 1111
...
3333 in EUI-64 format would become
1311:22FF:FE22:3333, which becomes the interface ID
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The class of an IPv4
address was identified by the high-order bits of the first octet:
Class A - (00000001 - 01111111, or 1 - 127)
Class B - (10000000 - 10111111, or 128 - 191)
Class C - (11000000 - 11011111, or 192 - 223)
Class D - (11100000 - 11101111, or 224 - 239)
IPv6‟s addressing structure is far more scalable
...
The potential for
growth is enormous
...
Thus, any IPv6 address that is not a
multicast is a unicast address
...
Thus,
multiple hosts are configured with an identical address
...
e
...
Anycasts are indistinguishable from any other IPv6 unicast address
...
One possible
application would be a server farm providing an identical service or
function, in which case anycast addressing would allow clients to connect to the
nearest server
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Reserved addresses represent 1/256th of the available IPv6 address space
...
It is
the equivalent of the IPv4 0
...
0
...
In routing tables, the unspecified
address is used to identify all or any possible hosts or networks
...
It is
the equivalent of the IPv4 127
...
0
...
Reserved Addresses - IPv4 and IPv6 Compatibility
To alleviate the difficulties of immediately migrating from IPv4 to IPv6,
specific reserved addresses can be used to embed an IPv4 address into an IPv6
address
...
0:0:0:0:0:0:a
...
c
...
b
...
d) - is an IPv4-compatible IPv6
address
...
A prefix of /96 is used for IPv4-compatible IPv6 addresses:
::192
...
1
...
b
...
d (or ::FFFF:a
...
c
...
This address is used by IPv6 routers and devices to
identify non-IPv6 capable devices
...
168
...
1/96
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
109
Link-Local IPv6 Addresses
Link-local IPv6 addresses are used only on a single link (subnet)
...
Every IPv6-enabled interface on a host (or router) is
assigned a link-local address
...
The first field of a link-local IPv6 address will always begin FE8x (1111
1110 10)
...
A prefix of /10 is used for link-local addresses
...
The next 54 bits are set to 0
...
Site Local IPv6 Addresses
Site-local IPv6 addresses are the equivalent of “private” IPv4 addresses
...
Multiple private subnets within a “site” are
allowed
...
Site-local addresses are unicasts, and represent 1/1024th of the
available IPv6 address space
...
The next 38 bits are set to 0
...
The final 64 bits are used as the interface ID
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Aggregate global addresses can be routed publicly on the Internet
...
Currently, the first field of an aggregate global IPv6 address will always
begin 2xxx (001)
...
2000::2731:E2FF:FE96:C283/64
Aggregate global addresses adhere to a very strict hierarchy:
The first 3 bits are the fixed FP
...
The next 8 bits are reserved for future use
...
The next 16 bits are the site-level aggregation identifier (SLA ID)
...
By have multiple levels, a consistent, organized, and scalable hierarchy is
maintained
...
These can
then be subdivided in the NLA ID field, and passed on to lower-tiered ISPs
...
The 16-bit SLA field provides up to 65535 networks for an
organization
...
Site-local addresses cannot be routed publicly, where as SLA
ID‟s are just a subset of the publicly routable aggregate global address
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Interfaces can belong to one or more multicast groups
...
Multicasting provides a much
more efficient mechanism than broadcasting, which requires that every host on a
link accept and process each broadcast packet
...
The full multicast range is FF00 through FFFF
...
FF01:0:0:0:0:0:0:1
Multicast addresses follow a specific format:
The first 8 bits identify the address as a multicast (1111 1111)
The next 4 bits are a flag value
...
The next 4 bits are a scope value:
o 0000 (0) = Reserved
o 0001 (1) = Node Local Scope
o 0010 (2) = Link Local Scope
o 0101 (5) = Site Local Scope
o 1000 (8) = Organization Local Scope o
1110 (e) = Global Scope
o 1111 (f) = Reserved
The final 112 bits identify the actual multicast group
...
”
IPv6 scopes allow for a multicast hierarchy, a way to contain multicast
traffic
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
All routers must join the all-routers multicast group, for the
node-local, link-local, and site-local scopes
...
This solicited-node address is created by appending the
last 24 bits of the interface ID to the following prefix: FF02::1:FF/103
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
113
Required IPv6 Addresses
At a minimum, each IPv6 interface on a host must recognize the following IPv6
addresses:
The loopback address
A link-local address
Any configured site-local or aggregate global addresses
Any configured multicast groups
The all-nodes multicast address (both node-local and link-local
scopes)
The solicited-node multicast address for any configured unicast
addresses
In addition to the above addresses, each IPv6 interface on a router must
recognize the following IPv6 addresses:
The subnet-router anycast address
Any configured multicast groups
The all-routers multicast address (node-local, link-local, and site-local
scopes)
IPv6 Addresses and URLs
IPv6 addresses can also be referenced in URLs (Uniform Resource Locator)
...
This is
not an issue with IPv4 addresses, which can easily be referenced using a
URL:
http://192
...
1
...
html
Because IPv6 fields are separated by colons, the IPv6 address must be
placed in brackets, to conform to the URL standard:
http://[FEC0::CC1E:2412:1111:2222:3333]/index
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
It has been considerably
streamlined compared to its IPv4 counterpart, which has 12 fields and is 160 bits
long
...
This field can identify either the
next upper-layer header (for example, UDP, TCP or ICMP), or it can
identify a special Extension Header, which placed in between the IPv6 and
upper layer header
...
Directly follows the IPv6 header
...
Routing Header - specifies each router the packet must traverse to
reach the destination (source routing)
Fragment Header - used when a packet is larger than the MTU for
the path
Authentication Header - used to integrate IPSEC Authentication
Header (AH) into the IPv6 packet
ESP Header - used to integrate IPSEC Encapsulating Security
Payload (ESP) into the IPv6 packet
(Reference: http://www
...
com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6o
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
All devices
employing IPv6 must also integrate ICMPv6
...
The node sending this
message includes an explanatory code:
o 0 - No route to destination
o 1 - Access is administratively prohibited
o 3 - Address unreachable
o 4 - Port unreachable
Packet Too Big (ICMP packet type 2) - indicates the packet is larger
than the MTU of the link
...
Instead, the Packet Too Big message is sent to the source (sending)
device, which then reduces (or fragments) the size of the packet to the
reported MTU
...
Time Exceeded (ICMP packet type 3) - indicates that the hop count
limit has been reached, usually indicating a routing loop
Parameter Problem (ICMP packet type 4) - indicates an error in the
IPv6 header, or an IPv6 extension header
...
cisco
...
shtml)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
116
Neighbor Discovery Protocol (NDP) and ICMPv6
The neighbor discovery protocol (NDP) provides a multitude of services for
IPv6 enabled devices, including:
Automatic address configuration, and prefix discovery
Duplicate address detection
MTU discovery
Router discovery
Address resolution
NDP replaces many IPv4 specific protocols, such as DHCP and ARP
...
Periodically, IPv6 routers send out Router Advertisements (RA’s) to both
announce their presence on a link, and to provide auto-configuration
information for hosts
...
The sending router sets a hop limit of 255 on a RA;
however, the RA packet must not be forwarded outside the local link
...
A host can request an RA by sending out a Router
Solicitation (RS, ICMP packet type 133) to the link-local all-routers
multicast address
...
The RA messages contain the following information for hosts:
The router’s link-layer address (to be added to the host‟s default
router list)
One or more network prefixes
A lifetime (measured in seconds) for the prefix(es)
The link MTU
Routers send Redirect messages to hosts, indicating a better route to a
destination
...
If this default router deems that another router
has a better route to the destination, it forwards the Redirect message to the
sending host
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A
NS message‟s source address is the link-local address of the sending host,
and the destination is the solicited-node multicast address of the destination
host
...
This process replaces the Address Resolution Protocol (ARP)
used by IPv4, and provides a far more efficient means to learn
neighbor address information
...
Before a host assigns itself an IPv6 address, it sends out a NS to ensure no other
host is configured with that address
...
Hosts learn how to autoconfigure themselves from
Router Advertisements (RA’s)
...
When using Stateless Autoconfiguration, a host first assigns itself a linklocal
IPv6 address
...
The host then sends a Router Solicitation multicast to the all-routers
multicast address, which provides one or more network prefixes
...
Stateful Autoconfiguration is used in conjunction with stateless
autoconfiguration
...
DHCPv6 can also be
used in the event that there is no router on the link, to provide stateless
autoconfiguration
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
11 Wireless 802
...
Collectively,
these wireless standards are identified as the 802
...
Note: The 802
...
Various amendments have been made to the 802
...
These are
identified by the letter appended to the standard, such as 802
...
11g
...
11 amendments will be covered in greater detail later in this guide
...
802
...
11 wireless devices is known as a service set
...
More commonly, wireless client are centrally connected via a wireless
access point (WAP)
...
Wireless clients must associate with a WAP before
data can be forwarded
...
In environments where a single WAP does not provide sufficient coverage,
multiple WAPs can be linked as part of an Extended Service Set (ESS)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Frequency is a measurement of the number of cycles completed per a
given time period for an electromagnetic wave
...
Note: Ranges of frequencies are often identified by their specific use; these
ranges are often referred to as bands
...
A signal at a
specific frequency is referred to as the carrier signal
...
Modulation is the method of altering a signal to convey a message or data
stream, usually by varying its amplitude, frequency, or phase
...
11 devices employ multiple advanced modulation techniques, depending on
the 802
...
This modulation requires that 802
...
Each 802
...
4-GHz or 5-GHz band:
The 2
...
This can
result in interference and degraded performance
...
4-GHz band is
a subset of the industrial, scientific, and medical (ISM) band
...
However, signals at this frequency suffer from poor range and are
easily obstructed by intermediary objects
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
120
RF Signal Strength
RF signals will attenuate in the open air
...
RF power output is not usually measured in absolute terms (such as Watts)
...
The reference point is usually one Watt (W) or one milliWatt (mW)
...
One milliWatt of power output is represented as 0 dBm
...
The formula for calculating
power output in decibel form is as follows:
dB = 10log10 (Psignal / Preference)
The abbreviation P is short for power
...
Because decibels measure a ratio of power, it is possible to have a negative
value
...
For example,
...
Conversely, a positive value indicates that the
amount of power is more than the reference point
...
David Hucaby
...
wikipedia
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
As stated previously, other devices operating in the same
frequency range can interfere with a signal
...
Metal objects and water often cause reflection
...
Refraction - occurs when the trajectory of a signal is bent as it passes
through an object, such as a wall
...
This loss of energy
degrades the strength of the signal
...
For example, a sufficiently-strong signal can bend around an
obstructing building, or around a corner within a building
...
Because of diffraction, it is particularly important to maintain line-of-sight when
employing a point-to-point wireless signal over a long distance
...
(Reference: CCNP BCMSN Official Exam Certification Guide 4th Edition
...
Pages 447-450,
http://www
...
com/warp/public/102/wwan/quick-ref
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
be
maintained
within
a
signal‟s
If more than 40% of the lower radius of the Fresnel zone is obstructed, the signal
will be negatively impacted from diffraction
...
Calculating the radius of a Fresnel zone requires a complex formula, which is
beyond the scope of this guide
...
A free Fresnel zone calculator is available online at:
http://www
...
net/fresnel-zone-calculator/
(Reference: CCNP BCMSN Official Exam Certification Guide 4th Edition
...
Pages 450-452)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
123
802
...
11 standard operate in one of two
frequency bands:
2
...
4000 to 2
...
0-GHz band (specifically, 5
...
825GHz)
The 2
...
The center frequency of each
channel is separated by only 5 MHz
...
412 MHz
2
...
422 MHz
2
...
432 MHz
2
...
442 MHz
Channel #
8
9
10
11
12*
13*
14*
Center Frequency
2
...
452 MHz
2
...
462 MHz
2
...
472 MHz
2
...
11 amendments that use the 2
...
11b
and 802
...
Thus, with
each channel‟s center frequency separated by only 5 MHz, channel overlap will
occur
...
4-GHz band supports only three non-overlapping channels
...
Devices competing on the same or
adjacent channels will interfere with each other, degrading performance
and reliability
...
S
...
The lower and middle bands are dedicated for indoor use, and
the higher band is dedicated for outdoor use
...
4-GHz band is unregulated, and the 5
...
(Reference: http://en
...
org/wiki/List_of_WLAN_channels;
http://www
...
com/en/US/docs/wireless/access_point/1200/vxworks/configuration/guide/bkscgaxa
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Multiple WAPs can be linked together as part of an Extended
Service Set (ESS)
...
Recall that only a limited number of nonoverlapping channels are available in both the 2
...
0-GHz bands
...
Channel 6
Channel 1
Channel 1
Channel 11
Providing full wireless coverage while preventing channel overlap can be
challenging, especially if the environment has multiple floors
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
125
802
...
3) network send a packet
simultaneously, a collision will occur
...
11 wireless
devices transmit simultaneously, their signals will mix resulting in unusable
noise (essentially a wireless collision)
...
3 Ethernet uses Carrier Sense Multiple Access with
Collision Detect (CSMA/CD) to control media access
...
When a
collision is detected, both devices will wait a random amount of time before
resending their respective packets
...
11 connections are half-duplex
...
The 802
...
802
...
Instead, 802
...
Devices will listen before
attempting to transmit, and will only transmit if no other device is currently
transmitting
...
The currently transmitting device includes a duration value
within the 802
...
Other 802
...
The random DIFS was
implemented to prevent devices from transmitting simultaneously after waiting
out another device‟s transmission duration
...
(Reference: CCNP BCMSN Official Exam Certification Guide 4th Edition
...
Pages 436-438,
http://www
...
com/en/US/docs/voice_ip_comm/cuipph/7920/5_0/english/design/guide/wrlqos
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
11 Amendments
The original 802
...
The
standard operated in the 2
...
The original 802
...
11a and 802
...
802
...
11a
802
...
11g
802
...
wikipedia
...
11_(legacy_mode))
802
...
11a amendment was released in 1999, and utilizes orthogonal
frequency-division multiplexing (OFDM) for modulation
...
11a
operates in the 5
...
Specifically, 802
...
Because 802
...
0-GHz band, it is generally free of
interference from other RF devices
...
802
...
11 amendments, as most of
the other amendments operate in the 2
...
In the U
...
, 802
...
Despite offering a large number of channels
and good throughput, 802
...
11b and 802
...
(Reference: http://en
...
org/wiki/IEEE_802
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
11b
The 802
...
802
...
4-GHz frequency band, and has a maximum throughput of 11 Mbps
...
11b supports data rates of 1, 2, 5
...
Because 802
...
4-GHz band, it is susceptible to
interference from other household RF devices
...
S
...
11b supports a total of 3 non-overlapping channels,
specifically channels 1, 6, and 11
...
wikipedia
...
11b-1999)
802
...
11g amendment was released in 2003, and utilizes orthogonal
frequency-division multiplexing (OFDM) for modulation
...
11g
operates in the 2
...
Specifically, 802
...
As with 802
...
11g operates in the unregulated 2
...
In the U
...
, 802
...
802
...
11b, as they both operate in the
2
...
However, if an 802
...
11g
environment, 802
...
5, and 11 Mbps
...
11b nor 802
...
11a
...
wikipedia
...
11g-2003)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
128
802
...
11n amendment was officially released in 2009, though pre-release (or
draft) equipment has been available since 2007
...
11n supports
significantly higher data rates than previous 802
...
MIMO employs multiple antennas on both the transmitter and receiver
...
This, coupled with 40MHz channels, allows 802
...
802
...
For
example, a WAP with four transmit and three receive antennas would be
identified as a 4 x 3 MIMO WAP
...
11n can operate in either the 2
...
0-GHz frequency bands,
or both simultaneously
...
11n is backwards compatible with
802
...
11b, and 802
...
A pure 802
...
0-GHz band to maximize throughput and to limit interference
...
0-GHz band
...
11n does support 20-MHz channels, though this will
greatly reduce the maximum throughput
...
wikipedia
...
11n-2009; http://www
...
com/assets/whitepaper/WP-802
...
pdf;
http://www
...
sc/en/US/prod/collateral/wireless/ps5678/ps6973/ps8382/prod_white_paper0900aecd806b8ce7_ns767_Netw
orking_Solutions_White_Paper
...
11 Amendments - Quick Reference
802
...
11a
802
...
11g
802
...
4GHz
1997
54Mbps
OFDM
5
...
4GHz
3
1999
54Mbps
600Mbps
OFDM
OFDM
2
...
4/5
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
129
Associating with a Wireless Access Point (WAP)
Recall that a group of communicating 802
...
11 communication:
Ad-hoc or Independent Basic Service Set (IBSS) - where wireless
clients communicate point-to-point with each other
...
Wireless clients must associate with a WAP before data can be forwarded
...
A wireless client must be configured with the WAP‟s
SSID to associate with it
...
As a best practice, broadcasting is usually disabled in secure environments
...
The SSID also provides separation between multiple
wireless LANs that might exist in an environment
...
The original
802
...
Shared-Key Authentication - requires a matching key to be
configured on both the wireless client and WAP
...
Shared-key authentication
employs Wireless Equivalence Protocol (WEP) keys for authenticating clients
...
MAC-address filtering is an additional form of authentication, though not
defined in the 802
...
A list of allowed MAC addresses must be
maintained on the WAP itself
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
11 technologies has introduced new security
concerns, due to the open-air nature of wireless transmissions
...
Wireless Equivalence Protocol (WEP) was developed as part of the original
802
...
WEP utilizes the RC4 stream cipher for encryption, which
combines a key with a randomly-generated initialization vector (IV) to
provide confidentiality
...
128-bit WEP - employs a 104-bit key with a 24-bit IV
...
WEP can be used with both Open and Shared-Key authentication
...
With
Shared-Key authentication, the WEP key used for both authenticating the
wireless client and encrypting data
...
WEP Shared-Key authentication employs a four-way handshake:
1
...
2
...
3
...
4
...
The authentication process will only be successful if the WEP key is
identical on both the WAP and the client
...
A malicious attacker can
intercept both the clear-text and encrypted challenges, and thus
somewhat easily derive the encryption key
...
Additionally, WEP provides only one-way authentication;
there is no mechanism within WEP for a client to authenticate the WAP
...
wikipedia
...
wi-fiplanet
...
php/1368661)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
131
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) was developed by the Wi-Fi Alliance to
address the shortcomings of WEP
...
11i amendment
...
Though TKIP employs a RC4 stream cipher like WEP, it offers several
improvements, including:
Per-Packet Key Hashing
64-bit Message Integrity Check (MIC)
Broadcast Key Rotation
Sequence Counting
Note: Cisco developed a proprietary implementation of TKIP that is not
compatible with WPA TKIP
...
WPA2, also developed by the Wi-Fi Alliance, incorporates all portions of
the 802
...
It added support for Advanced Encryption
Standard (AES) encryption with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)
...
WPA2 also added native support for Intrusion Detection Systems (IDS)
...
WPA Personal employs pre-shared key (or passphrase) for authentication, and
is often referred to as WPA-PSK (Pre-Shared Key)
...
As with WEP, this key-string must be identical on both the
client and the WAP
...
1X/EAP server (such as a RADIUS
server) for centralized authentication
...
802
...
(Reference: http://en
...
org/wiki/Wi-Fi_Protected_Access;
http://www
...
com/en/US/prod/collateral/wireless/ps5678/ps430/ps4076/prod_brochure09186a00801f7d0b
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
1X and Extensible Authentication Protocol (EAP)
The 802
...
It was originally developed for Ethernet (802
...
11
wireless devices as well
...
1X defines three roles in the authentication process:
Supplicant - the device being authenticated
...
11
environment, the supplicant would be the wireless client software
...
In an
802
...
Authentication Server - the device that stores the user database, for
validating authentication credentials
...
802
...
EAP is
not an authentication mechanism in itself
...
1X/EAP)
...
Only EAP traffic is allowed between
the client and WAP before authentication occurs
...
1X/EAP offers several advantages over
Static-WEP and WPA-PSK, including:
Centralized management of credentials
Support for multiple encryption types
Dynamic encryption keys
(Reference: http://en
...
org/wiki/IEEE_802
...
wikipedia
...
ieee802
...
PDF)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
133
Lightweight Extensible Authentication Protocol (LEAP)
Lightweight Extensible Authentication Protocol (LEAP) was developed by
Cisco, and is supported by WPA/WPA2 as an 802
...
LEAP employs a username/password for authentication via a
RADIUS server, and does not require the use of certificates
...
LEAP additionally supports single
sign-on in Windows environments, allowing clients to perform Active
Directory (or NT Domain) and 802
...
LEAP authentication is a multi-step process:
1
...
2
...
3
...
4
...
5
...
The authentication server sends a
randomly-generated challenge to the supplicant
...
This hash value serves as the response back to the
authentication server, and eliminates the need for the actual password
to be transmitted between the two devices
...
A Success message is generated if the supplicant and authentication
server have successfully authenticated each other, which informs the
authenticator that the supplicant can now pass data traffic
...
The PMK is used to create the actual
encryption keys for data transfer, via a four-way handshake
...
A strong password policy is extremely important when
employing LEAP in a business environment
...
(Reference: http://www
...
com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764f1
...
cisco
...
pdf; CCNP ONT Exam
Certification Guide, Amir Ranjbar
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Like LEAP, it utilizes a username/password for
authentication via a RADIUS server, and does not require the use of
certificates
...
EAP-FAST is supported by most versions of Windows, and supports
Windows single sign-on in Active Directory/Domain environments
...
This phase is optional because
the PAC can be manually configured on the supplicant
...
Phase 2 - the supplicant sends its username/password credentials to
the authentication server, via the secure tunnel
...
cisco
...
html;
CCNP ONT Exam Certification Guide, Amir Ranjbar
...
11
wireless networks
...
Both the supplicant and the authentication
server must be assigned a certificate from a Certificate Authority (CA)
server
...
EAP-TLS is natively supported on most versions of Windows (2000 and
newer)
...
cisco
...
shtml; CCNP ONT Exam
Certification Guide, Amir Ranjbar
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
PEAP utilizes TLS to create a secure tunnel between the supplicant and
authentication server
...
PEAP authentication is a two-phase process:
1
...
If successful, the supplicant and
authentication server form the TLS tunnel
...
The supplicant sends its username/password credentials to the
authentication server, via the secure tunnel
...
As with the other EAP-methods, a Success message is generated if the
supplicant and authentication server have successfully authenticated each
other, which informs the authenticator that the supplicant can pass traffic
...
cisco
...
shtml; CCNP ONT
Exam Certification Guide, Amir Ranjbar
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
When a router is powered on, the bootstrap runs a hardware diagnostic
called POST (Power-On Self Test)
...
Flash memory can be erased or overwritten, thus making the Cisco
IOS upgradeable
...
If the bootstrap cannot find the IOS in Flash, a stripped-down version of the IOS
that will be loaded from ROM instead
...
If the bootstrap does find the IOS in Flash, it is loaded into RAM and
attempts to find a Startup Configuration (startup-config) file in NVRAM
...
If the IOS cannot find a startup-config file in NVRAM, it will attempt to
load a configuration file from a TFTP server (this request is broadcasted to
255
...
255
...
If no TFTP server responds, the IOS will enter Initial
Configuration Mode, a series of interactive questions intended for quick
configuration of the router
...
RAM is
a volatile memory, and thus its contents will be lost if the router is powercycled
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The router is powered on
...
The bootstrap program (ROMmon) is loaded from ROM
...
The bootstrap runs POST
...
The bootstrap attempts to load the IOS from Flash
...
If the IOS is not found in Flash, the bootstrap loads into RAM
the basic IOS stored in ROM
...
If the IOS is found in Flash, it is loaded into RAM
...
The IOS attempts to load the startup-config file from NVRAM
a
...
b
...
c
...
6
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
139
Interfaces vs Lines
Cisco devices contain two distinctly different types of ports, interfaces and
lines
...
In other words, traffic is
actually routed or switched across interfaces
...
Thus, the first Ethernet interface on a
router would be identified as Ethernet0
...
Thus, interfaces on these routers are
identified by both the module number and the interface number, formatted as:
module/interface
...
Lines identify ports that allow us to connect into, and then configure, Cisco
devices
...
Thus, the first console port on a router
would be identified as Console0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The console port is generally a
RJ-45 connector, and requires a rollover cable to connect to
...
From the PC, software such as HyperTerminal is required to make a
connection from the local serial port to the router console port
...
The auxiliary port can function similarly to a console port, and can be accessed
using a rollover cable
...
Telnet, and now SSH, are the most common methods of remote access to
routers and switches
...
Enterprise editions of the IOS support up to
255 VTY connections
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The IOS
provides the mechanism to configure all Layer 2 and Layer 3 functions on Cisco
devices
...
Access to a specific mode (and specific
commands) is governed by privilege levels
...
The following is a representation of the IOS command-line interface, with an
example command:
Router# show startup-config
All commands throughout all guides on this site will be represented like the
above
...
2
service timestamps log uptime
service password-encryption
!
hostname Router
!
(Note: The above output was truncated to save space
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
y(z)t
The "x" designates a major revision number
...
The "z" designates an individual release number
The “t” designates a train identifier
...
4 would be identified as 12
...
The
major and minor revision numbers combined is often called the
Maintenance Release number (for example, “12
...
Trains identify IOS releases to specific markets, and are represented by a
single letter:
The “T” or Technology train is continuously updated with new
features and security fixes
...
The “S” or Service Provider train contains features and a
command-set for specific ISP equipment
The absence of a train identifier denotes a Mainline release
...
The latest version of the IOS (as of this writing) is 12
...
To view the IOS
version of your Cisco device:
Router# show version
The Cisco IOS is stored in Flash on Cisco routers and Catalyst switches, in a
...
It can be upgraded using one of several methods:
Replacing the existing Flash stick
Via a TFTP server
Via Xmodem
Via a PCMCIA slot (not supported by all Cisco devices)
(Reference: http://en
...
org/wiki/Cisco_IOS)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
143
IOS Version Numbers (continued)
The IOS
...
Observe the following IOS image:
c2600-ik9s-mz
...
T
...
cisco
...
shtml)
The IOS supports a wide variety of feature sets
...
cisco
...
html)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
144
IOS Modes on Cisco Devices
As stated earlier in this guide, the Cisco IOS is comprised of several modes,
each of which contains a set of commands specific to the function of that
mode
...
User mode appends a “>” after the device hostname:
Router>
No configuration can be changed or viewed from User mode
...
Privileged EXEC mode allows all configuration files, settings, and status
information to be viewed
...
Instead, to actually configure the Cisco device, one must enter Global
Configuration mode:
Router(config)#
To enter Global Configuration mode, type configure terminal from
Privileged Mode:
Router# configure terminal
Router(config)#
To return back to Privileged mode, type exit:
Router(config)# exit
Router#
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
145
IOS Modes on Cisco Devices (continued)
As its name implies, Global Configuration mode allows parameters that
globally affect the device to be changed
...
Among the most common sub-modes are the following:
Interface Configuration mode - Router(config-if)#
Line Configuration mode Router(config-line)#
Router Configuration mode - Router(config-router)#
Recall the difference between interfaces and lines
...
In other words, traffic is actually routed or
switched across interfaces
...
To configure an interface, one must specify both the type of interface, and the
interface number (which always begins at “0”)
...
Examples would include console ports, auxiliary ports, and VTY (or
telnet) ports
...
Thus, to configure the first
console line on a router:
Router(config)# line console 0
Router(config-line)#
Multiple telnet lines can be configured simultaneously
...
”
Router Configuration mode is used to configure dynamic routing
protocols, such as RIP
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
146
IOS Command Shortcuts
Shortcuts are allowed on the IOS command-line, as long as the truncated
command is not ambiguous
...
We could not, however, use co as a shortcut, as three
commands begin with those letters
...
cisco
...
html#wp1028871)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
147
Terminal History Buffer
As implied in the previous section, the Cisco IOS keeps a history of
previously entered commands
...
To view the terminal history buffer:
RouterA# show history
enable
config t
hostname RouterA
exit
show history
The Up-Arrow key (or CTRL-P) allows you to scroll through previously
entered commands
...
To adjust the number of commands the history buffer stores (range 0-256):
RouterA# terminal history size 30
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
148
IOS Context-Sensitive Help
The question mark (?) is one of the most powerful tools in the Cisco IOS, as it
provides context-sensitive help for each IOS mode
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
149
The “Show” Command
The show command provides the ability to view a wide variety of
configuration and status information on your router
...
Numerous show
commands will be described throughout this and most other guides
...
3(1a), RELEASE SOFTWARE (fc1) Copyright
(c) 1986-2003 by cisco Systems, Inc
...
0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE
(fc1)
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11
...
123-1a
...
Processor
board ID 13587050, with hardware revision 00000000
Bridging software
...
25 software, Version 3
...
0
...
3
interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory
...
cisco
...
shtml)
The following command provides output similar to show version:
Router# show hardware
Other common show commands will be described shortly
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
This password can be
set or changed from Global Configuration mode:
Router(config)# enable password MYPASSWORD
Router(config)# enable secret MYPASSWORD2
The enable password command sets an unencrypted password intended for
legacy systems that do not support encryption
...
The enable secret command sets an MD5-hashed password, and thus is far more
secure
...
The router will not accept identical passwords for these two
commands
...
To change the password for a console port and
all telnet ports:
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password cisco1234
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco1234
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
Router(config-line)# exec-timeout 0 0
Router(config-line)# logging synchronous
The exec-timeout 0 0 command is optional, and disables the automatic
timeout of your connection
...
Thus, to set a timeout for 2 minutes and 30
seconds:
Router(config-line)# exec-timeout 2 30
The logging synchronous command is also optional, and prevents system
messages from interrupting your command prompt
...
To
ensure these passwords are encrypted in all configuration files:
Router(config)# service password-encryption
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
151
Router Interfaces
Recall that, to configure an interface, one must specify both the type of
interface, and the interface number (which always begins at “0”)
...
All commands must reflect both the module
number and the interface number, formatted as: module/interface
Thus, to configure the third Fast Ethernet interface off of the first module:
Router(config)# interface fastethernet 0/2
Router(config-if)#
By default, all router interfaces are administratively shutdown
...
To
manually force an interface into a shutdown state:
Router(config-if)# shutdown
To assign an IP address to an interface:
Router(config-if)# ip address 192
...
1
...
255
...
0
An additional secondary IP Address can be assigned to an interface:
Router(config-if)# ip address 192
...
1
...
255
...
0
Router(config-if)# ip address 192
...
1
...
255
...
0 secondary
Serial interfaces require special consideration
...
Clock rate is
measured in BPS (bits-per-second)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
abcd
...
168
...
1, subnet mask is 255
...
255
...
abcd
...
abcd
...
168
...
1)
MTU (1500 bytes)
Bandwidth (10 Mbps)
Output and input queue status
Traffic statistics (packets input, packets output, collisions, etc
...
168
...
1
192
...
2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The second part (line protocol is up) refers to the data-link layer
status of the interface
...
An interface that is physically down will display the following status:
Serial 0 is down, line protocol is down
The mostly likely cause of the above status is a defective (or unplugged)
cable or interface
...
Potential causes of
the above status could include:
Absence of keepalives being sent or received
Clock rate not set on the DCE side of a serial connection
Different encapsulation types set on either side of the link
An interface that has been administratively shutdown will display the
following status:
Serial 0 is administratively down, line protocol is down
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
154
Managing Configuration Files
Cisco IOS devices employ two distinct configuration files
running-config - stored in RAM, contains the active configuration
startup-config - stored in NVRAM (or flash), contains the saved
configuration
Any configuration change made to an IOS device is made to the runningconfig
...
Thus, we must save the contents of the running-config
to the startup-config file
...
Thus, if
we wanted to copy the contents of the startup-config file to running-config:
Router# copy startup-config running-config
We can use shortcuts to simplify the above commands:
Router# copy run start
Router# copy start run
To view the contents of the running-config and startup-config files:
Router# show run
Router# show start
To delete the contents of the startup-config file:
Router# erase start
If the router is power-cycled after erasing the startup-config file, the router will
enter Initial Configuration Mode (sometimes called Setup Mode)
...
Initial Configuration Mode can be exited by typing CTRL-C
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The following command will display the contents of the startup-config,
beginning with the first line containing the text ethernet:
Router# show startup | begin ethernet
The following command will exclude all lines containing the text ethernet:
Router# show startup | exclude ethernet
The following command will include all lines containing the text ethernet:
Router# show startup | include ethernet
Miscellaneous Commands
To change the hostname of your router:
Router(config)# hostname MyRouter
MyRouter(config)# hostname MyRouter
To assign a description to an interface for documentation purposes:
Router(config)# interface serial 0
Router(config-if)# description SBC T1 connection to Chicago
Router# show interfaces
Serial
0 is up, line protocol is up
Hardware is Serial
Internet address is 70
...
3
...
255
...
0
To create a banner message which users will see when logging into an IOS
device:
Router(config)# banner motd #
Logging into this router
will be prosecuted!
#
without
authorization
is
illegal and
The # symbol is used as a delimiter to indicate the beginning and end of the
banner
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
156
IOS Troubleshooting Commands
The show tech-support command prints to screen every configuration file,
and the output of several important show commands
...
As with the show command, there are a multitude
of arguments for the debug command
...
To disable all possible debugging options on an IOS device:
Router# no debug all
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
157
Section 12
- Advanced IOS Functions The Configuration Register
The configuration register (config-register) is a hexadecimal value that
controls various aspects of how a router boots, including:
Baud Rate
Boot Messages (enable/disable)
Break (disable/ignore)
Flash (read-only, read-write)
NVRAM (use startup-config/bypass startup-config)
The default config-register is 0x2102
...
16384K bytes of processor board System flash (Read ONLY)
Configuration
register
is
0x2102
Common config-register settings include:
Value
Baud Rate
0x2101
0x2102
0x2142
9600
9600
9600
Boots Into?
Flash
Startup-Config
IOS from ROM Read/Write
IOS from Flash Read/Only
IOS from Flash Read/Only
Uses
Uses
Bypass
Remember, 0x2102 is the default config-register value on Cisco routers
...
To change the config-register from the IOS:
Router(config)# config-register 0x2142
This configuration change does not take affect until the next reboot
...
cisco
...
shtml)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
158
Backing up and Restoring the Cisco IOS
The Cisco IOS is stored in flash
...
You can view available free space, and the
name of any file(s) in flash, by typing:
Router# show flash
System flash directory:
File
Length
Name/status
1
4467254
c2500-ik9s-mz
...
The TFTP server must have IP
connectivity to the router
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
CDP is enabled by default on all IOS
enabled routers and switches, and sends out updates every 60 seconds
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
17
...
2
To exit a telnet session:
Router2# exit
To return to the router you telnetted from, without exiting the session:
Hold CTRL+SHIFT+6 and then release
Type the character x
To view all open telnet sessions:
Router# show sessions
Privilege Levels
IOS devices have a total of 16 privilege levels, numbered 0 through 15
...
Privileged Exec mode is privilege level
15
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Thus, routes are usually based on the destination
network, and not the destination host (host routes can exist, but are used only in
rare circumstances)
...
Examples would be IP
and IPX
...
Examples would be RIP,
IGRP, OSPF, etc
...
A longer prefix-length indicates a more
specific route
...
1
...
2/24
...
1
...
0/24
10
...
0
...
e
...
Since the 10
...
5
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
163
Administrative Distance vs
...
Distance vector routing protocols use “distance” (usually hop-count) as their
metric
...
Only routes with the best metric are added to the routing table
...
If multiple equal-metric routes
exist to a particular network, most routing protocols will load-balance
...
Lowest administrative distance wins
...
If the metric is identical for both
routes, the router will load balance between both paths
...
The Administrative Distance of common routing protocols (remember,
lowest wins):
Connected
Static
EIGRP Summary
External BGP
Internal EIGRP
IGRP
OSPF
IS-IS
RIP
External EIGRP
Internal BGP
Unknown
0
1
5
20
90
100
110
115
120
170
200
255
A route with an “unknown” Administrative Distance will never be inserted into
the routing table
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
168
...
1 to network 0
...
0
...
168
...
0/24 is directly connected, Ethernet0
150
...
0
...
50
...
0 is directly connected, Loopback1
192
...
123
...
168
...
0 is directly connected, Serial1
10
...
0
...
168
...
1, 00:00:00, Serial0
[120/1] via 192
...
111
...
0
...
0/0 [1/0] via 192
...
1
...
This indicates
both the administrative distance and the metric (the 120 is the AD, and the 1 is the
hop-count metric)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
168
...
5/24
O
R
R
S
192
...
111
...
168
...
1, 00:00:00, Serial3
192
...
111
...
168
...
1, 00:00:00, Serial0
192
...
111
...
168
...
2, 00:00:00, Serial1
192
...
0
...
1
...
1
We have two RIP routes, an OSPF route, and a Static route to that
destination
...
192
...
111
...
168
...
0/16
...
The second RIP route will not be inserted into the routing table, because it has a
higher metric (5) than the first RIP route (1)
...
168
...
0/24 [110/58] via 192
...
131
...
168
...
0/24 [120/1] via 192
...
123
...
168
...
0/16 [1/0] via 10
...
1
...
OSPF has the lowest administrative distance, and thus that route will be
preferred
...
This is why the order of the above “criteria” is prefix-length, metric, and
then administrative distance
...
Thus, the
metric is calculated first, but not preferred first over AD
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Dynamic Routing Static vs
...
A static routing table is created, maintained, and updated by a network
administrator, manually
...
This provides a granular level of
control over routing, but quickly becomes impractical on large networks
...
However, static routing is not
fault-tolerant, as any change to the routing infrastructure (such as a link going
down, or a new network added) requires manual intervention
...
Static routes have an Administrative Distance (AD) of 1, and thus are always
preferred over dynamic routes, unless the default AD is changed
...
A dynamic routing table is created, maintained, and updated by a routing
protocol running on the router
...
Specific dynamic
routing protocols are covered in great detail in other guides
...
However, routing protocols are
capable of dynamically choosing a different (or better) path when there is a
change to the routing infrastructure
...
)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
167
Static vs
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Examples of
link-state protocols include OSPF and IS-IS
...
Distance-vector Routing Protocols
All distance-vector routing protocols share several key characteristics:
Periodic updates of the full routing table are sent to routing
neighbors
...
Some form of distance is used to calculate a route‟s metric
...
A distance-vector routing protocol begins by advertising directly-connected
networks to its neighbors
...
Neighbors will add the routes from these updates to their own routing tables
...
Thus, routers fully
(and blindly) rely on neighbors for route information, a concept known as routing
by rumor
...
Because routing
information is propagated from neighbor to neighbor via periodic updates,
distance-vector protocols suffer from slow convergence
...
Distance-vector protocols utilize some form of distance to calculate a
route‟s metric
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
169
Link-State Routing Protocols
Link-state routing protocols were developed to alleviate the convergence and
loop issues of distance-vector protocols
...
Neighbors are formed by sending
Hello packets
...
Shortest-Path table - contains the best routes to each particular
destination (otherwise known as the “routing” table”)
Link-state protocols do not “route by rumor
...
All routers know the state of all existing links within their area, and store
this information in a topology table
...
The best route to each link (network) is stored in the routing (or shortestpath)
table
...
Each router will adjust its topology table
accordingly, and will calculate a new best route if required
...
Additionally, because updates are sent only during a link-state change, and
contain only the change (and not the full table), link-state protocols are less
bandwidth intensive than distance-vector protocols
...
Link-state protocols utilize some form of cost, usually based on bandwidth, to
calculate a route‟s metric
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
170
Section 15
- Classful vs
...
A router running a classful routing protocol will react in one of
two ways when receiving a route:
If the router has a directly connected interface belonging to the same
major network, it will apply the same subnet mask as that interface
...
Belonging to same “major network” simply indicates that they belong to the
same “classful” network
...
3
...
0 and 10
...
5
...
0
...
0)
10
...
4
...
1
...
4 do not belong to the same major network
192
...
1
...
168
...
254 belong to the same major network
(192
...
1
...
168
...
5 and 192
...
2
...
Take the following example (assume the routing protocol is classful):
If Router B sends a routing update to Router A, it will not include the subnet mask
for the 10
...
0
...
Thus, Router A must make a decision
...
0
...
0), it will use the subnet mask of that interface for the route
...
4
...
0/16 network, it will apply a
subnet mask of /16 to the 10
...
0
...
If Router A does not have a directly connected interfacing belonging to the
same major network, it will apply the classful subnet mask of /8
...
When using classful routing protocols, the subnet mask must remain
consistent throughout your entire network
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Thus, Variable Length Subnet Masks (VLSMs) are allowed when using
classless routing protocols
...
Examples of classless routing protocols include RIPv2, EIGRP, OSPF, and
IS-IS
...
Additionally, the router itself can operate either
“classfully” or “classlessly” when actually routing data
...
For example, a router may have an interface attached to the 10
...
5
...
It may also have routes from a routing protocol, also for the
10
...
x
...
However, if the classful router receives a packet destined for a 10
...
x
...
Again, a classful router believes it knows all possible destinations in a major
network
...
0 and
greater):
Router(config)# ip classless
(Reference: http://www
...
com/en/US/tech/tk365/technologies_tech_note09186a0080094823
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Consider the following diagram:
This particular scenario will work when using RIPv1, despite the fact that
we‟ve subnetted the major 10
...
0
...
Notice that the subnets are
contiguous (that is, they belong to the same major network), and use the same
subnet mask
...
1
...
0 network
...
3
...
0 network is in the same major network as the 10
...
0
...
The route entry in the update will simply state
“10
...
0
...
Router B will accept this routing update, and realize that the interface
receiving the update (Serial0) belongs to the same major network as the
route entry of 10
...
0
...
It will then apply the subnet mask of its Serial0
interface to this route entry
...
2
...
0 network to Router B
...
0
...
0/16 is subnetted, 4 subnets
10
...
0
...
4
...
0 is directly connected, Serial1
10
...
0
...
3
...
1, 00:00:00,
10
...
0
...
4
...
1, 00:00:00,
Serial0
Serial1
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
173
Limitations of Classful Routing Example
Consider the following, slightly altered, example:
We‟ll assume that RIPv1 is configured correctly on all routers
...
Both Router A and Router C contain
subnets of the 10
...
0
...
1
...
0 and 10
...
0
...
Separating these networks now are two Class C subnets (192
...
123
...
168
...
0)
...
1
...
0
network
...
1
...
0 and 192
...
123
...
Router A will summarize the 10
...
0
...
0
...
0/8
...
x
...
x scheme
...
Because of this, Router B will install the
summarized 10
...
0
...
Router C, similarly, will consider itself a border router between networks
10
...
0
...
168
...
0
...
0
...
0 route to Router B
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
168
...
0 is
192
...
111
...
0
...
0 [120/1]
[120/1]
directly connected, Serial0
directly connected, Serial1
via 192
...
123
...
168
...
2, 00:00:00,
Serial0
Serial1
That‟s right, Router B now has two equal metric routes to get to the
summarized 10
...
0
...
Router B will now load balance all traffic to any 10
...
x
...
Suffice to say, this is not a good thing
...
Router B then tries to send routing updates to Router A and
Router C, including the summary route of 10
...
0
...
Router A‟s routing table
looks like:
RouterA# show ip route
Gateway of last resort is not set
C
C
192
...
123
...
0
...
0/16 is subnetted, 1 subnet
10
...
0
...
0
...
0/8 route from Router B, and
will reject it
...
0
...
0 in its
routing table, and it‟s directly connected
...
1
...
0/16 and 10
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
175
Section 16
- Configuring Static Routes Configuring Static Routes
The basic syntax for a static route is as follows:
Router(config)# ip route [destination_network] [subnet_mask] [next-hop]
Consider the following example:
RouterA will have the 172
...
0
...
17
...
0/16 networks in its
routing table as directly-connected routes
...
18
...
0/16 network off of RouterB:
RouterA(config)# ip route 172
...
0
...
255
...
0 172
...
1
...
Likewise, to add a static route on RouterB, pointing to the
172
...
0
...
16
...
0 255
...
0
...
17
...
1
To remove a static route, simply type no in front of it:
RouterA(config)# no ip route 172
...
0
...
255
...
0 172
...
1
...
Still using the previous diagram as an example:
RouterA(config)# ip route 172
...
0
...
255
...
0 fa0/1
RouterB(config)# ip route 172
...
0
...
255
...
0 fa0/0
A static route using an exit-interface has an Administrative Distance of 0, as
opposed to the default AD of 1 for static routes
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
176
Advanced Static Routes Parameters
The Administrative Distance of a static route can be changed to form a
floating static route, which will only be used if there are no other routes
with a lesser AD in the routing table
...
To change the Administrative Distance of a static route to 250:
RouterA(config)# ip route 172
...
0
...
255
...
0 172
...
1
...
To ensure a static route remains
permantly in the routing table, even if the next-hop interface is down:
RouterA(config)# ip route 172
...
0
...
255
...
0 172
...
1
...
0
...
0 255
...
0
...
A default route, or gateway of last resort, allows traffic to be forwarded, even
without a specific route to a particular network
...
0
...
0 0
...
0
...
It is the least specific route possible, and thus will
only be used if a more specific route does not exist (hence “gateway of last
resort”)
...
0
...
0 0
...
0
...
17
...
2
Advanced default routing is covered in great detail in another guide
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
RIP was one of the first true Distance Vector routing protocols, and is
supported on a wide variety of systems
...
RIP utilizes UDP port 520
RIP routes have an administrative distance of 120
...
Any network that is 16 hops away or more is considered unreachable to RIP, thus
the maximum diameter of the network is 15 hops
...
If multiple paths exist to a particular destination, RIP will load balance
between those paths (by default, up to 4) only if the metric (hopcount) is
equal
...
For example, two paths might exist to a particular destination, one going
through a 9600 baud link, the other via a T1
...
This will (obviously) cause the slower link to
become congested
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
RIPv1 (RFC 1058) is classful, and thus does not include the subnet mask
with its routing table updates
...
When using RIPv1, networks
must be contiguous, and subnets of a major network must be configured with
identical subnet masks
...
RIPv1 sends updates as broadcasts to address 255
...
255
...
RIPv2 (RFC 2543) is classless, and thus does include the subnet mask with its
routing table updates
...
Other enhancements offered by RIPv2 include:
Routing updates are sent via multicast, using address 224
...
0
...
By default:
RIPv1 routers will sent only Version 1 packets
RIPv1 routers will receive both Version 1 and 2 updates
RIPv2 routers will both send and receive only Version 2 updates
We can control the version of RIP a particular interface will “send” or
“receive
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
179
RIPv1 Basic Configuration
Routing protocol configuration occurs in Global Configuration mode
...
16
...
0
Router(config-router)# network 172
...
0
...
The network statements tell RIP which networks you wish to advertise to
other RIP routers
...
Notice that we specify the networks at their classful boundaries, and we
do not specify a subnet mask
...
17
...
0
Router(config-router)# network 172
...
0
...
16
...
0
172
...
0
...
18
...
0
is directly
is directly
[120/1] via
connected, Ethernet0
connected, Serial0
172
...
1
...
17
...
0
172
...
0
...
16
...
0
is directly
is directly
[120/1] via
connected, Serial0
connected, Ethernet0
172
...
1
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Consider the
following example:
This particular scenario will still work when using RIPv1, despite the fact
that we‟ve subnetted the major 10
...
0
...
Notice that the subnets are
contiguous (that is, they belong to the same major network), and use the
same subnet mask
...
1
...
0 network
...
3
...
0 network is in the same major network as the 10
...
0
...
The route entry in the update will simply state
“10
...
0
...
Router B will accept this routing update, and realize that the interface
receiving the update (Serial0) belongs to the same major network as the
route entry of 10
...
0
...
It will then apply the subnet mask of its Serial0
interface to this route entry
...
2
...
0 network to Router B
...
0
...
0/16 is subnetted, 4 subnets
10
...
0
...
4
...
0 is directly connected, Serial1
10
...
0
...
3
...
1, 00:00:00,
10
...
0
...
4
...
1, 00:00:00,
Serial0
Serial1
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
181
Limitations of RIPv1 (continued)
Consider the following, slightly altered, example:
We‟ll assume that RIPv1 is configured correctly on all routers
...
Both Router A and Router C contain
subnets of the 10
...
0
...
1
...
0 and 10
...
0
...
Separating these networks now are two Class C subnets (192
...
123
...
168
...
0)
...
1
...
0
network
...
1
...
0 and 192
...
123
...
Router A will summarize the 10
...
0
...
0
...
0/8
...
x
...
x scheme
...
Because of this, Router B will install the
summarized 10
...
0
...
Router C, similarly, will consider itself a border router between networks
10
...
0
...
168
...
0
...
0
...
0 route to Router B
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
168
...
0 is
192
...
111
...
0
...
0 [120/1]
[120/1]
directly connected, Serial0
directly connected, Serial1
via 192
...
123
...
168
...
2, 00:00:00,
Serial0
Serial1
That‟s right, Router B now has two equal metric routes to get to the
summarized 10
...
0
...
Router B will now load balance all traffic to any 10
...
x
...
Suffice to say, this is not a good thing
...
Router B then tries to send routing updates to Router A and
Router C, including the summary route of 10
...
0
...
Router A‟s routing table
looks like:
RouterA# show ip route
Gateway of last resort is not set
C
C
192
...
123
...
0
...
0/16 is subnetted, 1 subnet
10
...
0
...
0
...
0/8 route from Router B, and
will reject it
...
0
...
0 in its
routing table, and it‟s directly connected
...
1
...
0/16 and 10
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
183
RIPv2 Configuration
RIPv2 overcomes the limitations of RIPv1 by including the subnet mask in its
routing updates
...
To change to Version
2, you must type:
Router(config)# router rip
Router(config-router)# version 2
Thus, the configuration of Router A would be:
RouterA(config)# router rip
RouterA(config-router)# version 2
RouterA(config-router)# network 10
...
0
...
168
...
0
Despite the fact that RIPv2 is a classless routing protocol, we still specify
networks at their classful boundaries, without a subnet mask
...
1
...
0/16 network to 10
...
0
...
Again,
this is because the 10
...
0
...
168
...
0 networks do not belong to the
same major network
...
1
...
0 network
...
1
...
0) and its subnet mask (255
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
184
RIP Timers
RIP has four basic timers:
Update Timer (default 30 seconds) - indicates how often the router will
send out a routing table update
...
The invalid timer will be reset if an update is received for
that particular route before the timer expires
...
Instead, the route is marked (and advertised) with a metric of 16,
indicating it is unreachable, and placed in a hold-down state
...
RIP will not
accept any new updates for routes in a hold-down state, until the hold-down
timer expires
...
An update has been received from another router, marking that route
with a metric of 16 (or unreachable)
...
This is
to prevent loops
...
The flush timer runs concurrently with the invalid timer, and
thus will flush out a route 60 seconds after it has been marked invalid
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
185
RIP Timers Configuration and Example
Consider the above example
...
18
...
0
...
16
...
0
172
...
0
...
18
...
0
is directly
is directly
[120/1] via
connected, Ethernet0
connected, Serial0
172
...
1
...
If no update for this route is
heard for 180 seconds, several things will occur:
The route is marked as invalid in the routing table
...
The route is advertised to all other routers as unreachable
...
The router will not accept any new updates for this route until this
hold-down period expires
...
Remember that the invalid and flush timers run concurrently
...
To return the timers back to their
defaults:
Router(config-router)# no timers basic
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
186
RIP Loop Avoidance Mechanisms
RIP, as a Distance Vector routing protocol, is susceptible to loops
...
If
the 172
...
0
...
But what if an update from Router A reaches Router B before this can
happen? Router A believes it can reach the 172
...
0
...
This will cause Router B to believe it can reach the
failed 172
...
0
...
Both routers will
continue to increment the metric for the network until they reach a hop count
of 16, which is unreachable
...
How can we prevent this from happening? There are several loop avoidance
mechanisms:
Split-Horizon - Prevents a routing update from being sent out the interface it was
received on
...
18
...
0 network back to Router B, as it
originally learned the route from Router B
...
Route-Poisoning - Works in conjunction with split-horizon, by triggering an
automatic update for the failed network, without waiting for the update timer to
expire
...
Hold-Down Timers - Prevents RIP from accepting any new updates for
routes in a hold-down state, until the hold-down timer expires
...
(Router A‟s metric for the 172
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
187
RIP Passive Interfaces
It is possible to control which router interfaces will participate in the RIP
process
...
Router C does not want to participate in the RIP
domain
...
4
...
0
RouterC(config-router)# network 10
...
0
...
We can configure all interfaces to be passive using the passive-interface
default command, and then individually use the no passive-interface
command on the interfaces we do want updates to be sent out:
RouterC(config)# router rip
RouterC(config-router)# network 10
...
0
...
2
...
0
RouterC(config-router)# passive-interface default
RouterC(config-router)# no passive-interface e0
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
188
RIP Neighbors
Recall that RIPv1 sends out its updates as broadcasts, whereas RIPv2 sends out
its updates as multicasts to the 224
...
0
...
We can configure specific RIP
neighbor commands, which will allow us to unicast routing updates to those
neighbors
...
3
...
0
RouterB(config-router)# network 10
...
0
...
3
...
1
RouterB(config-router)# neighbor 10
...
5
...
However, Router B will still broadcast (if RIPv1) or multicast (if RIPv2) its
updates, in addition to sending unicast updates to its neighbors
...
3
...
1
RouterB(config-router)# neighbor 10
...
5
...
The neighbor commands still allow unicast
updates to those specific neighbors
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
By
default:
RIPv1 routers will sent only Version 1 packets
RIPv1 routers will receive both Version 1 and 2 updates
RIPv2 routers will both send and receive only Version 2 updates
If Router A is running RIP v1, and Router B is running RIP v2, some
additional configuration is necessary
...
RouterB(config)# interface s0
RouterB(config-if)# ip rip receive version 1
Notice that this is configured on an interface
...
We can also have an interface send or receive both versions simultaneously:
RouterB(config)# interface s0
RouterB(config-if)# ip rip receive version 1 2
We can further for RIPv2 to send broadcast updates, instead of multicasts:
RouterB(config)# interface s0
RouterB(config)# ip rip v2-broadcast
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
190
Triggering RIP Updates
On point-to-point interfaces, we can actually force RIP to only send routing
updates if there is a change:
RouterB(config)# interface s0
...
We cannot configure RIP
triggered updates on an Ethernet network
...
To
view the IP routing table:
Router# show ip route
irrelevant
header>
Gateway of last resort is not set
C
C
R
R
172
...
0
...
17
...
0 is directly connected, Serial0
172
...
0
...
17
...
2, 00:00:15, Serial0
192
...
123
...
16
...
1, 00:00:00, Ethernet0
To view a specific route within the IP routing table:
Router# show ip route 172
...
0
...
18
...
0/16
Known via “rip”, distance 120, metric 1
Last update from 172
...
1
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
0
172
...
0
...
17
...
2
120
00:00:17
Distance: (default is 120)
This command provides us with information on RIP timers, on the RIP
versions configured on each interface, and the specific networks RIP is
advertising
...
0
...
0/8
auto-summary
7
...
0
...
16
...
1, 00:00:06, Ethernet0
172
...
0
...
17
...
0/16
directly connected, Serial0
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
192
Section 18
- Interior Gateway Routing Protocol IGRP (Interior Gateway Routing Protocol)
IGRP is a Cisco-proprietary Distance-Vector protocol, designed to be more
scalable than RIP, its standardized counterpart
...
IGRP sends out the full routing table every periodic update
...
IGRP uses the Bellman-Ford Distance Vector algorithm to determine
the best “path” to a particular destination
...
IGRP utilizes IP protocol 9
...
IGRP, by default, supports a maximum of 100 hops
...
IGRP is a classful routing protocol
...
Reliability, Load, and MTU are optional attributes that can be
used to calculate the distance metric
...
Only routers in the same Autonomous system will send
updates between each other
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
On
Router A, to configure IGRP, we would type:
Router(config)# router igrp 10
Router(config-router)# network 172
...
0
...
17
...
0
The first command, router igrp 10, enables the IGRP process
...
Only other
IGRP routers in Autonomous System 10 will share updates with this router
...
We simply list the networks that are directly connected to our router
...
To configure Router B:
Router(config)# router igrp 10
Router(config-router)# network 172
...
0
...
18
...
0
The routing table on Router A will look like:
RouterA# show ip route
Gateway of last resort is not set
C
C
I
172
...
0
...
17
...
0
172
...
0
...
17
...
2, 00:00:00,
Serial0
The routing table on Router B will look like:
RouterB# show ip route
Gateway
C
C
I
of
last
172
...
0
...
18
...
0
172
...
0
...
17
...
1, 00:00:00,
Serial0
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
194
Limitations of IGRP
The example on the previous page works fine with IGRP, because the
networks are contiguous and the subnet masks are consistent
...
0
...
0 network
...
When Router A sends an IGRP update to Router B via Serial0, it will not
include the subnet mask for the 10
...
0
...
However, because the
10
...
0
...
1
...
0 network, it will
not summarize the address
...
1
...
0”
...
1
...
0
...
Router C will similarly send an entry for the 10
...
0
...
Router B‟s routing table will thus look like:
RouterB# show ip route
Gateway of last resort is not set
C
C
I
I
10
...
0
...
3
...
0 is directly connected, Serial0
10
...
0
...
1
...
0 [120/1] via 10
...
5
...
2
...
0 [120/1] via 10
...
5
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Notice that
our networks are no longer contiguous
...
0
...
0 major network (10
...
0
...
2
...
0 respectively)
...
168
...
0 and
192
...
111
...
Why is this a problem? Again, when Router A sends an IGRP update to
Router B via Serial, it will not include the subnet mask for the 10
...
0
...
Instead, Router A will consider itself a border router, as the
10
...
0
...
168
...
0 networks do not belong to the same major
network
...
1
...
0/16 network to its classful
boundary of 10
...
0
...
Router B will accept this routing update, and realize that it does not have a
directly connected interface in the 10
...
x
...
Thus, it has no subnet mask
to apply to this route
...
0
...
0 route into its routing table
...
2
...
0 and 192
...
111
...
Thus, Router C will also send a summarized
10
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
196
Limitations of IGRP (continued)
Router B‟s routing table will then look like:
RouterB# show ip route
Gateway of last resort is not set
C
C
I
192
...
123
...
168
...
0 is
10
...
0
...
168
...
1, 00:00:00,
via 192
...
111
...
0
...
0 network, one through Router A and the other through
Router C
...
x
...
x network
between routers A and C
...
☺
It gets better
...
0
...
0/8
...
168
...
0 is directly connected, Serial0
10
...
0
...
1
...
0 is directly connected, Ethernet0
Router A will receive the summarized 10
...
0
...
This is because it already has the summary network of 10
...
0
...
Router C will respond
exactly the same, and the 10
...
0
...
2
...
0/16 networks will never be able
to communicate
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Invalid Timer (default 270 seconds) - indicates how long a route will
remain in a routing table before being marked as invalid, if no new updates are
heard about this route
...
A route marked as invalid is not immediately removed from the routing
table
...
Hold-down Timer (default 280 seconds) - indicates how long IGRP will
“suppress” a route that it has placed in a hold-down state
...
A route will enter a hold-down state for one of three reasons:
The invalid timer has expired
...
An update has been received from another router, marking that route
with a higher metric than what is currently in the routing table (this is
to prevent loops)
...
The flush timer runs concurrently with the invalid timer, and
thus will flush out a route 360 seconds after it has been marked invalid
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
198
IGRP Loop Avoidance Mechanisms
IGRP, as a Distance Vector routing protocol, is susceptible to loops
...
If
the 172
...
0
...
But what if an update from Router A reaches Router B before this can
happen? Router A believes it can reach the 172
...
0
...
This will cause Router B to believe it can reach the
failed 172
...
0
...
Both routers will
continue to increment the metric for the network until they reach an infinity
hop count (by default, 101)
...
How can we prevent this from happening? There are several loop avoidance
mechanisms:
Split-Horizon - Prevents a routing update from being sent out the interface it was
received on
...
18
...
0 network back to Router B, as it
originally learned the route from Router B
...
Route-Poisoning - Works in conjunction with split-horizon, by triggering an
automatic update for the failed network, without waiting for the update timer to
expire
...
Hold-Down Timers - Prevents IGRP from accepting any new updates for
routes in a hold-down state, until the hold-down timer expires
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
199
IGRP Passive Interfaces
It is possible to control which router interfaces will participate in the IGRP
process
...
Router C does not want to participate in the
IGRP domain
...
4
...
0
RouterC(config-router)# network 10
...
0
...
We can configure all interfaces to be passive using the passive-interface
default command, and then individually use the no passive-interface
command on the interfaces we do want updates to be sent out:
RouterC(config)# router igrp 10
RouterC(config-router)# network 10
...
0
...
2
...
0
RouterC(config-router)# passive-interface default
RouterC(config-router)# no passive-interface e0
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
200
Advanced IGRP Configuration
To change the maximum hop-count to 255 for IGRP:
Router(config)# router igrp 10
Router(config-router)# metric maximum-hops 255
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
201
Section 19
- Enhanced Interior Gateway Routing Protocol EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP is a Cisco-proprietary Hybrid routing protocol, incorporating
features of both Distance-Vector and Link-State routing protocols
...
DUAL also helps ensure a loopfree routing environment
...
EIGRP traffic is either sent as unicasts, or as multicasts on address
224
...
0
...
Reliable Transport Protocol (RTP) is used to ensure delivery of most
EIGRP packets
...
Updates are sent when a change occurs, and include only the change
...
Other characteristics of EIGRP include:
EIGRP supports IP, IPX, and Appletalk routing
...
EIGRP applies an Administrative Distance of 170 for external routes
coming from outside the local Autonomous System
EIGRP uses Bandwidth and Delay of the Line, by default, to
calculate its distance metric
...
EIGRP has a maximum hop-count of 224, though the default
maximum hop-count is set to 100
...
Neighbors must
belong to the same Autonomous System
Topology table - list of all routes in the Autonomous System
Routing table - contains the best route for each known network
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
202
EIGRP Neighbors
EIGRP forms neighbor relationships, called adjacencies, with other routers in
the same AS by exchanging Hello packets
...
Hello packets are sent as multicasts to address
224
...
0
...
By default, on LAN and high-speed WAN interfaces, EIGRP Hellos are sent
every 5 seconds
...
The EIGRP Hello timer can be adjusted on a per interface basis:
Router(config-if)# ip hello-interval eigrp 10 7
The above command allows us to change the hello timer to 7 seconds for
Autonomous System 10
...
The Hold timer indicates how long a router should wait before
marking a neighbor inactive, if it stops receiving hello packets from that
neighbor
...
Thus, on highspeed
links the timer is set to 15 seconds, and on slower WAN links the timer is set
to 180 seconds
...
Changing the Hello timer does not automatically change the Hold timer
...
(Reference: http://www
...
com/en/US/tech/tk365/technologies_tech_note09186a0080093f07
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The local interface that received the neighbor‟s Hello packet
...
A sequence number indicating the order neighbors were learned
...
Neighbors cannot be formed on secondary
addresses
...
16
...
1 not on common subnet
for Serial0
Always ensure that primary IP addresses belong to the same subnet between
EIGRP neighbors
...
cisco
...
shtml)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
204
The EIGRP Topology Table
Once EIGRP neighbors form adjacencies, they will begin to share routing
information
...
All such routes are added to an EIGRP router‟s topology table
...
The Feasible Distance for each network will be installed into the
routing table
...
Confused? Consider the following example:
Router A has three separate paths to the Destination Network, either through
Router B, C, or D
...
Router C‟s Feasible Distance to the Destination Network is 23
...
Router B sends an update to Router A, it will provide an Advertised
Distance of 8 to the Destination Network
...
Router A calculates the total distance to the Destination network by adding
the AD of the advertising router, with its own distance to reach that
advertising router
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
205
The EIGRP Topology Table (continued)
Remember, however, that Router A‟s Feasible Distance must be the route with
the lowest metric
...
This
route is identified as the Successor
...
A
route will only become a Successor if its Advertised Distance is less than the
current Feasible Distance
...
For example, we determined that Router A‟s Feasible Distance to the
destination is 11, through Router D
...
Routes that are not Feasible Successors
become route Possibilities
...
Thus, the route through Router B to the Destination Network
would become a Feasible Successor
...
If no Feasible Successor exists and a link fails, a route will enter
an Active (converging) state until an alternate route is found
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Hello packets are always multicast to address
224
...
0
...
Update packets are sent between neighbors to build the topology and
routing tables
...
However, if a
route‟s metric is changed, the update is sent out as a multicast to address
224
...
0
...
Query packets are sent by a router when a Successor route fails, and there are no
Feasible Successors in the topology table
...
Query packets are
sent as a multicast to address 224
...
0
...
Reply packets are sent in response to Query packets, assuming the
responding router has an alternative route (feasible successor)
...
Recall that EIGRP utilizes the Reliable Transport Protocol (RTP) to
ensure reliable delivery of most EIGRP packets
...
Acknowledgment packets!
Acknowledgment packets (also known as ACK’s) are simply Hello packets with
no data, other than an acknowledgment number
...
The following packet types employ RTP to ensure reliable
delivery via ACK‟s:
Update Packets
Query Packets
Reply Packets
Hello and Acknowledgments (ha!) packets do not utilize RTP, and thus do not
require acknowledgement
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A stable EIGRP network will have all routes in a Passive state
...
Multiple routes in an Active state indicate an unstable EIGRP
network
...
Routes will become Stuck-in-Active (SIA) when a router sends out a Query
packet, but does not receive a Reply packet within three minutes
...
To view the current state of routes in the EIGRP topology table:
Router# show ip eigrp topology
IP-EIGRP
Topology
Table
for
AS(10)/ID(172
...
1
...
3
...
0/16,
via
172
...
0
...
16
...
2 (2297856/128256),
1 successors, FD is 281600
Connected, Serial 1
Serial0 P
To view only active routes in the topology table:
Router# show ip eigrp topology active
IP-EIGRP
Topology
Table
for
AS(10)/ID(172
...
1
...
19
...
0/16, 1 successors, FD is 23456056 1 replies,
active 0:00:38, query-origin: Multiple Origins
(Reference: http://www
...
com/en/US/tech/tk365/technologies_tech_note09186a008010f016
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The MTU value is actually never used to calculate the metric
By default, only Bandwidth and Delay of the Line are used
...
Bandwidth and delay are
determined by the interfaces that lead towards the destination network
...
The delay is the total delay of all outgoing interfaces in the path
...
When configuring EIGRP metrics, we actually identify which
metrics we want EIGRP to consider
...
Thus, using on/off logic:
K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0
If all metrics were set to “on,” the full formula for determining the EIGRP
metric would be:
[K1 * bandwidth * 256 + (K2 * bandwidth) / (256 - load)
+ K3 * delay * 256] * [K5 / (reliability + K4)]
Remember, the “K” value is either set to on (“1”) or off (“0”)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The second actually identifies which EIGRP metrics to use
...
The next numbers, in
order, are K1 (1), K2 (1), K3 (1), K4 (0), and K5 (0)
...
Our formula would thus be:
[K1 * bandwidth * 256 + (K2 * bandwidth) / (256 - load)
+ K3 * delay * 256]
The actual values of our metrics (such as bandwidth, delay, etc
...
We can adjust the bandwidth of an interface:
Router(config)# int s0/0
Router(config-if)# bandwidth 64000
Router(config-if)# ip bandwidth-percent eigrp 10 30
However, this command does not actually dictate the physical speed of the
interface
...
Best
practice is to set the bandwidth to the actual physical speed of the interface
...
The percentage is based on the
configured bandwidth value
...
The above command adjusts this to 30% for
Autonomous System 10
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
210
Configuring Basic EIGRP
Routing protocol configuration occurs in Global Configuration mode
...
16
...
0
RouterA(config-router)# network 10
...
0
...
The “10”
indicates the Autonomous System number that we are using
...
Only other EIGRP routers in Autonomous System 10 will form neighbor
adjacencies and share updates with this router
...
Second, they identify which interfaces on the local router to attempt to
form neighbor relationships out of (similar to OSPF)
...
0(4), the network statements were classful, despite
the fact that EIGRP is a classless routing protocol
...
0
...
0 command would advertise the networks of directlyconnected interfaces belonging to the 10
...
0
...
It
would further attempt to form neighbor relationships out of these interfaces
...
0(4) and later provided us with more granular control of our
network statements
...
16
...
0 0
...
255
...
1
...
0 0
...
0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Just as with RIP, we can use the passive-interface command
...
EIGRP will no longer form neighbor
relationships out of a “passive” interface, thus this command prevents
updates from being sent or received out of this interface:
RouterC(config)# router eigrp 10
RouterC(config-router)# network 10
...
0
...
2
...
0
RouterC(config-router)# passive-interface s0
Router C will not form a neighbor adjacency with Router B
...
4
...
0
RouterC(config-router)# network 10
...
0
...
No routing
updates are passed in either direction
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The above example would pose no problem for EIGRP
...
For example, when Router A sends an EIGRP update to Router B via
Serial0, by default it will still summarize the 10
...
0
...
0
...
0/8
...
1
...
0/16 and 192
...
123
...
Likewise, the 66
...
33
...
0
...
0/8
...
The best metric from among the summarized routes will be applied to this
summary route
...
This
is to prevent routing loops
...
1
...
0/16 and 66
...
33
...
(Reference: http://www
...
com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
EIGRP also supports load-balancing
across routes with an unequal metric
...
The route
through Router B became a Feasible Successor
...
We must use
the variance command to tell EIGRP to load-balance across these
unequal-metric links:
RouterA(config)# router eigrp 10
RouterA(config-router)# variance 2
RouterA(config-router)# maximum-paths 6
The variance command assigns a “multiplier,” in this instance of 2
...
Thus, any Feasible Successors with a metric within twice that of our
Feasible Distance (i
...
12 through 22) will now be used for load balancing
by EIGRP
...
The maximum-paths command adjusts the number of links EIGRP can
loadbalance across
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
2
0 172
...
1
...
19
...
1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10
...
0
...
16
...
2 (2297856/128256), Serial0 P
172
...
0
...
18
...
0/16, 1 successors, FD is 128256
via Connected, Serial 2
P 172
...
0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
1/16
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
output
removed>
To view information specific to the EIGRP protocol:
Router# show ip protocols
Routing Protocol is "eigrp 10"
Outgoing update filter list for all interfaces is not set Incoming
update filter list for all interfaces is not set Default networks
flagged
in
outgoing
updates
Default
networks
accepted
from
incoming
updates
EIGRP
metric
weight
K1=1,
K2=0,
K3=1,
K4=0,
K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 10
Automatic network summarization is not in effect Maximum
path: 4
Routing
for
Networks:
172
...
0
...
18
...
0
172
...
0
...
16
...
2
90
00:23:49
Distance: internal 90 external 170
This command provides us with information on EIGRP timers, EIGRP
metrics, summarization, and the specific networks RIP is advertising
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
0 is directly connected, Serial0
172
...
0
...
3
...
0 [90/2297856] via 172
...
1
...
3
...
0
Routing entry for 10
...
0
...
16
...
2 on Serial 0, 00:00:15 ago
To debug EIGRP in realtime:
Router#
Router#
Router#
Router#
debug eigrp neighbors
debug eigrp packet
debug eigrp route
debug eigrp summary
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
217
Section 20
- Open Shortest Path First OSPF (Open Shortest Path First)
OSPF is a standardized Link-State routing protocol, designed to scale
efficiently to support larger networks
...
OSPF will form neighbor relationships with adjacent routers in the
same Area
...
OSPF sends updates (LSAs) when there is a change to one of its links,
and will only send the change in the update
...
OSPF traffic is multicast either to address 224
...
0
...
0
...
6 (all Designated Routers)
...
OSPF is a classless protocol, and thus supports VLSMs
...
OSPF routes have an administrative distance is 110
...
OSPF has no hop-count limit
...
A topology table - contains a list of all possible routes to all known
networks within an area
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
218
OSPF Neighbors
OSPF forms neighbor relationships, called adjacencies, with other routers in
the same Area by exchanging Hello packets to multicast address 224
...
0
...
Only after an adjacency is formed can routers share routing information
...
The Router ID can be
determined in one of three ways:
The Router ID can be manually specified
...
If no loopback interface exists, the highest IP address configured on
any Physical interface will become the Router ID
...
OSPF also has a Dead Interval, which indicates how long a router will wait
without hearing any hellos before announcing a neighbor as “down
...
Notice that, by default, the dead interval timer is four times the
Hello interval
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
)
Prefix
Subnet Mask
Hello Interval
Dead Interval
Network Type (broadcast, point-to-point, etc
...
Hello packets also contain a neighbor field that
lists the Router IDs of all neighbors the router is connected to
...
cisco
...
html)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
220
OSPF Designated Routers
In multi-access networks such as
Ethernet, there is the possibility of
many neighbor relationships on the
same physical segment
...
Using the following formula (where
“n” is the number of routers):
n(n-1)/2
…
...
Increase the number of routers to five, and 10 separate adjacencies
would be required
...
If a link off of Router A were to fail, it would flood this information to all
neighbors
...
This is a waste of bandwidth and processor load
...
0
...
6
...
OSPF routers will form adjacencies with the DR and BDR
...
This greatly reduces the flooding of LSAs
...
The router with the highest priority
becomes the DR; second highest becomes the BDR
...
To
change the priority on an interface:
Router(config-if)# ip ospf priority 125
Default priority on Cisco routers is 1
...
Note: The DR election process is not
preemptive
...
Thus, a router that should never
become the DR should always have its priority set to 0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Init - indicates a Hello packet has been heard from the neighbor, but twoway
communication has not yet been initialized
...
Recall that Hello packets contain a neighbor field
...
Designated and Backup Designated Routers are elected at
this stage
...
Master/slave relationships are formed between routers to
determine who will begin the exchange
...
DBDs contain a description of the router‟s Topology Database
...
Loading - indicates the routers are finally exchanging Link State
Advertisements, containing information about all links connected to each
router
...
Full - indicates that the routers are fully synchronized
...
Depending on the “role” of the
neighbor, the state may appear as:
Full/DR - indicating that the neighbor is a Designated Router (DR)
Full/BDR - indicating that the neighbor is a Backup Designated
Router (BDR)
Full/DROther - indicating that the neighbor is neither the DR or
BDR
On a multi-access network, OSPF routers will only form Full adjacencies with
DRs and BDRs
...
This is normal OSPF behavior
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
OSPF‟s interaction with Frame Relay will be explained in another
section
Broadcast Multi-Access - indicates a topology where broadcast occurs
...
OSPF will elect DRs and BDRs
...
0
...
6
...
0
...
5
...
Point-to-Point - indicates a topology where two routers are directly
connected
...
OSPF will not elect DRs and BDRs
...
0
...
5
...
Point-to-Multipoint - indicates a topology where one interface can connect to
multiple destinations
...
An example would be Point-to-Multipoint Frame Relay
...
All OSPF traffic is multicast to 224
...
0
...
Neighbors do not need to be manually specified
...
An example would be Frame Relay
...
OSPF neighbors must be manually defined, thus All OSPF traffic
is unicast instead of multicast
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
223
Configuring OSPF Network Types
The default OSPF network type for basic Frame Relay is Non-broadcast
Multi-access Network (NBMA)
...
1
...
1 101
Router(config-if)# ip ospf network non-broadcast
Router(config)# router ospf 1
Router(config-router)# neighbor 10
...
1
...
However, the Frame-Relay network can be tricked into
allowing broadcasts, eliminating the need to manually specify
neighbors:
Router(config)# interface s0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay map ip 10
...
1
...
The
neighbor no longer needs to be specified, as multicasts will be allowed out
this map
...
To configure manually:
Router(config)# interface e0
Router(config-if)# ip ospf network broadcast
The default OSPF network type for T1‟s (HDLC or PPP) and Point-to-Point
Frame Relay is Point-to-Point
...
1 point-to-point
Router(config-if)# frame-relay map ip 10
...
1
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
However, OSPF supports an
additional network type called Point-to-Multipoint, which will allow neighbor
discovery to occur automatically
...
2 multipoint
Router(config-if)# frame-relay map ip 10
...
1
...
Router(config)# interface s0
Router(config-if)# encapsulation frame-relay
Router(config)# interface s0
...
1
...
1 101
Router(config-if)# ip ospf network point-to-multipoint non-broadcast
Router(config)# router ospf 1
Router(config-router)# neighbor 10
...
1
...
The frame-relay map command no
longer has the broadcast parameter, as broadcasts and multicasts are not
allowed on a non-broadcast network
...
Traffic to those neighbors will be unicast instead of multicast
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
225
The OSPF Hierarchy
OSPF is a hierarchical system that separates an Autonomous System into
individual areas
...
OSPF routers build a Topology Database of all links within their area, and all
routers within an area will have an identical topology database
...
Limiting the topology database to include only the local area conserves bandwidth
and reduces CPU loads
...
As a rule, all other areas must have a connection into Area 0, though this rule can
be bypassed using virtual links (explained shortly)
...
OSPF routers can belong to multiple areas, and will thus contain separate
Topology databases for each area
...
Consider the above example
...
Area
0, again, is the backbone area for this Autonomous System
...
Routers A and B belong fully to Area 1, while Routers E and F belong fully to
Area 2
...
Router C belongs to both Area 0 and Area 1
...
Because it
has an interface in Area 0, it can also be considered a Backbone Router
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
226
The OSPF Hierarchy (continued)
Now consider the above example
...
However, Router G also has a connection to the Internet, which is outside
this Autonomous System
...
A
router can become an ASBR in one of two ways:
By connecting to a separate Autonomous System, such as the Internet
By redistributing another routing protocol into the OSPF process
...
OSPF defines two “types” of
external routes:
Type 2 (E2) - Includes only the external cost to the destination
network
...
This is the default type assigned to external routes
...
Type 1 routes are always preferred over Type 2 routes to the
same destination
...
Area Border Routers (ABRs) - contains interfaces in at least two
separate areas
Backbone Routers - contain at least one interface in Area 0
Autonomous System Border Routers (ASBRs) - contain a
connection to a separate Autonomous System
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
227
LSAs and the OSPF Topology Database
OSPF, as a link-state routing protocol, does not rely on routing-by-rumor as RIP
and IGRP do
...
A link is simply a router interface
...
OSPF routers forward
link-state advertisements (LSAs) to ensure the topology database is
consistent on each router within an area
...
Type 1 LSAs are generated by all
routers in OSPF, and are flooded to all other routers within the local area
...
Network Summary LSA (Type 3) - Generated by all ABRs in OSPF,
and contains a list of all destination networks within an area
...
ASBR Summary LSA (Type 4) - Generated by ABRs in OSPF, and
contains a route to any ASBRs in the OSPF system
...
External LSA (Type 5) - Generated by ASBRs in OSPF, and contain
routes to destination networks outside the local Autonomous System
...
Type 5 LSAs are flooded to all areas in the OSPF
system
...
Later in this section, Type 7 NSSA External LSAs will be described in
detail
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Routers C and D are ABRs
...
All routers will generate Router (Type 1) LSAs
...
This LSA will be flooded to all other routers in Area 1
...
For example, if
Router C was elected the DR for the multi-access network in Area 1, it
would generate a Type 2 LSA containing a list of all routers attached to it
...
For example, Router C is an ABR between Area 0 and Area 1
...
Type 3 LSAs sent into Area 0 will contain a list
of networks within Area 1, including costs to reach those
networks
...
This allows Area 1 to reach
any other area, and all other areas to reach Area 1
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
For example,
Router C will send Type 4 LSAs into Area 1 containing a route to the
ASBR, thus providing routers in Area 1 with the path out of the
Autonomous System
...
For example, Router G will
generate Type 5 LSAs that contain routes to network outside the AS
...
Each type of LSA is propagated under three circumstances:
When a new adjacency is formed
...
When an LSA reaches its maximum age (every 30 minutes, by
default)
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
230
The OSPF Metric
OSPF determines the best (or shortest) path to a destination network using a
cost metric, which is based on the bandwidth of interfaces
...
Lowest cost is preferred
...
544Mbps)
Token Ring (4Mbps)
Ethernet (10 Mbps)
Token Ring (16 Mbps)
Fast Ethernet
1785
1562
64
25
10
6
1
On Serial interfaces, OSPF will use the configured bandwidth (measured in
Kbps) to determine the cost:
Router(config)# interface s0
Router(config-if)# bandwidth 64
The default cost of an interface can be superseded:
Router(config)# interface e0
Router(config-if)# ip ospf cost 5
Changing the cost of an interface can alter which path OSPF deems the
“shortest,” and thus should be used with great care
...
This indicates that a 100Mbps link will have a cost of 1
(because 100/100 is 1)
...
For example, the cost
of 4 Mbps Token Ring is 25 because 100/4 = 25
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
On
Router A, to configure OSPF:
RouterA(config)# router ospf 1
RouterA(config-router)# router-id 1
...
1
...
16
...
0 0
...
255
...
17
...
0 0
...
255
...
The “1”
indicates the OSPF process ID, and can be unique on each router
...
The
router-id command assigns a unique OSPF ID of 1
...
1
...
Note the use of a wildcard mask instead of a subnet mask in the network
statement
...
The wildcard mask
0
...
255
...
The first network statement places interface E0 on Router A into Area 1
...
The network statement could have been written more specifically:
RouterA(config)# router ospf 1
RouterA(config-router)# network 172
...
1
...
0
...
0 area 1
RouterA(config-router)# network 172
...
1
...
0
...
0 area 0
In order for Router B to form a neighbor relationship with Router A, its
connecting interface must be put in the same Area as Router A:
RouterB(config)# router ospf 1
RouterA(config-router)# router-id 2
...
2
...
17
...
2 0
...
0
...
18
...
1 0
...
0
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
232
OSPF Passive-Interfaces
It is possible to control which router interfaces will participate in the OSPF
process
...
However, please note that the passive-interface command works differently with
OSPF than with RIP or IGRP
...
4
...
0 0
...
255
...
2
...
0 0
...
255
...
It is possible to configure all interfaces to be passive using the passiveinterface default command, and then individually use the no passiveinterface command on the interfaces that neighbors should be formed on:
RouterC(config)# router ospf 1
RouterC(config-router)# network 10
...
0
...
0
...
255 area 0
RouterC(config-router)# network 10
...
0
...
0
...
255 area 0
RouterC(config-router)# passive-interface default
RouterC(config-router)# no passive-interface e0
Always remember, that the passive-interface command will prevent OSPF (and
EIGRP) from forming neighbor relationships out of that interface
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
233
OSPF Virtual Links
Earlier in this guide, it was stated that all areas must directly connect into Area
0, as a rule
...
In normal OSPF
operation, this shouldn‟t be possible
...
Virtual links can be used as a workaround, to
logically connect separated areas to Area 0
...
One end of the Virtual Link must be connected to Area 0
...
Configuration on Router B
would be as follows:
RouterB(config)# router ospf 1
RouterB(config-router)# router-id 2
...
2
...
3
...
3
The first command enables the ospf process
...
2
...
2
...
Notice that it specifies area
1, which is the transit area
...
3
...
3
...
3
...
3
RouterC(config-router)# area 1 virtual-link 2
...
2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
In order for
OSPF to function properly, the two Area 0‟s must be connected using a
virtual link
...
2
...
2
RouterB(config-router)# area 1 virtual-link 3
...
3
...
3
...
3
RouterC(config-router)# area 1 virtual-link 2
...
2
...
Additionally, the transit area cannot be a stub area
...
3
...
3 message-digest-key 1 md5 MYKEY
RouterC(config)# router ospf 1
RouterC(config-router)# area 1 virtual-link 2
...
2
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
7
...
7
6
...
6
...
50
...
2
150
...
18
...
The OSPF priority of the remote neighbor (used for DR/BDR
elections)
...
The dead interval timer
...
The local interface connecting to the remote neighbor
...
9
...
9) (Process ID 10)
Router Link States (Area 0)
Link ID
7
...
7
...
8
...
8
ADV Router Age
7
...
7
...
8
...
8
291
Seq#
0x80000007
0x80000007
Checksum Link count
0x42A0
2
0x9FFC
1
Seq#
0x80000005
0x80000003
Checksum
0x13E4
0x345A
Summary Net Link States (Area 0)
Link ID
ADV Router Age
192
...
12
...
7
...
7
103
192
...
34
...
7
...
7
105
The Topology Table provides the following information:
The actual link (or route)
...
The link-state age timer
...
(Reference: http://www
...
com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d02e
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
9
...
9
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs
...
Checksum Sum 0x0
Number of opaque AS LSA 0
...
1 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 3 times
Area ranges are
Number of LSA 2
...
Checksum Sum 0x0
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
The show ip ospf command provides the following information:
The local Router ID
...
The number of interfaces in specific areas, including the type of area
...
The sequence number and checksum for each entry
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
168
...
2/24, Area 0
Process ID 10, Router ID 9
...
9
...
7
...
7
Suppress hello for 0 neighbor(s)
The show ip ospf interface command provides the following information:
The local Router ID
...
The OSPF cost for the interface
...
A list of neighbor adjacencies
...
168
...
0
0
...
0
...
168
...
0 0
...
0
...
7
...
7
110
00:01:05
Distance: (default is 110)
The show ip protocols command provides the following information:
Locally originated networks that are being advertised
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
238
Troubleshooting OSPF (continued)
To reset an OSPF process, including neighbor adjacencies:
Router# clear ip ospf process
To display information about OSPF virtual-links:
Router# show ip ospf virtual-links
To display routes to both ABRs and ASBRs:
Router# show ip ospf border-routers
To debug OSPF in realtime:
Router# debug ip ospf adj
Router# debug ip ospf events
Router# debug ip ospf hello
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
239
Part IV
VLANs, Access-Lists, and Services
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
240
Section 21
- VLANs and VTP Review of Collision vs
...
Thus, Layer-2 switches create more
collision domains, which results in fewer collisions
...
Layer-2 switches will forward a
broadcast or multicast out every port, excluding the port the broadcast or
multicast originated from
...
Because of this,
Layer-2 switches are not well suited for large, scalable networks
...
Virtual LANs (VLANs)
Virtual LANs (or VLANs) separate a Layer-2 switch into multiple
broadcast domains
...
e
...
Individual ports or groups of ports can be assigned to a specific VLAN
...
Broadcasts
from one VLAN will never be sent out ports belonging to another VLAN
...
A Layer-3 switch, in addition to supporting VLANs, must
also be capable of routing, and caching IP traffic flows
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
241
VLAN Example
Consider the following example:
Four computers are connected to a Layer-2 switch that supports VLANs
...
Because Computers A and B belong to the same VLAN, they belong to the same
IP subnet and broadcast domain
...
Computers C and D likewise belong to the same VLAN and IP subnet
...
However, Computers A and B will not be able to communicate with
Computers C and D, as they belong to separate VLANs, and thus separate IP
subnets
...
A router will be necessary for both VLANs to communicate
...
Otherwise, an external router is required for inter-VLAN
communication
...
VLAN 1 is considered the Management VLAN (by default)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
In contrast, each VLAN
belongs to its own broadcast domain (or IP subnet); thus broadcast traffic from
one VLAN will never reach another VLAN
...
Flexibility and Scalability - VLANs remove the physical boundaries of a
network
...
Thus, access to
resources will never be interrupted
...
Any device connecting to that switch-port(s)
becomes a member of that VLAN
...
Dynamically - Devices are automatically assigned into a VLAN
based on its MAC address
...
Cisco developed a dynamic VLAN product called the VLAN Membership
Policy Server (VMPS)
...
Catalyst switches that participate in a VTP domain (explained shortly)
support up to 1005 VLANs
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
243
Static VLAN Configuration
The first step in configuring VLANs is to create the VLAN:
Switch(config)# vlan 100
Switch(config-vlan)# name MY_VLAN
The first command creates VLAN 100, and enters VLAN configuration
mode
...
Naming a VLAN is not required
...
dat
...
Next, an interface (or range of interfaces) must be assigned to this VLAN
...
Switch(config)# interface fa0/10
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 100
The first command enters interface configuration mode
...
The third command assigns this access port to
VLAN 100
...
To view the list of VLANs, including which ports are assigned to each
VLAN:
Switch# show vlan
VLAN Name
Status
1
100
1002
1003
1004
1005
active
fa0/1-9,11-24
active
fa0/10
suspended
suspended
suspended
suspended
default
MY_VLAN
fddi-default
token-ring-default
fddinet-default
trnet-default
Ports
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
244
VLAN Port “Types”
There are two types of ports supported on a VLAN-enabled switch, access
ports and trunk ports
...
Host devices, such as computers
and printers, plug into access ports
...
This is done transparently, and the host is usually
unaware of the VLAN infrastructure
...
VLANs can span multiple switches
...
The first requires creating “uplink” access ports between all
switches, for each VLAN
...
A better alternative is to use trunk ports
...
Any or all VLANs can traverse trunk links to reach other
switches
...
The following diagram illustrates the advantage of using trunk ports, as
opposed to uplinking access ports:
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
245
VLAN Frame-Tagging
When utilizing trunk links, switches need a mechanism to identify which
VLAN a particular frame belongs to
...
Tagging occurs only when a frame is sent out a trunk port
...
The
frame never leaves the Switch 1, stays within its own VLAN, and will simply
be switched to Computer 2
...
Again, the frame never leaves the switch,
but because Computer 3 is in a different VLAN, the frame must be routed
...
It is stamped with its VLAN ID (in this case,
VLAN A), and when Switch 2 receives the frame, it will only forward it out ports
belonging to VLAN A (fa0/0, and fa0/1)
...
Cisco switches support two frame-tagging protocols, Inter-Switch Link
(ISL) and IEEE 802
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
246
Inter-Switch Link (ISL)
ISL is Cisco‟s proprietary frame-tagging protocol, and supports Ethernet,
Token Ring, FDDI, and ATM frames
...
The header
contains the 10 byte VLAN ID
...
Because ISL increases the size of a frame, non-ISL devices (i
...
non-Cisco
devices) will actually drop ISL-tagged frames
...
ISL frames can be as large as 1544 bytes; thus, non-ISL devices will see these
packets as giants (or corrupted packets)
...
Newer Catalyst models may not
support ISL tagging
...
1Q
IEEE 802
...
Thus, switches from multiple vendors can be trunked together
...
1Q actually embeds a
4-byte VLAN ID into the Layer-2 frame header
...
However, most modern switches support 802
...
Neither ISL nor 802
...
Manual vs
...
1Q tagging can be manually configured on Catalyst trunk ports
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
247
Configuring Trunk Links
To manually configure a trunk port, for either ISL or 802
...
The
second line manually sets the tagging (or encapsulation) protocol the trunk link
will use
...
The third line manually sets the switchport
mode to a trunk port
...
If the
switches support both ISL and 802
...
By default, trunk ports allow all VLANs to traverse the trunk link
...
The second switchport command will re-allow the
trunk port to pass traffic from VLANs 60-65
...
Switch(config)# interface fa0/24
Switch(config-if)# switchport trunk allowed vlan all
Switch(config-if)# switchport trunk allowed vlan except 2-99
Certain VLANs are reserved and cannot be removed from a trunk link,
including VLAN 1 and system VLANs 1002-1005
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A
trunking interface can only be assigned one native VLAN
...
1Q
supports native VLANs, whereas ISL does not
...
The
native VLAN should be configured identically on both sides of the 802
...
Native VLANs are often configured when plugging Cisco VoIP phones into a
Catalyst Switch (beyond the scope of this section)
...
For example, if an end user connects a computer into a trunk
port, the trunking status will fail and the interface will
essentially become an access port
...
Native VLANs provide another benefit
...
Consider the following
example:
Assume that both 802
...
1Q switch, and that the trunk ports are configured in Native VLAN 42
...
1Q switches be able to communicate with each other, the
non-802
...
(Please note, that the author of this study guide finds the “benefit” of the above
example of Native VLANs to be……dubious at best, and confusing as hell at
worst)
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
249
Dynamic Trunking Protocol (DTP) Configuration
Not only can the frame tagging protocol of a trunk port be auto-negotiated, but
whether a port actually becomes a trunk can be negotiated dynamically as well
using the Dynamic Trunking Protocol (DTP)
...
If a
switchport is set to dynamic auto, the interface will passively wait for the remote
switch to initiate the trunk
...
If one port is set to dynamic desirable, and the other is set to manual
trunk, dynamic desirable, or dynamic auto - a trunk will form
...
If both ports are set to dynamic auto, the link will never become a
trunk, as both ports are waiting for the other to initialize the trunk
...
In general, it is best to manually specific the trunk link, and disable DTP
using the switchport nonegotiate command:
Switch(config)# interface fa0/24
Switch(config-if)#
switchport mode trunk
Switch(config-if)# switchport nonegotiate
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
250
Troubleshooting Trunks
When troubleshooting a misbehaving trunk link, ensure that the following is
configured identically on both sides of the trunk:
Mode - both sides must be set to trunk or dynamically negotiated
Frame-tagging protocol - ISL, 802
...
To view whether a port is an access or trunk port (such as fa0/5):
Switch# show interface fa0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 42
To view the status of all trunk links:
Switch# show interface trunk
Port
Fa0/24
Mode
on
Encapsulation
802
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
251
VLAN Trunking Protocol (VTP)
In large switching environments, it can become difficult to maintain a
consistent VLAN database across all switches on the network
...
Switches configured with VTP are joined to a VTP domain
...
When an update is made to the VLAN
database, this information is propagated to all switches via VTP
advertisements
...
VTP updates are sent across VLAN 1, and are
only sent out trunk ports
...
The key additions provided by VTP
Version 2 are support for Token Ring and Consistency Checks
...
Cisco describes VTP Version 3 as such: “VTP version 3 differs from earlier VTP
versions in that it does not directly handle VLANs
...
”
(If you are confused, don‟t be alarmed
...
Cisco further defines the enhancements that VTP version 3 provides:
Support for extended VLANs
Support for the creation and advertising of private VLANs
Support for VLAN instances and MST mapping propagation instances
Improved server authentication
Protection from the “wrong” database accidently being inserted into a
VTP domain
...
(Reference: http://www
...
com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52
...
cisco
...
x/configuration/guide/vtp
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Servers advertise their VLAN database to all other switches on the
network, including other VTP servers
...
VTP servers can only advertise VLANs 1 - 1005
...
A client will also
forward an update from a server to other clients out its trunk port(s)
...
A VTP Transparent switch maintains its own separate VLAN database,
and will neither advertise nor accept any VLAN database information from
other switches, even a server
...
Transparent switches handle this pass-through differently depending on the
VTP version:
VTP Version 1 - the transparent switch will only pass updates from
the same VTP domain
...
As a best practice, a new switch should be configured as a VTP client in the
VTP domain, and have its configuration revision number (described in the
next section) set back to zero before being installed into a production
network
...
This could result in a
significant network outage
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Every change to the VLAN
database increments the configuration revision number by 1
...
This is true even if the advertising switch is a VTP Client
...
REMEMBER: a VTP client can update other clients and VTP servers in the VTP
domain, if its revision number is higher
...
VTP utilizes three message types:
Summary Advertisement - sent out every 300 seconds, informing all
VTP switches of the current configuration revision number
...
The subset advertisement actually contains the
updated VLAN database
...
A switch that is newly joined to
the VTP domain will send out an Advertisement Request
...
A Subset Advertisement will then be sent to that switch,
so that it can synchronize the latest VLAN database
...
cisco
...
shtml)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
254
Configuring VTP
To configure the VTP domain (the domain name is case sensitive):
Switch(config)# vtp domain MYDOMAIN
To configure the VTP mode:
Switch(config)# vtp mode server
Switch(config)# vtp mode client
Switch(config)# vtp mode transparent
The VTP domain can be further secured using a password:
Switch(config)# vtp password PASSWORD
All switches participating in the VTP domain must be configured with the
same password
...
By default, a Catalyst switch uses VTP version 1
...
If applied on a VTP server, the following command will enable VTP
version 2 globally on all switches:
Switch(config)# vtp version 2
To view status information about VTP:
Switch# show vtp status
VTP Version
: 2
Configuration Revision
: 42
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 7
VTP Operating Mode
: Server
VTP Domain Name
: MYDOMAIN
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Enabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x42 0x51 0x69 0xBA 0xBE 0xFA 0xCE
Configuration last modified by 0
...
0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
In the following example, VTP pruning would prevent VLAN C broadcasts from
being sent to Switch 2
...
With VTP pruning, traffic is only sent out the necessary VLAN trunk ports
where those VLANs exist
...
If applied on a
VTP server, the following command will enable VTP pruning globally on all
switches:
Switch(config)# vtp pruning
On trunk ports, it is possible to specify which VLANs are pruning eligible:
Switch(config)# interface fa0/24
Switch(config-if)# switchport trunk pruning vlan add 2-50
Switch(config-if)# switchport trunk pruning vlan remove 50-100
Switch(config)# interface fa0/24
Switch(config-if)# switchport trunk pruning vlan all
Switch(config-if)# switchport trunk pruning vlan except 2-100
VLAN 1 is never eligible for pruning
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
256
Section 22
- Access Control Lists Access Control Lists (ACLs)
Access control lists (ACLs) can be used for two purposes on Cisco devices: to
filter traffic, and to identify traffic
...
Each rule or line in
an access-list provides a condition, either permit or deny:
When using an access-list to filter traffic, a permit statement is used to
“allow” traffic, while a deny statement is used to “block” traffic
...
It is thus interpreted as a
true/false statement
...
However, there are several
instances when it is necessary to identify traffic using ACLs, including:
Identifying interesting traffic to bring up an ISDN link or VPN tunnel
Identifying routes to filter or allow in routing updates
Identifying traffic for QoS purposes
When filtering traffic, access lists are applied on interfaces
...
Once a match is
made, the packet is either permitted or denied
...
You don‟t create it,
and you can‟t delete it
...
Access lists are applied either inbound (packets received on an interface,
before routing), or outbound (packets leaving an interface, after routing)
...
More specific and frequently used rules should be at the top of your access list, to
optimize CPU usage
...
You
cannot remove individual lines from a numbered access list
...
Best practice is to use a text editor
to manage your access-lists
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Numbered access lists are broken down into several ranges, each dedicated to a
specific protocol:
1-99
100-199
200-299
300-399
400-499
500-599
600-699
700-799
800-899
900-999
1000-1099
1100-1199
1200-1299
1300-1999
2000-2699
IP standard access list
IP extended access list
Protocol type-code access list
DECnet access list
XNS standard access list
XNS extended access list
Appletalk access list
48-bit MAC address access list
IPX standard access list
IPX extended access list
IPX SAP access list
Extended 48-bit MAC address access list
IPX summary address access list
IP standard access list (expanded range)
IP extended access list (expanded range
Remember, individual lines cannot be removed from a numbered access list
...
All new entries to a numbered
access list are added to the bottom
...
Descriptive names can be used
to identify your access-lists
...
However, like numbered lists, all new entries
are still added to the bottom of the access list
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
258
Wild Card Masks
IP access-lists use wildcard masks to determine two things:
1
...
Which part of an address can match any number
This is as opposed to a subnet mask, which tells us what part of an address is the
network (subnet), and what part of an address is the host
...
Consider the following address and wildcard mask:
Address:
172
...
0
...
0
...
255
The above would match any address that begins “172
...
” The last two
octets could be anything
...
If a bit is set to 0 in a wild-card mask, the corresponding bit in the
address must be matched exactly
...
If a bit is set to 1 in a wild-card mask, the corresponding bit in the
address can match any number
...
To see this more clearly, we‟ll convert both the address and the wildcard
mask into binary:
Address:
Wild Card Mask:
10101100
...
00000000
...
00000000
...
11111111
Any 0 bits in the wildcard mask, indicates that the corresponding bits in the
address must be matched exactly
...
00010000 = 172
...
Thus, the last two octets can be any number, and it will still match this
access-list entry
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
1), how would we do it?
Address:
172
...
1
...
0
...
0
Written out in binary, that looks like:
Address:
Wild Card Mask:
10101100
...
00000001
...
00000000
...
00000000
Remember what a wildcard mask is doing
...
The above wildcard mask has all
bits set to 0, which means we must match all four octets exactly
...
16
...
1 0
...
0
...
16
...
1
How would we match all addresses with a wildcard mask?
Address:
0
...
0
...
255
...
255
Written out in binary, that looks like:
Address:
Wild Card Mask:
00000000
...
00000000
...
11111111
...
11111111
Notice that the above wildcard mask has all bits set to 1
...
There are actually two ways we can match all addresses:
Using a wildcard mask with all bits set to 1 - 0
...
0
...
255
...
255
Using the keyword “any” - any
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
260
Standard IP Access List
access-list [1-99] [permit | deny] [source address] [wildcard mask] [log]
Standard IP access-lists are based upon the source host or network IP
address, and should be placed closest to the destination network
...
18
...
0 from accessing the 172
...
0
...
18
...
0 0
...
255
...
0
...
255 on the first line
...
18
...
x network
...
Remember that you must have at least one permit statement in your
access list
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Extended access-lists should be placed
closest to the source network
...
16
...
x network with an IP address of
172
...
10
...
In order to block network 172
...
0
...
16
...
0 network, EXCEPT for the HTTP port on the web
server, we would create the following access-list on Router B:
Router(config)# access-list 101 permit tcp 172
...
0
...
0
...
255 host 172
...
10
...
18
...
0 0
...
255
...
16
...
0 0
...
255
...
18
...
x network access only to port 80 on the
web server
...
18
...
x from accessing anything else on
the 172
...
x
...
The third line allows 172
...
x
...
We could have identified the web server in one of two ways:
Router(config)# access-list 101 permit tcp 172
...
0
...
0
...
255 host 172
...
10
...
18
...
0 0
...
255
...
16
...
10 0
...
0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
18
...
0 0
...
255
...
16
...
10 eq 80
We accomplished this using an operator of eq, which is short for equals
...
16
...
10 with a port that equals 80
...
16
...
10 gt 100
The following will match all ports less than 1024:
Router(config)# access-list 101 permit tcp any host 172
...
10
...
16
...
10 neq 443
The following will match all ports between 80 and 88:
Router(config)# access-list 101 permit tcp any host 172
...
10
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
x network with an IP address of
172
...
10
...
We wish to keep track of the number of packets permitted or denied by each line
of an access-list
...
18
...
0 0
...
255
...
16
...
10 eq 80 log
Router(config)# access-list 101 deny ip 172
...
0
...
0
...
255 172
...
0
...
0
...
255 log
Router(config)# access-list 101 permit ip any any log
Notice we added an additional keyword log to each line of the access-list
...
This
information can be sent to a syslog server:
Router(config)# logging on
Router(config)# logging 172
...
1
...
The second logging command
points to a syslog host at 172
...
1
...
We can include more detailed logging information, including the source
MAC address of the packet, and what interface that packet was received on
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
You‟ve been asked to block anyone from the
172
...
x
...
16
...
x network
...
The specific ICMP port that a “ping” uses is echo
...
On Router B, we would
configure:
Router(config)# access-list 102 deny icmp 172
...
0
...
0
...
255 172
...
0
...
0
...
255 echo
Router(config)# access-list 102 permit icmp 172
...
0
...
0
...
255 172
...
0
...
0
...
255
Router(config)# access-list 102 permit ip any any
The first line blocks only ICMP echo requests (pings)
...
The third line allows all other IP traffic
...
However, this would effectively disable ICMP traffic in both directions on the
router
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
265
Telnet Access List
We can create access lists to restrict telnet access to our router
...
18
...
x network from telneting into Router A, but allow all other
networks telnet access
...
18
...
0 0
...
255
...
18
...
x network
...
To apply it to Router A‟s telnet ports:
Router(config)# line vty 0 4
Router(config-line)# access-class 50 in
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
266
Named Access Lists
Named access lists provide us with two advantages over numbered access lists
...
Second, we can remove individual lines in a named
access-list, which is not possible with numbered access lists
...
New entries are always
placed at the bottom of a named access list
...
18
...
0 0
...
255
...
18
...
0 0
...
255
...
16
...
10 eq 80
Router(config-ext-nacl)# deny ip 172
...
0
...
0
...
255 172
...
0
...
0
...
255
Router(config-ext-nacl)# permit ip any any
Notice that the actual configuration of the named access-list is performed in a
separate router “mode”:
Router(config-std-nacl)#
Router(config-ext-nacl)#
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
267
Time-Based Access-Lists
Beginning with IOS version 12
...
The first step to creating a time-based access-list, is to create a time-range:
Router(config)# time-range BLOCKHTTP
The above command creates a time-range named BLOCKHTTP
...
The first time-range sets an absolute time that
will start from May 23, 2006 at 8:00 a
...
, and will end on May 26, 2006 at
8:00 p
...
The second time-range sets a periodic time that is always in effect on
weekdays from 6:00 p
...
to 11:00 p
...
Only one absolute time statement is allowed per time-range, but multiple
periodic time statements are allowed
...
This will
result in HTTP traffic being blocked, but only during the time specified in the
time-range
...
cisco
...
htm)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
268
Advanced Wildcard Masks
Earlier in this section, we discussed the basics of wildcard masks
...
For
example, assume we wanted a standard access-list that denied the
following hosts:
172
...
1
...
16
...
5
172
...
1
...
16
...
7
We could create an access-list with four separate lines:
Router(config)#
Router(config)#
Router(config)#
Router(config)#
access-list 10 deny 172
...
1
...
0
...
0
access-list 10 deny 172
...
1
...
0
...
0
access-list 10 deny 172
...
1
...
0
...
0
access-list 10 deny 172
...
1
...
0
...
0
However, it is also possible to match all four addresses in one line:
Router(config)# access-list 10 deny 172
...
1
...
0
...
3
How do I know this is correct? Let‟s write out the above four addresses, and my
wildcard mask in binary:
172
...
1
...
16
...
5:
172
...
1
...
16
...
7:
10101100
...
00000001
...
00010000
...
00000101
10101100
...
00000001
...
00010000
...
00000111
Wild Card Mask:
00000000
...
00000000
...
Each begin
“10101100
...
00000001
...
Since those bits must match exactly,
the first 30 bits of our wildcard mask are set to 0
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Not only that, but we use every computation of those last two
bits: 00, 01, 10, 11
...
The resulting access-list line:
Router(config)# access-list 10 deny 172
...
1
...
0
...
3
We also could have determined the appropriate address and wildcard mask by
using AND/XOR logic
...
If all bits in a column are set to 0, the corresponding address bit is 0
2
...
If the bits in a column are a mix of 0‟s and 1’s, the corresponding
address bit is a 0
...
16
...
4:
172
...
1
...
16
...
6:
172
...
1
...
00010000
...
00000100
10101100
...
00000001
...
00010000
...
00000110
10101100
...
00000001
...
00010000
...
00000100
Our resulting address is 172
...
1
...
This gets us half of what we need
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
If all bits in a column are set to 0, the corresponding wildcard bit is 0
2
...
If the bits in a column are a mix of 0‟s and 1’s, the corresponding
wildcard bit is a 1
...
16
...
4:
172
...
1
...
16
...
6:
172
...
1
...
00010000
...
00000100
10101100
...
00000001
...
00010000
...
00000110
10101100
...
00000001
...
00000000
...
00000011
Our resulting wildcard mask is 0
...
0
...
Put together, we have:
Router(config)# access-list 10 deny 172
...
1
...
0
...
3
Please Note: We can determine the number of addresses a wildcard mask will
match by using a simple formula:
2n
Where “n” is the number of bits set to 1 in the wildcard mask
...
There will be occasions when we cannot match a range of addresses in one line
...
16
...
4-6, instead of 172
...
1
...
16
...
7 0
...
0
...
16
...
4 0
...
0
...
16
...
7 address
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
271
Advanced Wildcard Masks (continued)
Two more examples
...
1
...
x/24 subnet in one access-list line?
Router(config)# access-list 10 deny 10
...
1
...
0
...
254
Written in binary:
10
...
1
...
00000001
...
00000001
00000000
...
00000000
...
The first three octets must match exactly
...
The last bit in the fourth octet must match exactly
...
3
...
Simple, right? How would we deny all even addresses on the 10
...
1
...
1
...
0 0
...
0
...
1
...
0:
Wild Card Mask:
00001010
...
00000001
...
00000000
...
11111110
What would the result of the above wildcard mask be?
4
...
5
...
Because we set this
bit to 0 in our address, every number this matches will be even
...
All other bits in the fourth octet can match any number
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
There are two common methods for implementing name resolution:
A static file on each host on the network, containing all the name-toaddress translations (examples include the HOSTS/LMHOSTS files)
...
The two most common name resolution systems are Domain Name System
(DNS) and Windows Internet Name Service (WINS)
...
DNS is heavily utilized on the Internet and on systems such as Active
Directory
...
All Internetbased
name resolution utilizes DNS
...
Consider the following translation:
www
...
com = 209
...
225
...
com represents a top level domain
...
google represents a secondary level domain
www represents a host computer in the
...
com domain
...
org,
...
gov
...
ca,
...
de
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
273
Methods of configuring DNS
Recall that DNS name resolution can be implemented in the form of local
HOSTS files, or a centralized name server(s)
...
In Windows
2000/XP operating systems, this file is located:
c:\windows\system32\drivers\etc\hosts
In UNIX/Linux operating systems, this file is generally located: /etc/hosts
There are many disadvantages to using HOSTS files
...
If a change occurs, every device‟s HOSTS file must
be updated
...
All devices point to this centralized DNS server for name resolution, ensuring
that changes only need to occur in one place
...
BIND (Berkeley Internet Name Domain) is the standard implementation
of DNS
...
DNS servers assume one of three roles:
Primary (or master) DNS Server - maintains the SOA (Start of
Authority), and contains the master zone file containing the DNS
records for the domain
...
Secondary (or slave) DNS Server - maintains a current copy of the
master zone file, obtained from the primary server
...
Caching DNS Server - does not maintain a zone file, and is not
authoritative for any domain
...
Both hosts and DNS servers will cache the result of DNS queries for a
period of time
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Reverse Lookup Zones - translates an IP address to a hostname
(otherwise known as the IN-ADDR
...
The following is an example zone file for the fictional example
...
com
$TTL 86400
@
IN
SOA
dns1
...
com
...
example
...
(
2001062501 ; serial
21600
; refresh after 6 hours
3600
; retry after 1 hour
604800
; expire after 1 week
86400 )
; minimum TTL of 1 day
IN
IN
IN
IN
server1
server2
dns1
mail2
www
NS
NS
MX
MX
dns1
...
com
...
example
...
10
...
com
...
example
...
IN
IN
IN
IN
IN
IN
IN
A
A
A
A
CNAME
CNAME
CNAME
10
...
1
...
0
...
5
10
...
1
...
0
...
2
server1
server2
server2
Entries within a zone file are referred to as DNS records
...
SOA (Start of Authority) - identifies the primary (authoritative)
DNS server for the domain
...
CNAME (Canonical Name) - assigns an alias for another host name
...
PTR (Pointer) - used for reverse DNS lookups
...
A lower priority is more
preferred
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The process is as
follows:
1
...
2
...
3
...
If no DNS servers are
configured, the query will fail
...
If the configured DNS server is not authoritative for that domain,
and does not have that DNS entry locally cached, the query will be
forwarded up the DNS hierarchy
...
Organizations often point to their
ISP‟s DNS servers for DNS forwarding purposes
...
If no forwarders are available, the query is forwarded to the Root
DNS server(s), which will likely have the entry cached
...
In the rare circumstance that the Root servers do not have a cached
entry, the query will be forwarded back down the hierarchy to the
authoritative DNS server for that domain
...
When DHCP hands out an IP address lease,
it will automatically update the DNS entry for that host on the DNS server
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A centralized DNS server(s) configured on each device
...
16
...
1
Router(config)# ip host Router2 172
...
1
...
0
...
2 To
disable DNS lookups on an IOS device:
Router(config)# no ip domain-lookup
To configure the local domain on an IOS device:
Router(config)# ip domain-name CISCO
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Dynamic Host Control Protocol (DHCP) provides administrators with a
mechanism to dynamically allocate IP addresses, rather than manually setting
the address on each device
...
There are four steps to this DHCP process:
When a DHCP client first boots up, it broadcasts a DHCPDiscover
message, searching for a DHCP server
...
Once the client receives the offer, it will respond with a
DHCPRequest, indicating that it will accept the offered protocol
information
...
By default, DHCP leases an address for 8 days
...
If
successful, the client receives a new 8 day lease
...
5% of the lease has expired
...
In addition to IP address and subnet mask information, DHCP can provide the
following protocol parameters:
Default Gateway
Domain Name and DNS servers
Time Servers
WINS servers
These are just a few examples of the many DHCP “options” that exist
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The first step is to
create a DHCP pool:
Router(config)# ip dhcp pool MYPOOL
Router(dhcp-config)# network 192
...
1
...
255
...
0
The first command creates a dhcp pool named MYPOOL
...
The above command indicates any address between 192
...
1
...
168
...
255 can be leased
...
168
...
1
Router(config)# ip dhcp excluded-address 192
...
1
...
168
...
10
The first command excludes only address 192
...
1
...
The second
command excludes address 192
...
1
...
168
...
10
...
168
...
1
Router(dhcp-config)# dns-server 192
...
1
...
To view
current DHCP leases:
Router# show ip dhcp binding
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
279
IP Helper Address
Recall that DHCP clients broadcast their DHCPDiscover packets, when
searching for a DHCP server
...
Thus, in the above example, the client would never be able to reach the
DHCP server to acquire its IP address
...
1
...
5
Notice that the ip helper-address command is configured on the interface
connecting to the DHCP client, pointing to the IP address of the DHCP
server
...
And there was much rejoicing
...
cisco
...
html#wp1182972)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
280
Part V
WANs
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
281
Section 24
- Basic WAN Concepts What is a WAN?
There are two prevailing definitions of a Wide Area Network (WAN)
...
The practical definition of a WAN is a network that traverses a public
network or commercial carrier, using one of several WAN technologies
...
A connection between two
buildings using Ethernet as a
medium would generally be
considered a LAN
...
A connection between the
same two buildings, using a
dedicated T1 line as a
medium, would generally be
considered a WAN
...
A variety of
WAN technologies exist, each
operating at both the Physical and
Data-link layers of the OSI
models
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
282
WAN Connection Types
WANs are generally grouped into three separate connection types:
Point-to-Point technologies
Circuit-switched technologies
Packet-switched technologies
Point-to-Point technologies (often called dedicated or leased lines) are
usually the most expensive form of WAN technology
...
Cost is
determined by the distance of the connection, and the amount of bandwidth
allocated
...
Examples of point-to-point technologies include:
T1 lines
T3 lines
Circuit-Switched technologies require call-setup to occur before
information can be transferred
...
Circuitswitched lines are generally low-speed compared to point-to-point lines
...
Thus, bandwidth is not guaranteed, but is instead
allocated on a best effort basis
...
Examples of packet-switched technologies include:
Frame-Relay
X25
(Reference: http://www
...
com/univercd/cc/td/doc/cisintwk/ito_doc/introwan
...
ciscopress
...
pdf)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
283
Common WAN Terms
A wide variety of hardware is used with WANs
...
The above example demonstrates the basic equipment required for a T1 line
...
The CSU/DSU
converts the signal for use on an Ethernet (or other LAN technology)
network
...
Examples include (but are no limited to):
ISDN - a terminal adapter
Dialup - a modem
The Demarc (short for demarcation) refers to the point of last responsibility for
the service provider
...
The Demarc is not
always physically labeled or identifiable
...
The Smart Jack physically terminates the T1 line
...
If
communication to the smart jack is successful, the provider will assume the
issue resides on the customer‟s side of responsibility
...
The Local Loop (or Last Mile) refers to the physical line connecting from
the Customer Premises to the provider‟s nearest Central Office (CO)
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
A WAN is usually terminated on a Cisco device‟s serial interface
...
By default, a serial interface will utilize HDLC for encapsulation
...
25
ATM
Regardless of the WAN encapsulation used, it must identical on both sides of a
point-to-point link
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
285
Section 25
- PPP WAN Encapsulation
Recall that WAN technologies operate at both Physical and Data-link
layers of the OSI models, and that higher-layer protocols such as IP are
encapsulated when sent across the WAN link
...
Serial
interfaces support a wide variety of WAN encapsulation types, which must be
manually specified
...
Other
supported encapsulation types include:
SDLC
PPP
LAPB
Frame-Relay
X
...
HDLC Encapsulation
High-Level Data-link Control (HDLC) is a WAN encapsulation protocol used
on dedicated point-to-point serial lines
...
HDLC is also Cisco‟s default encapsulation type for serial point-to-point
links
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
286
PPP Encapsulation
Point-to-Point Protocol (PPP) is a standardized WAN encapsulation protocol that
can be used on a wide variety of WAN technologies, including:
Serial dedicated point-to-point lines
Asynchronous dial-up (essentially dialup)
ISDN
PPP has four components:
EIA/TIA-232-C - standard for physical serial communication
HDLC - for encapsulating packets into frames over serial lines
LCP - for establishing, setting-up, and terminating point-to-point
links
NCP - allows multiple Layer-3 protocols (such as IP and IPX) to be
encapsulated into frames
PPP
supports several features that HDLC does not:
Authentication
Compression
Multi-link
Error Control
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
287
Configuring PPP
To configure a serial interface for PPP encapsulation:
Router(config)# int s0/0
Router(config-if)# encapsulation ppp
PPP supports two methods of authentication, PAP and CHAP
...
CHAP (Challenge Handshake
Authentication Protocol) uses MD5 to apply an irreversible hash
...
The second line sets the
username and password used for PPP authentication
...
The above configuration sets the authentication to chap
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Frame-relay service providers assume that all clients
will not need the full capacity of their bandwidth at all times
...
All locations plug into the frame relay “cloud,” which is a conglomeration of
dozens or hundreds of Frame-Relay switches and routers
...
For communication to occur between locations, virtual circuits (VC) must be
created
...
In the above example, in order to establish full communication between Detroit and
Houston, we would need to create two virtual circuits:
A virtual circuit between Detroit and Houston
A separate virtual circuit between Houston and Detroit
Frame-relay circuits can either be permanent (PVC), or switched (SVC)
...
A switched virtual circuit is created only when traffic needs to be sent, and is
torn down when communication is complete
...
Frame-Relay switches make decisions based on DLCIs, whereas Ethernet switches
make decisions based on MAC addresses
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Remember that a DLCI identifies a one-way virtual circuit
...
To get this to work, we need to map a DLCI to an IP address
...
We‟ll assign it a DLCI of “102,” and point it to Chicago‟s IP address
...
We could, on the Chicago router, set a DLCI of “102” and point it
to the IP address of the Detroit router
...
When we set a globally significant DLCI, it is really only an administrative
feature
...
In essence, you are symbolically assigning the DLCI of 102 to the Chicago
location
...
Virtual circuits pointing to other locations will be configured with different
DLCIs (Detroit could be 101; Houston could be 103, etc
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
290
Frame-Relay CIR
Bandwidth is provided on a best effort basis in Frame-Relay
...
The provider will give a
best effort to meet the CIR, which is measured in bits per second:
256000 bps
512000 bps
1544000 bps
The above are examples of possible CIR settings, though technically the CIR can
be set to anything
...
However, speeds above the CIR are certainly not guaranteed, and if the Frame
Network becomes congested, any data exceeding the CIR becomes Discard
Eligible, and is at risk of being dropped
...
Cisco - the default, and proprietary, Frame-Relay encapsulation
IETF - the standardized Frame-Relay encapsulation
...
LMI provides status updates of Virtual Circuits
between the Frame switch and the router
...
933a
LMI type is auto-sensed on Cisco routers, but can be manually set if desired
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Remember that PVCs are only one-way circuits, and thus we need to create two
PVCs in order for full communication to occur
...
16
...
1 255
...
0
...
16
...
2 255
...
0
...
The encapsulation frame-relay command sets the frame encapsulation type to the
default of cisco
...
To change
the default encapsulation type, simply append the ietf keyword to the
encapsulation frame-relay command:
Router(config)# int s0/0
Router(config-if)# ip address 172
...
1
...
255
...
0
Router(config-if)# encapsulation frame-relay ietf
The frame-relay lmi-type command sets the signaling type
...
Remember that cisco is the
default LMI-type, and that LMI is usually auto-sensed
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
16
...
1 255
...
0
...
16
...
2 255
...
0
...
The
connection between Detroit and Chicago has been assigned DLCI 102
...
The Frame-Relay provider usually dictates which DLCI numbers to use, as the
provider‟s Frame switch is configured with the appropriate DLCI
information
...
Inverse-ARP is
enabled by default on Cisco routers
...
There are circumstances when DLCIs should be manually assigned
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
All routers
can still belong to the same IP subnet; however, DLCI‟s must now be
mapped to IP addresses, as multiple PVCs are necessary on each interface
...
Otherwise, the DLCI-to-IP mapping can be
performed manually
...
16
...
1 255
...
0
...
16
...
2 102 broadcast
Router(config-if)# frame-relay map ip 172
...
1
...
16
...
2 255
...
0
...
16
...
1 201 broadcast
Router(config-if)# frame-relay map ip 172
...
1
...
The frame-relay map command maps the remote router‟s IP address to a
DLCI
...
16
...
2), and that PVC was assigned a DLCI of 102
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
294
Frame-Relay Partial Mesh Configuration Example
Full-mesh Frame-Relay environments can get quite expensive
...
A partial-mesh is essentially a
hub-and-spoke design, with one central or hub location that all other
locations must connect through
...
In a
partial-mesh environment, each spoke must be on a different IP subnet,
which presents a special problem
...
Recall that split-horizon dictates that updates
received on an interface cannot be sent back out the same interface
...
Sub-interfaces are virtual interfaces that the router treats as
separate physical interfaces, providing a workaround for the split-horizon
problem
...
A pointto-point sub-interface has only a single Virtual Circuit to another router
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
295
Frame-Relay Partial Mesh Configuration Example (continued)
Configuration of the Detroit and Chicago routers would be as follows:
Detroit Router:
Chicago Router:
Router(config)# int s0/0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay lmi-type ansi
Router(config)# int s0/0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay lmi-type ansi
Router(config)# int s0/0
...
16
...
1 255
...
0
...
201 point-to-point
Router(config-subif)# no frame-relay inverse-arp
Router(config-subif)# ip address 172
...
1
...
255
...
0
Router(config-subif)# frame-relay interface-dlci 201
Router(config-subif)# no shut
Router(config)# int s0/0
...
17
...
1 255
...
0
...
The Chicago router only has one
sub-interface pointing to Detroit
...
102 command creates a sub-interface
numbered 102 on the Serial0/0 interface
...
On the Detroit router, each sub-interface contains only one virtual
circuit, thus the interface‟s network type was set to point-to-point
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
296
Frame-Relay Traffic Shaping (FRTS)
Frame-Relay‟s method of QoS is called traffic-shaping, which controls the
amount of traffic sent out an interface, and dictates congestion control
mechanisms
...
Preventing an oversubscription of the line between hub and spoke
routers
...
By default, the CIR on a serial
interface configured for traffic shaping is 56000 bits per second
...
Minimum CIR (MinCIR) - the minimum traffic rate the router will
“throttle” down to if congestion occurs on the Frame-Relay network
(i
...
, a BECN is received)
...
By default, the MinCIR is half that of the CIR
...
Essentially, traffic that is sent above the Frame Provider‟s
guaranteed rate can or will be dropped when congestion occurs
...
Tc is measured in
milliseconds (default is 125ms, or 8 intervals a second), and
determines the number of intervals per second
...
Any bits sent at this rate will be marked as DE
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
The first three
commands configure the CIR, Bc, and Be respectively
...
The
adaptive-shaping feature has been specified, indicating that the router will
throttle back to the mincir if a becn is received
...
A map-class applied to an interface affects all PVCs on that interface
...
To apply a map class to an interface:
Router(config)# interface s0/0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay traffic-shaping
Router(config-if)# frame-relay class MYCLASS
To apply a map class to a specific PVC:
Router(config)# interface s0/0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay traffic-shaping
Router(config-if)# frame-relay interface-dlci 101 class MYCLASS
Do not forget the frame-relay traffic-shaping command
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat 298
EIGRP and Frame-Relay
Chicago
Frame-Relay Cloud
Detroit
Houston
Observe the above Frame-Relay network
...
If choosing the latter, EIGRP will treat each sub-interface as a separate link, and
routing will occur with no issue
...
Updates from Houston will not be forwarded to Chicago, and visa versa, as
split horizon prevents an update from being sent out the link it was received
on
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
299
Troubleshooting Frame-Relay
To view information concerning each PVC:
Router# show frame-relay pvc
The above command includes the following information:
DLCI numbers
Status of PVCs (active, inactive, deleted)
Congestion information
Traffic counters
To list Frame-Relay DLCI-mappings, whether manually created using the
frame-relay map command, or created dynamically using Inverse ARP:
Router# show frame-relay map
To display the LMI-type configured on each interface, and LMI traffic
statistics:
Router# show frame-relay lmi
To troubleshoot communication problems between the router and FrameRelay
switch:
Router# debug frame-relay lmi
To display information on packets received on a Frame-Relay interface:
Router# debug frame-relay
To display information on packets sent on a Frame-Relay interface:
Router# debug frame-relay packet
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
300
Section 27
- Network Address Translation NAT (Network Address Translation)
The rapid growth of the Internet resulted in a shortage of available IPv4
addresses
...
A public address can be routed on the Internet
...
Allocation of public addresses is governed by the Internet
Assigned Numbers Authority (IANA)
...
However, private addresses can
never be routed on the Internet
...
Three private address ranges were defined in RFC 1918, one for each IPv4
class:
Class A - 10
...
x
...
16
...
x /12
Class C - 192
...
x
...
NAT allows a host configured with a
private address to be stamped with a public address, thus allowing that host to
communicate across the Internet
...
NAT provides an additional benefit - hiding the specific addresses and
addressing structure of the internal (or private) network
...
NAT can also perform public-to-public address
translation, as well as private-to-private address translation
...
IPv4
will eventually be replaced with IPv6, which supports a vast address space
...
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
301
Types of NAT
NAT can be implemented using one of three methods:
Static NAT - performs a static one-to-one translation between two
addresses, or between a port on one address to a port on another address
...
Dynamic NAT - utilizes a pool of global addresses to dynamically translate the
outbound traffic of clients behind a NAT-enabled device
...
PAT is necessary when the number of internal clients exceeds the
available global addresses
...
Inside Global - the address that identifies an inside host to the
outside world (usually a public address)
...
Outside Global - the address assigned to an outside host (usually a
public address)
...
Often, this is the same address as the Outside Global
...
For simplicity sake, it is generally acceptable to associate global addresses with
public addresses, and local addresses with private addresses
...
Inside hosts are within the local network, while outside hosts are
external to the local network
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
For a connection from HostA to HostB, the NAT
addresses are identified as follows:
Inside Local Address - 10
...
1
...
1
...
1
Outside Global Address - 99
...
1
...
1
...
2
HostA‟s configured address is 10
...
1
...
When HostA communicates with the Internet, it is stamped with
RouterA‟s public address, using PAT
...
1
...
1
...
1
...
2
...
1
...
2
...
It is possible to map an address from the local network (such as 10
...
1
...
1
...
2)
...
In this instance, the Outside Local address would be 10
...
1
...
Static NAT Translation
99
...
1
...
168
...
5
10
...
1
...
1
...
1
Internet
RouterA
NAT-Enabled
HostA
10
...
1
...
1
...
10
DST Address = 99
...
1
...
1
...
1:31092
DST Address = 99
...
1
...
1
...
1
192
...
1
...
168
...
5
SRC Address = 55
...
1
...
168
...
5
The above example demonstrates how the source (SRC) and destination
(DST) IP addresses within the Network-Layer header are translated by NAT
...
cisco
...
html)
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
0 - Puran S Rawat
303
Configuring Static NAT
The first step to configure Static NAT is to identify the inside (usually
private) and outside (usually public) interfaces:
Router(config)# int e0/0
Router(config-if)# ip nat inside
Router(config)# int s0/0
Router(config-if)# ip nat outside
To statically map a public address to a private address, the syntax is as
follows:
Router(config)# ip nat inside source static 172
...
1
...
80
...
40
This command performs a static translation of the source address 172
...
1
...
80
...
40
...
Inside hosts will
dynamically choose the next available address in this pool, when
communicating outside the local network:
Router(config)# ip nat pool POOLNAME 158
...
1
...
80
...
50 netmask
255
...
255
...
80
...
1 through 158
...
1
...
Finally, a list of private addresses that are allowed to be dynamically
translated must be specified:
Router(config)# ip nat inside source list 10 pool POOLNAME
Router(config)# access-list 10 permit 172
...
1
...
0
...
255
The first command states that any inside host with a source that matches
access-list 10 can be translated to any address in the pool named
POOLNAME
...
16
...
0 network
...
Puran S Rawat (superpuran@gmail
...
All other material copyright © of their respective owners
...
Material may be found at http://www
...
webs
...
CCNA Study Guide v2
...
Each internal host is
translated to a unique port number off of a single global address
...
16
...
0 0
...
0
...
Troubleshooting NAT
To view all current static and dynamic translations:
Router# show ip nat translations
To view whether an interface is configure as an inside or outside NAT
interface, and to display statistical information regarding active NAT
translations:
Router# show ip nat statistics
To view NAT translations in real-time:
Router# debug ip nat
To clear all dynamic NAT entries from the translation table:
Router# clear ip nat translation
All original material copyright © 2014 by Er
...
com),
unless otherwise noted
...
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright
...
1ccnaprojects
...
com
...
This is not a comprehensive
document containing all the secrets of the CCNA, nor is it a “braindump” of
questions and answers
...
However, the contents
of this document cannot be altered, without my written consent
...
I sincerely hope that this document provides some assistance and clarity in your
studies
...
0
http://ccnaprojects
...
in
Ccna Security
http://cisconetin
...
in
Ccnp Security
http://puransinghr
...
in/
Network + Guide
http://ccnanetworkspage
...
in
Cloud Computing
http://ciscopuransingh
...
in
Practical Lab Guides
http://puransinghospf
...
in
Ccna R&S Lab+Videos
http://routingconfigurationprotocols
...
in/
Ccnp R&S Lab+Videos
Ccna/Ccnp Security Lab+Videos
http://mrsuperpuran
...
in
Network+labs or Videos
Er
...
com
www
...
web
...
a1ccnaprojects
...
com
P
...
R
Title: Cisco CCNA Study Guide
Description: Cisco CCNA Study Complete Guide. With Command and Examples and Graphics. The Complete Study Guide For CCNA Exam with 25 Chapters.
Description: Cisco CCNA Study Complete Guide. With Command and Examples and Graphics. The Complete Study Guide For CCNA Exam with 25 Chapters.