CCNA Presentation

Download as pdf or txt
Download as pdf or txt
You are on page 1of 624

2003, Cisco Systems, Inc. All rights reserved.

Data Networks
Sharing data through the use of floppy disks is not an efficient or cost-effective manner in which to operate businesses. Businesses needed a solution that would successfully address the following three problems: ow to avoid duplication of e!uipment and resources ow to communicate efficiently ow to set up and manage a network Businesses reali"ed that networking technology could increase productivity while saving money.
3

Networking Devices
$!uipment that connects directly to a network segment is referred to as a device. %hese devices are broken up into two classifications. end-user devices network devices $nd-user devices include computers& printers& scanners& and other devices that provide services directly to the user. 'etwork devices include all the devices that connect the enduser devices together to allow them to communicate.
#

Network Inter ace Card


) network interface card *'+,- is a printed circuit board that provides network communication capabilities to and from a personal computer. )lso called a .)' adapter.

Networking Device Icons

!e"eater
) repeater is a network device used to regenerate a signal. 1epeaters regenerate analog or digital signals distorted by transmission loss due to attenuation. ) repeater does not perform intelligent routing.

#$%
ubs concentrate connections. +n other words& they take a group of hosts and allow the network to see them as a single unit. %his is done passively& without any other effect on the data transmission. )ctive hubs not only concentrate hosts& but they also regenerate signals.

&ridge
Bridges convert network transmission data formats as well as perform basic data transmission management. Bridges& as the name implies& provide connections between .)'s. 'ot only do bridges connect .)'s& but they also perform a check on the data to determine whether it should cross the bridge or not. %his makes each part of the network more efficient.

'orkgro$" Switch
6orkgroup switches add more intelligence to data transfer management. Switches can determine whether data should remain on a .)' or not& and they can transfer the data to the connection that needs that data.
45

!o$ter
1outers have all capabilities of the previous devices. 1outers can regenerate signals& concentrate multiple connections& convert data transmission formats& and manage data transfers.%hey can also connect to a 6)'& which allows them to connect .)'s that are separated by great distances.

44

()he Clo$d*
%he cloud is used in diagrams to represent where the connection to the internet is. +t also represents all of the devices on the internet.

42

Network )o"ologies
'etwork topology defines the structure of the network. 7ne part of the topology definition is the physical topology& which is the actual layout of the wire or media. %he other part is the logical topology&which defines how the media is accessed by the hosts for sending data.

43

+hysical )o"ologies

4#

&$s )o"ology
) bus topology uses a single backbone cable that is terminated at both ends. )ll the hosts connect directly to this backbone.

4(

!ing )o"ology
) ring topology connects one host to the ne8t and the last host to the first. %his creates a physical ring of cable.

4/

Star )o"ology
) star topology connects all cables to a central point of concentration.

40

,-tended Star )o"ology


)n e8tended star topology links individual stars together by connecting the hubs and9or switches.%his topology can e8tend the scope and coverage of the network.

42

#ierarchical )o"ology
) hierarchical topology is similar to an e8tended star.

43

.esh )o"ology
) mesh topology is implemented to provide as much protection as possible from interruption of service. $ach host has its own connections to all other hosts. )lthough the +nternet has multiple paths to any one location& it does not adopt the full mesh topology.

25

/ANs, .ANs, 0 'ANs


7ne early solution was the creation of local-area network *.)'- standards which provided an open set of guidelines for creating network hardware and software& making e!uipment from different companies compatible. 6hat was needed was a way for information to move efficiently and !uickly& not only within a company& but also from one business to another. %he solution was the creation of metropolitan-area networks *:)'s- and wide-area networks *6)'s-.
24

,-am"les o Data Networks

22

/ANs

23

'ireless /AN 1rgani2ations and Standards


+n cabled networks& +$$$ is the prime issuer of standards for wireless networks. %he standards have been created within the framework of the regulations created by the ;ederal ,ommunications ,ommission *;,,-. ) key technology contained within the 252.44 standard is <irect Se!uence Spread Spectrum *<SSS-.

2#

Cell$lar )o"ology or 'ireless

2(

'ANs

2/

SANs
) S)' is a dedicated& highperformance network used to move data between servers and storage resources. Because it is a separate& dedicated network& it avoids any traffic conflict between clients and servers.
20

3irt$al +rivate Network


) =>' is a private network that is constructed within a public network infrastructure such as the global +nternet. ?sing =>'& a telecommuter can access the network of the company head!uarters through the +nternet by building a secure tunnel between the telecommuter@s >, and a =>' router in the head!uarters.

22

&andwidth

23

.eas$ring &andwidth

35

34

'hy do we need the 1SI .odel4


%o address the problem of networks increasing in si"e and in number& the +nternational 7rgani"ation for Standardi"ation *+S7- researched many network schemes and recogni"ed that there was a need to create a network model that would help network builders implement networks that could communicate and work together and therefore& released the 7S+ reference model in 432#.

32

Don5t 6et Con $sed.


+S7 - +nternational 7rgani"ation for Standardi"ation 7S+ - 7pen System +nterconnection +7S - +nternetwork 7perating System %he +S7 created the 7S+ to make the +7S more efficient. %he A+S7B acronym is correct as shown. %o avoid confusion& some people say A+nternational Standard 7rgani"ation.B
33

)he 1SI !e erence .odel


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical
3#

)he 1SI .odel will %e $sed thro$gho$t yo$r entire networking career<

.emori2e it<

/ayer 7 = )he A""lication /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical
3(

)his layer deal with networking a""lications. ,-am"les> ,mail 'e% %rowsers +D? = ?ser Data

/ayer 8 = )he +resentation /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical
3/

)his layer is res"onsi%le or "resenting the data in the re@$ired ormat which may incl$de> ,ncry"tion Com"ression +D? = Aormatted Data

/ayer 9 = )he Session /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )his layer esta%lishes, manages, and terminates sessions %etween two comm$nicating hosts. ,-am"le> Client So tware B ?sed or logging inC +D? = Aormatted Data
30

/ayer : = )he )rans"ort /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )his layer %reaks $" the data rom the sending host and then reassem%les it in the receiver. It also is $sed to ins$re relia%le data trans"ort across the network. +D? = Segments
32

/ayer 3 = )he Network /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical Sometimes re erred to as the (Cisco /ayer*. .akes (&est +ath Determination* decisions %ased on logical addresses B$s$ally I+ addressesC. +D? = +ackets

33

/ayer 2 = )he Data /ink /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )his layer "rovides relia%le transit o data across a "hysical link. .akes decisions %ased on "hysical addresses B$s$ally .AC addressesC. +D? = Arames

#5

/ayer ; = )he +hysical /ayer


7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )his is the "hysical media thro$gh which the data, re"resented as electronic signals, is sent rom the so$rce host to the destination host. ,-am"les> CA)9 Bwhat we haveC Coa-ial Blike ca%le )3C Ai%er o"tic +D? = &its
#4

1SI .odel Analogy A""lication /ayer = So$rce #ost

A ter riding yo$r new %icycle a ew times in NewDork, yo$ decide that yo$ want to give it to a riend who lives in .$nich,6ermany. #2

1SI .odel Analogy +resentation /ayer = So$rce #ost

.ake s$re yo$ have the "ro"er directions to disassem%le and reassem%le the %icycle.
#3

1SI .odel Analogy Session /ayer = So$rce #ost

Call yo$r riend and make s$re yo$ have his correct address.
##

1SI .odel Analogy )rans"ort /ayer = So$rce #ost

Disassem%le the %icycle and "$t di erent "ieces in di erent %o-es. )he %o-es are la%eled (; o 3*, (2 o 3*, and (3 o 3*. #(

1SI .odel Analogy Network /ayer = So$rce #ost

+$t yo$r riendEs com"lete mailing address Band yo$rsC on each %o-.Since the "ackages are too %ig or yo$r mail%o- Band since yo$ don5t have eno$gh stam"sC yo$ determine that yo$ need to #/ go to the "ost o ice.

1SI .odel Analogy Data /ink /ayer F So$rce #ost

NewDork "ost o ice takes "ossession o the %o-es.


#0

1SI .odel Analogy +hysical /ayer = .edia

)he %o-es are lown rom ?SA to 6ermany.


#2

1SI .odel Analogy Data /ink /ayer = Destination

.$nich "ost o ice receives yo$r %o-es.


#3

1SI .odel Analogy Network /ayer = Destination

?"on e-amining the destination address, .$nich "ost o ice determines that yo$r %o-es sho$ld %e delivered to yo$r written home address. (5

1SI .odel Analogy )rans"ort /ayer = Destination

Do$r riend calls yo$ and tells yo$ he got all 3 %o-es and he is having another riend named &1& reassem%le the %icycle.

(4

1SI .odel Analogy Session /ayer = Destination

Do$r riend hangs $" %eca$se he is done talking to yo$.


(2

1SI .odel Analogy +resentation /ayer = Destination

&1& is inished and ("resents* the %icycle to yo$r riend. Another way to say it is that yo$r riend is inally getting him ("resent*.

(3

1SI .odel Analogy A""lication /ayer = Destination

Do$r riend enGoys riding his new %icycle in .$nich.


(#

#ost /ayers
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical
((

)hese layers only e-ist in the so$rce and destination host com"$ters.

.edia /ayers
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )hese layers manage the in ormation o$t in the /AN or 'AN %etween the so$rce and destination hosts.
(/

%he 7S+ .ayers ,ommunications

(0

$ncapsulation >rocess

(2

Data Alow )hro$gh a Network

(3

/5

/AN +hysical /ayer


=arious symbols are used to represent media types. %he function of media is to carry a flow of information through a .)'.'etworking media are considered .ayer 4& or physical layer& components of .)'s. $ach media has advantages and disadvantages. Some of the advantage or disadvantage comparisons concern: ,able length ,ost $ase of installation Susceptibility to interference ,oa8ial cable& optical fiber& and even free space can carry network signals. owever& the principal medium that will be studied is ,ategory ( unshielded twistedpair cable *,at ( ?%>-

/4

?nshielded )wisted +air B?)+C Ca%le

/2

?)+ Im"lementation
$+)9%+) specifies an 1C-#( connector for ?%> cable. %he 1C-#( transparent end connector shows eight colored wires. ;our of the wires carry the voltage and are considered AtipB *%4 through %#-. %he other four wires are grounded and are called AringB *14 through 1#-. %he wires in the first pair in a cable or a connector are designated as %4 D 14

/3

Connection .edia
%he registered Eack *1C-#(- connector and Eack are the most common. +n some cases the type of connector on a network interface card *'+,- does not match the media that it needs to connect to. %he attachment unit interface *)?+- connector allows different media to connect when used with the appropriate transceiver. ) transceiver is an adapter that converts one type of connection to another.
/#

,thernet Standards
%he $thernet standard specifies that each of the pins on an 1C-#( connector have a particular purpose. ) '+, transmits signals on pins 4 D 2& and it receives signals on pins 3 D /.

/(

!emem%erH
) straight=thr$ ca%le has %(/2B on both ends. ) crossover *or cross=connect- cable has %(/2B on one end and %(/2) on the other. ) console cable had %(/2B on one end and reverse %(/2B on the other& which is why it is also called a rollover cable.

//

Straight=)hr$ or Crossover
?se straight-through cables for the following cabling: Switch to router Switch to >, or server ub to >, or server ?se crossover cables for the following cabling: Switch to switch Switch to hub ub to hub 1outer to router >, to >, 1outer to >, /0

So$rces o Noise on Co""er .edia


Noise is any electrical energy on the transmission cable that makes it difficult for a receiver to interpret the data sent from the transmitter. %+)9$+)-(/2-B certification of a cable now re!uires testing for a variety of types of noise.Twisted-pair cable is designed to take advantage of the effects of crosstalk in order to minimi"e noise. +n twisted-pair cable& a pair of wires is used to transmit one signal.%he wire pair is twisted so that each wire e8periences similar crosstalk. Because a noise signal on one wire will appear identically on the other wire& this noise be easily detected and filtered at receiver.%wisting one pair of wires in a cable also helps to reduce crosstalk of data or noise signals from adEacent wires.

/2

Shielded )wisted +air BS)+C Ca%le

/3

Coa-ial Ca%le

05

Ai%er 1"tic Ca%le

04

Ai%er 1"tic Connectors


,onnectors are attached to the fiber ends so that the fibers can be connected to the ports on the transmitter and receiver. %he type of connector most commonly used with multimode fiber is the Subscriber ,onnector *S, connector-.7n single-mode fiber& the Straight %ip *S%- connector is fre!uently used

02

Ai%er 1"tic +atch +anels


;iber patch panels similar to the patch panels used with copper cable.

03

Ca%le S"eci ications


10BASE-T %he % stands for twisted pair. 10BASE5 %he ( represents the fact that a signal can travel for appro8imately (55 meters 45B)S$( is often referred to as %hicknet. 10BASE2 %he 2 represents the fact that a signal can travel for appro8imately 255 meters 45B)S$2 is often referred to as %hinnet. )ll 3 of these specifications refer to the speed of transmission at 45 :bps and a type of transmission that is baseband& or digitally interpreted. %hinnet and %hicknet are actually a type of networks& while 45B)S$2 D 45B)S$( are the types of cabling used in these networks. 0#

,thernet .edia Connector !e@$irements

0(

/AN +hysical /ayer Im"lementation

0/

,thernet in the Cam"$s

00

'AN +hysical /ayer

02

'AN Serial Connection 1"tions

03

Serial Im"lementation o D), 0 DC,


6hen connecting directly to a service provider& or to a device such as a ,S?9<S? that will perform signal clocking& the router is a <%$ and needs a <%$ serial cable. %his is typically the case for routers.

25

&ack=to=&ack Serial Connection


6hen performing a back-to-back router scenario in a test environment& one of the routers will be a <%$ and the other will be a <,$.
24

!e"eater
) repeater is a network device used to regenerate a signal. 1epeaters regenerate analog or digital signals distorted by transmission loss due to attenuation.!e"eater is a +hysical /ayer device

22

)he : !e"eater !$le


%he ;our 1epeater 1ule for 45-:bps $thernet should be used as a standard when e8tending .)' segments.

)his r$le states that no more than o$r re"eaters can %e $sed %etween hosts on a /AN.
%his rule is used to limit latency added to frame travel by each repeater.

23

#$%
ubs concentrate connections.+n other words& they take a group of hosts and allow the network to see them as a single unit. #$% is a "hysical layer device.

2#

Network Inter ace Card


%he function of a '+, is to connect a host device to the network medium. ) '+, is a printed circuit board that fits into the e8pansion slot on the motherboard or peripheral device of a computer. %he '+, is also referred to as a network adapter. NICs are considered Data /ink /ayer devices %eca$se each NIC carries a $ni@$e code called a .AC address.

2(

.AC Address
:), address is #2 bits in length and e8pressed as twelve he8adecimal digits.:), addresses are sometimes referred to as burned-in addresses *B+)- because they are burned into read-only memory *17:- and are copied into random-access memory *1):- when the '+, initiali"es.

2/

&ridge
&ridges are Data /ink layer devices.,onnected host addresses are learned and stored on a :), address table.$ach bridge port has a uni!ue :), address

20

&ridges

22

&ridging 6ra"hic

23

Switch
Switches are Data /ink layer devices. $ach Switch port has a uni!ue :), address. ,onnected host :), addresses are learned and stored on a :), address table.
35

Switching .odes
c$t=thro$gh ) switch starts to transfer the frame as soon as the destination :), address is received. 'o error checking is available. :ust use synchronous switching. store=and= orward )t the other e8treme& the switch can receive the entire frame before sending it out the destination port. %his gives the switch software an opportunity to verify the ;rame ,heck Sum *;,S- to ensure that the frame was reliably received before sending it to the destination. :ust be used with asynchronous switching. ragment= ree ) compromise between the cut-through and store-and-forward modes. ;ragment-free reads the first /# bytes& which includes the frame header& and switching begins before the entire data field and checksum are read.
34

A$ll D$"le)nother capability emerges when only two nodes are connected. +n a network that uses twisted-pair cabling& one pair is used to carry the transmitted signal from one node to the other node. ) separate pair is used for the return or received signal. +t is possible for signals to pass through both pairs simultaneously. %he capability of communication in both directions at once is known as full duple8.

32

Switches F .AC )a%les

33

Switches F +arallel Comm$nication

3#

.icrosegmentation
) switch is simply a bridge with many ports. 6hen only one node is connected to a switch port& the collision domain on the shared media contains only two nodes. %he two nodes in this small segment& or collision domain& consist of the switch port and the host connected to it. %hese small physical segments are called micro segments.

3(

+eer=to=+eer Network
+n a peer-to-peer network& networked computers act as e!ual partners& or peers. )s peers& each computer can take on the client function or the server function. )t one time& computer ) may make a re!uest for a file from computer B& which responds by serving the file to computer ). ,omputer ) functions as client& while B functions as the server. )t a later time& computers ) and B can reverse roles. +n a peer-to-peer network& individual users control their own resources. >eer-topeer networks are relatively easy to install and operate. )s networks grow& peer-topeer relationships become increasingly difficult to coordinate.

3/

ClientIServer Network
+n a client9server arrangement& network services are located on a dedicated computer called a server. %he server responds to the re!uests of clients. %he server is a central computer that is continuously available to respond to re!uests from clients for file& print& application& and other services. :ost network operating systems adopt the form of a client9server relationship.

30

32

'hy Another .odel4


)lthough the 7S+ reference model is universally recogni"ed& the historical and technical open standard of the +nternet is %ransmission ,ontrol >rotocol 9 +nternet >rotocol *%,>9+>-. %he %,>9+> reference model and the %,>9+> protocol stack make data communication possible between any two computers& anywhere in the world& at nearly the speed of light. %he ?.S. <epartment of <efense *<o<- created the %,>9+> reference model because it wanted a network that could survive any conditions& even a nuclear war. 33

Don5t Con $se the .odels

7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )rans"ort Internet Network Access A""lication

455

2 .odels Side=&y=Side
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )rans"ort Internet Network Access
454

A""lication

)he A""lication /ayer


%he application layer of the %,>9+> model handles highlevel protocols& issues of representation& encoding& and dialog control.

452

)he )rans"ort /ayer

%he transport layer provides transport services from the source host to the destination host. +t constitutes a logical connection between these endpoints of the network. %ransport protocols segment and reassemble upper-layer applications into the same data stream between endpoints. %he transport layer data stream provides end-to-end 453 transport services.

)he Internet /ayer


%he purpose of the +nternet layer is to select the best path through the network for packets to travel. %he main protocol that functions at this layer is the +nternet >rotocol *+>-. Best path determination and packet switching occur at this layer.

45#

)he Network Access /ayer


%he network access layer is also called the host-tonetwork layer. +t the layer that is concerned with all of the issues that an +> packet re!uires to actually make a physical link to the network media. +t includes .)' and 6)' details& and all the details contained in the 7S+ physical and data-link layers. '7%$: )1> D 1)1> work at both the +nternet and 'etwork )ccess .ayers.

45(

Com"aring )C+II+ 0 1SI .odels


'7%$: %,>9+> transport layer using ?<> does not always guarantee reliable delivery of packets as the transport layer in the 7S+ model does.

45/

Introd$ction to the )rans"ort /ayer


%he primary duties of the transport layer& .ayer # of the 7S+ model& are to transport and regulate the flow of information from the source to the destination& reliably and accurately. $nd-to-end control and reliability are provided by sliding windows& se!uencing numbers& and acknowledgments.

450

.ore on )he )rans"ort /ayer


%he transport layer provides transport services from the source host to the destination host. +t establishes a logical connection between the endpoints of the network. %ransport services include the following basic services: Segmentation of upper-layer application data $stablishment of end-to-end operations %ransport of segments from one end host to another end host ;low control provided by sliding windows 1eliability provided by se!uence numbers and acknowledgments 452

Alow Control
)s the transport layer sends data segments& it tries to ensure that data is not lost. ) receiving host that is unable to process data as !uickly as it arrives could be a cause of data loss. Alow control avoids the problem of a transmitting host overflowing the buffers in the receiving host.

453

3='ay #andshake
%,> re!uires connection establishment before data transfer begins. ;or a connection to be established or initiali"ed& the two hosts must synchroni"e their +nitial Se!uence 'umbers *+S's-.

445

&asic 'indowing
<ata packets must be delivered to the recipient in the same order in which they were transmitted to have a reliable& connection-oriented data transfer. %he protocol fails if any data packets are lost& damaged& duplicated& or received in a different order. )n easy solution is to have a recipient acknowledge the receipt of each packet before the ne8t packet is sent.

444

Sliding 'indow

442

Sliding 'indow with Di erent 'indow Si2es

443

)C+ Se@$ence 0 Acknowledgement

44#

)C+
%ransmission ,ontrol >rotocol *%,>- is a connection-oriented .ayer # protocol that provides reliable full-duple8 data transmission. %,> is part of the %,>9+> protocol stack. +n a connection-oriented environment& a connection is established between both ends before the transfer of information can begin. %,> is responsible for breaking messages into segments& reassembling them at the destination station& resending anything that is not received& and reassembling messages from the segments.%,> supplies a virtual circuit between end-user applications. %he protocols that use %,> include: ;%> *;ile %ransfer >rotocol %%> * yperte8t %ransfer >rotocol S:%> *Simple :ail %ransfer >rotocol %elnet

44(

)C+ Segment Aormat

44/

?D+
?ser <atagram >rotocol *?<>- is the connectionless transport protocol in the %,>9+> protocol stack. ?<> is a simple protocol that e8changes datagrams& without acknowledgments or guaranteed delivery. $rror processing and retransmission must be handled by higher layer protocols. ?<> uses no windowing or acknowledgments so reliability& if needed& is provided by application layer protocols. ?<> is designed for applications that do not need to put se!uences of segments together. %he protocols that use ?<> include: %;%> *%rivial ;ile %ransfer >rotocol S':> *Simple 'etwork :anagement >rotocol < ,> *<ynamic ost ,ontrol >rotocol <'S *<omain 'ame System-

440

?D+ Segment Aormat

442

'ell Jnown +ort N$m%ers


)he ollowing "ort n$m%ers sho$ld %e memori2ed>
'7%$: %he curriculum forgot to mention one of the most important port numbers. +ort K0 is used for #))+ or ''' protocols. *$ssentially access to the internet.-

443

?!/

425

SN.+ F .anaged Network

424

422

&ase 2 N$m%er System


454452 F *4 8 2# F 4/- G *5 8 23 F 5- G *4 8 22 F #- G *4 8 24 F 2- G *5 8 25 F 5- F 22

423

Converting Decimal to &inary


Convert 20;;0 to %inary>
254 9 2 F 455 remainder ; 455 9 2 F (5 remainder 0 (5 9 2 F 2( remainder 0 2( 9 2 F 42 remainder ; 42 9 2 F / remainder 0 / 9 2 F 3 remainder 0 3 9 2 F 4 remainder ; 4 9 2 F 5 remainder ; 6hen the !uotient is 5& take all the remainders in reverse order for your answer: 20;;0 L ;;00;00;2
42#

42(

Network and #ost Addressing


?sing the +> address of the destination network& a router can deliver a packet to the correct network. 6hen the packet arrives at a router connected to the destination network& the router uses the +> address to locate the particular computer connected to that network. )ccordingly& every +> address has two parts.
42/

Network /ayer Comm$nication +ath


) router forwards packets from the originating network to the destination network using the +> protocol. %he packets must include an identifier for both the source and destination networks.

420

Internet Addresses
+> )ddressing is a hierarchical structure.)n +> address combines two identifiers into one number. %his number must be a uni!ue number& because duplicate addresses would make routing impossible.%he first part identifies the systemHs network address.%he second part& called the host part& identifies which particular machine it is on the network.

422

I+ Address Classes
+> addresses are divided into classes to define the large& medium& and small networks.

Class A addresses are assigned to larger networks. Class B addresses are used for medium-si"ed networks& D Class C for small networks.

423

Identi ying Address Classes

435

Address Class +re i-es


%o accommodate different si"e networks and aid in classifying these networks& +> addresses are divided into groups called classes.%his is class $l addressing.

434

Network and #ost Division


$ach complete 32-bit +> address is broken down into a network part and a host part. ) bit or bit se!uence at the start of each address determines the class of the address. %here are ( +> address classes.

432

Class A Addresses
%he ,lass ) address was designed to support e8tremely large networks& with more than 4/ million host addresses available. ,lass ) +> addresses use only the first octet to indicate the network address. %he remaining three octets provide for host addresses.

433

Class & Addresses


%he ,lass B address was designed to support the needs of moderate to large-si"ed networks.) ,lass B +> address uses the first two of the four octets to indicate the network address. %he other two octets specify host addresses.

43#

Class C Addresses
%he ,lass , address space is the most commonly used of the original address classes.%his address space was intended to support small networks with a ma8imum of 2(# hosts.

43(

Class D Addresses
%he ,lass < address class was created to enable multicasting in an +> address. ) multicast address is a uni!ue network address that directs packets with that destination address to predefined groups of +> addresses. %herefore& a single station can simultaneously transmit a single stream of data to multiple recipients.

43/

Class , Addresses
) ,lass $ address has been defined. owever& the +nternet $ngineering %ask ;orce *+$%;- reserves these addresses for its own research. %herefore& no ,lass $ addresses have been released for use in the +nternet.

430

I+ Address !anges
%he graphic below shows the +> address range of the first octet both in decimal and binary for each +> address class.

432

I+v:
)s early as 4332& the +nternet $ngineering %ask ;orce *+$%;- identified two specific concerns: $8haustion of the remaining& unassigned +>v# network addresses and the increase in the si"e of +nternet routing tables. 7ver the past two decades& numerous e8tensions to +>v# have been developed. %wo of the more important of these are subnet masks and classless interdomain routing *,+<1-.

433

Ainding the Network Address with ANDing


By )'<ing the ost address of ;M2.;8K.;0.2 with 299.299.299.0 *its network mask- we obtain the network address of ;M2.;8K.;0.0

4#5

Network Address

4#4

&roadcast Address

4#2

NetworkI&roadcast Addresses at the &inary /evel


)n +> address that has binary 5s in all host bit positions is reserved for the network address& which identifies the network. )n +> address that has binary 4s in all host bit positions is reserved for the broadcast address& which is used to send data to all hosts on the network. ere are some e8amples: Class ) B , Network Address 455.5.5.5 4(5.0(.5.5 255.455.(5.5 &roadcast Address 455.2((.2((.2(( 4(5.0(.2((.2(( 255.455.(5.2((
4#3

+$%lic I+ Addresses
?ni!ue addresses are re!uired for each device on a network. 7riginally& an organi"ation known as the +nternet 'etwork +nformation ,enter *+nter'+,- handled this procedure. +nter'+, no longer e8ists and has been succeeded by the +nternet )ssigned 'umbers )uthority *+)')-. 'o two machines that connect to a public network can have the same +> address because public +> addresses are global and standardi"ed. )ll machines connected to the +nternet agree to conform to the system. >ublic +> addresses must be obtained from an +nternet service provider *+S>- or a registry at some e8pense.
4##

+rivate I+ Addresses
>rivate +> addresses are another solution to the problem of the impending e8haustion of public +> addresses.)s mentioned& public networks re!uire hosts to have uni!ue +> addresses. owever& private networks that are not connected to the +nternet may use any host addresses& as long as each host within the private network is uni!ue.

4#(

.i-ing +$%lic and +rivate I+ Addresses


>rivate +> addresses can be intermi8ed& as shown in the graphic& with public +> addresses.%his will conserve the number of addresses used for internal connections. ,onnecting a network using private addresses to the +nternet re!uires translation of the private addresses to public addresses. %his translation process is referred to as 'etwork )ddress %ranslation *')%-.

4#/

Introd$ction to S$%netting
Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller& more efficient and manageable segments& or subnets. 6ith subnetting& the network is not limited to the default ,lass )& B& or , network masks and there is more fle8ibility in the network design. Subnet addresses include the network portion& plus a subnet field and a host field.%he ability to decide how to divide the original host portion into the new subnet and host fields provides addressing fle8ibility for the network administrator.

4#0

)he 32=&it &inary I+ Address

4#2

N$m%ers )hat Show ?" In S$%net .asks B.emori2e )hem<C

4#3

Addressing with S$%networks

4(5

1%taining an Internet Address

4(4

Static Assignment o an I+ Address


Static assignment works best on small networks. %he administrator manually assigns and tracks +> addresses for each computer& printer& or server on the intranet. 'etwork printers& application servers& and routers should be assigned static +> addresses.

4(2

A!+ BAddress !esol$tion +rotocolC


#ost A
S+$:$'S '+I<7 1;

A!+ !e@$est = &roadcast to all hosts N'hat is the hardware address or I+ address ;2K.0.;0.:4(

A!+ !e"ly
S+$ :$ 'S '+I<71 ; S+$: $'S '+I<71;

ost B +> )ddress: 422.5.45.# 6 )ddress: 525525524(#(

4(3
;ig. 32 ow does )1> workJ *%+4332$?52%+K555# %he 'etwork .ayer& #0-

4(#
;ig. 33 %he )1> command *%+4332$?52%+K555# %he 'etwork .ayer& #0-

4 'etwork F 4 Broadcast <omain

&

host B would reply

Broadcast: )1> re!uest

2 'etworks F 2 Broadcast <omains

!o$ter

&

no one would reply

Broadcast: )1> re!uest

4((
;ig. 3# >ro8y-)1> concept *%+4332$?52%+K555# %he 'etwork .ayer& #3-

& A &

!o$ter ! I take care, to orward I+ "ackets to &

&roadcast .essage to all> I yo$r I+ address matches (&* then "lease tell me yo$r ,thernet address

Des, I know the destination network, let me give yo$ my ,thernet address

4(/

!A!+
1everse )ddress 1esolution >rotocol *1)1>- associates a known :), addresses with an +> addresses. ) network device& such as a diskless workstation& might know its :), address but not its +> address. 1)1> allows the device to make a re!uest to learn its +> address. <evices using 1)1> re!uire that a 1)1> server be present on the network to answer 1)1> re!uests.

4(0

&oot+
%he bootstrap protocol *B77%>- operates in a client-server environment and only re!uires a single packet e8change to obtain +> information. owever& unlike 1)1>& B77%> packets can include the +> address& as well as the address of a router& the address of a server& and vendor-specific information. 7ne problem with B77%>& however& is that it was not designed to provide dynamic address assignment. 6ith B77%>& a network administrator creates a configuration file that specifies the parameters for each device.%he administrator must add hosts and maintain the B77%> database. $ven though the addresses are dynamically assigned& there is still a one to one relationship between the number of +> addresses and the number of hosts. %his means that for every host on the network there must be a B77%> profile with an +> address assignment in it. 'o two profiles can have the same +> address.
4(2

D#C+
<ynamic host configuration protocol *< ,>- is the successor to B77%>. ?nlike B77%>& < ,> allows a host to obtain an +> address dynamically without the network administrator having to set up an individual profile for each device. )ll that is re!uired when using < ,> is a defined range of +> addresses on a < ,> server.)s hosts come online& they contact the < ,> server and re!uest an address. %he < ,> server chooses an address and leases it to that host. 6ith < ,>& the entire network configuration of a computer can be obtained in one message. %his includes all of the data supplied by the B77%> message& plus a leased +> address and a subnet mask. %he maEor advantage that < ,> has over B77%> is that it allows users to be mobile.
4(3

4/5

Introd$ction to !o$ters
) router is a special type of computer. +t has the same basic components as a standard desktop >,. owever& routers are designed to perform some very specific functions. Cust as computers need operating systems to run software applications& routers need the +nternetwork 7perating System software *+7S- to run configuration files. %hese configuration files contain the instructions and parameters that control the flow of traffic in and out of the routers. %he many parts of a router are shown below:

4/4

!A.
1andom )ccess :emory& also called dynamic 1): *<1):1): has the following characteristics and functions: Stores routing tables olds )1> cache olds fast-switching cache >erforms packet buffering *shared 1)::aintains packet-hold !ueues >rovides temporary memory for the configuration file of the router while the router is powered on .oses content when router is powered down or restarted
4/2

N3!A.
'on-=olatile 1): '=1): has the following characteristics and functions: >rovides storage for the startup configuration file 1etains content when router is powered down or restarted

4/3

Alash
;lash memory has the following characteristics and functions: olds the operating system image *+7S )llows software to be updated without removing and replacing chips on the processor 1etains content when router is powered down or restarted ,an store multiple versions of +7S software +s a type of electronically erasable& programmable 17: *$$>17:-

4/#

!1.
1ead-7nly :emory 17: has the following characteristics and functions: :aintains instructions for power-on self test *>7S%- diagnostics Stores bootstrap program and basic operating system software 1e!uires replacing pluggable chips on the motherboard for software upgrades
4/(

Inter aces
+nterfaces have the following characteristics and functions: ,onnect router to network for frame entry and e8it ,an be on the motherboard or on a separate module

%ypes of interfaces: $thernet ;ast $thernet Serial %oken ring +S<' B1+ .oopback ,onsole )u8

4//

+nternal ,omponents of a 2/55 1outer

4/0

$8ternal ,omponents of a 2/55 1outer

4/2

,-ternal Connections

4/3

Ai-ed Inter aces


6hen cabling routers for serial connectivity& the routers will either have fi8ed or modular ports. %he type of port being used will affect the synta8 used later to configure each interface. +nterfaces on routers with fi8ed serial ports are labeled for port type and port number.

405

.od$lar Serial +ort Inter aces


+nterfaces on routers with modular serial ports are labeled for port type& slot& and port number.%he slot is the location of the module.%o configure a port on a modular card& it is necessary to specify the interface using the synta8 Aport type slot number9port number.B ?se the label Aserial 594&B when the interface is serial& the slot number where the module is installed is slot 5& and the port that is being referenced is port 4.

404

!o$ters 0 DS/ Connections


%he ,isco 220 )<S. router has one asymmetric digital subscriber line *)<S.- interface. %o connect a router for <S. service& use a phone cable with 1C-44 connectors. <S. works over standard telephone lines using pins 3 and # on a standard 1C-44 connector.

402

Com"$terI)erminal Console Connection

403

.odem Connection to ConsoleIA$- +ort

40#

#y"er)erminal Session +ro"erties

40(

,sta%lishing a #y"er)erminal Session


%ake the following steps to connect a terminal to the console port on the router: ;irst& connect the terminal using the 1C-#( to 1C-#( rollover cable and an 1C-#( to <B-3 or 1C-#( to <B-2( adapter. %hen& configure the terminal or >, terminal emulation software for 3/55 baud& 2 data bits& no parity& 4 stop bit& and no flow control.

40/

Cisco I1S
,isco technology is built around the ,isco +nternetwork 7perating System *+7S-& which is the software that controls the routing and switching functions of internetworking devices. ) solid understanding of the +7S is essential for a network administrator.

400

)he +$r"ose o Cisco I1S


)s with a computer& a router or switch cannot function without an operating system. ,isco calls its operating system the ,isco +nternetwork 7perating System or ,isco +7S. +t is the embedded software architecture in all of the ,isco routers and is also the operating system of the ,atalyst switches. 6ithout an operating system& the hardware does not have any capabilities. %he ,isco +7S provides the following network services: Basic routing and switching functions 1eliable and secure access to networked resources 402 'etwork scalability

!o$ter Command /ine Inter ace

403

Set$" .ode
Setup is not intended as the mode for entering comple8 protocol features in the router. %he purpose of the setup mode is to permit the administrator to install a minimal configuration for a router& unable to locate a configuration from another source. +n the setup mode& default answers appear in s!uare brackets O P following the !uestion. >ress the ,nter key to use these defaults. <uring the setup process& Ctrl=C can be pressed at any time to terminate the process. 6hen setup is terminated using Ctrl=C& all interfaces will be administratively shutdown. 6hen the configuration process is completed in setup mode& the following options will be displayed: [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [ ] Save this configuration to nvram and e!it. 425 "nter #our se$ection [ ]%

1"eration o Cisco I1S So tware


%he ,isco +7S devices have three distinct operating environments or modes: 17: monitor Boot 17: ,isco +7S %he startup process of the router normally loads into 1): and e8ecutes one of these operating environments. %he configuration register setting can be used by the system administrator to control the default start up mode for the router. %o see the +7S image and version that is running& use the show version command& which also indicates the configuration register setting.

424

I1S Aile System 1verview

422

Initial Start$" o Cisco !o$ters


) router initiali"es by loading the bootstrap& the operating system& and a configuration file. +f the router cannot find a configuration file& it enters setup mode. ?pon completion of the setup mode a backup copy of the configuration file may be saved to nonvolatile 1): *'=1):-. %he goal of the startup routines for ,isco +7S software is to start the router operations. %o do this& the startup routines must accomplish the following: :ake sure that the router hardware is tested and functional. ;ind and load the ,isco +7S software. ;ind and apply the startup configuration file or enter the setup mode. 6hen a ,isco router powers up& it performs a power-on self test *>7S%-. <uring this self test& the router e8ecutes diagnostics from 17: on all 423 hardware modules.

A ter the +ostH


)fter the >7S%& the following events occur as the router initiali"es: Ste" ; %he generic bootstrap loader in 17: e8ecutes. ) bootstrap is a simple set of instructions that tests hardware and initiali"es the +7S for operation. Ste" 2 %he +7S can be found in several places. %he boot field of the configuration register determines the location to be used in loading the +7S. +f the boot field indicates a flash or network load& boot system commands in the configuration file indicate the e8act name and location of the image. Ste" 3 %he operating system image is loaded. Ste" : %he configuration file saved in '=1): is loaded into main memory and e8ecuted one line at a time. %he configuration commands start routing processes& supply addresses for interfaces& and define other operating characteristics of the router. Ste" 9 +f no valid configuration file e8ists in '=1):& the operating system searches for an 42# available %;%> server. +f no %;%> server is found& the setup dialog is initiated.

Ste" in !o$ter Initiali2ation

42(

!o$ter /,D Indicators


,isco routers use .$< indicators to provide status information. <epending upon the ,isco router model& the .$< indicators will vary. )n interface .$< indicates the activity of the corresponding interface. +f an .$< is off when the interface is active and the interface is correctly connected& a problem may be indicated. +f an interface is e8tremely busy& its .$< will always be on. %he green 7L .$< to the right of the )?I port will be on after the system initiali"es correctly.

42/

,nhanced Cisco I1S Commands

420

)he show version Command


%he show version command displays information about the ,isco +7S software version that is currently running on the router. %his includes the configuration register and the boot field settings. %he following information is available from the show version command: +7S version and descriptive information Bootstrap 17: version Boot 17: version 1outer up time .ast restart method System image file and location 1outer platform ,onfiguration register setting ?se the show version command to identify router +7S image and boot source. %o find out the amount of flash memory& issue the show lash command.

422

Checking Aile System In ormation with show version command

423

435

!o$ter ?ser Inter ace .odes


%he ,isco command-line interface *,.+- uses a hierarchical structure. %his structure re!uires entry into different modes to accomplish particular tasks. $ach configuration mode is indicated with a distinctive prompt and allows only commands that are appropriate for that mode. )s a security feature the ,isco +7S software separates sessions into two access levels& user $I$, mode and privileged $I$, mode. %he privileged $I$, mode is also known as enable mode.

434

1verview o !o$ter .odes

432

!o$ter .odes

433

?ser .ode Commands

43#

+rivileged .ode Commands


'7%$: %here are many more commands available in privileged mode.

43(

S"eci ic Con ig$ration .odes

43/

C/I Command .odes


)ll command-line interface *,.+- configuration changes to a ,isco router are made from the global configuration mode. 7ther more specific modes are entered depending upon the configuration change that is re!uired. Mlobal configuration mode commands are used in a router to apply configuration statements that affect the system as a whole. %he following command moves the router into global configuration mode Router&configure terminal Router'config(& Bor con ig tC

6hen specific configuration modes are entered& the router prompt changes to indicate the current configuration mode. %yping e-it from one of these specific configuration modes will return the router to global configuration mode. >ressing Ctrl=Q returns the router to all 430 the way back privileged $I$, mode.

Con ig$ring a !o$ter5s Name


) router should be given a uni!ue name as one of the first configuration tasks. %his task is accomplished in global configuration mode using the following commands: Router'config(&hostname Tokyo )ok#o'config(& )s soon as the ,nter key is pressed& the prompt changes from the default host name *1outer- to the newly configured host name *which is %okyo in the 432 e8ample above-.

Setting the Clock with #el"

433

.essage 1 )he Day B.1)DC


) message-of-the-day *:7%<- banner can be displayed on all connected terminals. $nter global configuration mode by using the command con ig t $nter the command %anner motd R )he message o the day goes here R. Save changes by issuing the command co"y r$n start

255

Con ig$ring a Console +assword


>asswords restrict access to routers. >asswords should always be configured for virtual terminal lines and the console line. >asswords are also used to control access to privileged $I$, mode so that only authori"ed users may make changes to the configuration file. %he following commands are used to set an optional but recommended password on the console line: Router'config(&line console 0 Router'config*$ine(&password <password> Router'config*$ine(&login

254

Con ig$ring a .odem +assword


+f configuring a router via a modem you are most likely connected to the au8 port. %he method for configuring the au8 port is very similar to configuring the console port. Router'config(&line aux 0 Router'config*$ine(&password <password> Router'config*$ine(&login

252

Con ig$ring Inter aces


)n interface needs an +> )ddress and a Subnet :ask to be configured. )ll interfaces are AshutdownB by default. %he <,$ end of a serial interface needs a clock rate. Router&config t Router'config(&interface serial 0/1 Router'config*if(&ip address 200.100.50. 5 255.255.255.2!0 Router'config*if(&clock rate 5"000 Bre@$ired or serial DC, onlyC Router'config*if(&no shutdown Router'config*if(&exit Router'config(&int f0/0 Router'config*if(&ip address 150.100.50.25 255.255.255.0 Router'config*if(&no shutdown Router'config*if(&exit Router'config(&exit Router& 1n older ro$ters, Serial 0I; wo$ld %e G$st Serial ; and 0I0 wo$ld %e e0. s L serial e L ,thernet L ast ,thernet
253

Con ig$ring a )elnet +assword


) password must be set on one or more of the virtual terminal *=%N- lines for users to gain remote access to the router using %elnet. %ypically ,isco routers support five =%N lines numbered 5 through #. %he following commands are used to set the same password on all of the =%N lines: Router'config(&line #ty 0 ! Router'config*$ine(&password <password> Router'config*$ine(&login
25#

,-amining the show Commands


%here are many show commands that can be used to e8amine the contents of files in the router and for troubleshooting. +n both privileged $I$, and user $I$, modes& the command show 4 provides a list of available show commands. %he list is considerably longer in privileged $I$, mode than it is in user $I$, mode. show inter aces O <isplays all the statistics for all the interfaces on the router. show int s0I; O <isplays statistics for interface Serial 594 show controllers serial O <isplays information-specific to the interface hardware show clock O Shows the time set in the router show hosts O <isplays a cached list of host names and addresses show $sers O <isplays all users who are connected to the router show history O <isplays a history of commands that have been entered show lash O <isplays info about flash memory and what +7S files are stored there show version O <isplays info about the router and the +7S that is running in 1): show A!+ O <isplays the )1> table of the router show start O <isplays the saved configuration located in '=1): show r$n O <isplays the configuration currently running in 1): show "rotocol O <isplays the global and interface specific status of any configured .ayer 3 protocols
25(

)he co"y r$n t t" Command

25/

)he co"y t t" r$n Command

250

252

,thernet 1verview
$thernet is now the dominant .)' technology in the world. $thernet is not one technology but a family of .)' technologies. )ll .)'s must deal with the basic issue of how individual stations *nodes- are named& and $thernet is no e8ception. $thernet specifications support different media& bandwidths& and other .ayer 4 and 2 variations. owever& the basic frame format and addressing scheme is the same for all varieties of $thernet. 253

,thernet and the 1SI .odel


$thernet operates in two areas of the 7S+ model& the lower half of the data link layer& known as the :), sublayer and the physical layer
245

,thernet )echnologies .a""ed to the 1SI .odel

244

/ayer 2 Araming
;raming is the .ayer 2 encapsulation process. ) frame is the .ayer 2 protocol data unit. %he frame format diagram shows different groupings of bits *fields- that perform other functions.

242

,thernet and I,,, Arame Aormats are 3ery Similar

243

3 Common /ayer 2 )echnologies


,thernet ?ses ,S:)9,< logical bus topology *information flow is on a linear busphysical star or e8tended star *wired as a star)oken !ing logical ring topology *information flow is controlled in a ring- and a physical star topology *in other words& it is wired as a starADDI logical ring topology *information flow is controlled in a ring- and physical dualring topology*wired as a dual-ring-

24#

Collision Domains
%o move data between one $thernet station and another& the data often passes through a repeater. )ll other stations in the same collision domain see traffic that passes through a repeater. ) collision domain is then a shared resource. >roblems originating in one part of the collision domain will usually impact the entire collision domain.
24(

CS.AICD 6ra"hic

24/

&acko
)fter a collision occurs and all stations allow the cable to become idle *each waits the full interframe spacing-& then the stations that collided must wait an additional and potentially progressively longer period of time before attempting to retransmit the collided frame. %he waiting period is intentionally designed to be random so that two stations do not delay for the same amount of time before retransmitting& which would result in more collisions.

240

242

ierarchical )ddressing ?sing =ariable-.ength Subnet :asks

2003, Cisco Systems, Inc. All rights reserved.

2;M

>refi8 .ength and 'etwork :ask


!ange o Addresses> ;M2.;8K.;.8: thro$gh ;M2.;8K.;.7M
#ave the irst 2K %its in common, which is re"resented %y a I2K "re i- length 2K %its in common can also %e re"resented in dotted decimal as 299.299.299.2:0 &inary ones in the network mask re"resent network %its in the accom"anying I+ addressS %inary 2eros re"resent host %its ;;000000.;0;0;000.0000000;.0;00xxxx I+ Address ;;;;;;;;.;;;;;;;;.;;;;;;;;.;;;;0000 Network .ask
Ao$rth 1ctet
/# 54555555 /( 54555554 // 54555545 /0 54555544 /2 54555455 /3 54555454 05 54555445 04 54555444 02 54554555 03 54554554 0# 54554545 0( 54554544 0/ 54554455 00 54554454 02 54554445 03 54554444
225

In the I+ network n$m%er that accom"anies the network mask, when the host %its o the I+ network n$m%er are>
All %inary 2eros F that address is the %ottom o the address range All %inary ones F that address is the to" o the address range

+mplementing =.S:

224

1ange 7f )ddresses for =.S:

222

Breakdown )ddress Space for .argest Subnet

223

Breakdown )ddress Space for $thernets at 1emote Sites

22#

)ddress Space for Serial Subnets

22(

,alculating =.S:: Binary

22/

1oute Summari"ation and ,lassless +nterdomain 1outing

2003, Cisco Systems, Inc. All rights reserved.

227

6hat +s 1oute Summari"ationJ

222

Summari"ing 6ithin an 7ctet

223

Summari"ing )ddresses in a =.S:-<esigned 'etwork

235

,lassless +nterdomain 1outing


O ,+<1 is a mechanism developed to alleviate e8haustion of addresses and reduce routing table si"e. O Block addresses can be summari"ed into single entries without regard to the classful boundary of the network number. O Summari"ed blocks are installed in routing tables.

234

6hat +s ,+<1J

Addresses are the same as in the ro$te s$mmari2ation ig$re, e-ce"t that Class & network ;72 has %een re"laced %y Class C network ;M2. 232

,+<1 $8ample

233

23#

Anatomy o an I+ +acket
+> packets consist of the data from upper layers plus an +> header. %he +> header consists of the following:

23(

Introd$cing !o$ting
1outing is the process that a router uses to forward packets toward the destination network. ) router makes decisions based upon the destination +> address of a packet. )ll devices along the way use the destination +> address to point the packet in the correct direction so that the packet eventually arrives at its destination. +n order to make the correct decisions& routers must learn the direction to remote networks.

23/

Con ig$ring Static !o$tes %y S"eci ying 1$tgoing Inter aces

230

Con ig$ring Static !o$tes %y S"eci ying Ne-t=#o" Addresses

232

Administrative Distance
%he administrative distance is an optional parameter that gives a measure of the reliability of the route. %he range of an )< is 5-2(( where smaller numbers are more desireable. %he default administrative distance when using ne8t-hop address is 4& while the default administrative distance when using the outgoing interface is 5. Nou can statically assign an )< as follows:

Router'config(&ip route 1 2.1".$.0 255.255.255.0 1 2.1".!.1 130


Sometimes static routes are used for backup purposes. ) static route can be configured on a router that will only be used when the dynamically learned route has failed. %o use a static route in this manner& simply set the administrative distance higher than that of the dynamic routing protocol being used. 233

Con ig$ring De a$lt !o$tes


<efault routes are used to route packets with destinations that do not match any of the other routes in the routing table. ) default route is actually a special static route that uses this format: ip route 5.5.5.5 5.5.5.5 Pnext-hop-address Q outgoing interfaceR %his is sometimes referred to as a ASuad-TeroB route. $8ample using ne8t hop address: Router'config(&ip route 0.0.0.0 0.0.0.0 1 2.1".!.1 $8ample using the e8it interface: Router'config(&ip route 0.0.0.0 0.0.0.0 s0/0 2#5

3eri ying Static !o$te Con ig$ration


)fter static routes are configured it is important to verify that they are present in the routing table and that routing is working as e8pected. %he command show r$nning=con ig is used to view the active configuration in 1): to verify that the static route was entered correctly. %he show i" ro$te command is used to make sure that the static route is present in the routing table. 2#4

)ro$%le Shooting Static !o$te Con ig$ration

2#2

+ath Determination 6ra"hic

2#3

!o$ting +rotocol
!o$ter

Switch

!o$ter !o$ter Switch !o$ter

!o$ter

'hat is an o"timal ro$te 4

2##

!o$ting +rotocols
1outing protocols includes the following: processes for sharing route information allows routers to communicate with other routers to update and maintain the routing tables $8amples of routing protocols that support the +> routed protocol are: 1+>& +M1>& 7S>;& BM>& and $+M1>.
2#(

!o$ting +rotocols

2#/

!o$ted +rotocols
>rotocols used at the network layer that transfer data from one host to another across a router are called routed or routable protocols. %he +nternet >rotocol *+>- and 'ovellHs +nternetwork >acket $8change *+>I- are e8amples of routed protocols. 1outers use routing protocols to e8change routing tables and share routing information. +n other words& routing protocols enable routers to route routed protocols.

2#0

!o$ted +rotocols

2#2

A$tonomo$s System

)n )utonomous System *)S- is a group of +> networks& which has a single and clearly defined e8ternal routing policy.

,6+
$8terior Mateway >rotocols are used for routing between )utonomous Systems

AS ;000

AS 3000

I6+ AS 2000
+nterior Mateway >rotocols are used for routing decisions within an )utonomous System.

2#3
;ig. #2 +M> and $M> *%+4332$?52%+K555# %he 'etwork .ayer& /0-

Interior 6ateway +rotocol BI6+C

,-terior 6ateway +rotocol B,6+C

Interior 6ateway +rotocol BI6+C

AS ;000 ,6+ ,6+ I6+ ,6+

AS 3000

AS 2000

2(5
;ig. #3 %he use of +M> and $M> protocols *%+4332$?52%+K555# %he 'etwork .ayer& /0-

I6+ and ,6+


)n autonomous system is a network or set of networks under common administrative control& such as the cisco.com domain.

2(4

Categories o !o$ting +rotocols


:ost routing algorithms can be classified into one of two categories:

distance vector link-state

%he distance vector routing approach determines the direction *vector- and distance to any link in the internetwork. %he link-state approach& also called shortest path first& recreates the e8act topology of the entire internetwork.
2(2

Distance 3ector !o$ting Conce"ts

2(3

Distance 3ector !o$ting BD3!C


Destination ;M2.;8.;.0 ;M2.;8.9.0 ;M2.;8.7.0 Distance ; ; 2 !o$ting ta%le contains the addresses o destinations and the distance o the way to this destination.

2 4
!o$ter A

ops

op
!o$ter &

op
!o$ter C !o$ter D

;M2.;8.;.0

Alow o ro$ting in ormation ;M2.;8.9.0

;M2.;8.7.0

2(#

!o$ting )a%les 6ra"hic

2((

Distance 3ector )o"ology Changes

2(/

!o$ter .etric Com"onents

2(0

Distance 3ector !o$ting BD3!C


;M2.;8.3.0 ;M2.;8.2.0
!o$ter A !o$ter & !o$ter C

;M2.;8.8.0
!o$ter D

;M2.;8.;.0

;M2.;8.:.0

;M2.;8.7.0

;M2.;8.9.0

;M2.;8.;.0 ;M2.;8.2.0

0 0

/ /

;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0

0 0 0 0 0 0 ; ; ;

/ / / / / / A C C

;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.3.0 ;M2.;8.2.0 ;M2.;8.7.0

0 0 0 0 0 0 ; ; ;

/ / / / / / & & D

;M2.;8.8.0 ;M2.;8.7.0

0 0

/ /

;M2.;8.;.0 ;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0

0 0 ; ;

/ / & &

;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0 ;M2.;8.;.0 ;M2.;8.9.0 ;M2.;8.8.0

;M2.;8.8.0 ;M2.;8.7.0 ;M2.;8.9.0 ;M2.;8.:.0

0 0 ; ;

/ / C C

/ocally connected

2(2

Distance 3ector !o$ting BD3!C


;M2.;8.;.0 ;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 0 0 ; ; 2 2 / / & & & & ;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0 ;M2.;8.;.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.7.0 0 0 0 ; ; ; 2 / / / A C C C ;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.3.0 ;M2.;8.2.0 ;M2.;8.7.0 ;M2.;8.;.0 0 0 0 ; ; ; 2 / / / & & D & ;M2.;8.8.0 ;M2.;8.7.0 ;M2.;8.9.0 ;M2.;8.:.0 ;M2.;8.3.0 ;M2.;8.2.0 0 0 ; ; 2 2 / / C C C C

;M2.;8.;.0 ;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.7.0

0 0 ; ; 2 2 3

/ / & & & & &

;M2.;8.2.0 ;M2.;8.3.0 ;M2.;8.:.0 ;M2.;8.;.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.7.0

0 0 0 ; ; ; 2

/ / / A C C C

;M2.;8.:.0 ;M2.;8.9.0 ;M2.;8.8.0 ;M2.;8.3.0 ;M2.;8.2.0 ;M2.;8.7.0 ;M2.;8.;.0

0 0 0 ; ; ; 2

/ / / & & D &

;M2.;8.8.0 ;M2.;8.7.0 ;M2.;8.9.0 ;M2.;8.:.0 ;M2.;8.3.0 ;M2.;8.2.0 ;M2.;8.;.0

0 0 ; ; 2 2 3

/ / C C C C C

2(3
;ig. (3 <istribution of routing information with distance vector routing protocol *cont.- *%+4332$?52%+K555# %he 'etwork .ayer& 04-

1+>v4
<istance =ector 1outing >rotocol& classful <istribution of 1outing %ables via broadcast to adEacent routers 7nly one kind of metric: 'umber of ops ,onnections with different bandwidth can not be weighted 1outing loops can occur -U bad convergence in case of a failure ,ount to infinity problem *infinity F 4/:a8imum network si"e is limited by the number of hops
;ig. (3 >roperties of 1+>v4 *%+4332$?52%+K555# %he 'etwork .ayer& 24-

2/5

!I+ Characteristics

2/4

!I+=; "ermits only a Single S$%net .ask


+ort ; ;30.2:.;3.;I2: ;30.2:.;3.0I2:

1+>-4: 435.2#.3/.5 ;30.2:.29.0I2:


!o$ter A

1+>-4: 435.2#.3/.5

1+>-4: 435.2#.5.5 +ort 2 200.;:.;3.2I2: 200.;:.;3.0I2:

;30.2:.38.0I2:

2/2
;ig. /5 1+>-4 permits only a single subnet mask *%+4332$?52%+K555# %he 'etwork .ayer& 23-

!o$ter Con ig$ration


%he ro$ter command starts a routing process. %he network command is re!uired because it enables the routing process to determine which interfaces participate in the sending and receiving of routing updates. )n e8ample of a routing configuration is:

G+,'config(&router rip G+,'config*router(&network 1 2.1".0.0


%he network numbers are based on the network class addresses& not subnet addresses or individual host addresses.
2/3

Con ig$ring !I+ ,-am"le

2/#

3eri ying !I+ Con ig$ration

2/(

)he de%$g i" ri" Command


:ost of the 1+> configuration errors involve an incorrect network statement& discontiguous subnets& or split hori"ons. 7ne highly effective command for finding 1+> update issues is the de%$g i" ri" command. %he de%$g i" ri" command displays 1+> routing updates as they are sent and received.

2//

1outing loops can occur when inconsistent routing tables are not updated due to slow convergence in a changing network.

+ro%lem> !o$ting /oo"s

2/0

+ro%lem> Co$nting to In inity

2/2

Sol$tion> De ine a .a-im$m

2/3

Sol$tion> S"lit #ori2on

205

!o$te +oisoning
1oute poisoning is used by various distance vector protocols in order to overcome large routing loops and offer e8plicit information when a subnet or network is not accessible. %his is usually accomplished by setting the hop count to one more than the ma8imum.

204

)riggered ?"dates
'ew routing tables are sent to neighboring routers on a regular basis. ;or e8ample& 1+> updates occur every 35 seconds. owever a triggered update is sent immediately in response to some change in the routing table. %he router that detects a topology change immediately sends an update message to adEacent routers that& in turn& generate triggered updates notifying their adEacent neighbors of the change. 6hen a route fails& an update is sent immediately rather than waiting on the update timer to e8pire. %riggered updates& used in conEunction with route poisoning& ensure that all routers know of failed routes before any holddown timers can e8pire.
202

)riggered ?"dates 6ra"hic

203

Sol$tion> #olddown )imers

20#

I6!+
+nterior Mateway 1outing >rotocol *+M1>- is a proprietary protocol developed by ,isco. Some of the +M1> key design characteristics emphasi"e the following: +t is a distance vector routing protocol. 1outing updates are broadcast every 35 seconds. Bandwidth& load& delay and reliability are used to create a composite metric.
20(

I6!+ Sta%ility Aeat$res


+M1> has a number of features that are designed to enhance its stability& such as: olddowns Split hori"ons >oison reverse updates #olddowns olddowns are used to prevent regular update messages from inappropriately reinstating a route that may not be up. S"lit hori2ons Split hori"ons are derived from the premise that it is usually not useful to send information about a route back in the direction from which it came. +oison reverse $"dates Split hori"ons prevent routing loops between adEacent routers& but poison reverse updates are necessary to defeat larger routing loops. %oday& +M1> is showing its age& it lacks support for variable length subnet masks *=.S:-. 1ather than develop an +M1> version 2 to correct this problem& ,isco has 20/ built upon +M1>Hs legacy of success with $nhanced +M1>.

Con ig$ring I6!+

200

!o$ting .etrics 6ra"hics

202

/ink State Conce"ts

203

/ink State )o"ology Changes

225

/ink State !o$ting B/S!C


.S>: V:y links to 12 and 1# are upA

S+A !o$ting )a%le

.S>: V:y links to 14 and 13 are up. :y link to 12 is down.A !o$ter :

!o$ter ;

!o$ter 2 .S>: V:y links to 14 and 13 are up& my link to 1# is down.A

!o$ter 3 .S>: V:y links to 12 and 1# are up.A

.S>....link state packet S>;... shortest path first

224

/ink State Concerns

222

/ink State !o$ting B/S!C ; !o$ter A !o$ter C :

2 : !o$ter &

2 ; !o$ter D /ink State Data%ase

!o$ter ,

&=2 C=; !o$ter A

A=2 D=: !o$ter &

A=; D=2 ,=: !o$ter C

C=2 &=: ,=; !o$ter D

C=: D=; !o$ter ,

A & C D , A C

& D , D ,

C A & ,

D C A & 223

/ink State !o$ting Aeat$res


.ink-state algorithms are also known as <iEkstras algorithm or as S>; *shortest path firstalgorithms. .ink-state routing algorithms maintain a comple8 database of topology information. %he distance vector algorithm are also known as Bellman-;ord algorithms. %hey have nonspecific information about distant networks and no knowledge of distant routers. ) link-state routing algorithm maintains full knowledge of distant routers and how they interconnect. .ink-state routing uses: /ink=state advertisements B/SAsC ) link-state advertisement *.S)- is a small packet of routing information that is sent between routers. )o"ological data%ase ) topological database is a collection of information gathered from .S)s. S+A algorithm %he shortest path first *S>;- algorithm is a calculation performed on the database resulting in the S>; tree. !o$ting ta%les F ) list of the known paths and interfaces.
22#

/ink State !o$ting

22(

Com"aring !o$ting .ethods

22/

1S+A B1"en Shortest +ath AirstC +rotocol

2003, Cisco Systems, Inc. All rights reserved.

2K7

7S>; is a .ink-State 1outing >rotocols


O .ink-state *.S- routers recogni"e much more information
about the network than their distance-vector counterparts&,onse!uently .S routers tend to make more accurate decisions.

O .ink-state routers keep track of the following:


%heir neighbours )ll routers within the same area Best paths toward a destination

222

.ink-State <ata Structures


O 'eighbor table:

)lso known as the adEacency database *list of recogni"ed neighbors-

O %opology table:

%ypically referred to as .S<B *routers and links in the area or network )ll routers within an area have an identical .S<B

O 1outing table:

,ommonly named a forwarding database *list of best paths to destinations-

223

1S+A vs. !I+


1+> is limited to 4( hops& it converges slowly& and it sometimes chooses slow routes because it ignores critical factors such as bandwidth in route determination. 7S>; overcomes these limitations and proves to be a robust and scalable routing protocol suitable for the networks of today.

235

1S+A )erminology
%he ne8t several slides e8plain various 7S>; terms -one per slide.

234

1S+A )erm> /ink

232

1S+A )erm> /ink State

233

1S+A )erm> Area

23#

1S+A )erm> /ink Cost

23(

1S+A )erm> Aorwarding Data%ase

23/

1S+A )erm> AdGacencies Data%ase

230

1S+A )erms> D! 0 &D!

232

.ink-State <ata Structure: 'etwork ierarchy


.ink-state routing re!uires a hierachical network structure that is enforced by 7S>;. %his two-level hierarchy consists of the following:
%ransit area *backbone or area 5 1egular areas *nonbackbone areas-

233

7S>; )reas

355

)rea %erminology

354

.S <ata Structures: )dEacency <atabase


O 1outers discover neighbors by e8changing hello packets. O 1outers declare neighbors to be up after checking certain parameters or options in the hello packet. O >oint-to-point 6)' links:
Both neighbors become fully adEacent.

O .)' links:
'eighbors form an adEacency with the <1 and B<1. :aintain two-way state with the other routers *<17% $1s-.

O 1outing updates and topology information are only passed between adEacent routers.

352

7S>; )dEacencies

!o$ters %$ild logical adGacencies %etween each other $sing the #ello +rotocol. 1nce an adGacency is ormed> /S data%ase "ackets are e-changed to synchroni2e
each other5s /S data%ases. $sing these adGacencies.

/SAs are looded relia%ly thro$gho$t the area or network


353

/ink State !o$ting 6ra"hic

35#

7pen Shortest >ath ;irst ,alculation


1outers find the best paths to destinations by applying <iEkstra@s S>; algorithm to the link-state database as follows:
O $very router in an area has the identical link-state database. O $ach router in the area places itself into the root of the tree that is built. O %he best path is calculated with respect to the lowest total cost of links to a specific destination. O Best routes are put into the forwarding database.
35(

7S>; >acket %ypes

35/

7S>; >acket

eader ;ormat

350

'eighborship

352

$stablishing Bidirectional ,ommunication

353

$stablishing Bidirectional ,ommunication *,ont.-

345

$stablishing Bidirectional ,ommunication *,ont.-

344

$stablishing Bidirectional ,ommunication

342

<iscovering the 'etwork 1outes

343

<iscovering the 'etwork 1outes

34#

)dding the .ink-State $ntries

34(

)dding the .ink-State $ntries *,ont.-

34/

)dding the .ink-State $ntries

340

:aintaining 1outing +nformation

!o$ter A noti ies all 1S+A D!s on 22:.0.0.8


342

:aintaining 1outing +nformation *,ont.-

!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
343

:aintaining 1outing +nformation *,ont.-

!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
325

:aintaining 1outing +nformation

!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
324

,onfiguring Basic 7S>;: Single )rea


%outer&config'(

router ospf process-id

)$rns on one or more 1S+A ro$ting "rocesses in the I1S so tware.


%outer&config*router'(

network address inverse-mask area )area*id+

!o$ter 1S+A s$%ordinate command that de ines the inter aces B%y network n$m%erC that 1S+A will r$n on. ,ach network n$m%er m$st %e de ined to a s"eci ic area.
322

,onfiguring 7S>; on +nternal 1outers of a Single )rea

323

=erifying 7S>; 7peration


%outer(

show ip protocols

3eri ies the con ig$red I+ ro$ting "rotocol "rocesses, "arameters and statistics
%outer(

show ip route ospf

Dis"lays all 1S+A ro$tes learned %y the ro$ter


%outer(

show ip ospf interface

Dis"lays the 1S+A ro$ter ID, area ID and adGacency in ormation

32#

=erifying 7S>; 7peration *,ont.%outer(

show ip ospf

Dis"lays the 1S+A ro$ter ID, timers, and statistics


%outer(

show ip ospf neigh,or )detail+

Dis"lays in ormation a%o$t the 1S+A neigh%ors, incl$ding Designated !o$ter BD!C and &ack$" Designated !o$ter B&D!C in ormation on %roadcast networks
32(

%he show ip route ospf ,ommand


%outer-( show ip route ospf .odes/ . * connected0 1 * static0 2 * 23%40 % * %240 5 * mo,ile0 6 * 6340 7 * 823%40 89 * 823%4 external0 : * :14;0 2- * :14; inter area0 81 * :14; external type 10 82 * :14; external type 20 8 * 8340 i * 21*210 <1 * 21*21 le#el*10 <2 * 21*21 le#el*20 = * candidate default 3ateway of last resort is not set 10.0.0.0 255.255.255.0 is su,netted0 2 su,nets : 10.2.1.0 )110/10+ #ia 10."!.0.20 00/00/500 8thernet0

32/

%he show ip ospf interface ,ommand


%outer-( show ip ospf interface e0 8thernet0 is up0 line protocol is up 2nternet -ddress 10."!.0.1/2!0 -rea 0 4rocess 27 10 %outer 27 10."!.0.10 >etwork Type 6%:-7.-1T0 .ost/ 10 Transmit 7elay is 1 sec0 1tate 7%:T?8%0 4riority 1 7esignated %outer &27' 10."!.0.20 2nterface address 10."!.0.2 6ackup 7esignated router &27' 10."!.0.10 2nterface address 10."!.0.1 Timer inter#als configured0 ?ello 100 7ead !00 @ait !00 %etransmit 5 ?ello due in 00/00/0! >eigh,or .ount is 10 -dAacent neigh,or count is 1 -dAacent with neigh,or 10."!.0.2 &7esignated %outer' 1uppress hello for 0 neigh,or&s'

320

%he show ip ospf neighbor ,ommand


%outer6( show ip ospf neigh,or
>eigh,or 27 10."!.1.1 10.2.1.1 4ri 1 1 1tate ;B<</67% ;B<</* 7ead Time 00/00/$1 00/00/$C -ddress 10."!.1.1 10.2.1.1 2nterface 8thernet0 1erial0

322

show i" "rotocol

show i" ro$te

323

show i" os" neigh%or detail

show i" os" data%ase

335

1S+A Network )y"es = ;

334

>oint-to->oint .inks

?s$ally a serial inter ace r$nning either +++ or #D/C .ay also %e a "oint=to="oint s$%inter ace r$nning Arame !elay or A). No D! or &D! election re@$ired 1S+A a$todetects this inter ace ty"e 1S+A "ackets are sent $sing m$lticast 22:.0.0.9
332

:ulti-access Broadcast 'etwork

6enerally /AN technologies like ,thernet and )oken !ing D! and &D! selection re@$ired All neigh%or ro$ters orm $ll adGacencies with the D! and &D! only +ackets to the D! $se 22:.0.0.8 +ackets rom D! to all other ro$ters $se 22:.0.0.9
333

$lecting the <1 and B<1

#ello "ackets are e-changed via I+ m$lticast. )he ro$ter with the highest 1S+A "riority is selected as the D!. ?se the 1S+A ro$ter ID as the tie %reaker. )he D! election is non"reem"tive.
33#

Setting >riority for <1 $lection


%outer&config*if'( ip ospf priority number

)his inter ace con ig$ration command assigns the 1S+A "riority to an inter ace. Di erent inter aces on a ro$ter may %e assigned di erent val$es. )he de a$lt "riority is ;. )he range is rom 0 to 299. 0 means the ro$ter is a D!1)#,!S it can5t %e the D! or &D!.
33(

1S+A Network )y"es = 2

33/

,reation of )dEacencies
%outer-( de,ug ip ospf adA 4oint*to*point interfaces coming up/ >o election D<2>E*$*B47:@>/ 2nterface 1erial10 changed state to up :14;/ 2nterface 1erial1 going Bp :14;/ %c# hello from 1F2.1"C.0.11 area 0 from 1erial1 10.1.1.2 :14;/ 8nd of hello processing :14;/ 6uild router <1- for area 00 router 27 1F2.1"C.0.10 :14;/ %c# 767 from 1F2.1"C.0.11 on 1erial1 seG 0x20.! opt 0x2 flag 0x len $2 state 2>2T :14;/ 2 @ay .ommunication to 1F2.1"C.0.11 on 1erial10 state 2@-H :14;/ 1end 767 to 1F2.1"C.0.11 on 1erial1 seG 0x1" ; opt 0x2 flag 0x len $2 :14;/ >6% >egotiation 7one. @e are the 1<-I8 :14;/ 1end 767 to 1F2.1"C.0.11 on 1erial1 seG 0x20.! opt 0x2 flag 0x2 len 2

330

,reation of )dEacencies *,ont.%outer-( de,ug ip ospf adA 8thernet interface coming up/ 8lection :14;/ 2 @ay .ommunication to 1F2.1"C.0.10 on 8thernet00 state 2@-H :14;/ end of @ait on interface 8thernet0 :14;/ 7%/67% election on 8thernet0 :14;/ 8lect 67% 1F2.1"C.0.12 :14;/ 8lect 7% 1F2.1"C.0.12 7%/ 1F2.1"C.0.12 &2d' 67%/ 1F2.1"C.0.12 &2d' :14;/ 1end 767 to 1F2.1"C.0.12 on 8thernet0 seG 0x5!" opt 0x2 flag 0x <J> :14;/ 7%/67% election on 8thernet0 :14;/ 8lect 67% 1F2.1"C.0.11 :14;/ 8lect 7% 1F2.1"C.0.12 7%/ 1F2.1"C.0.12 &2d' 67%/ 1F2.1"C.0.11 &2d'

len $2

332

333

1verview
$nhanced +nterior Mateway 1outing >rotocol *$+M1>- is a ,iscoproprietary routing protocol based on +nterior Mateway 1outing >rotocol *+M1>-. ?nlike +M1>& which is a classful routing protocol& $+M1> supports ,+<1 and =.S:. ,ompared to +M1>& $+M1> boasts faster convergence times& improved scalability& and superior handling of routing loops. ;urthermore& $+M1> can replace 'ovell 1outing +nformation >rotocol *1+>- and )pple%alk 1outing %able :aintenance >rotocol *1%:>-& serving both +>I and )pple%alk networks with powerful efficiency. $+M1> is often described as a hybrid routing protocol& offering the best of distance vector and link-state algorithms.
3#5

Com"aring ,I6!+ with I6!+


+M1> and $+M1> are compatible with each other. $+M1> offers multiprotocol support& but +M1> does not. $+M1> and +M1> use different metric calculations. $+M1> scales the metric of +M1> by a factor of 2(/. +M1> has a ma8imum hop count of 2((. $+M1> has a ma8imum hop count limit of 22#. $nabling dissimilar routing protocols such as 7S>; and 1+> to share information re!uires advanced configuration. 1edistribution& the sharing of routes& is automatic between +M1> and $+M1> as long as both processes use the same 3#4 autonomous system *)S- number.

,I6!+ 0 I6!+ .etric Calc$lation

3#2

Com"aring ,I6!+ with I6!+

3#3

Com"aring ,I6!+ with I6!+

3##

,I6!+ Conce"ts 0 )erminology


$+M1> routers keep route and topology information readily available in 1):& so they can react !uickly to changes. .ike 7S>;& $+M1> saves this information in several tables and databases. $+M1> saves routes that are learned in specific ways. 1outes are given a particular status and can be tagged to provide additional useful information. $+M1> maintains three tables: 'eighbor table %opology table 1outing table

3#(

Neigh%or )a%le
%he neighbor table is the most important table in $+M1>. $ach $+M1> router maintains a neighbor table that lists adEacent routers. %his table is comparable to the adEacency database used by 7S>;. %here is a neighbor table for each protocol that $+M1> supports. 6hen a neighbor sends a hello packet& it advertises a hold time. %he hold time is the amount of time a router treats a neighbor as reachable and operational. +n other words& if a hello packet is not heard within the hold time& then the hold time e8pires. 6hen the hold time e8pires& the <iffusing ?pdate )lgorithm *<?).-& which is the $+M1> distance vector algorithm& is informed of the topology change and must recalculate the new topology.
3#/

)o"ology )a%le
%he topology table is made up of all the $+M1> routing tables in the autonomous system. <?). takes the information supplied in the neighbor table and the topology table and calculates the lowest cost routes to each destination. By tracking this information& $+M1> routers can identify and switch to alternate routes !uickly. %he information that the router learns from the <?). is used to determine the successor route& which is the term used to identify the primary or best route. ) copy is also placed in the topology table. $very $+M1> router maintains a topology table for each configured network protocol. )ll learned routes to a destination are maintained in the topology table.
3#0

!o$ting )a%le
%he $+M1> routing table holds the best routes to a destination. %his information is retrieved from the topology table. $ach $+M1> router maintains a routing table for each network protocol. ) successor is a route selected as the primary route to use to reach a destination.<?). identifies this route from the information contained in the neighbor and topology tables and places it in the routing table. %here can be up to four successor routes for any particular route. %hese can be of e!ual or une!ual cost and are identified as the best loop-free paths to a given destination. ) copy of the successor routes is also placed in the topology table. ) feasible successor *;S- is a backup route.%hese routes are identified at the same time the successors are identified& but they are only kept in the topology table. :ultiple feasible successors for a destination can be 3#2 retained in the topology table although it is not mandatory.

,I6!+ Data Str$ct$re


.ike 7S>;& $+M1> relies on different types of packets to maintain its various tables and establish comple8 relationships with neighbor routers. %he five $+M1> packet types are: ello )cknowledgment ?pdate Suery 1eply $+M1> relies on hello packets to discover& verify& and rediscover neighbor routers. 1ediscovery occurs if $+M1> routers do not receive hellos from each other for a hold time interval but then re-establish communication. $+M1> routers send hellos at a fi8ed but configurable interval& called the hello interval. %he default hello interval depends on the bandwidth of the interface. 7n +> networks& $+M1> routers send hellos to the multicast +> address 22#.5.5.45.
3#3

De a$lt #ello Intervals and #old )imes or ,I6!+

3(5

,I6!+ Algorithm
%he sophisticated <?). algorithm results in the e8ceptionally fast convergence of $+M1>. $ach router constructs a topology table that contains information about how to route to a destination network. $ach topology table identifies the following: %he routing protocol or $+M1> %he lowest cost of the route& which is called ;easible <istance %he cost of the route as advertised by the neighboring router& which is called 1eported <istance %he %opology heading identifies the preferred primary route& called the successor route *Successor-& and& where identified& the backup route& called the feasible successor *;S-. 'ote that it is not necessary to have an identified feasible successor.
3(4

AS !o$te Selection !$les

3(2

D?A/ ,-am"le

3(3

Con ig$ring ,I6!+

3(#

Con ig$ring ,I6!+ S$mmari2ation


$+M1> automatically summari"es routes at the classful boundary. %his is the boundary where the network address ends& as defined by classbased addressing. %his means that even though 1%, is connected only to the subnet 2.4.4.5& it will advertise that it is connected to the entire ,lass ) network& 2.5.5.5. +n most cases auto summari"ation is beneficial because it keeps routing tables as compact as possible.

3((

Con ig$ring ,I6!+ no=s$mmary


owever& automatic summari"ation may not be the preferred option in certain instances. %o turn off auto-summari"ation& use the following command: router'config*router(&no auto*summary

3(/

Con ig$ring ,I6!+ S$mmary Addersses .an$ally


6ith $+M1>& a summary address can be manually configured by configuring a prefi8 network. :anual summary routes are configured on a per-interface basis. router'config*if(&ip summary*address eigrp autonomous-systemnumber ip-address mask administrative-distance $+M1> summary routes have an administrative distance of ( by default. +n the graphic below& 1%, can be configured using the commands shown: 1%,*config-Wro$ter eigr" 2::8 1%,*config-router-Wno a$to=s$mmary 1%,*config-router-We-it 1%,*config-Winter ace serial 0I0 1%,*config-if-Wi" s$mmary=address eigr" 2::8 2.;.0.0 299.299.0.0

3(0

3eri ying the ,I6!+ Con ig$ration


%o verify the $+M1> configuration a number of show and debug commands are available. %hese commands are shown on the ne8t few slides.

3(2

show i" eigr" neigh%ors

show i" eigr" inter aces

3(3

show i" eigr" to"ology

show i" eigr" to"ology Oactive T "ending T s$ccessorsP


3/5

show i" eigr" to"ology all=links

show i" eigr" tra ic

3/4

Administrative Distances

3/2

Class $l and Classless !o$ting +rotocols

3/3

3/#

'hat are AC/s4


),.s are lists of conditions that are applied to traffic traveling across a routerHs interface. %hese lists tell the router what types of packets to accept or deny. )cceptance and denial can be based on specified conditions. ),.s can be created for all routed network protocols& such as +nternet >rotocol *+>- and +nternetwork >acket $8change *+>I-. ),.s can be configured at the router to control access to a network or subnet. Some ),. decision points are source and destination addresses& protocols& and upper-layer port numbers. ),.s must be defined on a per-protocol& per direction& or per port 3/( basis.

!easons to Create AC/s


%he following are some of the primary reasons to create ),.s: .imit network traffic and increase network performance. >rovide traffic flow control. >rovide a basic level of security for network access. <ecide which types of traffic are forwarded or blocked at the router interfaces. ;or e8ample: >ermit e-mail traffic to be routed& but block all telnet traffic. )llow an administrator to control what areas a client can access on a network. +f ),.s are not configured on the router& all packets passing 3// through the router will be allowed onto all parts of the network.

AC/s Ailter )ra ic 6ra"hic

3/0

#ow AC/s Ailter )ra ic

3/2

1ne /ist "er +ort, "er Destination, "er +rotocol...

3/3

#ow AC/s work.

305

Creating AC/s
),.s are created in the global configuration mode. %here are many different types of ),.s including standard& e8tended& +>I& )pple%alk& and others. 6hen configuring ),.s on a router& each ),. must be uni!uely identified by assigning a number to it. %his number identifies the type of access list created and must fall within the specific range of numbers that is valid for that type of list. Since +> is by far the most popular routed protocol& addition ),. numbers have been added to newer router +7Ss. Standard I+> ;300=;MMM ,-tended I+> 2000=28MM 304

)he access-list command

302

)he ip access-group command

X in Q o$t Y

303

AC/ ,-am"le

30#

&asic !$les or AC/s


%hese basic rules should be followed when creating and applying access lists: 7ne access list per protocol per direction. Standard +> access lists should be applied closest to the destination. $8tended +> access lists should be applied closest to the source. ?se the inbound or outbound interface reference as if looking at the port from inside the router. Statements are processed se!uentially from the top of list to the bottom until a match is found& if no match is found then the packet is denied. %here is an implicit deny at the end of all access lists. %his will not appear in the configuration listing. )ccess list entries should filter in the order from specific to general. Specific hosts should be denied first& and groups or general filters should come last. 'ever work with an access list that is actively applied. 'ew lines are always added to the end of the access list. ) no access=list x command will remove the whole list. +t is not possible to selectively add and remove lines with numbered ),.s. 7utbound filters do not affect traffic originating from the local router.
30(

'ildcard .ask ,-am"les


( $8amples follow that demonstrate how a wildcard mask can be used to permit or deny certain +> addresses& or +> address ranges. 6hile subnet masks start with binary 4s and end with binary 5s& wildcard masks are the reverse meaning they typically start with binary 5s and end with binary 4s. +n the e8amples that follow ,isco has chosen to represent the binary 4s in the wilcard masks with Is to focus on the specific bits being shown in each e8ample. Nou will see that while subnet masks were )'<ed with ip addresses& wildcard masks are 71ed with +> addresses. .
30/

Wildcard Mask Example #1

300

Wildcard Mask Example #2

302

Wildcard Mask Example #3

303

Wildcard Mask Example #4 - Even IPs

325

Wildcard Mask Example #5 -

dd IP#s

324

)he any and host Jeywords

322

3eri ying AC/s


%here are many show commands that will verify the content and placement of ),.s on the router. %he show i" inter ace command displays +> interface information and indicates whether any ),.s are set. %he show access=lists command displays the contents of all ),.s on the router. show access=list ; shows Eust access-list 4. %he show r$nning=con ig command will also reveal the access lists on a router and the interface assignment information.

323

Standard AC/s
Standard ),.s check the source address of +> packets that are routed. %he comparison will result in either permit or deny access for an entire protocol suite& based on the network& subnet& and host addresses. %he standard version of the access=list global configuration command is used to define a standard ),. with a number in the range of 4 to 33 *also from 4355 to 4333 in recent +7S-. +f there is no wildcard mask. the default mask is used& which is 5.5.5.5. *%his only works with Standard ),.s and is the same thing as using host.%he full synta8 of the standard ),. command is:

Router'config(&access*list access-list-number -den# . permit/ source [source-wildcard ] [log]


%he no form of this command is used to remove a standard ),.. %his is the synta8: 32# 1outer*config-Wno access=list access-list-number

,-tended AC/s
$8tended ),.s are used more often than standard ),.s because they provide a greater range of control. $8tended ),.s check the source and destination packet addresses as well as being able to check for protocols and port numbers. %he synta8 for the e8tended ),. statement can get very long and often will wrap in the terminal window. %he wildcards also have the option of using the host or any keywords in the command. )t the end of the e8tended ),. statement& additional precision is gained from a field that specifies the optional %ransmission ,ontrol >rotocol *%,>- or ?ser <atagram >rotocol *?<>- port number. .ogical operations may be specified such as& e!ual *e!-& not e!ual *ne!-& greater than *gt-& and less than *lt-& that the e8tended ),. will perform on specific protocols. $8tended ),.s use an access-list-number in the range 455 to 433 *also from 2555 to 2/33 in recent +7S-. 32(

,-tended AC/ Synta-

32/

'ell Jnown +ort N$m%ers

Dont forget that WWW or HTTP is 80

320

,-tended AC/ ,-am"le


%his e8tended ),. will allow people in network 255.455.(5.5 to surfing the internet& but not allow any other protocols like email& ftp& etc. access-list 454 permit tcp 255.455.(5.5 5.5.5.2(( any e! 25 or access-list 454 permit tcp 255.455.(5.5 5.5.5.2(( any e! www or access-list 454 permit tcp 255.455.(5.5 5.5.5.2(( any e! http NOTE: Just like all Standard AC s end !ith an implicit "den# an#"$ all Extended AC s end !ith an implicit "den# ip an# an#" !hich means den# the entire internet from an#!here to 322 an#!here%

i" access=gro$"
%he i" access=gro$" command links an e8isting standard or e8tended ),. to an interface. 1emember that only one ),. per interface& per direction& per protocol is allowed. %he format of the command is:

Router'config*if(&ip access*group access-list-number -in . out/

323

Named AC/s
+> named ),.s were introduced in ,isco +7S Software 1elease 44.2& allowing standard and e8tended ),.s to be given names instead of numbers. %he advantages that a named access list provides are: +ntuitively identify an ),. using an alphanumeric name. $liminate the limit of 032 simple and 033 e8tended ),.s 'amed ),.s provide the ability to modify ),.s without deleting them completely and then reconfiguring them. 'amed ),.s are not compatible with ,isco +7S releases prior to 1elease 44.2. %he same name may not be used for multiple ),.s.

335

Named AC/ ,-am"le

334

+lacing AC/s
%he general rule is to put the e8tended ),.s as close as possible to the source of the traffic denied. Standard ),.s do not specify destination addresses& so they should be placed as close to the destination as possible. ;or e8ample& in the graphic a standard ),. should be placed on ;a595 of 1outer < to prevent traffic from 1outer ).

332

333

+ermitting a Single #ost


1outer*config-W access=list ; "ermit 200.;00.90.23 0.0.0.0 or 1outer*config-W access=list ; "ermit host 200.;00.90.23 or 1outer*config-W access=list ; "ermit 200.;00.90.23 *%he implicit Adeny anyB ensures that everyone else is denied.1outer*config-W int e0 1outer*config-if-W i" access=gro$" ; in or 1outer*config-if-W i" access=gro$" ; o$t
33#

Denying a Single #ost


1outer*config-W access=list ; deny 200.;00.90.23 0.0.0.0 1outer*config-W access=list ; "ermit 0.0.0.0 299.299.299.299 or 1outer*config-W access=list ; deny host 200.;00.90.23 1outer*config-W access=list ; "ermit any *%he implicit Adeny anyB is still present& but totally irrelevant.1outer*config-W int e0 1outer*config-if-W i" access=gro$" ; in or 1outer*config-if-W i" access=gro$" ; o$t
33(

+ermitting a Single Network


Class C 1outer*config-W access=list ; "ermit 200.;00.90.0 0.0.0.299 or Class & 1outer*config-W access=list ; "ermit ;90.79.0.0 0.0.299.299 or Class A 1outer*config-W access=list ; "ermit ;3.0.0.0 0.299.299.299 *%he implicit Adeny anyB ensures that everyone else is denied.1outer*config-W int e0 1outer*config-if-W i" access=gro$" ; in or 1outer*config-if-W i" access=gro$" ; o$t

33/

Denying a Single Network


Class C 1outer*config-W access=list ; deny 200.;00.90.0 0.0.0.299 1outer*config-W access=list ; "ermit any or Class & 1outer*config-W access=list ; deny ;90.79.0.0 0.0.299.299 1outer*config-W access=list ; "ermit any or Class A 1outer*config-W access=list ; deny ;3.0.0.0 0.299.299.299 1outer*config-W access=list ; "ermit any *%he implicit Adeny anyB is still present& but totally irrelevant.330

+ermitting a Class C S$%net


'etwork )ddress9Subnet :ask: 255.455.(5.5922 <esired Subnet: 3rd >rocess: 32-22F# 2Z# F 4/ 4st ?sable Subnet address range it 255.455.(5.4/-34 2nd ?sable Subnet address range it 255.455.(5.32-#0 3rd ?sable Subnet address range it 255.455.(5.#2-/3 Subnet :ask is 2((.2((.2((.2#5 +nverse :ask is 5.5.5.4( or subtract 255.455.(5.#2 from 255.455.(5./3 to get 5.5.5.4( 1outer*config-W access=list ; "ermit 200.;00.90.:K 0.0.0.;9
332 *%he implicit Adeny anyB ensures that everyone else is denied.-

Denying a Class C S$%net


'etwork )ddress9Subnet :ask: 432./2.02.5920 ?ndesired Subnet: 2nd >rocess: 32-20F( 2Z(F32 4st ?sable Subnet address range it 432./2.02.32-/3 2nd ?sable Subnet address range it 432./2.02./#-3( Subnet :ask is 2((.2((.2((.22# +nverse :ask is 5.5.5.34 or subtract 432./2.02./# from 432./2.02.3( to get 5.5.5.34 1outer*config-W access=list ; deny ;M2.8K.72.8: 0.0.0.3; 1outer*config-W access=list ; "ermit any
333 *%he implicit Adeny anyB is still present& but totally irrelevant.-

+ermitting a Class & S$%net


'etwork )ddress9Subnet :ask: 4(5.0(.5.592# <esired Subnet: 423th >rocess: Since e8actly 2 bits are borrowed the 3rd octet will denote the subnet number. 423th ?sable Subnet address range it 4(5.0(.423.5-2((

Subnet :ask is 2((.2((.2((.5 +nverse :ask is 5.5.5.2(( or subtract 4(5.0(.423.5 from 4(5.0(.423.2(( to get 5.5.5.2(( 1outer*config-W access=list ; "ermit ;90.79.;2M.0 0.0.0.299
#55 *%he implicit Adeny anyB ensures that everyone else is denied.-

Denying a Class & S$%net


'etwork )ddress9Subnet :ask: 4/5.22.5.5922 ?ndesired Subnet: (5th >rocess: 32-22F45 *more than 4 octet- 45-2F2 2Z2F# 4st ?sable Subnet address range it 4/5.22.#.5-4/5.22.0.2(( 2nd ?sable Subnet address range it 4/5.22.2.5-4/5.22.44.2(( (5 [ # F 255 (5th subnet is 4/5.22.255.5-4/5.22.253.2((

Subnet :ask is 2((.2((.2(2.5 +nverse :ask is 5.5.3.2(( or subtract 4/5.22.255.5 from 4/5.22.253.2(( to get 5.5.3.2(( 1outer*config-W access=list ; deny ;80.KK.200.0 0.0.3.299 #54 1outer*config-W access=list ; "ermit any

+ermitting a Class A S$%net


'etwork )ddress9Subnet :ask: 444.5.5.5942 <esired Subnet: 43th >rocess: 32-42F25 25-4/F# 2Z#F4/ 4st ?sable Subnet address range is 444.4/.5.5-444.34.2((.2(( 43[4/F252 13th Usable Subnet address range is 111.208.0.0-111.223.255.255 Subnet :ask is 2((.2#5.5.5 +nverse :ask is 5.4(.2((.2(( or subtract 111.208.0.0 from 111.223.255.255 to get 0.15.255.255 1outer*config-W access=list ; "ermit ;;;.20K.0.0 0.;9.299.299 *%he implicit Adeny anyB ensures that everyone else is denied.#52

Denying a Class A S$%net


'etwork )ddress9Subnet :ask: #5.5.5.592# ?ndesired Subnet: (55th >rocess: Since e8actly 4/ bits were borrowed the 2nd and 3rd octet will denote the subnet. 4st ?sable Subnet address range is #5.5.4.5-#5.5.4.2(( 2((th ?sable Subnet address range is #5.5.2((.5-#5.5.2((.2(( 2(/th ?sable Subnet address range is #5.4.5.5-#5.4.5.2(( 355th ?sable Subnet address range is #5.4.##.5-#5.4.##.2(( (55th ?sable Subnet address range is #5.4.2##.5-#5.4.2##.2(( 1outer*config-W access=list ; deny :0.;.2::.0 0 0.0.0.299 1outer*config-W access=list ; "ermit any
#53

#5#

+ermit 200.;00.90.2:=;00 +lan A


access=list ; "ermit host 200.;00.90.2: access=list ; "ermit host 200.;00.90.29 access=list ; "ermit host 200.;00.90.28 access=list ; "ermit host 200.;00.90.27 access=list ; "ermit host 200.;00.90.2K > > > > > > > > access=list ; "ermit host 200.;00.90.M8 access=list ; "ermit host 200.;00.90.M7 access=list ; "ermit host 200.;00.90.MK access=list ; "ermit host 200.;00.90.MM access=list ; "ermit host 200.;00.90.;00 This would get ver tedious!

#5(

+ermit 200.;00.90.2:=;00 +lan &


access=list ; "ermit 200.;00.90.2: 0.0.0.7 '()-*+, access=list ; "ermit 200.;00.90.32 0.0.0.3; '*(--*, access=list ; "ermit 200.;00.90.8: 0.0.0.3; '-)-./, access=list ; "ermit 200.;00.90.M8 0.0.0.3 access=list ; "ermit host 200.;00.90.;00 '.--.., '+00,

*%he implicit Adeny anyB ensures that everyone else is denied.#5/

+ermit 200.;00.90.;8=;27 +lan A


access=list ; "ermit 200.;00.90.;8 0.0.0.;9 '+--*+, access=list ; "ermit 200.;00.90.32 0.0.0.3; '*(--*, access=list ; "ermit 200.;00.90.8: 0.0.0.83 '-)-+(1,
*%he implicit Adeny anyB ensures that everyone else is denied.-

#50

+ermit 200.;00.90.;8=;27 +lan &


access=list ; deny 200.;00.90.0 0.0.0.;9 '0-+/, access=list ; "ermit 200.;00.90.0 0.0.0.;27 '0-+(1,
;irst we make sure that addresses 5-4( are denied. %hen we can permit any address in the range 5-420. Since only the first matching statement in an ),. is applied an address in the range of 5-4( will be denied by the first statement before it has a chance to be permitted by the second. *%he implicit Adeny anyB ensures that everyone else is denied.#52

+ermit 200.;00.90.;,9,;3,2M,:2,77
access=list ; "ermit host 200.;00.90.; access=list ; "ermit host 200.;00.90.9 access=list ; "ermit host 200.;00.90.;3 access=list ; "ermit host 200.;00.90.2M access=list ; "ermit host 200.;00.90.:2 access=list ; "ermit host 200.;00.90.77
Sometimes a group of addresses has no pattern and the best way to deal with them is individually.
#53 *%he implicit Adeny anyB ensures that everyone else is denied.-

#45

+ermit So$rce Network


access=list ;0; "ermit i" 200.;00.90.0 0.0.0.299 0.0.0.0 299.299.299.299 or access=list ;0; "ermit i" 200.;00.90.0 0.0.0.299 any Implicit deny ip any any

#44

Deny So$rce Network


access=list ;0; deny i" 200.;00.90.0 0.0.0.299 0.0.0.0 299.299.299.299 access=list ;0; "ermit i" 0.0.0.0 299.299.299.299 0.0.0.0 299.299.299.299 or access=list ;0; deny i" 200.;00.90.0 0.0.0.299 any access=list ;0; "ermit i" any any Implicit deny ip any any is present but irrele ant!
#42

+ermit Destination Network


access=list ;0; "ermit i" 0.0.0.0 299.299.299.299 200.;00.90.0 0.0.0.299 or access=list ;0; "ermit i" any 200.;00.90.0 0.0.0.299 Implicit deny ip any any

#43

Deny Destination Network


access=list ;0; deny i" 0.0.0.0 299.299.299.299 200.;00.90.0 0.0.0.299 access=list ;0; "ermit i" 0.0.0.0 299.299.299.299 0.0.0.0 299.299.299.299 or access=list ;0; deny i" any 200.;00.90.0 0.0.0.299 access=list ;0; "ermit i" any any Implicit deny ip any any is present but irrele ant!
#4#

+ermit one So$rce Network to another Destination Network


)ssume the only traffic you want is traffic from network 255.455.(5.5 to network 4(5.0(.5.5

access=list ;0; "ermit i" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 Im"licit deny i" any any
%o allow 2 way traffic between the networks add this statement:

access=list ;0; "ermit i" ;90.79.0.0 0.0.299.299 #4( 200.;00.90.0 0.0.0.299

Deny one So$rce Network to another Destination Network


)ssume you want to allow all traffic $I,$>% from network 255.455.(5.5 to network 4(5.0(.5.5

access=list ;0; deny i" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 access=list ;0; "ermit i" any any
%o deny 2 way traffic between the networks add this statement:

access=list ;0; deny i" ;90.79.0.0 0.0.299.299 #4/ 200.;00.90.0 0.0.0.299

Deny A)+
)ssume you do not want anyone ;%>ing on the network.

access=list ;0; deny tc" any any e@ 2; access=list ;0; "ermit i" any any
or

access=list ;0; deny tc" any any e@ t" access=list ;0; "ermit i" any any
#40

Deny )elnet
)ssume you do not want anyone telnetting on the network.

access=list ;0; deny tc" any any e@ 23 access=list ;0; "ermit i" any any
or

access=list ;0; deny tc" any any e@ telnet access=list ;0; "ermit i" any any
#42

Deny 'e% S$r ing


)ssume you do not want anyone surfing the internet.

access=list ;0; deny tc" any any e@ K0 access=list ;0; "ermit i" any any
or

access=list ;0; deny tc" any any e@ www access=list ;0; "ermit i" any any "ou can also use #ttp instead o$ www!
#43

Com"licated ,-am"le R;
Suppose you have the following conditions: 'o one from 'etwork 255.455.(5.5 is allowed to ;%> anywhere 7nly hosts from network 4(5.0(.5.5 may telnet to network (5.5.5.5 Subnetwork 455.455.455.592# is not allowed to surf the internet

access=list ;0; deny tc" 200.;00.90.0 0.0.0.299 any e@ 2; access=list ;0; "ermit tc" ;90.79.0.0 0.0.299.299 90.0.0.0 0.299.299.299 e@ 23 access=list ;0; deny tc" any any e@ 23 access=list ;0; deny tc" ;00.;00.;00.0 0.0.0.299 any e@ K0 access=list ;0; "ermit i" any any
#25

Com"licated ,-am"le R2
Suppose you are the admin of network 255.455.(5.5. Nou want to permit $mail only between your network and network 4(5.0(.5.5. Nou wish to place no restriction on other protocols like web surfing& ftp& telnet& etc. $mail server send9receive >rotocol: S:%>& port 2( ?ser ,heck $mail >rotocol: >7>3& port 445 %his e8ample assumes the your $mail server is at addresses 255.455.(5.2(

access=list ;0; "ermit tc" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 e@ 29 access=list ;0; "ermit tc" ;90.79.0.0 0.0.299.299 200.;00.90.0 0.0.0.299 e@ 29 access=list ;0; "ermit tc" 200.;00.90.0 0.0.0.299 200.;00.90.0 0.0.0.299 e@ ;;0 access=list ;0; deny tc" any any smt" access=list ;0; deny tc" any any "o"3 #24 access=list ;0; "ermit i" any any

')%
'etwork )ddress %ranslator

#22
;ig. 3 ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 0-

'ew addressing concepts


>roblems with +>v#
Shortage o I+v: addresses Allocation o the last I+v: addresses is orecasted or the year 2009 Address classes were re"laced %y $sage o CID!, %$t this is not s$ icient

Short term solution


NA)> Network Address )ranslator

.ong term solution


I+v8 L I+ng BI+ ne-t generationC +rovides an e-tended address range #23
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

')%: 'etwork )ddress %ranslator


')%
)ranslates %etween local addresses and "$%lic ones .any "rivate hosts share ew glo%al addresses

>rivate 'etwork
?ses "rivate address range Blocal addressesC /ocal addresses may not %e $sed e-ternally

>ublic 'etwork
?ses "$%lic addresses +$%lic addresses are glo%ally $ni@$e #2#
;ig. # ow does ')% workJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-

realm with private addresses


translate reserve pool map

realm with public addresses

%o be translated ')%

e8clude

e8clude

')% 1outer

#2(
;ig. ( %ranslation mechanism *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-

free ')% >ool

) timeout value *default 4( min- instructs ')% how long to keep an association in an idle state before returning the e8ternal +> address to the free ')% pool.
#2/
;ig. 2 ow does ')% know when to return the public +> address to the poolJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 4(-

')% )ddressing %erms


+nside .ocal
O %he term AinsideB refers to an address used for a host inside an enterprise. +t is the actual +> address assigned to a host in the private enterprise network.

+nside Mlobal
O ')% uses an inside global address to represent the inside host as the packet is sent through the outside network& typically the +nternet. O ) ')% router changes the source +> address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.
#20

')% )ddressing %erms


7utside Mlobal
O %he term AoutsideB refers to an address used for a host outside an enterprise& the +nternet. O )n outside global is the actual +> address assigned to a host that resides in the outside network& typically the +nternet.

7utside .ocal
O ')% uses an outside local address to represent the outside host as the packet is sent through the private enterprise network. O ) ')% router changes a packet@s destination +> address& sent from an outside global address to an inside host& as the packet goes from the outside to the inside network.
#22

'AN !o$ter

!o$ter A with NA) !o$ter


S) F 433.(5.35.# <) F 432.(5.25.( S) F 45.#0.45.45 <) F 432.(5.25.(

!o$ter

!o$ter &

!o$ter

!o$ter .)'

Net & ;M2.90.20.0

.)' Net A ;0.0.0.0 ;0.:7.;0.;0

;M2.90.20.9

#23
;ig. 0 )n e8ample for ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-

6)'
')% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.# <) F432.0/.23.0 !o$ter S) F 45.5.5.45 <) F 432.0/.23.0 S) F 432.0/.23.0 <) F 45.5.5.45 S) F 432.0/.23.0 <) F 432.0/.22.# !o$ter

;3K.78.2M.7

'et ) 45.5.5.592
;0.0.0.;0

#35
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-

%ypes 7f ')%
%here are different types of ')% that can be used& which are
O Static ')% O <ynamic ')% O 7verloading ')% with >)% *')>%-

#34

Static ')%
6ith static ')%& the ')% router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf.

#32

Static ')%

#33

<ynamic ')%
.ike static ')%& the ')% router creates a oneto-one mapping between an inside local and inside global address and changes the +> addresses in packets as they e8it and enter the inside network. owever& the mapping of an inside local address to an inside global address happens dynamically.
#3#

<ynamic ')%
<ynamic ')% sets up a pool of possible inside global addresses and defines criteria for the set of inside local +> addresses whose traffic should be translated with ')%. %he dynamic entry in the ')% table stays in there as long as traffic flows occasionally. +f a new packet arrives& and it needs a ')% entry& but all the pooled +> addresses are in use& the router simply discards the packet.

#3(

>)%
>ort )ddress %ranslator

#3/
;ig. 3 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 40-

6)'
')>% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.#& sport F 452# <) F432.0/.23.0& dpor tF 23 !o$ter S) F 45.5.5.45& sport F 3540 <) F 432.0/.23.0& dpor tF 23 S) F 432.0/.23.0& spor tF 23 <) F 45.5.5.45& dport F 3540 S) F 432.0/.23.0& spor tF 23 <) F 432.0/.22.#& dport F 452# !o$ter

;3K.78.2M.7

'et ) 45.5.5.592
;0.0.0.;0

#30
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-

+A)with withe.g. e.g.a asingle singlepublic public+> +>address address +A)

single public +> address private +> network *e.g. S7 76)'

pool of %? port numbers local +> \& registered +> \& local %? port W mapping assigned %? port W

%?....%,>9?<>

#32
;ig. 45 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-

')%D>)%
'etwork )ddress %ranslation D >ort )ddress %ransation

#33
;ig. 3 ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 0-

'ew addressing concepts


>roblems with +>v#
Shortage o I+v: addresses Allocation o the last I+v: addresses is orecasted or the year 2008 Address classes were re"laced %y $sage o CID!, %$t this is not s$ icient

Short term solution


NA)> Network Address )ranslator

.ong term solution


I+v8 L I+ng BI+ ne-t generationC +rovides an e-tended address range ##5
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

')%: 'etwork )ddress %ranslator


')%
)ranslates %etween local addresses and "$%lic ones .any "rivate hosts share ew glo%al addresses

>rivate 'etwork
?ses "rivate address range Blocal addressesC /ocal addresses may not %e $sed e-ternally

>ublic 'etwork
?ses "$%lic addresses +$%lic addresses are glo%ally $ni@$e ##4
;ig. # ow does ')% workJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-

private addresses
translate reserve pool map

public addresses

%o be translated ')%

e8clude

e8clude

')% 1outer

##2
;ig. ( %ranslation mechanism *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-

free ')% >ool

) timeout value *default 4( min- instructs ')% how long to keep an association in an idle state before returning the e8ternal +> address to the free ')% pool.
##3
;ig. 2 ow does ')% know when to return the public +> address to the poolJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 4(-

')% )ddressing %erms


+nside .ocal A>rivate addressB
O %he term AinsideB refers to an address used for a host inside an enterprise. +t is the actual +> address assigned to a host in the private enterprise network.

+nside Mlobal A>ublic addressB


O ')% uses an inside global address to represent the inside host as the packet is sent through the outside network& typically the 6)'. O ) ')% router changes the source +> address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.
###
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

'AN !o$ter

!o$ter A with NA) !o$ter


S) F 433.(5.35.# <) F 432.(5.25.( S) F 45.#0.45.45 <) F 432.(5.25.(

!o$ter

!o$ter &

!o$ter

!o$ter .)'

Net & ;M2.90.20.0

.)' Net A ;0.0.0.0 ;0.:7.;0.;0

;M2.90.20.9

##(
;ig. 0 )n e8ample for ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-

6)'
')% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.# <) F432.0/.23.0 !o$ter S) F 45.5.5.45 <) F 432.0/.23.0 S) F 432.0/.23.0 <) F 45.5.5.45 S) F 432.0/.23.0 <) F 432.0/.22.# !o$ter

;3K.78.2M.7

'et ) 45.5.5.592
;0.0.0.;0

##/
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-

%ypes 7f ')%
%here are different types of ')% that can be used& which are
O Static ')% O <ynamic ')% O 7verloading ')% with >)% *')% 7ver >)%-

##0
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

Static ')%
6ith static ')%& the ')% router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf.

##2
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

Static ')%

##3
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

Static NA) Con ig$ration


)o orm NA) ta%le
%outer&config'(24 >at inside source static )inside local source 24 address+ )inside glo,al source 24 address+

Assign NA) to an Inter ace


%outer&config'(2nterface )1erial x/y+ %outer&config*if'(24 >-T )2nside+

See ,-am"le
#(5
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

<ynamic ')%
.ike static ')%& the ')% router creates a oneto-one mapping between an inside local and inside global address and changes the +> addresses in packets as they e8it and enter the inside network. owever& the mapping of an inside local address to an inside global address happens dynamically.
#(4
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

<ynamic ')%
<ynamic ')% sets up a pool of possible inside global addresses and defines criteria for the set of inside local +> addresses whose traffic should be translated with ')%. %he dynamic entry in the ')% table stays in there as long as traffic flows occasionally. +f a new packet arrives& and it needs a ')% entry& but all the pooled +> addresses are in use& the router simply discards the packet.

#(2

;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

Dynamic NA) Con ig$ration


S"eci y inside addresses to %e translated
%outer&config'(24 >at inside source list )standard -ccess <ist num,er+ pool )>-T 4ool >ame+

S"eci y NA) "ool


%outer&config'(24 >at pool )>-T 4ool >ame+ );irst inside glo,al address+ )<ast inside glo,al address+ netmask )su,net mask+

Assign NA) to an Inter ace


%outer&config'(2nterface )1erial x/y+ %outer&config*if'(24 >-T )2nside+

See ,-am"le
#(3
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

>)%
>ort )ddress %ranslator

#(#
;ig. 3 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 40-

6)'
')>% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.#& sport F 452# <) F432.0/.23.0& dpor tF 23 !o$ter S) F 45.5.5.45& sport F 3540 <) F 432.0/.23.0& dpor tF 23 S) F 432.0/.23.0& spor tF 23 <) F 45.5.5.45& dport F 3540 S) F 432.0/.23.0& spor tF 23 <) F 432.0/.22.#& dport F 452# !o$ter

;3K.78.2M.7

'et ) 45.5.5.592
;0.0.0.;0

#((
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

+A)with withe.g. e.g.a asingle singlepublic public+> +>address address +A)

single public +> address private +> network *e.g. S7 76)'

pool of %? port numbers local +> \& registered +> \& local %? port W mapping assigned %? port W

%?....%,>9?<>

#(/
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

+A) Con ig$ration


S"eci y inside addresses to %e translated
%outer&config'(24 >at inside source list )standard -ccess <ist num,er+ pool )>-T 4ool >ame+ o#erload

S"eci y +A) "ool


%outer&config'(24 >at pool )>-T 4ool >ame+ );irst inside glo,al address+ )<ast inside glo,al address+ netmask )su,net mask+

Assign +A) to an Inter ace


%outer&config'(2nterface )1erial x/y+ %outer&config*if'(24 >-T )2nside+

See ,-am"le
#(0
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-

#(2

,thernet Access with #$%s

#(3

,thernet Access with &ridges

#/5

,thernet Access with Switches

#/4

)odayEs /AN

#/2

A$ll D$"le- )ransmitting


;ull-duple8 $thernet allows the transmission of a packet and the reception of a different packet at the same time. %his simultaneous transmission and reception re!uires the use of two pairs of wires in the cable and a switched connection between each node. %his connection is considered point-to-point and is collision free. %he full-duple8 $thernet switch takes advantage of the two pairs of wires in the cable by creating a direct connection between the transmit *%I- at one end of the circuit and the receive *1I- at the other end. $thernet usually can only use (5]-/5] of the available 45 :bps of bandwidth because of collisions and latency. ;ull-duple8 $thernet offers 455] of the bandwidth in both directions. %his produces a potential 25 :bps throughput.

#/3

'hy Segment /ANs4

#/#

Collision Domains

#/(

Segmentation with &ridges

#//

Segmentation with !o$ters

#/0

Segmentation with Switches

#/2

&asic 1"erations o a Switch


Switching is a technology that decreases congestion in $thernet& %oken 1ing& and ;<<+ .)'s. Switching accomplishes this by reducing traffic and increasing bandwidth. .)' switches are often used to replace shared hubs and are designed to work with e8isting cable infrastructures. Switching e!uipment performs the following two basic operations: Switching data frames :aintaining switching operations

#/3

Switching .ethods
1! "#$re-and-%$r&ard %he entire frame is received before any forwarding takes place. ;ilters are applied before the frame is forwarded. :ost reliable and also most latency especially when frames are large. 2! C'#-()r$'*) %he frame is forwarded through the switch before the entire frame is received. )t a minimum the frame destination address must be read before the frame can be forwarded. %his mode decreases the latency of the transmission& but also reduces error detection. 3! %ra*men#-%ree ;ragment-free switching filters out collision fragments before forwarding begins. ,ollision fragments are the maEority of packet errors. +n a properly functioning network& collision fragments must be smaller than /# bytes. )nything U /# bytes is a valid packet and is usually received without error.
#05

Arame )ransmission .odes

#04

&ene its o Switching

#02

#ow Switches and &ridges /earn Addresses


Bridges and switches learn in the following ways: 1eading the source :), address of each received frame or datagram 1ecording the port on which the :), address was received. +n this way& the bridge or switch learns which addresses belong to the devices connected to each port.
#03

CA. Content Addressa%le .emory


,): is used in switch applications: %o take out and process the address information from incoming data packets

%o compare the destination address with a table of addresses stored within it %he ,): stores host :), addresses and associated port numbers. %he ,): compares the received destination :), address against the ,): table contents. +f the comparison yields a match& the port is provided& and switching control #0# forwards the packet to the correct port and address.

Shared vs. Dedicates &andwidth


+f a hub is used& bandwidth is shared. +f a switch is used& then bandwidth is dedicated. +f a workstation or server is directly connected to a switch port& then the full bandwidth of the connection to the switch is available to the connected computer. +f a hub is connected to a switch port& bandwidth is shared between all devices connected to the hub.

#0(

.icrosegmentation o a Network

#0/

.icrosegmentation

#00

3 .ethods o Comm$nication

#02

Switches 0 &roadcast Domains


6hen two switches are connected& the broadcast domain is increased. %he overall result is a reduction in available bandwidth. %his happens because all devices in the broadcast domain must receive and process the broadcast frame. 1outers are .ayer 3 devices. 1outers do not propagate broadcasts. 1outers are used to segment both collision and broadcast domains.

#03

&roadcast Domain

#25

#24

1verview
%o design reliable& manageable& and scalable networks& a network designer must reali"e that each of the maEor components of a network has distinct design re!uirements. Mood network design will improve performance and also reduce the difficulties associated with network growth and evolution. %he design of larger .)'s includes identifying the following: )n access layer that connects end users into the .)' ) distribution layer that provides policy-based connectivity between end-user .)'s ) core layer that provides the fastest connection between the distribution points $ach of these .)' design layers re!uires switches that are best #22 suited for specific tasks.

)he Access /ayer


%he access layer is the entry point for user workstations and servers to the network. +n a campus .)' the device used at the access layer can be a switch or a hub. )ccess layer functions also include :), layer filtering and microsegmentation. .ayer 2 switches are used in the access layer.

#23

Access /ayer Switches


)ccess layer switches operate at .ayer 2 of the 7S+ model %he main purpose of an access layer switch is to allow end users into the network. )n access layer switch should provide this functionality with low cost and high port density. %he following ,isco switches are commonly used at the access layer: ,atalyst 4355 series ,atalyst 2225 series ,atalyst 23(5 series ,atalyst #555 series ,atalyst (555 series

#2#

)he Distri%$tion /ayer


%he distribution layer of the network is between the access and core layers. 'etworks are segmented into broadcast domains by this layer. >olicies can be applied and access control lists can filter packets. %he distribution layer isolates network problems to the workgroups in which they occur. %he distribution layer also prevents these problems from affecting the core layer. Switches in this layer operate at .ayer 2 and .ayer 3.

#2(

Distri%$tion /ayer Switches


%he distribution layer switch must have high performance. %he distribution layer switch is a point at which a broadcast domain is delineated. +t combines =.)' traffic and is a focal point for policy decisions about traffic flow. ;or these reasons distribution layer switches operate at both .ayer 2 and .ayer 3 of the 7S+ model. Switches in this layer are referred to as multilayer switches. %hese multilayer switches combine the functions of a router and a switch in one device. %he following ,isco switches are suitable for the distribution layer: ,atalyst 232/M ,atalyst (555 family ,atalyst /555 family

#2/

)he Core /ayer


%he core layer is a high-speed switching backbone. %his layer of the network design should not perform any packet manipulation. >acket manipulation& such as access list filtering& would slow down the process. >roviding a core infrastructure with redundant alternate paths gives stability to the network in the event of a single device failure. %he core can be designed to use .ayer 2 or .ayer 3 switching. )synchronous %ransfer :ode *)%:- or $thernet switches can be used.

#20

Core /ayer Switches


%he switches in this layer can make use of a number of .ayer 2 technologies. >rovided that the distance between the core layer switches is not too great& the switches can use $thernet technology. +n a network design& the core layer can be a routed& or .ayer 3& core. ,ore layer switches are designed to provide efficient .ayer 3 functionality when needed. ;actors such as need& cost& and performance should be considered before a choice is made. %he following ,isco switches are suitable for the core layer: ,atalyst /(55 series ,atalyst 2(55 series +MI 2#55 series .ightstream 4545

#22

#23

>hysical Startup of the ,atalyst Switch


Switches are dedicated& speciali"ed computers& which contain a ,>?& 1):& and an operating system. Switches usually have several ports for the purpose of connecting hosts& as well as speciali"ed ports for the purpose of management. ) switch can be managed by connecting to the console port to view and make changes to the configuration. Switches typically have no power switch to turn them on and off. %hey simply connect or disconnect from a power source. Several switches from the ,isco ,atalyst 23(5 series are shown in graphic to the right.
#35

Switch /,D Indicators


%he front panel of a switch has several lights to help monitor system activity and performance. %hese lights are called light-emitting diodes *.$<s-. %he switch has the following .$<s: System .$< 1emote >ower Supply *1>S- .$< >ort :ode .$< >ort Status .$<s

%he System .$< shows whether the system is receiving power and functioning correctly. %he 1>S .$< indicates whether or not the remote power supply is in use. %he :ode .$<s indicate the current state of the :ode button. %he >ort Status .$<s have different meanings& depending on the current #34 value of the :ode .$<.

3eri ying +ort /,Ds D$ring Switch +1S)


7nce the power cable is connected& the switch initiates a series of tests called the power-on self test *>7S%-. >7S% runs automatically to verify that the switch functions correctly. %he System .$< indicates the success or failure of >7S%.

#32

Connecting a Switch to a Com"$ter

#33

,-amining #el" in the Switch C/I


%he command-line interface *,.+- for ,isco switches is very similar to the ,.+ for ,isco routers. %he hel" command is issued by entering a !uestion mark *4-. 6hen this command is entered at the system prompt& a list of commands available for the current command mode is displayed. %he hel" command is very fle8ible and essentially functions the same way it does in a router ,.+. %his form of help is called command synta8 help& because it provides applicable keywords or arguments based on a partial #3# command.

Switch Command .odes


Switches have several command modes. %he default mode is ?ser $I$, mode& which ends in a greater-than character *U-. %he commands available in ?ser $I$, mode are limited to those that change terminal settings& perform basic tests& and display system information. %he ena%le command is used to change from ?ser $I$, mode to >rivileged $I$, mode& which ends in a pound-sign character *R-. %he con ig$re command allows other command modes to be #3( accessed.

Show Commands in ?ser=,-ec .ode

#3/

Setting Switch #ostname Setting +asswords on /ines

#30

#32

1verview
1edundancy in a network is e8tremely important because redundancy allows networks to be fault tolerant. 1edundant topologies based on switches and bridges are susceptible to broadcast storms& multiple frame transmissions& and :), address database instability. %herefore network redundancy re!uires careful planning and monitoring to function properly. %he Spanning-%ree >rotocol is used in switched networks to create a loop free logical topology from a physical topology that has loops.
#33

!ed$ndant Switched )o"ologies


Networks with red$ndant "aths and devices allow or more network $"time. In the gra"hic, i Switch A ails, tra ic can still low rom Segment 2 to Segment ; and to the ro$ter thro$gh Switch &. I "ort ; ails on Switch A then tra ic can still low thro$gh "ort ; on Switch &. Switches learn the .AC addresses o devices on their "orts so that data can %e "ro"erly orwarded to the destination. Switches will lood rames or $nknown destinations $ntil they learn the .AC addresses o the devices. A red$ndant switched to"ology may ca$se %roadcast storms, m$lti"le rame co"ies, and .AC address ta%le insta%ility "ro%lems.

(55

&roadcast Storms
&roadcasts and m$lticasts can ca$se "ro%lems in a switched network. .$lticasts are treated as %roadcasts %y the switches. &roadcasts and m$lticasts rames are looded o$t all "orts, e-ce"t the one on which the rame was received. )he switches contin$e to "ro"agate %roadcast tra ic over and over. )his is called a %roadcast storm. )his will contin$e $ntil one o the switches is disconnected. )he network will a""ear to %e down or e-tremely slow.

(54

.$lti"le Arame )ransmissions


In a red$ndant switched network it is "ossi%le or an end device to receive m$lti"le rames. Ass$me that the .AC address o !o$ter D has %een timed o$t %y %oth switches. Also ass$me that #ost V still has the .AC address o !o$ter D in its A!+ cache and sends a $nicast rame to !o$ter D. )he ro$ter receives the rame %eca$se it is on the same segment as #ost V. Switch A does not have the .AC address o the !o$ter D and will there ore lood the rame o$t its "orts. Switch & also does not know which "ort !o$ter D is on. Switch & then loods the rame it received ca$sing !o$ter D to receive m$lti"le co"ies o the same rame. )his is a ca$se o $nnecessary "rocessing in all devices.

(52

.AC Data%ase Insta%ility


A switch can incorrectly learn that a .AC address is on one "ort, when it is act$ally on a di erent "ort. In this e-am"le the .AC address o !o$ter D is not in the .AC address ta%le o either switch. #ost V sends a rame directed to !o$ter D. Switches A 0 & learn the .AC address o #ost V on "ort 0. )he rame to !o$ter D is looded on "ort ; o %oth switches. Switches A and & see this in ormation on "ort ; and incorrectly learn the .AC address o #ost V on "ort ;. 'hen !o$ter D sends a rame to #ost V, Switch A and Switch & will also receive the rame and will send it o$t "ort ;. )his is $nnecessary, %$t the switches have incorrectly learned that #ost V is on "ort ;.

(53

?sing &ridging /oo"s or !ed$ndancy

(5#

/ogical /oo" Aree )o"ology Created with S)+

(5(

N1),>
Don5t con $se S"anning )ree +rotocol BS)+C with Shielded )wisted +air BS)+C.

(5/

S"anning )ree +rotocol = ;


,thernet %ridges and switches can im"lement the I,,, K02.;D S"anning=)ree +rotocol and $se the s"anning=tree algorithm to constr$ct a loo" ree shortest "ath network. Shortest "ath is %ased on c$m$lative link costs. /ink costs are %ased on the s"eed o the link.

(50

S"anning )ree +rotocol = 2


)he S"anning=)ree +rotocol esta%lishes a root node, called the root %ridgeIswitch. )he S"anning=)ree +rotocol constr$cts a to"ology that has one "ath or reaching every network node. )he res$lting tree originates rom the root %ridgeIswitch. )he S"anning=)ree +rotocol re@$ires network devices to e-change messages to detect %ridging loo"s. /inks that will ca$se a loo" are "$t into a %locking state. )he message that a switch sends, allowing the ormation o a loo" ree logical to"ology, is called a &ridge +rotocol Data ?nit B&+D?C.

(52

Selecting the !oot &ridge


)he irst decision that all switches in the network make, is to identi y the root %ridge. )he "osition o the root %ridge in a network will a ect the tra ic low. 'hen a switch is t$rned on, the s"anning=tree algorithm is $sed to identi y the root %ridge. &+D?s are sent o$t with the &ridge ID B&IDC. )he &ID consists o a %ridge "riority that de a$lts to 3278K and the switch %ase .AC address. 'hen a switch irst starts $", it ass$mes it is the root switch and sends &+D?s. )hese &+D?s contain the switch .AC address in %oth the root and sender &ID. As a switch receives a &+D? with a lower root &ID it re"laces that in the &+D?s that are sent o$t. All %ridges see these and decide that the %ridge with the smallest &ID val$e will %e the root %ridge. A network administrator may want to in l$ence the decision %y setting (53 the switch "riority to a smaller val$e than the de a$lt.

&D+?s
&+D?s contain eno$gh in ormation so that all switches can do the ollowing> Select a single switch that will act as the root o the s"anning tree Calc$late the shortest "ath rom itsel to the root switch Designate one o the switches as the closest one to the root, or each /AN segment. )his %ridge is called the (designated switch*. )he designated switch handles all comm$nication rom that /AN towards the root %ridge. ,ach non=root switch choose one o its "orts as its root "ort, this is the inter ace that gives the %est "ath to the root switch. Select "orts that are "art o the s"anning tree, the designated "orts. Non=designated "orts are %locked.
(45

S"anning )ree 1"eration


'hen the network has sta%ili2ed, it has converged and there is one s"anning tree "er network. As a res$lt, or every switched network the ollowing elements e-ist> 1ne root %ridge "er network 1ne root "ort "er non root %ridge 1ne designated "ort "er segment ?n$sed, non=designated "orts !oot "orts and designated "orts are $sed or orwarding BAC data tra ic. Non=designated "orts discard data tra ic. Non=designated "orts are called %locking B&C or discarding "orts.

(44

S"anning )ree +ort States

(42

S"anning )ree !ecalc$lation


A switched internetwork has converged when all the switch and %ridge "orts are in either the orwarding or %locked state. Aorwarding "orts send and receive data tra ic and &+D?s. &locked "orts will only receive &+D?s. 'hen the network to"ology changes, switches and %ridges recom"$te the S"anning )ree and ca$se a disr$"tion o $ser tra ic. Convergence on a new s"anning=tree to"ology $sing the I,,, K02.;D standard can take $" to 90 seconds. )his convergence is made $" o the ma-=age o 20 seconds, "l$s the listening orward delay o ;9 seconds, and the learning orward (43 delay o ;9 seconds.

!a"id S)+ Designations

(4#

(4(

3/ANs
=.)' implementation combines .ayer 2 switching and .ayer 3 routing technologies to limit both collision domains and broadcast domains. =.)'s can also be used to provide security by creating the =.)' groups according to function and by using routers to communicate between =.)'s. ) physical port association is used to implement =.)' assignment. ,ommunication between =.)'s can occur only through the router. %his limits the si"e of the broadcast domains and uses the router to determine whether one =.)' can talk to another =.)'. NOTE: This is the onl# !a# a s!itch can break up a broadcast domain2
(4/

Setting $" 3/AN Im"lementation

(40

3/AN Comm$nication

(42

=.)' :embership :odes

3/AN mem%ershi" can either %e static or dynamic.


(43

Static =.)'s

All $sers attached to same switch "ort m$st %e in the same 3/AN.
(25

,onfiguring =.)'s in Mlobal :ode


1witch(configure terminal 1witch&config'(#lan $ 1witch&config*#lan'(name Ilan$ 1witch&config*#lan'(exit 1witch&config'(end

(24

,onfiguring =.)'s in =.)' <atabase :ode


1witch(#lan data,ase 1witch&#lan'(#lan $ I<-> $ added/ >ame/ I<->000$ 1witch&#lan'(exit -44<H completed. 8xiting....

(22

<eleting =.)'s in Mlobal :ode


1witch(configure terminal 1witch&config'(no #lan $ 1witch&config'(end

(23

<eleting =.)'s in =.)' <atabase :ode


1witch(#lan data,ase 1witch&#lan'(no #lan $ I<-> $ deleted/ >ame/ I<->000$ 1witch&#lan'(exit -44<H completed. 8xiting....

(2#

)ssigning )ccess >orts to a =.)'


1witch&config'(interface giga,itethernet 1/1

,nters inter ace con ig$ration mode

1witch&config*if'(switchport mode access

Con ig$res the inter ace as an access "ort

1witch&config*if'(switchport access #lan $

Assigns the access "ort to a 3/AN


(2(

=erifying the =.)' ,onfiguration


1witch(show #lan )id K name+ [vlan_num K vlan_name]
I<-> >ame 1tatus 4orts **** ******************************** ********* ******************************* 1 default acti#e ;a0/10 ;a0/20 ;a0/50 ;a0/ ;a0/C0 ;a0/F0 ;a0/110 ;a0/12 3i0/10 3i0/2 2 I<->0002 acti#e 51 I<->0051 acti#e 52 I<->0052 acti#e J I<-> **** 1 2 51 52 J Type ***** enet enet enet enet 1-27 ********** 100001 100002 100051 100052 5TB ***** 1500 1500 1500 1500 4arent ****** * * * * %ing>o ****** * * * * 6ridge>o ******** * * * * 1tp **** * * * * 6rdg5ode ******** * * * * Trans1 ****** 1002 0 0 0 Trans2 ****** 100$ 0 0 0

%emote 14-> I<->s ****************************************************************************** (2/ 4rimary 1econdary Type 4orts ******* ********* ***************** ******************************************

=erifying the =.)' >ort ,onfiguration


1witch(show running*config interface Lfastethernet K giga,itethernetM slot/port

Dis"lays the r$nning con ig$ration o the inter ace


1witch(show interfaces )Lfastethernet K giga,itethernetM slot/port+ switchport

Dis"lays the switch "ort con ig$ration o the inter ace


1witch(show mac*address*ta,le interface interface-id )#lan vlan-id+ ) K L,egin K exclude K includeM expression+

Dis"lays the .AC address ta%le in ormation or the s"eci ied inter ace in the s"eci ied 3/AN
(20

+mplementing =.)' %runks

(22
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=92K

=.)' %runking

(23

+mportance of 'ative =.)'s

(35

+S. $ncapsulation
O >erformed with )S+, O 'ot intrusive to client stations^ client does not see the header O $ffective between switches& and between routers and switches

(34

+S. and .ayer 2 $ncapsulation

(32

,onfiguring +S. %runking


1witch&config'(interface fastethernet 2/1

,nters inter ace con ig$ration mode


1witch&config*if'(switchport mode trunk Con

ig$res the inter ace as a /ayer 2 tr$nk

1witch&config*if'(switchport trunk encapsulation )islKdot1G+

Selects the enca"s$lation


(33

=erifying +S. %runking


1witch(show running*config interface Lfastethernet K giga,itethernetM slot/port 1witch(show interfaces )fastethernet K giga,itethernet+ slot/port ) switchport K trunk +
1witch(show interfaces fastethernet 2/1 trunk 4ort ;a2/1 4ort ;a2/1 4ort ;a2/1 4ort ;a2/1 5ode desira,le 8ncapsulation isl 1tatus trunking >ati#e I<-> 1

I<->s allowed on trunk 1*1005 I<->s allowed and acti#e in management domain 1*201002*1005 I<->s in spanning tree forwarding state and not pruned 1*201002*1005

(3#

252.4S %runking

(3(

,onfiguring 252.4S %runking

1witch&config'(interface fastethernet 5/C 1witch&config*if'(shutdown 1witch&config*if'(switchport trunk encapsulation dot1G 1witch&config*if'(switchport trunk allowed #lan 101501101002*1005 1witch&config*if'(switchport mode trunk 1witch&config*if'(switchport nonegotiate 1witch&config*if'(no shutdown

(3/

=erifying 252.4S %runking


1witch(show running*config interface Lfastethernet K giga,itethernetM slot/port 1witch(show interfaces )fastethernet K giga,itethernet+ slot/port ) switchport K trunk +
1witch(show interfaces giga,it8thernet 0/1 switchport >ame/ 3i0/1 1witchport/ 8na,led -dministrati#e 5ode/ trunk :perational 5ode/ trunk -dministrati#e Trunking 8ncapsulation/ dot1G :perational Trunking 8ncapsulation/ dot1G >egotiation of Trunking/ :n -ccess 5ode I<->/ 1 &default' Trunking >ati#e 5ode I<->/ 1 &default' Trunking I<->s 8na,led/ -<< 4runing I<->s 8na,led/ 2*1001 . . .

(30

+mplementing =.)' %runk >rotocol

(32
2003, Cisco Systems, Inc. All rights reserved. &C.SN 2.0W2=93K

=%> >rotocol ;eatures


O )dvertises =.)' configuration information O :aintains =.)' configuration consistency throughout a common administrative domain O Sends advertisements on trunk ports only

(33

=%> :odes
Creates, modi ies, and deletes 3/ANs Sends and orwards advertisements Synchroni2es 3/AN con ig$rations Saves con ig$ration in N3!A. Cannot create, change, or delete 3/ANs Aorwards advertisements Synchroni2es 3/AN con ig$rations Does not save in N3!A.

Creates, modi ies, and deletes 3/ANs locally only Aorwards advertisements Does not synchroni2e 3/AN con ig$rations Saves con ig$ration in N3!A. (#5

3)+ 1"eration
3)+ advertisements are sent as m$lticast rames. 3)+ servers and clients are synchroni2ed to the latest $"date identi ied revision n$m%er. 3)+ advertisements are sent every 9 min$tes or when there is a change.

(#4

3)+ +r$ning
Increases availa%le %andwidth %y red$cing $nnecessary looded tra ic ,-am"le> Station A sends %roadcast, and %roadcast is looded only toward any switch with "orts assigned to the red 3/AN.

(#2

=%> ,onfiguration Muidelines


O ,onfigure the following:
=%> domain name =%> mode *server mode is the default=%> pruning =%> password

O Be cautious when adding a new switch into an e8isting domain. O )dd a new switch in a ,lient mode to get the last up-to-date information from the network then convert it to Server mode. O )dd all new configurations to switch in transparent mode and check your configuration well then convert it to Server mode to prevent the switch from propagating incorrect =.)' information.

(#3

Con ig$ring a 3)+ Server


1witch&config'(#tp ser#er

Con ig$res 3)+ server mode


1witch&config'(#tp domain domain-name

S"eci ies a domain name


1witch&config'(#tp password password

Sets a 3)+ "assword


1witch&config'(#tp pruning

,na%les 3)+ "r$ning in the domain


(##

,onfiguring a =%> Server *,ont.1witch(configure terminal 1witch&config'(#tp ser#er 1etting de#ice to IT4 18%I8% mode. 1witch&config'(#tp domain <a,N>etwork 1etting IT4 domain name to <a,N>etwork 1witch&config'(end

(#(

=erifying the =%> ,onfiguration


1witch(show #tp status

1witch(show #tp status IT4 Iersion / 2 .onfiguration %e#ision / 2! 5aximum I<->s supported locally / 1005 >um,er of existing I<->s / $$ IT4 :perating 5ode / .lient IT4 7omain >ame / <a,N>etwork IT4 4runing 5ode / 8na,led IT4 I2 5ode / 7isa,led IT4 Traps 3eneration / 7isa,led 575 digest / 0x!5 0x52 0x6" 0x;7 0x"$ 0x.C 0x!F 0xC0 .onfiguration last modified ,y 0.0.0.0 at C*12*FF 15/0!/!F 1witch(
(#/

=erifying the =%> ,onfiguration *,ont.1witch(show #tp counters


1witch(show #tp counters IT4 statistics/ 1ummary ad#ertisements recei#ed 1u,set ad#ertisements recei#ed %eGuest ad#ertisements recei#ed 1ummary ad#ertisements transmitted 1u,set ad#ertisements transmitted %eGuest ad#ertisements transmitted >um,er of config re#ision errors >um,er of config digest errors >um,er of I1 summary errors / / / / / / / / /

5 0 FF 1$ $ 0 0 0

IT4 pruning statistics/ Trunk Ooin Transmitted Ooin %ecei#ed

1ummary ad#ts recei#ed from non*pruning*capa,le de#ice **************** **************** **************** *************************** ;a5/C !$0 1 !2 "" 5 (#0

(#2

,ontents
1emote access overview 6)' ,onnection %ypes <efining 6)' $ncapsulation >rotocols <etermining the 6)' %ype to ?se 7S+ .ayer-2 >oint-to->oint 6)'s
O >>> O <., O ;rame 1elay
(#3

1emote )ccess 7verview


) 6)' is a data communications network covering a relatively broad geographical area. ) network administrator designing a remote network must weight issues concerning users needs such as bandwidth and cost of the variable available technologies.
((5

6)' ,onnection %ypes

((4

6)' ,onnection %ypes


.eased lines
O +t is a pre-established 6)' communications path from the ,>$& through the <,$ switch& to the ,>$ of the remote site& allowing <%$ networks to communicate at any time with no setup procedures before transmitting data.

,ircuit switching
O Sets up line like a phone call. 'o data can transfer before the end-to-end connection is established.
((2

6)' ,onnection %ypes


>acket switching
O 6)' switching method that allows you to share bandwidth with other companies to save money. )s long as you are not constantly transmitting data and are instead using bursty data transfers& packet switching can save you a lot of money. O owever& if you have constant data transfers& then you will need to get a leased line. O ;rame 1elay and I.2( are packet switching technologies.
((3

<efining 6)' $ncapsulation >rotocols


$ach 6)' connection uses an encapsulation protocol to encapsulate traffic while it crossing the 6)' link. %he choice of the encapsulation protocol depends on the underlying 6)' technology and the communicating e!uipment.
((#

<efining 6)' $ncapsulation >rotocols


%ypical 6)' encapsulation types include the following:
O O O O O O >oint-to->oint >rotocol *>>>Serial .ine +nternet >rotocol *S.+>igh-.evel <ata .ink ,ontrol >rotocol * <.,I.2( 9 .ink )ccess >rocedure Balanced *.)>B;rame 1elay )synchronous %ransfer :ode *)%:(((

<etermining the 6)' %ype to ?se


)vailability
O $ach type of service may be available in certain geographical areas.

Bandwidth
O <etermining usage over the 6)' is important to evaluate the most cost-effective 6)' service.

,ost
O :aking a compromise between the traffic you need to transfer and the type of service with the available cost that will suit you.
((/

<etermining the 6)' %ype to ?se


$ase of :anagement
O ,onnection management includes both the initial start-up configuration and the outgoing configuration of the normal operation.

)pplication %raffic
O %raffic may be as small as during a terminal session & or very large packets as during file transfer.

((0

:a8. 6)' Speeds for 6)' ,onnections


'AN )y"e )synchronous <ial-?p I.2(& +S<' O B1+ +S<' O >1+ .eased .ine 9 ;rame 1elay .a-im$m S"eed (/-/# Lbps 422 Lbps $4 9 %4 $3 9 %3
((2

7S+ .ayer-2 >oint-to->oint 6)'s


6)' protocols used on >oint-to->oint serial links provide the basic function of data delivery across that one link. %he two most popular data link protocols used today are >oint-to->oint >rotocol *>>>- and igh-.evel <ata .ink ,ontrol * <.,-.
((3

<.,
<., performs 7S+ .ayer-2 functions. +t determines when it is appropriate to use the physical medium. $nsures that the correct recipient receives and processes the data that is sent. <etermines whether the sent data was received correctly or not *error detection-.
(/5

<.,
<., ;rame ;ormat

%he original <., didn@t include any >rotocol %ype field& every company *including ,isco- added its own field& so it became a proprietary protocol that can be used between only ,isco routers.
(/4

>oint-to->oint >rotocol *>>> >>> is a standard encapsulation protocol for the transport of different 'etwork .ayer protocols *including& but not limited to& +>-. +t has the following main functional components
O .ink ,ontrol >rotocol *.,>- that establishes& authenticates& and tests the data link connection. O 'etwork ,ontrol >rotocols *',>s- that establishes and configure different network layer protocols.
(/2

>oint-to->oint >rotocol *>>> >>> discards frames that do not pass the error check. >>> is a standard protocol& and so it can be used with all types of routers *not ,isco >roprietary-.

(/3

>>> .,> ;eatures


)uthentication ,ompression :ultilink >>> $rror <etection .ooped .ink <etection

(/#

>)> )uthentication

(/(

, )> )uthentication

(//

,ompression
,ompression enables higher data throughput across the link. <ifferent compression schemes are available:
O >redictor : checks if the data was already compressed. O Stacker : it looks at the data stream and only sends each type of data once with information about where the type occurs and then the receiving side uses this information to reassemble the data stream. O :>>, *:icrosoft >oint-to->oint ,ompression- : allows ,isco routers to compress data with :icrosoft clients.
(/0

>>> :ultilink
>>> :ultilink provides load balancing over dialer interfaces-including +S<'& synchronous& and asynchronous interfaces. %his can improve throughput and reduce latency between systems by splitting packets and sending fragments over parallel circuits.
(/2

$rror <etection
>>> can take down a link based on the value of what is called .S: *.ink Suality :onitor- as it gets the ratio of corrupted packets to the total number of sent packets& and according to a predetermined value& the link can be brought down if it is thought that its performance is beyond limits accepted.
(/3

.ooped .ink <etection


>>> can detect looped links *that are sometimes done by %eleco companiesusing what is called :agic 'umber. $very router will have a magic number& and if packets were received having the same router@s magic number& then the link is looped.
(05

>>> ,onfiguration ,ommands


%o enable >>>
O 1outer*config-if-Wencapsulation ppp

%o configure >)> authentication


O 1outer*,onfig-if-Wppp authentication pap O 1outer*,onfig-if-Wppp pap username .. password ..

%o configure ,ompression
O 1outer*,onfig-if-Wcompress PpredictorQstackQmppcR
(04

;rame 1elay

(02
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=972

;rame 1elay ,omponents

(03

;rame 1elay
%he switch e8amines the frame sent by the router that has a header containing an address called <.,+ *<ata .ink ,ontrol +dentifier- and then switches the frame based on the <.,+ till it reaches the router on the other side of the network.

(0#

;rame 1elay
;rame 1elay networks use permanent virtual circuits *>=,s- or switched virtual circuits *S=,s- but most nowadays ;rame 1elay networks use permanent virtual circuits *>=,s-. %he logical path between each pair of routers is called a =irtual ,ircuit *=,-. =,s share the access link and the frame relay network.

$ach =, is committed to a ,+1 *,ommitted +nformation 1ate- which is a guarantee by the provider that a particular =, gets at least this much of B6.
(0(

>=, >, ,>$ ,ontroller 1outer +S<' dial-up connection or direct connection *=.3(& $4& 1S232Switch >ort ?'+ >=, >=, S=, S=,

>BI

=ideo

<esktop D .)' ;ormats packets in frames

'etwork access

;rame 1elay 'etwork

(0/

.:+ and $ncapsulation %ypes


%he .:+ is a definition of the messages used between the <%$ and the <,$. %he encapsulation defines the headers used by a <%$ to communicate some information to the <%$ on the other end of a =,. %he switch and its connected router care about using the same .:+^ the switch does not care about the encapsulation. %he endpoint routers *<%$s- do care about the encapsulation.
(00

.:+
%he most important .:+ message is the .:+ status in!uiry message. Status messages perform two key functions:
O >erform a keepalive function between the <%$ and <,$. +f the access link has a problem& the absence of keepalive messages implies that the link is down. O Signal whether a >=, is active or inactive. $ven though each >=, is predefined& its status can change.

(02

.:+
%hree .:+ protocol options are available in ,isco +7S software: ,isco& +%?& and )'S+. $ach .:+ option is slightly different and therefore is incompatible with the other two.

(03

.)>;
) ;rame 1elay-connected router encapsulates each .ayer 3 packet inside a ;rame 1elay header and trailer before it is sent out an access link. %he header and trailer are defined by the .ink )ccess >rocedure ;rame Bearer Services *.)>;specification. %he .)>; framing provides error detection with an ;,S in the trailer& as well as the <.,+& <$& ;$,'& and B$,' fields in the header.
(25

.)>;
<%$s use and react to the fields specified by these two types of encapsulation& but ;rame 1elay switches ignore these fields. Because the frames flow from <%$ to <%$& both <%$s must agree to the encapsulation used. owever& each =, can use a different encapsulation. +n the configuration& the encapsulation created by ,isco is called cisco& and the other one is called iet .
(24

<.,+ )ddressing <etails


%he logical path between a pair of <%$s is called a virtual circuit *=,-. %he data-link connection identifier *<.,+- identifies each individual >=,. 6hen multiple =,s use the same access link& the ;rame 1elay switches know how to forward the frames to the correct remote sites.

%he <.,+ is the ;rame 1elay address describing a =irtual ,ircuit


(22

<.,+F32 <.,+F4/ 1 <.,+F40

<.,+F32

<.,+F40

;1-network
<.,+F4/ <.,+F4/ <.,+F24 1

=irtual circuit 1 B 1outer Bridge

;rame 1elay switch (23

<.,+ )ddressing <etails


%he difference between layer-2 addressing and <.,+ addressing is mainly because the fact that the header has a single 3 C4 field$ not both Source and 3estination 3 C4 fields.

(2#

Mlobal <.,+ )ddressing


;rame 1elay <.,+s are locally significant^ this means that the addresses need to be uni!ue only on the local access link. Mlobal addressing is simply a way of choosing <.,+ numbers when planning a ;rame 1elay network so that working with <.,+s is much easier. Because local addressing is a fact& global addressing does not change these rules. Mlobal addressing Eust makes <.,+ assignment more obvious.
(2(

Mlobal <.,+ )ddressing

(2/

Mlobal <.,+ )ddressing


%he final key to global addressing is that the ;rame 1elay switches actually change the <.,+ value before delivering the frame. %he sender treats the <.,+ field as a destination address& using the destination@s global <.,+ in the header. %he receiver thinks of the <.,+ field as the source address& because it contains the global <.,+ of the frame@s sender.
(20

.ayer 3 )ddressing
,isco@s ;rame 1elay implementation defines three different options for assigning subnets and +> addresses on ;rame 1elay interfaces:
O 7ne subnet containing all ;rame 1elay <%$s O 7ne subnet per =, O ) hybrid of the first two options

(22

7ne Subnet ,ontaining )ll ;rame 1elay <%$s


%he single-subnet option is typically used when a full mesh of =,s e8ists. +n a full mesh& each router has a =, to every other router& meaning that each router can send frames directly to every other router

(23

7ne Subnet ,ontaining )ll ;rame 1elay <%$s

(35

7ne Subnet ,ontaining )ll ;rame 1elay <%$s

(34

7ne Subnet >er =,


%he single-subnet-per-=, alternative& works better with a partially meshed ;rame 1elay network.

(32

7ne Subnet >er =,

(33

ybrid %erminology
>oint-to-point subinterfaces are used when a single =, is considered to be all that is in the group_for instance& between 1outers ) and < and between 1outers ) and $. :ultipoint subinterfaces are used when more than two routers are considered to be in the same group_ for instance& with 1outers )& B& and ,.

(3#

ybrid %erminology

(3(

ybrid %erminology

(3/

;rame 1elay )ddress :apping


:apping creates a correlation between a .ayer3 address *+> )ddress- and its corresponding .ayer-2 address *<.,+ in ;rame 1elay-. +t is used so that after the router receives the packet with the intended +> address could be able to handle it to the right ;rame 1elay switch *with the appropriate <.,+-

(30

:apping :ethods
:apping can be done either two ways: <ynamic :apping
O ?sing the +nverse )1> that is enabled by default on ,isco routers.

Static :apping
O ?sing the rame=relay ma" command but you should first disable the inverse arp using the command no rame=relay inverse=ar"
(32

+nverse )1> >rocess

(33

;rame 1elay ,onfiguration

/55

;rame 1elay =erification

/54

+ntegrated Services <igital 'etwork *+S<'-

/52
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=802

+S<' >rotocols

/53

B1+ D >1+ B and < ,hannels

/5#

.)>< D >>> on < and B ,hannels

/5(

.)>< D >>> on < and B ,hannels


.)>< is used as a data-link protocol across an +S<' < channel. $ssentially& a router with an +S<' interface needs to send and receive signaling messages to and from the local +S<' switch to which it is connected. .)>< provides the data-link protocol that allows delivery of messages across that < channel to the local switch.
/5/

.)>< D >>> on < and B ,hannels


%he call setup and teardown messages themselves are defined by the S.334 protocol. So& the local switch can receive a S.334 call setup re!uest from a router over the .)><-controlled < channel& and it should react to that S.334 message by setting up a circuit over the public network.

/50

.)>< D >>> on < and B ,hannels


)n +S<' switch often re!uires some form of authentication with the device connecting to it. Switches use a free-form decimal value& call the service profile identifier *S>+<-& to perform authentication. +n short& before any S.334 call setup messages are accepted& the switch asks for the configured S>+< values. +f the values match what is configured in the switch& call setup flows are accepted.
/52

>1+ $ncoding and ;raming


+S<' >1+ in 'orth )merica is based on a digital %4 circuit. %4 circuits use two different encoding schemes_)lternate :ark +nversion *):+- and Binary 2 with Tero Substitution *B2TS-. %he two options for framing on %4s are to use either $8tended Super ;rame *$S;- or the older option_Super ;rame *S;-. +n most cases today& new %4s use $S;.

/53

<<1 *<ial 7n <emand 1outing Nou can configure <<1 in several ways& including egac# 335 and 335 dialer profiles. %he main difference between the two is that .egacy <<1 associates dial details with a physical interface& whereas <<1 dialer profiles disassociate the dial configuration from a physical interface& allowing a great deal of fle8ibility.
/45

.egacy <<1 7peration


4. 1oute packets out the interface to be dialed. 2. <etermine the subset of the packets that trigger the dialing process. 3. <ial *signal-. #. <etermine when the connection is terminated.

/44

.egacy <<1 7peration

/42

DD! Ste" ;> !o$ting +ackets 1$t the Inter ace to &e Dialed
<<1 does not dial until some traffic is directed *routed- out the dial interface. %he router needs to route packets so that they are !ueued to go out the dial interface. ,isco@s design for <<1 defines that the router receives some user-generated traffic and& through normal routing processes& decides to route the traffic out the interface to be dialed. %he router *San;rancisco- can receive a packet that must be routed out B1+5^ routing the packet out B1+5 triggers the ,isco +7S software& causing the dial to occur.

/43

DD! Ste" 2> Determining the Interesting )ra ic


>ackets that are worthy of causing the device to dial are called interesting packets. %wo different methods can be used to define interesting packets.
O +n the first method& interesting is defined as all packets of one or more .ayer 3 protocols. O %he second method allows you to define packets as interesting if they are permitted by an access list.
/4#

DD! Ste" 3> Dialing BSignalingC


<efining the phone number to be dialed. %he command is dialer string $ where string is the phone number *used when dialing only one site-. %he dialer ma" command maps the different dialer numbers to the e!uivalent +> addresses of the routers to be dialed.
/4(

,onfiguring S>+<s
Nou might need to configure the Service >rofile +dentifier *S>+<- for one or both B channels& depending on the switch@s e8pectations. 6hen the telco switch has configured S>+<s& it might not allow the B1+ line to work unless the router announces the correct S>+< values to the switch. S>+<s& when used& provide a basic authentication feature.
/4/

+S<' >1+ ,onfiguration


4. ,onfigure the type of +S<' switch to which this router is connected. 2. ,onfigure the %4 or $4 encoding and framing options *controller configuration mode-. 3. ,onfigure the %4 or $4 channel range for the <S5 channels used on this >1+ *controller configuration mode-. #. ,onfigure any interface settings *for e8ample& >>> encapsulation and +> address- on the interface representing the < channel.
/40

>1+ ,onfiguration ,ommands

/42

+S<' Switch %ypes

/43

,onfiguring a %4 or $4 ,ontroller
Nour service provider will tell you what encoding and framing to configure on the router. )lso& in almost every case& you will use all 2# <S5 channels in the >1+_23 B channels and the < channel.

/25

<<1 6ith <ialer >rofiles


<ialer profiles pool the physical interfaces so that the router uses any available B channel on any of the B1+s or >1+s in the pool. <ialer profiles configuration moves most of the <<1 interface configuration to a virtual interface called a dialer interface.
/24

<ialer >rofiles ,onfiguration

/22

<ialer >rofiles ,onfiguration

/23

"ith all m best wishes for ou to succeed and distinguish in the ##$% &nternational '(am) *ee+ &n touch

2003, Cisco Systems, Inc. All rights reserved.

82:

You might also like