CCNA Presentation
CCNA Presentation
CCNA Presentation
Data Networks
Sharing data through the use of floppy disks is not an efficient or cost-effective manner in which to operate businesses. Businesses needed a solution that would successfully address the following three problems: ow to avoid duplication of e!uipment and resources ow to communicate efficiently ow to set up and manage a network Businesses reali"ed that networking technology could increase productivity while saving money.
3
Networking Devices
$!uipment that connects directly to a network segment is referred to as a device. %hese devices are broken up into two classifications. end-user devices network devices $nd-user devices include computers& printers& scanners& and other devices that provide services directly to the user. 'etwork devices include all the devices that connect the enduser devices together to allow them to communicate.
#
!e"eater
) repeater is a network device used to regenerate a signal. 1epeaters regenerate analog or digital signals distorted by transmission loss due to attenuation. ) repeater does not perform intelligent routing.
#$%
ubs concentrate connections. +n other words& they take a group of hosts and allow the network to see them as a single unit. %his is done passively& without any other effect on the data transmission. )ctive hubs not only concentrate hosts& but they also regenerate signals.
&ridge
Bridges convert network transmission data formats as well as perform basic data transmission management. Bridges& as the name implies& provide connections between .)'s. 'ot only do bridges connect .)'s& but they also perform a check on the data to determine whether it should cross the bridge or not. %his makes each part of the network more efficient.
'orkgro$" Switch
6orkgroup switches add more intelligence to data transfer management. Switches can determine whether data should remain on a .)' or not& and they can transfer the data to the connection that needs that data.
45
!o$ter
1outers have all capabilities of the previous devices. 1outers can regenerate signals& concentrate multiple connections& convert data transmission formats& and manage data transfers.%hey can also connect to a 6)'& which allows them to connect .)'s that are separated by great distances.
44
()he Clo$d*
%he cloud is used in diagrams to represent where the connection to the internet is. +t also represents all of the devices on the internet.
42
Network )o"ologies
'etwork topology defines the structure of the network. 7ne part of the topology definition is the physical topology& which is the actual layout of the wire or media. %he other part is the logical topology&which defines how the media is accessed by the hosts for sending data.
43
+hysical )o"ologies
4#
&$s )o"ology
) bus topology uses a single backbone cable that is terminated at both ends. )ll the hosts connect directly to this backbone.
4(
!ing )o"ology
) ring topology connects one host to the ne8t and the last host to the first. %his creates a physical ring of cable.
4/
Star )o"ology
) star topology connects all cables to a central point of concentration.
40
42
#ierarchical )o"ology
) hierarchical topology is similar to an e8tended star.
43
.esh )o"ology
) mesh topology is implemented to provide as much protection as possible from interruption of service. $ach host has its own connections to all other hosts. )lthough the +nternet has multiple paths to any one location& it does not adopt the full mesh topology.
25
22
/ANs
23
2#
2(
'ANs
2/
SANs
) S)' is a dedicated& highperformance network used to move data between servers and storage resources. Because it is a separate& dedicated network& it avoids any traffic conflict between clients and servers.
20
22
&andwidth
23
.eas$ring &andwidth
35
34
32
)he 1SI .odel will %e $sed thro$gho$t yo$r entire networking career<
.emori2e it<
)his layer deal with networking a""lications. ,-am"les> ,mail 'e% %rowsers +D? = ?ser Data
)his layer is res"onsi%le or "resenting the data in the re@$ired ormat which may incl$de> ,ncry"tion Com"ression +D? = Aormatted Data
33
#5
A ter riding yo$r new %icycle a ew times in NewDork, yo$ decide that yo$ want to give it to a riend who lives in .$nich,6ermany. #2
.ake s$re yo$ have the "ro"er directions to disassem%le and reassem%le the %icycle.
#3
Call yo$r riend and make s$re yo$ have his correct address.
##
Disassem%le the %icycle and "$t di erent "ieces in di erent %o-es. )he %o-es are la%eled (; o 3*, (2 o 3*, and (3 o 3*. #(
+$t yo$r riendEs com"lete mailing address Band yo$rsC on each %o-.Since the "ackages are too %ig or yo$r mail%o- Band since yo$ don5t have eno$gh stam"sC yo$ determine that yo$ need to #/ go to the "ost o ice.
?"on e-amining the destination address, .$nich "ost o ice determines that yo$r %o-es sho$ld %e delivered to yo$r written home address. (5
Do$r riend calls yo$ and tells yo$ he got all 3 %o-es and he is having another riend named &1& reassem%le the %icycle.
(4
&1& is inished and ("resents* the %icycle to yo$r riend. Another way to say it is that yo$r riend is inally getting him ("resent*.
(3
#ost /ayers
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical
((
)hese layers only e-ist in the so$rce and destination host com"$ters.
.edia /ayers
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )hese layers manage the in ormation o$t in the /AN or 'AN %etween the so$rce and destination hosts.
(/
(0
$ncapsulation >rocess
(2
(3
/5
/4
/2
?)+ Im"lementation
$+)9%+) specifies an 1C-#( connector for ?%> cable. %he 1C-#( transparent end connector shows eight colored wires. ;our of the wires carry the voltage and are considered AtipB *%4 through %#-. %he other four wires are grounded and are called AringB *14 through 1#-. %he wires in the first pair in a cable or a connector are designated as %4 D 14
/3
Connection .edia
%he registered Eack *1C-#(- connector and Eack are the most common. +n some cases the type of connector on a network interface card *'+,- does not match the media that it needs to connect to. %he attachment unit interface *)?+- connector allows different media to connect when used with the appropriate transceiver. ) transceiver is an adapter that converts one type of connection to another.
/#
,thernet Standards
%he $thernet standard specifies that each of the pins on an 1C-#( connector have a particular purpose. ) '+, transmits signals on pins 4 D 2& and it receives signals on pins 3 D /.
/(
!emem%erH
) straight=thr$ ca%le has %(/2B on both ends. ) crossover *or cross=connect- cable has %(/2B on one end and %(/2) on the other. ) console cable had %(/2B on one end and reverse %(/2B on the other& which is why it is also called a rollover cable.
//
Straight=)hr$ or Crossover
?se straight-through cables for the following cabling: Switch to router Switch to >, or server ub to >, or server ?se crossover cables for the following cabling: Switch to switch Switch to hub ub to hub 1outer to router >, to >, 1outer to >, /0
/2
/3
Coa-ial Ca%le
05
04
02
03
0(
0/
00
02
03
25
!e"eater
) repeater is a network device used to regenerate a signal. 1epeaters regenerate analog or digital signals distorted by transmission loss due to attenuation.!e"eater is a +hysical /ayer device
22
)his r$le states that no more than o$r re"eaters can %e $sed %etween hosts on a /AN.
%his rule is used to limit latency added to frame travel by each repeater.
23
#$%
ubs concentrate connections.+n other words& they take a group of hosts and allow the network to see them as a single unit. #$% is a "hysical layer device.
2#
2(
.AC Address
:), address is #2 bits in length and e8pressed as twelve he8adecimal digits.:), addresses are sometimes referred to as burned-in addresses *B+)- because they are burned into read-only memory *17:- and are copied into random-access memory *1):- when the '+, initiali"es.
2/
&ridge
&ridges are Data /ink layer devices.,onnected host addresses are learned and stored on a :), address table.$ach bridge port has a uni!ue :), address
20
&ridges
22
&ridging 6ra"hic
23
Switch
Switches are Data /ink layer devices. $ach Switch port has a uni!ue :), address. ,onnected host :), addresses are learned and stored on a :), address table.
35
Switching .odes
c$t=thro$gh ) switch starts to transfer the frame as soon as the destination :), address is received. 'o error checking is available. :ust use synchronous switching. store=and= orward )t the other e8treme& the switch can receive the entire frame before sending it out the destination port. %his gives the switch software an opportunity to verify the ;rame ,heck Sum *;,S- to ensure that the frame was reliably received before sending it to the destination. :ust be used with asynchronous switching. ragment= ree ) compromise between the cut-through and store-and-forward modes. ;ragment-free reads the first /# bytes& which includes the frame header& and switching begins before the entire data field and checksum are read.
34
A$ll D$"le)nother capability emerges when only two nodes are connected. +n a network that uses twisted-pair cabling& one pair is used to carry the transmitted signal from one node to the other node. ) separate pair is used for the return or received signal. +t is possible for signals to pass through both pairs simultaneously. %he capability of communication in both directions at once is known as full duple8.
32
33
3#
.icrosegmentation
) switch is simply a bridge with many ports. 6hen only one node is connected to a switch port& the collision domain on the shared media contains only two nodes. %he two nodes in this small segment& or collision domain& consist of the switch port and the host connected to it. %hese small physical segments are called micro segments.
3(
+eer=to=+eer Network
+n a peer-to-peer network& networked computers act as e!ual partners& or peers. )s peers& each computer can take on the client function or the server function. )t one time& computer ) may make a re!uest for a file from computer B& which responds by serving the file to computer ). ,omputer ) functions as client& while B functions as the server. )t a later time& computers ) and B can reverse roles. +n a peer-to-peer network& individual users control their own resources. >eer-topeer networks are relatively easy to install and operate. )s networks grow& peer-topeer relationships become increasingly difficult to coordinate.
3/
ClientIServer Network
+n a client9server arrangement& network services are located on a dedicated computer called a server. %he server responds to the re!uests of clients. %he server is a central computer that is continuously available to respond to re!uests from clients for file& print& application& and other services. :ost network operating systems adopt the form of a client9server relationship.
30
32
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )rans"ort Internet Network Access A""lication
455
2 .odels Side=&y=Side
7 A""lication 8 +resentation 9 Session : )rans"ort 3 Network 2 Data /ink ; +hysical )rans"ort Internet Network Access
454
A""lication
452
%he transport layer provides transport services from the source host to the destination host. +t constitutes a logical connection between these endpoints of the network. %ransport protocols segment and reassemble upper-layer applications into the same data stream between endpoints. %he transport layer data stream provides end-to-end 453 transport services.
45#
45(
45/
450
Alow Control
)s the transport layer sends data segments& it tries to ensure that data is not lost. ) receiving host that is unable to process data as !uickly as it arrives could be a cause of data loss. Alow control avoids the problem of a transmitting host overflowing the buffers in the receiving host.
453
3='ay #andshake
%,> re!uires connection establishment before data transfer begins. ;or a connection to be established or initiali"ed& the two hosts must synchroni"e their +nitial Se!uence 'umbers *+S's-.
445
&asic 'indowing
<ata packets must be delivered to the recipient in the same order in which they were transmitted to have a reliable& connection-oriented data transfer. %he protocol fails if any data packets are lost& damaged& duplicated& or received in a different order. )n easy solution is to have a recipient acknowledge the receipt of each packet before the ne8t packet is sent.
444
Sliding 'indow
442
443
44#
)C+
%ransmission ,ontrol >rotocol *%,>- is a connection-oriented .ayer # protocol that provides reliable full-duple8 data transmission. %,> is part of the %,>9+> protocol stack. +n a connection-oriented environment& a connection is established between both ends before the transfer of information can begin. %,> is responsible for breaking messages into segments& reassembling them at the destination station& resending anything that is not received& and reassembling messages from the segments.%,> supplies a virtual circuit between end-user applications. %he protocols that use %,> include: ;%> *;ile %ransfer >rotocol %%> * yperte8t %ransfer >rotocol S:%> *Simple :ail %ransfer >rotocol %elnet
44(
44/
?D+
?ser <atagram >rotocol *?<>- is the connectionless transport protocol in the %,>9+> protocol stack. ?<> is a simple protocol that e8changes datagrams& without acknowledgments or guaranteed delivery. $rror processing and retransmission must be handled by higher layer protocols. ?<> uses no windowing or acknowledgments so reliability& if needed& is provided by application layer protocols. ?<> is designed for applications that do not need to put se!uences of segments together. %he protocols that use ?<> include: %;%> *%rivial ;ile %ransfer >rotocol S':> *Simple 'etwork :anagement >rotocol < ,> *<ynamic ost ,ontrol >rotocol <'S *<omain 'ame System-
440
442
443
?!/
425
424
422
423
42(
420
Internet Addresses
+> )ddressing is a hierarchical structure.)n +> address combines two identifiers into one number. %his number must be a uni!ue number& because duplicate addresses would make routing impossible.%he first part identifies the systemHs network address.%he second part& called the host part& identifies which particular machine it is on the network.
422
I+ Address Classes
+> addresses are divided into classes to define the large& medium& and small networks.
Class A addresses are assigned to larger networks. Class B addresses are used for medium-si"ed networks& D Class C for small networks.
423
435
434
432
Class A Addresses
%he ,lass ) address was designed to support e8tremely large networks& with more than 4/ million host addresses available. ,lass ) +> addresses use only the first octet to indicate the network address. %he remaining three octets provide for host addresses.
433
43#
Class C Addresses
%he ,lass , address space is the most commonly used of the original address classes.%his address space was intended to support small networks with a ma8imum of 2(# hosts.
43(
Class D Addresses
%he ,lass < address class was created to enable multicasting in an +> address. ) multicast address is a uni!ue network address that directs packets with that destination address to predefined groups of +> addresses. %herefore& a single station can simultaneously transmit a single stream of data to multiple recipients.
43/
Class , Addresses
) ,lass $ address has been defined. owever& the +nternet $ngineering %ask ;orce *+$%;- reserves these addresses for its own research. %herefore& no ,lass $ addresses have been released for use in the +nternet.
430
I+ Address !anges
%he graphic below shows the +> address range of the first octet both in decimal and binary for each +> address class.
432
I+v:
)s early as 4332& the +nternet $ngineering %ask ;orce *+$%;- identified two specific concerns: $8haustion of the remaining& unassigned +>v# network addresses and the increase in the si"e of +nternet routing tables. 7ver the past two decades& numerous e8tensions to +>v# have been developed. %wo of the more important of these are subnet masks and classless interdomain routing *,+<1-.
433
4#5
Network Address
4#4
&roadcast Address
4#2
+$%lic I+ Addresses
?ni!ue addresses are re!uired for each device on a network. 7riginally& an organi"ation known as the +nternet 'etwork +nformation ,enter *+nter'+,- handled this procedure. +nter'+, no longer e8ists and has been succeeded by the +nternet )ssigned 'umbers )uthority *+)')-. 'o two machines that connect to a public network can have the same +> address because public +> addresses are global and standardi"ed. )ll machines connected to the +nternet agree to conform to the system. >ublic +> addresses must be obtained from an +nternet service provider *+S>- or a registry at some e8pense.
4##
+rivate I+ Addresses
>rivate +> addresses are another solution to the problem of the impending e8haustion of public +> addresses.)s mentioned& public networks re!uire hosts to have uni!ue +> addresses. owever& private networks that are not connected to the +nternet may use any host addresses& as long as each host within the private network is uni!ue.
4#(
4#/
Introd$ction to S$%netting
Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller& more efficient and manageable segments& or subnets. 6ith subnetting& the network is not limited to the default ,lass )& B& or , network masks and there is more fle8ibility in the network design. Subnet addresses include the network portion& plus a subnet field and a host field.%he ability to decide how to divide the original host portion into the new subnet and host fields provides addressing fle8ibility for the network administrator.
4#0
4#2
4#3
4(5
4(4
4(2
A!+ !e@$est = &roadcast to all hosts N'hat is the hardware address or I+ address ;2K.0.;0.:4(
A!+ !e"ly
S+$ :$ 'S '+I<71 ; S+$: $'S '+I<71;
4(3
;ig. 32 ow does )1> workJ *%+4332$?52%+K555# %he 'etwork .ayer& #0-
4(#
;ig. 33 %he )1> command *%+4332$?52%+K555# %he 'etwork .ayer& #0-
&
!o$ter
&
4((
;ig. 3# >ro8y-)1> concept *%+4332$?52%+K555# %he 'etwork .ayer& #3-
& A &
&roadcast .essage to all> I yo$r I+ address matches (&* then "lease tell me yo$r ,thernet address
Des, I know the destination network, let me give yo$ my ,thernet address
4(/
!A!+
1everse )ddress 1esolution >rotocol *1)1>- associates a known :), addresses with an +> addresses. ) network device& such as a diskless workstation& might know its :), address but not its +> address. 1)1> allows the device to make a re!uest to learn its +> address. <evices using 1)1> re!uire that a 1)1> server be present on the network to answer 1)1> re!uests.
4(0
&oot+
%he bootstrap protocol *B77%>- operates in a client-server environment and only re!uires a single packet e8change to obtain +> information. owever& unlike 1)1>& B77%> packets can include the +> address& as well as the address of a router& the address of a server& and vendor-specific information. 7ne problem with B77%>& however& is that it was not designed to provide dynamic address assignment. 6ith B77%>& a network administrator creates a configuration file that specifies the parameters for each device.%he administrator must add hosts and maintain the B77%> database. $ven though the addresses are dynamically assigned& there is still a one to one relationship between the number of +> addresses and the number of hosts. %his means that for every host on the network there must be a B77%> profile with an +> address assignment in it. 'o two profiles can have the same +> address.
4(2
D#C+
<ynamic host configuration protocol *< ,>- is the successor to B77%>. ?nlike B77%>& < ,> allows a host to obtain an +> address dynamically without the network administrator having to set up an individual profile for each device. )ll that is re!uired when using < ,> is a defined range of +> addresses on a < ,> server.)s hosts come online& they contact the < ,> server and re!uest an address. %he < ,> server chooses an address and leases it to that host. 6ith < ,>& the entire network configuration of a computer can be obtained in one message. %his includes all of the data supplied by the B77%> message& plus a leased +> address and a subnet mask. %he maEor advantage that < ,> has over B77%> is that it allows users to be mobile.
4(3
4/5
Introd$ction to !o$ters
) router is a special type of computer. +t has the same basic components as a standard desktop >,. owever& routers are designed to perform some very specific functions. Cust as computers need operating systems to run software applications& routers need the +nternetwork 7perating System software *+7S- to run configuration files. %hese configuration files contain the instructions and parameters that control the flow of traffic in and out of the routers. %he many parts of a router are shown below:
4/4
!A.
1andom )ccess :emory& also called dynamic 1): *<1):1): has the following characteristics and functions: Stores routing tables olds )1> cache olds fast-switching cache >erforms packet buffering *shared 1)::aintains packet-hold !ueues >rovides temporary memory for the configuration file of the router while the router is powered on .oses content when router is powered down or restarted
4/2
N3!A.
'on-=olatile 1): '=1): has the following characteristics and functions: >rovides storage for the startup configuration file 1etains content when router is powered down or restarted
4/3
Alash
;lash memory has the following characteristics and functions: olds the operating system image *+7S )llows software to be updated without removing and replacing chips on the processor 1etains content when router is powered down or restarted ,an store multiple versions of +7S software +s a type of electronically erasable& programmable 17: *$$>17:-
4/#
!1.
1ead-7nly :emory 17: has the following characteristics and functions: :aintains instructions for power-on self test *>7S%- diagnostics Stores bootstrap program and basic operating system software 1e!uires replacing pluggable chips on the motherboard for software upgrades
4/(
Inter aces
+nterfaces have the following characteristics and functions: ,onnect router to network for frame entry and e8it ,an be on the motherboard or on a separate module
%ypes of interfaces: $thernet ;ast $thernet Serial %oken ring +S<' B1+ .oopback ,onsole )u8
4//
4/0
4/2
,-ternal Connections
4/3
405
404
402
403
40#
40(
40/
Cisco I1S
,isco technology is built around the ,isco +nternetwork 7perating System *+7S-& which is the software that controls the routing and switching functions of internetworking devices. ) solid understanding of the +7S is essential for a network administrator.
400
403
Set$" .ode
Setup is not intended as the mode for entering comple8 protocol features in the router. %he purpose of the setup mode is to permit the administrator to install a minimal configuration for a router& unable to locate a configuration from another source. +n the setup mode& default answers appear in s!uare brackets O P following the !uestion. >ress the ,nter key to use these defaults. <uring the setup process& Ctrl=C can be pressed at any time to terminate the process. 6hen setup is terminated using Ctrl=C& all interfaces will be administratively shutdown. 6hen the configuration process is completed in setup mode& the following options will be displayed: [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [ ] Save this configuration to nvram and e!it. 425 "nter #our se$ection [ ]%
424
422
42(
42/
420
422
423
435
434
432
!o$ter .odes
433
43#
43(
43/
6hen specific configuration modes are entered& the router prompt changes to indicate the current configuration mode. %yping e-it from one of these specific configuration modes will return the router to global configuration mode. >ressing Ctrl=Q returns the router to all 430 the way back privileged $I$, mode.
433
255
254
252
25/
250
252
,thernet 1verview
$thernet is now the dominant .)' technology in the world. $thernet is not one technology but a family of .)' technologies. )ll .)'s must deal with the basic issue of how individual stations *nodes- are named& and $thernet is no e8ception. $thernet specifications support different media& bandwidths& and other .ayer 4 and 2 variations. owever& the basic frame format and addressing scheme is the same for all varieties of $thernet. 253
244
/ayer 2 Araming
;raming is the .ayer 2 encapsulation process. ) frame is the .ayer 2 protocol data unit. %he frame format diagram shows different groupings of bits *fields- that perform other functions.
242
243
24#
Collision Domains
%o move data between one $thernet station and another& the data often passes through a repeater. )ll other stations in the same collision domain see traffic that passes through a repeater. ) collision domain is then a shared resource. >roblems originating in one part of the collision domain will usually impact the entire collision domain.
24(
CS.AICD 6ra"hic
24/
&acko
)fter a collision occurs and all stations allow the cable to become idle *each waits the full interframe spacing-& then the stations that collided must wait an additional and potentially progressively longer period of time before attempting to retransmit the collided frame. %he waiting period is intentionally designed to be random so that two stations do not delay for the same amount of time before retransmitting& which would result in more collisions.
240
242
2;M
In the I+ network n$m%er that accom"anies the network mask, when the host %its o the I+ network n$m%er are>
All %inary 2eros F that address is the %ottom o the address range All %inary ones F that address is the to" o the address range
+mplementing =.S:
224
222
223
22#
22(
22/
227
222
223
235
234
6hat +s ,+<1J
Addresses are the same as in the ro$te s$mmari2ation ig$re, e-ce"t that Class & network ;72 has %een re"laced %y Class C network ;M2. 232
,+<1 $8ample
233
23#
Anatomy o an I+ +acket
+> packets consist of the data from upper layers plus an +> header. %he +> header consists of the following:
23(
Introd$cing !o$ting
1outing is the process that a router uses to forward packets toward the destination network. ) router makes decisions based upon the destination +> address of a packet. )ll devices along the way use the destination +> address to point the packet in the correct direction so that the packet eventually arrives at its destination. +n order to make the correct decisions& routers must learn the direction to remote networks.
23/
230
232
Administrative Distance
%he administrative distance is an optional parameter that gives a measure of the reliability of the route. %he range of an )< is 5-2(( where smaller numbers are more desireable. %he default administrative distance when using ne8t-hop address is 4& while the default administrative distance when using the outgoing interface is 5. Nou can statically assign an )< as follows:
2#2
2#3
!o$ting +rotocol
!o$ter
Switch
!o$ter
2##
!o$ting +rotocols
1outing protocols includes the following: processes for sharing route information allows routers to communicate with other routers to update and maintain the routing tables $8amples of routing protocols that support the +> routed protocol are: 1+>& +M1>& 7S>;& BM>& and $+M1>.
2#(
!o$ting +rotocols
2#/
!o$ted +rotocols
>rotocols used at the network layer that transfer data from one host to another across a router are called routed or routable protocols. %he +nternet >rotocol *+>- and 'ovellHs +nternetwork >acket $8change *+>I- are e8amples of routed protocols. 1outers use routing protocols to e8change routing tables and share routing information. +n other words& routing protocols enable routers to route routed protocols.
2#0
!o$ted +rotocols
2#2
A$tonomo$s System
)n )utonomous System *)S- is a group of +> networks& which has a single and clearly defined e8ternal routing policy.
,6+
$8terior Mateway >rotocols are used for routing between )utonomous Systems
AS ;000
AS 3000
I6+ AS 2000
+nterior Mateway >rotocols are used for routing decisions within an )utonomous System.
2#3
;ig. #2 +M> and $M> *%+4332$?52%+K555# %he 'etwork .ayer& /0-
AS 3000
AS 2000
2(5
;ig. #3 %he use of +M> and $M> protocols *%+4332$?52%+K555# %he 'etwork .ayer& /0-
2(4
%he distance vector routing approach determines the direction *vector- and distance to any link in the internetwork. %he link-state approach& also called shortest path first& recreates the e8act topology of the entire internetwork.
2(2
2(3
2 4
!o$ter A
ops
op
!o$ter &
op
!o$ter C !o$ter D
;M2.;8.;.0
;M2.;8.7.0
2(#
2((
2(/
2(0
;M2.;8.8.0
!o$ter D
;M2.;8.;.0
;M2.;8.:.0
;M2.;8.7.0
;M2.;8.9.0
;M2.;8.;.0 ;M2.;8.2.0
0 0
/ /
0 0 0 0 0 0 ; ; ;
/ / / / / / A C C
0 0 0 0 0 0 ; ; ;
/ / / / / / & & D
;M2.;8.8.0 ;M2.;8.7.0
0 0
/ /
0 0 ; ;
/ / & &
0 0 ; ;
/ / C C
/ocally connected
2(2
0 0 ; ; 2 2 3
0 0 0 ; ; ; 2
/ / / A C C C
0 0 0 ; ; ; 2
0 0 ; ; 2 2 3
/ / C C C C C
2(3
;ig. (3 <istribution of routing information with distance vector routing protocol *cont.- *%+4332$?52%+K555# %he 'etwork .ayer& 04-
1+>v4
<istance =ector 1outing >rotocol& classful <istribution of 1outing %ables via broadcast to adEacent routers 7nly one kind of metric: 'umber of ops ,onnections with different bandwidth can not be weighted 1outing loops can occur -U bad convergence in case of a failure ,ount to infinity problem *infinity F 4/:a8imum network si"e is limited by the number of hops
;ig. (3 >roperties of 1+>v4 *%+4332$?52%+K555# %he 'etwork .ayer& 24-
2/5
!I+ Characteristics
2/4
1+>-4: 435.2#.3/.5
;30.2:.38.0I2:
2/2
;ig. /5 1+>-4 permits only a single subnet mask *%+4332$?52%+K555# %he 'etwork .ayer& 23-
2/#
2/(
2//
1outing loops can occur when inconsistent routing tables are not updated due to slow convergence in a changing network.
2/0
2/2
2/3
205
!o$te +oisoning
1oute poisoning is used by various distance vector protocols in order to overcome large routing loops and offer e8plicit information when a subnet or network is not accessible. %his is usually accomplished by setting the hop count to one more than the ma8imum.
204
)riggered ?"dates
'ew routing tables are sent to neighboring routers on a regular basis. ;or e8ample& 1+> updates occur every 35 seconds. owever a triggered update is sent immediately in response to some change in the routing table. %he router that detects a topology change immediately sends an update message to adEacent routers that& in turn& generate triggered updates notifying their adEacent neighbors of the change. 6hen a route fails& an update is sent immediately rather than waiting on the update timer to e8pire. %riggered updates& used in conEunction with route poisoning& ensure that all routers know of failed routes before any holddown timers can e8pire.
202
203
20#
I6!+
+nterior Mateway 1outing >rotocol *+M1>- is a proprietary protocol developed by ,isco. Some of the +M1> key design characteristics emphasi"e the following: +t is a distance vector routing protocol. 1outing updates are broadcast every 35 seconds. Bandwidth& load& delay and reliability are used to create a composite metric.
20(
200
202
203
225
!o$ter ;
224
222
2 : !o$ter &
!o$ter ,
A & C D , A C
& D , D ,
C A & ,
D C A & 223
22(
22/
2K7
222
O %opology table:
%ypically referred to as .S<B *routers and links in the area or network )ll routers within an area have an identical .S<B
O 1outing table:
223
235
1S+A )erminology
%he ne8t several slides e8plain various 7S>; terms -one per slide.
234
232
233
23#
23(
23/
230
232
233
7S>; )reas
355
)rea %erminology
354
O .)' links:
'eighbors form an adEacency with the <1 and B<1. :aintain two-way state with the other routers *<17% $1s-.
O 1outing updates and topology information are only passed between adEacent routers.
352
7S>; )dEacencies
!o$ters %$ild logical adGacencies %etween each other $sing the #ello +rotocol. 1nce an adGacency is ormed> /S data%ase "ackets are e-changed to synchroni2e
each other5s /S data%ases. $sing these adGacencies.
35#
35/
7S>; >acket
eader ;ormat
350
'eighborship
352
353
345
344
342
343
34#
34(
34/
340
!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
343
!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
325
!o$ter A noti ies all 1S+A D!s on 22:.0.0.8 D! noti ies others on 22:.0.0.9
324
!o$ter 1S+A s$%ordinate command that de ines the inter aces B%y network n$m%erC that 1S+A will r$n on. ,ach network n$m%er m$st %e de ined to a s"eci ic area.
322
323
show ip protocols
3eri ies the con ig$red I+ ro$ting "rotocol "rocesses, "arameters and statistics
%outer(
32#
show ip ospf
Dis"lays in ormation a%o$t the 1S+A neigh%ors, incl$ding Designated !o$ter BD!C and &ack$" Designated !o$ter B&D!C in ormation on %roadcast networks
32(
32/
320
322
323
335
334
>oint-to->oint .inks
?s$ally a serial inter ace r$nning either +++ or #D/C .ay also %e a "oint=to="oint s$%inter ace r$nning Arame !elay or A). No D! or &D! election re@$ired 1S+A a$todetects this inter ace ty"e 1S+A "ackets are sent $sing m$lticast 22:.0.0.9
332
6enerally /AN technologies like ,thernet and )oken !ing D! and &D! selection re@$ired All neigh%or ro$ters orm $ll adGacencies with the D! and &D! only +ackets to the D! $se 22:.0.0.8 +ackets rom D! to all other ro$ters $se 22:.0.0.9
333
#ello "ackets are e-changed via I+ m$lticast. )he ro$ter with the highest 1S+A "riority is selected as the D!. ?se the 1S+A ro$ter ID as the tie %reaker. )he D! election is non"reem"tive.
33#
)his inter ace con ig$ration command assigns the 1S+A "riority to an inter ace. Di erent inter aces on a ro$ter may %e assigned di erent val$es. )he de a$lt "riority is ;. )he range is rom 0 to 299. 0 means the ro$ter is a D!1)#,!S it can5t %e the D! or &D!.
33(
33/
,reation of )dEacencies
%outer-( de,ug ip ospf adA 4oint*to*point interfaces coming up/ >o election D<2>E*$*B47:@>/ 2nterface 1erial10 changed state to up :14;/ 2nterface 1erial1 going Bp :14;/ %c# hello from 1F2.1"C.0.11 area 0 from 1erial1 10.1.1.2 :14;/ 8nd of hello processing :14;/ 6uild router <1- for area 00 router 27 1F2.1"C.0.10 :14;/ %c# 767 from 1F2.1"C.0.11 on 1erial1 seG 0x20.! opt 0x2 flag 0x len $2 state 2>2T :14;/ 2 @ay .ommunication to 1F2.1"C.0.11 on 1erial10 state 2@-H :14;/ 1end 767 to 1F2.1"C.0.11 on 1erial1 seG 0x1" ; opt 0x2 flag 0x len $2 :14;/ >6% >egotiation 7one. @e are the 1<-I8 :14;/ 1end 767 to 1F2.1"C.0.11 on 1erial1 seG 0x20.! opt 0x2 flag 0x2 len 2
330
,reation of )dEacencies *,ont.%outer-( de,ug ip ospf adA 8thernet interface coming up/ 8lection :14;/ 2 @ay .ommunication to 1F2.1"C.0.10 on 8thernet00 state 2@-H :14;/ end of @ait on interface 8thernet0 :14;/ 7%/67% election on 8thernet0 :14;/ 8lect 67% 1F2.1"C.0.12 :14;/ 8lect 7% 1F2.1"C.0.12 7%/ 1F2.1"C.0.12 &2d' 67%/ 1F2.1"C.0.12 &2d' :14;/ 1end 767 to 1F2.1"C.0.12 on 8thernet0 seG 0x5!" opt 0x2 flag 0x <J> :14;/ 7%/67% election on 8thernet0 :14;/ 8lect 67% 1F2.1"C.0.11 :14;/ 8lect 7% 1F2.1"C.0.12 7%/ 1F2.1"C.0.12 &2d' 67%/ 1F2.1"C.0.11 &2d'
len $2
332
333
1verview
$nhanced +nterior Mateway 1outing >rotocol *$+M1>- is a ,iscoproprietary routing protocol based on +nterior Mateway 1outing >rotocol *+M1>-. ?nlike +M1>& which is a classful routing protocol& $+M1> supports ,+<1 and =.S:. ,ompared to +M1>& $+M1> boasts faster convergence times& improved scalability& and superior handling of routing loops. ;urthermore& $+M1> can replace 'ovell 1outing +nformation >rotocol *1+>- and )pple%alk 1outing %able :aintenance >rotocol *1%:>-& serving both +>I and )pple%alk networks with powerful efficiency. $+M1> is often described as a hybrid routing protocol& offering the best of distance vector and link-state algorithms.
3#5
3#2
3#3
3##
3#(
Neigh%or )a%le
%he neighbor table is the most important table in $+M1>. $ach $+M1> router maintains a neighbor table that lists adEacent routers. %his table is comparable to the adEacency database used by 7S>;. %here is a neighbor table for each protocol that $+M1> supports. 6hen a neighbor sends a hello packet& it advertises a hold time. %he hold time is the amount of time a router treats a neighbor as reachable and operational. +n other words& if a hello packet is not heard within the hold time& then the hold time e8pires. 6hen the hold time e8pires& the <iffusing ?pdate )lgorithm *<?).-& which is the $+M1> distance vector algorithm& is informed of the topology change and must recalculate the new topology.
3#/
)o"ology )a%le
%he topology table is made up of all the $+M1> routing tables in the autonomous system. <?). takes the information supplied in the neighbor table and the topology table and calculates the lowest cost routes to each destination. By tracking this information& $+M1> routers can identify and switch to alternate routes !uickly. %he information that the router learns from the <?). is used to determine the successor route& which is the term used to identify the primary or best route. ) copy is also placed in the topology table. $very $+M1> router maintains a topology table for each configured network protocol. )ll learned routes to a destination are maintained in the topology table.
3#0
!o$ting )a%le
%he $+M1> routing table holds the best routes to a destination. %his information is retrieved from the topology table. $ach $+M1> router maintains a routing table for each network protocol. ) successor is a route selected as the primary route to use to reach a destination.<?). identifies this route from the information contained in the neighbor and topology tables and places it in the routing table. %here can be up to four successor routes for any particular route. %hese can be of e!ual or une!ual cost and are identified as the best loop-free paths to a given destination. ) copy of the successor routes is also placed in the topology table. ) feasible successor *;S- is a backup route.%hese routes are identified at the same time the successors are identified& but they are only kept in the topology table. :ultiple feasible successors for a destination can be 3#2 retained in the topology table although it is not mandatory.
3(5
,I6!+ Algorithm
%he sophisticated <?). algorithm results in the e8ceptionally fast convergence of $+M1>. $ach router constructs a topology table that contains information about how to route to a destination network. $ach topology table identifies the following: %he routing protocol or $+M1> %he lowest cost of the route& which is called ;easible <istance %he cost of the route as advertised by the neighboring router& which is called 1eported <istance %he %opology heading identifies the preferred primary route& called the successor route *Successor-& and& where identified& the backup route& called the feasible successor *;S-. 'ote that it is not necessary to have an identified feasible successor.
3(4
3(2
D?A/ ,-am"le
3(3
3(#
3((
3(/
3(0
3(2
3(3
3/4
Administrative Distances
3/2
3/3
3/#
3/0
3/2
3/3
305
Creating AC/s
),.s are created in the global configuration mode. %here are many different types of ),.s including standard& e8tended& +>I& )pple%alk& and others. 6hen configuring ),.s on a router& each ),. must be uni!uely identified by assigning a number to it. %his number identifies the type of access list created and must fall within the specific range of numbers that is valid for that type of list. Since +> is by far the most popular routed protocol& addition ),. numbers have been added to newer router +7Ss. Standard I+> ;300=;MMM ,-tended I+> 2000=28MM 304
302
X in Q o$t Y
303
AC/ ,-am"le
30#
300
302
303
325
dd IP#s
324
322
323
Standard AC/s
Standard ),.s check the source address of +> packets that are routed. %he comparison will result in either permit or deny access for an entire protocol suite& based on the network& subnet& and host addresses. %he standard version of the access=list global configuration command is used to define a standard ),. with a number in the range of 4 to 33 *also from 4355 to 4333 in recent +7S-. +f there is no wildcard mask. the default mask is used& which is 5.5.5.5. *%his only works with Standard ),.s and is the same thing as using host.%he full synta8 of the standard ),. command is:
,-tended AC/s
$8tended ),.s are used more often than standard ),.s because they provide a greater range of control. $8tended ),.s check the source and destination packet addresses as well as being able to check for protocols and port numbers. %he synta8 for the e8tended ),. statement can get very long and often will wrap in the terminal window. %he wildcards also have the option of using the host or any keywords in the command. )t the end of the e8tended ),. statement& additional precision is gained from a field that specifies the optional %ransmission ,ontrol >rotocol *%,>- or ?ser <atagram >rotocol *?<>- port number. .ogical operations may be specified such as& e!ual *e!-& not e!ual *ne!-& greater than *gt-& and less than *lt-& that the e8tended ),. will perform on specific protocols. $8tended ),.s use an access-list-number in the range 455 to 433 *also from 2555 to 2/33 in recent +7S-. 32(
32/
320
i" access=gro$"
%he i" access=gro$" command links an e8isting standard or e8tended ),. to an interface. 1emember that only one ),. per interface& per direction& per protocol is allowed. %he format of the command is:
323
Named AC/s
+> named ),.s were introduced in ,isco +7S Software 1elease 44.2& allowing standard and e8tended ),.s to be given names instead of numbers. %he advantages that a named access list provides are: +ntuitively identify an ),. using an alphanumeric name. $liminate the limit of 032 simple and 033 e8tended ),.s 'amed ),.s provide the ability to modify ),.s without deleting them completely and then reconfiguring them. 'amed ),.s are not compatible with ,isco +7S releases prior to 1elease 44.2. %he same name may not be used for multiple ),.s.
335
334
+lacing AC/s
%he general rule is to put the e8tended ),.s as close as possible to the source of the traffic denied. Standard ),.s do not specify destination addresses& so they should be placed as close to the destination as possible. ;or e8ample& in the graphic a standard ),. should be placed on ;a595 of 1outer < to prevent traffic from 1outer ).
332
333
33/
Subnet :ask is 2((.2((.2((.5 +nverse :ask is 5.5.5.2(( or subtract 4(5.0(.423.5 from 4(5.0(.423.2(( to get 5.5.5.2(( 1outer*config-W access=list ; "ermit ;90.79.;2M.0 0.0.0.299
#55 *%he implicit Adeny anyB ensures that everyone else is denied.-
Subnet :ask is 2((.2((.2(2.5 +nverse :ask is 5.5.3.2(( or subtract 4/5.22.255.5 from 4/5.22.253.2(( to get 5.5.3.2(( 1outer*config-W access=list ; deny ;80.KK.200.0 0.0.3.299 #54 1outer*config-W access=list ; "ermit any
#5#
#5(
#50
+ermit 200.;00.90.;,9,;3,2M,:2,77
access=list ; "ermit host 200.;00.90.; access=list ; "ermit host 200.;00.90.9 access=list ; "ermit host 200.;00.90.;3 access=list ; "ermit host 200.;00.90.2M access=list ; "ermit host 200.;00.90.:2 access=list ; "ermit host 200.;00.90.77
Sometimes a group of addresses has no pattern and the best way to deal with them is individually.
#53 *%he implicit Adeny anyB ensures that everyone else is denied.-
#45
#44
#43
access=list ;0; "ermit i" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 Im"licit deny i" any any
%o allow 2 way traffic between the networks add this statement:
access=list ;0; deny i" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 access=list ;0; "ermit i" any any
%o deny 2 way traffic between the networks add this statement:
Deny A)+
)ssume you do not want anyone ;%>ing on the network.
access=list ;0; deny tc" any any e@ 2; access=list ;0; "ermit i" any any
or
access=list ;0; deny tc" any any e@ t" access=list ;0; "ermit i" any any
#40
Deny )elnet
)ssume you do not want anyone telnetting on the network.
access=list ;0; deny tc" any any e@ 23 access=list ;0; "ermit i" any any
or
access=list ;0; deny tc" any any e@ telnet access=list ;0; "ermit i" any any
#42
access=list ;0; deny tc" any any e@ K0 access=list ;0; "ermit i" any any
or
access=list ;0; deny tc" any any e@ www access=list ;0; "ermit i" any any "ou can also use #ttp instead o$ www!
#43
Com"licated ,-am"le R;
Suppose you have the following conditions: 'o one from 'etwork 255.455.(5.5 is allowed to ;%> anywhere 7nly hosts from network 4(5.0(.5.5 may telnet to network (5.5.5.5 Subnetwork 455.455.455.592# is not allowed to surf the internet
access=list ;0; deny tc" 200.;00.90.0 0.0.0.299 any e@ 2; access=list ;0; "ermit tc" ;90.79.0.0 0.0.299.299 90.0.0.0 0.299.299.299 e@ 23 access=list ;0; deny tc" any any e@ 23 access=list ;0; deny tc" ;00.;00.;00.0 0.0.0.299 any e@ K0 access=list ;0; "ermit i" any any
#25
Com"licated ,-am"le R2
Suppose you are the admin of network 255.455.(5.5. Nou want to permit $mail only between your network and network 4(5.0(.5.5. Nou wish to place no restriction on other protocols like web surfing& ftp& telnet& etc. $mail server send9receive >rotocol: S:%>& port 2( ?ser ,heck $mail >rotocol: >7>3& port 445 %his e8ample assumes the your $mail server is at addresses 255.455.(5.2(
access=list ;0; "ermit tc" 200.;00.90.0 0.0.0.299 ;90.79.0.0 0.0.299.299 e@ 29 access=list ;0; "ermit tc" ;90.79.0.0 0.0.299.299 200.;00.90.0 0.0.0.299 e@ 29 access=list ;0; "ermit tc" 200.;00.90.0 0.0.0.299 200.;00.90.0 0.0.0.299 e@ ;;0 access=list ;0; deny tc" any any smt" access=list ;0; deny tc" any any "o"3 #24 access=list ;0; "ermit i" any any
')%
'etwork )ddress %ranslator
#22
;ig. 3 ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 0-
>rivate 'etwork
?ses "rivate address range Blocal addressesC /ocal addresses may not %e $sed e-ternally
>ublic 'etwork
?ses "$%lic addresses +$%lic addresses are glo%ally $ni@$e #2#
;ig. # ow does ')% workJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-
%o be translated ')%
e8clude
e8clude
')% 1outer
#2(
;ig. ( %ranslation mechanism *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-
) timeout value *default 4( min- instructs ')% how long to keep an association in an idle state before returning the e8ternal +> address to the free ')% pool.
#2/
;ig. 2 ow does ')% know when to return the public +> address to the poolJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 4(-
+nside Mlobal
O ')% uses an inside global address to represent the inside host as the packet is sent through the outside network& typically the +nternet. O ) ')% router changes the source +> address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.
#20
7utside .ocal
O ')% uses an outside local address to represent the outside host as the packet is sent through the private enterprise network. O ) ')% router changes a packet@s destination +> address& sent from an outside global address to an inside host& as the packet goes from the outside to the inside network.
#22
'AN !o$ter
!o$ter
!o$ter &
!o$ter
!o$ter .)'
;M2.90.20.9
#23
;ig. 0 )n e8ample for ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-
6)'
')% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.# <) F432.0/.23.0 !o$ter S) F 45.5.5.45 <) F 432.0/.23.0 S) F 432.0/.23.0 <) F 45.5.5.45 S) F 432.0/.23.0 <) F 432.0/.22.# !o$ter
;3K.78.2M.7
'et ) 45.5.5.592
;0.0.0.;0
#35
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-
%ypes 7f ')%
%here are different types of ')% that can be used& which are
O Static ')% O <ynamic ')% O 7verloading ')% with >)% *')>%-
#34
Static ')%
6ith static ')%& the ')% router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf.
#32
Static ')%
#33
<ynamic ')%
.ike static ')%& the ')% router creates a oneto-one mapping between an inside local and inside global address and changes the +> addresses in packets as they e8it and enter the inside network. owever& the mapping of an inside local address to an inside global address happens dynamically.
#3#
<ynamic ')%
<ynamic ')% sets up a pool of possible inside global addresses and defines criteria for the set of inside local +> addresses whose traffic should be translated with ')%. %he dynamic entry in the ')% table stays in there as long as traffic flows occasionally. +f a new packet arrives& and it needs a ')% entry& but all the pooled +> addresses are in use& the router simply discards the packet.
#3(
>)%
>ort )ddress %ranslator
#3/
;ig. 3 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 40-
6)'
')>% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.#& sport F 452# <) F432.0/.23.0& dpor tF 23 !o$ter S) F 45.5.5.45& sport F 3540 <) F 432.0/.23.0& dpor tF 23 S) F 432.0/.23.0& spor tF 23 <) F 45.5.5.45& dport F 3540 S) F 432.0/.23.0& spor tF 23 <) F 432.0/.22.#& dport F 452# !o$ter
;3K.78.2M.7
'et ) 45.5.5.592
;0.0.0.;0
#30
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-
pool of %? port numbers local +> \& registered +> \& local %? port W mapping assigned %? port W
%?....%,>9?<>
#32
;ig. 45 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-
')%D>)%
'etwork )ddress %ranslation D >ort )ddress %ransation
#33
;ig. 3 ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 0-
>rivate 'etwork
?ses "rivate address range Blocal addressesC /ocal addresses may not %e $sed e-ternally
>ublic 'etwork
?ses "$%lic addresses +$%lic addresses are glo%ally $ni@$e ##4
;ig. # ow does ')% workJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-
private addresses
translate reserve pool map
public addresses
%o be translated ')%
e8clude
e8clude
')% 1outer
##2
;ig. ( %ranslation mechanism *%+4332$?52%+K5553 'ew )ddress ,oncepts& 3-
) timeout value *default 4( min- instructs ')% how long to keep an association in an idle state before returning the e8ternal +> address to the free ')% pool.
##3
;ig. 2 ow does ')% know when to return the public +> address to the poolJ *%+4332$?52%+K5553 'ew )ddress ,oncepts& 4(-
'AN !o$ter
!o$ter
!o$ter &
!o$ter
!o$ter .)'
;M2.90.20.9
##(
;ig. 0 )n e8ample for ')% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 43-
6)'
')% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.# <) F432.0/.23.0 !o$ter S) F 45.5.5.45 <) F 432.0/.23.0 S) F 432.0/.23.0 <) F 45.5.5.45 S) F 432.0/.23.0 <) F 432.0/.22.# !o$ter
;3K.78.2M.7
'et ) 45.5.5.592
;0.0.0.;0
##/
;ig. 44 )n e8ample for ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 24-
%ypes 7f ')%
%here are different types of ')% that can be used& which are
O Static ')% O <ynamic ')% O 7verloading ')% with >)% *')% 7ver >)%-
##0
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
Static ')%
6ith static ')%& the ')% router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf.
##2
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
Static ')%
##3
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
See ,-am"le
#(5
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
<ynamic ')%
.ike static ')%& the ')% router creates a oneto-one mapping between an inside local and inside global address and changes the +> addresses in packets as they e8it and enter the inside network. owever& the mapping of an inside local address to an inside global address happens dynamically.
#(4
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
<ynamic ')%
<ynamic ')% sets up a pool of possible inside global addresses and defines criteria for the set of inside local +> addresses whose traffic should be translated with ')%. %he dynamic entry in the ')% table stays in there as long as traffic flows occasionally. +f a new packet arrives& and it needs a ')% entry& but all the pooled +> addresses are in use& the router simply discards the packet.
#(2
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
See ,-am"le
#(3
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
>)%
>ort )ddress %ranslator
#(#
;ig. 3 ')>% *%+4332$?52%+K5553 'ew )ddress ,oncepts& 40-
6)'
')>% with 6)' interface: 432.0/.22.#
!o$ter S) F 432.0/.22.#& sport F 452# <) F432.0/.23.0& dpor tF 23 !o$ter S) F 45.5.5.45& sport F 3540 <) F 432.0/.23.0& dpor tF 23 S) F 432.0/.23.0& spor tF 23 <) F 45.5.5.45& dport F 3540 S) F 432.0/.23.0& spor tF 23 <) F 432.0/.22.#& dport F 452# !o$ter
;3K.78.2M.7
'et ) 45.5.5.592
;0.0.0.;0
#((
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
pool of %? port numbers local +> \& registered +> \& local %? port W mapping assigned %? port W
%?....%,>9?<>
#(/
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
See ,-am"le
#(0
;ig. 2 )ddress shortage and possible solutions *%+4332$?52%+K5553 'ew )ddress ,oncepts& (-
#(2
#(3
#/5
#/4
)odayEs /AN
#/2
#/3
#/#
Collision Domains
#/(
#//
#/0
#/2
#/3
Switching .ethods
1! "#$re-and-%$r&ard %he entire frame is received before any forwarding takes place. ;ilters are applied before the frame is forwarded. :ost reliable and also most latency especially when frames are large. 2! C'#-()r$'*) %he frame is forwarded through the switch before the entire frame is received. )t a minimum the frame destination address must be read before the frame can be forwarded. %his mode decreases the latency of the transmission& but also reduces error detection. 3! %ra*men#-%ree ;ragment-free switching filters out collision fragments before forwarding begins. ,ollision fragments are the maEority of packet errors. +n a properly functioning network& collision fragments must be smaller than /# bytes. )nything U /# bytes is a valid packet and is usually received without error.
#05
#04
#02
%o compare the destination address with a table of addresses stored within it %he ,): stores host :), addresses and associated port numbers. %he ,): compares the received destination :), address against the ,): table contents. +f the comparison yields a match& the port is provided& and switching control #0# forwards the packet to the correct port and address.
#0(
.icrosegmentation o a Network
#0/
.icrosegmentation
#00
3 .ethods o Comm$nication
#02
#03
&roadcast Domain
#25
#24
1verview
%o design reliable& manageable& and scalable networks& a network designer must reali"e that each of the maEor components of a network has distinct design re!uirements. Mood network design will improve performance and also reduce the difficulties associated with network growth and evolution. %he design of larger .)'s includes identifying the following: )n access layer that connects end users into the .)' ) distribution layer that provides policy-based connectivity between end-user .)'s ) core layer that provides the fastest connection between the distribution points $ach of these .)' design layers re!uires switches that are best #22 suited for specific tasks.
#23
#2#
#2(
#2/
#20
#22
#23
%he System .$< shows whether the system is receiving power and functioning correctly. %he 1>S .$< indicates whether or not the remote power supply is in use. %he :ode .$<s indicate the current state of the :ode button. %he >ort Status .$<s have different meanings& depending on the current #34 value of the :ode .$<.
#32
#33
#3/
#30
#32
1verview
1edundancy in a network is e8tremely important because redundancy allows networks to be fault tolerant. 1edundant topologies based on switches and bridges are susceptible to broadcast storms& multiple frame transmissions& and :), address database instability. %herefore network redundancy re!uires careful planning and monitoring to function properly. %he Spanning-%ree >rotocol is used in switched networks to create a loop free logical topology from a physical topology that has loops.
#33
(55
&roadcast Storms
&roadcasts and m$lticasts can ca$se "ro%lems in a switched network. .$lticasts are treated as %roadcasts %y the switches. &roadcasts and m$lticasts rames are looded o$t all "orts, e-ce"t the one on which the rame was received. )he switches contin$e to "ro"agate %roadcast tra ic over and over. )his is called a %roadcast storm. )his will contin$e $ntil one o the switches is disconnected. )he network will a""ear to %e down or e-tremely slow.
(54
(52
(53
(5#
(5(
N1),>
Don5t con $se S"anning )ree +rotocol BS)+C with Shielded )wisted +air BS)+C.
(5/
(50
(52
&D+?s
&+D?s contain eno$gh in ormation so that all switches can do the ollowing> Select a single switch that will act as the root o the s"anning tree Calc$late the shortest "ath rom itsel to the root switch Designate one o the switches as the closest one to the root, or each /AN segment. )his %ridge is called the (designated switch*. )he designated switch handles all comm$nication rom that /AN towards the root %ridge. ,ach non=root switch choose one o its "orts as its root "ort, this is the inter ace that gives the %est "ath to the root switch. Select "orts that are "art o the s"anning tree, the designated "orts. Non=designated "orts are %locked.
(45
(44
(42
(4#
(4(
3/ANs
=.)' implementation combines .ayer 2 switching and .ayer 3 routing technologies to limit both collision domains and broadcast domains. =.)'s can also be used to provide security by creating the =.)' groups according to function and by using routers to communicate between =.)'s. ) physical port association is used to implement =.)' assignment. ,ommunication between =.)'s can occur only through the router. %his limits the si"e of the broadcast domains and uses the router to determine whether one =.)' can talk to another =.)'. NOTE: This is the onl# !a# a s!itch can break up a broadcast domain2
(4/
(40
3/AN Comm$nication
(42
Static =.)'s
All $sers attached to same switch "ort m$st %e in the same 3/AN.
(25
(24
(22
(23
(2#
%emote 14-> I<->s ****************************************************************************** (2/ 4rimary 1econdary Type 4orts ******* ********* ***************** ******************************************
Dis"lays the .AC address ta%le in ormation or the s"eci ied inter ace in the s"eci ied 3/AN
(20
(22
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=92K
=.)' %runking
(23
(35
+S. $ncapsulation
O >erformed with )S+, O 'ot intrusive to client stations^ client does not see the header O $ffective between switches& and between routers and switches
(34
(32
I<->s allowed on trunk 1*1005 I<->s allowed and acti#e in management domain 1*201002*1005 I<->s in spanning tree forwarding state and not pruned 1*201002*1005
(3#
252.4S %runking
(3(
1witch&config'(interface fastethernet 5/C 1witch&config*if'(shutdown 1witch&config*if'(switchport trunk encapsulation dot1G 1witch&config*if'(switchport trunk allowed #lan 101501101002*1005 1witch&config*if'(switchport mode trunk 1witch&config*if'(switchport nonegotiate 1witch&config*if'(no shutdown
(3/
(30
(32
2003, Cisco Systems, Inc. All rights reserved. &C.SN 2.0W2=93K
(33
=%> :odes
Creates, modi ies, and deletes 3/ANs Sends and orwards advertisements Synchroni2es 3/AN con ig$rations Saves con ig$ration in N3!A. Cannot create, change, or delete 3/ANs Aorwards advertisements Synchroni2es 3/AN con ig$rations Does not save in N3!A.
Creates, modi ies, and deletes 3/ANs locally only Aorwards advertisements Does not synchroni2e 3/AN con ig$rations Saves con ig$ration in N3!A. (#5
3)+ 1"eration
3)+ advertisements are sent as m$lticast rames. 3)+ servers and clients are synchroni2ed to the latest $"date identi ied revision n$m%er. 3)+ advertisements are sent every 9 min$tes or when there is a change.
(#4
3)+ +r$ning
Increases availa%le %andwidth %y red$cing $nnecessary looded tra ic ,-am"le> Station A sends %roadcast, and %roadcast is looded only toward any switch with "orts assigned to the red 3/AN.
(#2
O Be cautious when adding a new switch into an e8isting domain. O )dd a new switch in a ,lient mode to get the last up-to-date information from the network then convert it to Server mode. O )dd all new configurations to switch in transparent mode and check your configuration well then convert it to Server mode to prevent the switch from propagating incorrect =.)' information.
(#3
,onfiguring a =%> Server *,ont.1witch(configure terminal 1witch&config'(#tp ser#er 1etting de#ice to IT4 18%I8% mode. 1witch&config'(#tp domain <a,N>etwork 1etting IT4 domain name to <a,N>etwork 1witch&config'(end
(#(
1witch(show #tp status IT4 Iersion / 2 .onfiguration %e#ision / 2! 5aximum I<->s supported locally / 1005 >um,er of existing I<->s / $$ IT4 :perating 5ode / .lient IT4 7omain >ame / <a,N>etwork IT4 4runing 5ode / 8na,led IT4 I2 5ode / 7isa,led IT4 Traps 3eneration / 7isa,led 575 digest / 0x!5 0x52 0x6" 0x;7 0x"$ 0x.C 0x!F 0xC0 .onfiguration last modified ,y 0.0.0.0 at C*12*FF 15/0!/!F 1witch(
(#/
5 0 FF 1$ $ 0 0 0
1ummary ad#ts recei#ed from non*pruning*capa,le de#ice **************** **************** **************** *************************** ;a5/C !$0 1 !2 "" 5 (#0
(#2
,ontents
1emote access overview 6)' ,onnection %ypes <efining 6)' $ncapsulation >rotocols <etermining the 6)' %ype to ?se 7S+ .ayer-2 >oint-to->oint 6)'s
O >>> O <., O ;rame 1elay
(#3
((4
,ircuit switching
O Sets up line like a phone call. 'o data can transfer before the end-to-end connection is established.
((2
Bandwidth
O <etermining usage over the 6)' is important to evaluate the most cost-effective 6)' service.
,ost
O :aking a compromise between the traffic you need to transfer and the type of service with the available cost that will suit you.
((/
)pplication %raffic
O %raffic may be as small as during a terminal session & or very large packets as during file transfer.
((0
<.,
<., performs 7S+ .ayer-2 functions. +t determines when it is appropriate to use the physical medium. $nsures that the correct recipient receives and processes the data that is sent. <etermines whether the sent data was received correctly or not *error detection-.
(/5
<.,
<., ;rame ;ormat
%he original <., didn@t include any >rotocol %ype field& every company *including ,isco- added its own field& so it became a proprietary protocol that can be used between only ,isco routers.
(/4
>oint-to->oint >rotocol *>>> >>> is a standard encapsulation protocol for the transport of different 'etwork .ayer protocols *including& but not limited to& +>-. +t has the following main functional components
O .ink ,ontrol >rotocol *.,>- that establishes& authenticates& and tests the data link connection. O 'etwork ,ontrol >rotocols *',>s- that establishes and configure different network layer protocols.
(/2
>oint-to->oint >rotocol *>>> >>> discards frames that do not pass the error check. >>> is a standard protocol& and so it can be used with all types of routers *not ,isco >roprietary-.
(/3
(/#
>)> )uthentication
(/(
, )> )uthentication
(//
,ompression
,ompression enables higher data throughput across the link. <ifferent compression schemes are available:
O >redictor : checks if the data was already compressed. O Stacker : it looks at the data stream and only sends each type of data once with information about where the type occurs and then the receiving side uses this information to reassemble the data stream. O :>>, *:icrosoft >oint-to->oint ,ompression- : allows ,isco routers to compress data with :icrosoft clients.
(/0
>>> :ultilink
>>> :ultilink provides load balancing over dialer interfaces-including +S<'& synchronous& and asynchronous interfaces. %his can improve throughput and reduce latency between systems by splitting packets and sending fragments over parallel circuits.
(/2
$rror <etection
>>> can take down a link based on the value of what is called .S: *.ink Suality :onitor- as it gets the ratio of corrupted packets to the total number of sent packets& and according to a predetermined value& the link can be brought down if it is thought that its performance is beyond limits accepted.
(/3
%o configure ,ompression
O 1outer*,onfig-if-Wcompress PpredictorQstackQmppcR
(04
;rame 1elay
(02
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=972
(03
;rame 1elay
%he switch e8amines the frame sent by the router that has a header containing an address called <.,+ *<ata .ink ,ontrol +dentifier- and then switches the frame based on the <.,+ till it reaches the router on the other side of the network.
(0#
;rame 1elay
;rame 1elay networks use permanent virtual circuits *>=,s- or switched virtual circuits *S=,s- but most nowadays ;rame 1elay networks use permanent virtual circuits *>=,s-. %he logical path between each pair of routers is called a =irtual ,ircuit *=,-. =,s share the access link and the frame relay network.
$ach =, is committed to a ,+1 *,ommitted +nformation 1ate- which is a guarantee by the provider that a particular =, gets at least this much of B6.
(0(
>=, >, ,>$ ,ontroller 1outer +S<' dial-up connection or direct connection *=.3(& $4& 1S232Switch >ort ?'+ >=, >=, S=, S=,
>BI
=ideo
'etwork access
(0/
.:+
%he most important .:+ message is the .:+ status in!uiry message. Status messages perform two key functions:
O >erform a keepalive function between the <%$ and <,$. +f the access link has a problem& the absence of keepalive messages implies that the link is down. O Signal whether a >=, is active or inactive. $ven though each >=, is predefined& its status can change.
(02
.:+
%hree .:+ protocol options are available in ,isco +7S software: ,isco& +%?& and )'S+. $ach .:+ option is slightly different and therefore is incompatible with the other two.
(03
.)>;
) ;rame 1elay-connected router encapsulates each .ayer 3 packet inside a ;rame 1elay header and trailer before it is sent out an access link. %he header and trailer are defined by the .ink )ccess >rocedure ;rame Bearer Services *.)>;specification. %he .)>; framing provides error detection with an ;,S in the trailer& as well as the <.,+& <$& ;$,'& and B$,' fields in the header.
(25
.)>;
<%$s use and react to the fields specified by these two types of encapsulation& but ;rame 1elay switches ignore these fields. Because the frames flow from <%$ to <%$& both <%$s must agree to the encapsulation used. owever& each =, can use a different encapsulation. +n the configuration& the encapsulation created by ,isco is called cisco& and the other one is called iet .
(24
<.,+F32
<.,+F40
;1-network
<.,+F4/ <.,+F4/ <.,+F24 1
(2#
(2/
.ayer 3 )ddressing
,isco@s ;rame 1elay implementation defines three different options for assigning subnets and +> addresses on ;rame 1elay interfaces:
O 7ne subnet containing all ;rame 1elay <%$s O 7ne subnet per =, O ) hybrid of the first two options
(22
(23
(35
(34
(32
(33
ybrid %erminology
>oint-to-point subinterfaces are used when a single =, is considered to be all that is in the group_for instance& between 1outers ) and < and between 1outers ) and $. :ultipoint subinterfaces are used when more than two routers are considered to be in the same group_ for instance& with 1outers )& B& and ,.
(3#
ybrid %erminology
(3(
ybrid %erminology
(3/
(30
:apping :ethods
:apping can be done either two ways: <ynamic :apping
O ?sing the +nverse )1> that is enabled by default on ,isco routers.
Static :apping
O ?sing the rame=relay ma" command but you should first disable the inverse arp using the command no rame=relay inverse=ar"
(32
(33
/55
/54
/52
2003, Cisco Systems, Inc. All rights reserved. &C.SN v2.0W2=802
+S<' >rotocols
/53
/5#
/5(
/50
/53
<<1 *<ial 7n <emand 1outing Nou can configure <<1 in several ways& including egac# 335 and 335 dialer profiles. %he main difference between the two is that .egacy <<1 associates dial details with a physical interface& whereas <<1 dialer profiles disassociate the dial configuration from a physical interface& allowing a great deal of fle8ibility.
/45
/44
/42
DD! Ste" ;> !o$ting +ackets 1$t the Inter ace to &e Dialed
<<1 does not dial until some traffic is directed *routed- out the dial interface. %he router needs to route packets so that they are !ueued to go out the dial interface. ,isco@s design for <<1 defines that the router receives some user-generated traffic and& through normal routing processes& decides to route the traffic out the interface to be dialed. %he router *San;rancisco- can receive a packet that must be routed out B1+5^ routing the packet out B1+5 triggers the ,isco +7S software& causing the dial to occur.
/43
,onfiguring S>+<s
Nou might need to configure the Service >rofile +dentifier *S>+<- for one or both B channels& depending on the switch@s e8pectations. 6hen the telco switch has configured S>+<s& it might not allow the B1+ line to work unless the router announces the correct S>+< values to the switch. S>+<s& when used& provide a basic authentication feature.
/4/
/42
/43
,onfiguring a %4 or $4 ,ontroller
Nour service provider will tell you what encoding and framing to configure on the router. )lso& in almost every case& you will use all 2# <S5 channels in the >1+_23 B channels and the < channel.
/25
/22
/23
"ith all m best wishes for ou to succeed and distinguish in the ##$% &nternational '(am) *ee+ &n touch
82: