Switch and Router

Configuration
UT Solutions PLC
Yadel Bayou, Jr. Network Engineer
IOS Command Modes
• User exec, Privileged EXEC, and the global configuration modes.

• User Exec - most of the commands available are used to show statistics and perform
some basic troubleshooting.

• Privilege Exec Mode - This IOS mode is also called enable mode because you must
enter the enable command from a user EXEC mode if you want to access this mode, s
the system administrator mode. In this mode configuration files can be read, the router
can be rebooted, and operating parameters can be changed.

• Global Configuration mode - is used to modify system-wide configuration parameters,

such as routing tables and routing algorithms.
IP Addressing
• An IP address is divided into two parts: network and host parts. For example, an IP class A
address consists of 8 bits identifying the network and 24 bits identifying the host.

• Subnet mask also consists of 32 bits. Computers use it to determine the network part and
the host part of an address

• IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000

• Aside from the dotted decimal format, we can also write the subnet mask in slash notation.
It is a slash ‘/’ then followed by the subnet mask bits. To determine the slash notation of the
subnet mask, convert the dotted decimal format into binary, count the series of 1s, and add
a slash on the start.
IP Address classes
• TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a
range of valid IP addresses
• IP addresses from the first three classes (A, B and C) can be used for host addresses.
The other two classes are used for other purposes – class D for multicast and class E for
experimental purposes.
0.0.0.0/8 – addresses used to communicate with the local network
127.0.0.0/8 – loopback addresses
169.254.0.0/16 – link-local addresses (APIPA)
Subnetting
• Subnetting is the practice of dividing a network into two or more smaller networks. It increases
routing efficiency, enhances the security of the network and reduces the size of the broadcast
domain.

• Disadvantages a single broadcast domain, network

security and organizational problems
Subnetting (2)
• Before we start subnetting, we have to ask ourselves these two questions:
1. How many subnets do we need?
2. How many hosts per subnet do we need?
Eg. Class C address 192.168.0.0/24. We need two subnets with 50 hosts per subnet.

• 192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range of IP
addresses in this subnet is 192.168.0.0 – 192.168.0.127.

• 192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128. The range of IP
addresses in this subnet is 192.168.0.128 – 192.168.0.255.
Cisco Discovery Protocol(CDP)
• CDP (Cisco Discovery Protocol) is a proprietary protocol developed by Cisco used to discovers
information about the locally attached Cisco equipment. With CDP, the administrator can gather
hardware and protocol information about neighboring devices, which can be helpful when
troubleshooting or documenting the network.

• To get even more information about the neighbors, use the show cdp neighbors detail command

• LLDP (Link Layer Discovery Protocol) is the Open Standard version of this protocol.
Networking Device Management
• IOS Boot Sequence
1. The device performs the power-on self-test (POST) process to discover and verify its hardware components.
2. If the POST test is successful, the bootstrap program is copied from ROM into RAM.
3. The bootstrap program decides which IOS image to load from the flash memory into RAM, and then loads
the chosen IOS.
4. IOS finds the startup configuration file, usually located in NVRAM, and loads it into RAM as the running
configuration.
• Factory Reset
1. Create a hostname
2. Verify the configuration
3. Save the configuration
4. Resetting the Cisco router to factory default involves erasing the NVRAM. (write erase), reload.
Networking Device Management (2)
• Password Recovery
Before we proceed with password recovery, we will take a look first at the configuration register. We can use the ‘show
version’ command to check the configuration register setting on our device. Configuration Register is a special 16 bits
value that can be configured in Cisco routers. It is mainly used to determine how the router boots, to determine boot
options, and to set console speed. The following are the most commonly used configuration register settings:
1. config-register 0x2102 – boot normally (default configuration register setting)
2. config-register 0x2120 – boot into ROM Monitor (ROMMON)
3. config-register 0x2142 – ignore contents of NVRAM (startup-configuration)
Steps
1. Goto RoMMon Mode
2. rommon 1 > confreg 0x2142 2. rommon 2 > reset
3. Set the new password
4. config-register 0x2102
Network Device Management (3)
Backup
• TFTP is a client-server network protocol used to send and receive files. To backup files to a TFTP
server, you will have to set it up first.
• To backup the running configuration to a TFTP server, you can use the copy running-config tftp:
command:
Upgrade
• transfer the file from the TFTP server to the flash memory of the switch. This can be done by
issuing the copy command on the switch.
Network Device Management (4)
Management
• Simple Network Management Protocol (SNMP) is an application layer protocol that is used for
network device management. This protocol can collects and manipulate valuable network
information from switches, routers, servers, printers, and other network-attached devices.
Network management station (NMS) – the software which runs on the administrative computer.
This software gathers SNMP data by requiring the devices on the network to disclose certain
information. Devices can also inform the NMS about problems they are experiencing by sending an
SNMP alert (called a trap).
Agent – the software which runs on managed devices and reports information via SNMP to the
NMS.
Network Device Management (5)
Remote Management
• Telnet is a network protocol that allows a user to communicate with a remote device. It is a virtual
terminal protocol used mostly by network administrators to remotely access and manage devices.
Administrator can access the device by telnetting to the IP address or hostname of a remote device.
• SSH is a network protocol used to remotely access and manage a device. The key difference
between Telnet and SSH is that SSH uses encryption, which means that all data transmitted over a
network is secure from eavesdropping. SSH uses the public key encryption for such purposes.
• Every Cisco router or switch has a single console port that is used to connect it to a computer
directly for configuration and management. A console cable or a rollover cable is used to connect to
the router or switch console port and is typically used during initial configuration as there is no
network connection and remote access, such as Telnet, SSH, or HTTPS, configured on the device yet.
• A router or switch has one console port only. The console port has a line number of 0, thus ‘line
console 0’. To secure the console port connections to our networking device, we can set a password.
Cisco three-layer hierarchical model
Cisco three-layer hierarchical model
• Access – controls user and workgroup access to the resources on the network. This layer usually incorporates
Layer 2 switches and access points that provide connectivity between workstations and servers. You can
manage access control and policy, create separate collision domains, and implement port security at this
layer.
• Distribution – serves as the communication point between the access layer and the core. Its primary
functions are to provide routing, filtering, and WAN access and to determine how packets can access the
core. This layer determines the fastest way that network service requests are accessed – for example, how a
file request is forwarded to a server – and, if necessary, forwards the request to the core layer. This layer
usually consists of routers and multilayer switches.
• Core – also referred to as the network backbone, this layer is responsible for transporting large amounts of
traffic quickly. The core layer provides interconnectivity between distribution layer devices it usually consists
of high speed devices, like high end routers and switches with redundant links.
VLANs and Trunks
• VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are usually
configured on switches by placing some interfaces into one broadcast domain and some interfaces into
another. Each VLAN acts as a subgroup of the switch ports in an Ethernet LAN.
• VLANs can spread across multiple switches, with each VLAN being treated as its own subnet or
broadcast domain. This means that frames broadcasted onto the network will be switched only
between the ports within the same VLAN.
Benefits of VLANS
1. VLANs increase the number of broadcast domains while decreasing their size.
2. VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the
switches flood.
2. you can keep hosts that hold sensitive data on a separate VLAN to improve security.
4. you can create more flexible network designs that group users by department instead of by physical
location.
5. network changes are achieved with ease by just configuring a port into the appropriate VLAN.
VLANs and Trunks
If you intend to use VLANs in your network, you will need to configure some ports on a switch as
access ports and other as trunk ports. Here is a description each port type:
1. access port – a port that can be assigned to a single VLAN. This type of interface is configured on
switch ports that are connected to end devices such as workstations, printers, or access points.
2. trunk port – a port that is connected to another switch. This type of interface can carry traffic of
multiple VLANs, thus enabling you to extend VLANs across your entire network. Frames are tagged
by assigning a VLAN ID to each frame as they traverse between switches. Allowed VLANS can be
configured.
VLANs and Trunks
• Most corporate networks today use IP telephony. This means that the phones are connect to the
same network and use the same cabling as other network devices, such as workstations or
routers. Since offices usually have only a single UTP cable to each desk, most of the IP phones
today include a small switch that enable you to connect your PC to the phone sitting on the desk,
and then connect the phone to the local network.
• The port on the phone connected to the switch can carry both data and
voice traffic. To enable this, we need to define two VLANs on the switch
port – data VLAN and voice VLAN. Here is how we can do that:
SW1(config)#vlan 5
SW1(config)#vlan 20
SW1(config)#int fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5
SW1(config-if)#switchport voice vlan 20
Spanning Tree Protocol
• Spanning Tree Protocol (STP) is a network protocol designed to prevent layer 2 loops. It is
standardized as IEEE 802.D protocol. STP blocks some ports on switches with redundant links to
prevent broadcast storms and ensure loop-free topology. With STP in place, you can have
redundant links between switches in order to provide redundancy.
• SW1 sends a broadcast frame to SW2 and SW3. Both switches receive the frame and forward the
frame out every port, except the port the frame was received on. So SW2 forwards the frame to
SW3. SW3 receives that frame, and forwards it to SW1. SW1 then again forwards the frame to
SW2! The same thing also happens in the opposite direction. Without STP in place, these frames
would loop forever. STP prevents loops by placing one of the switch ports in blocking state.
Spanning Tree Protocol (2)
STP uses the Spanning-Tree Algorithm (SPA) to create a topology database of the network. To prevent loops,
SPA places some interfaces in forwarding state and other interfaces in blocking state. How does STP decides in
which state the port will be placed? A couple of criteria exist:
• 1. all switches in a network elect a root switch. All working interfaces on the root switch are placed in
forwarding state.
• 2. all other switches, called nonroot switches, determine the best path to get to the root switch. The port
used to reach the root switch (root port) is placed in forwarding state.
• 3. on the shared Ethernet segments, the switch with the best path to reach the root switch is placed in
forwarding state. That switch is called the designated switch and its port is known as the designated port.
• 4. all other interfaces are placed in blocking state and will not forward frames.
Let’s say that SW1 is elected as the root switch. All ports on SW1 are placed into forwarding state. SW2 and
SW3 choose ports with the lowest cost to reach the root switch to be the root ports. These ports are also
placed in forwarding state. On the shared Ethernet segment between SW2 and SW3, port Fa0/1 on SW2 has
the lowest cost to reach the root switch. This port is placed in forwarding state. To prevent loops, port Fa0/1
on SW3 is placed in blocking state.
Spanning Tree Protocol (3)
STP Root Bridge Election
The switch assigns a root bridge within the interconnected switches. A root bridge is the central
point of all switches and will be responsible for forwarding the traffic. The switch selects a root
bridge by using the switch priority and the MAC address. Each switch has its own bridge ID and has
a default priority value of 32768. The root bridge is taking precedence over the MAC address. If a
switch has the lowest bridge priority value among the switches within the LAN, then it will be
elected as the spanning tree root bridge.
If all the spanning tree bridge priority has the same priority value on all the switches, then the MAC
address will be the tiebreaker. The lowest MAC address will be elected as the Root Bridge. Most of
the older switches have a lower value of MAC address and have lower bandwidth and limited
CPU/memory as compared to newer switches. Electing an older switch as the root bridge will cause
a suboptimal operation on your network.
We could configure secondary STP root bridge to prepare for when the primary fails.
Spanning Tree Protocol (4)
As we’ve mentioned before, all working interfaces on the root switch are placed in forwarding state. All
other switches (called nonroot switches) determine the best path to get to the root switch and the port
used to reach the root switch is placed in forwarding state. The best path is the one with the lowest
cost to reach the root switch. The cost is calculated by adding the individual port costs along the path
from the switch to the root.
SW1 has won the election process and is the root switch. Consider the SW3’s perspective for choosing
its root port. Two paths are available to reach the root switch, one direct path over Fa0/1 and the other
going out Fa0/2 and through SW2. The direct path has a cost of 19, while the indirect path has the cost
of 38 (19+19). That is why Fa0/1 will become the root port on SW3.
In case the best root cost ties for two or more paths, the following tiebreakers are applied:

• the lowest neighbor bridge ID

• the lowest neighbor port priority
• the lowest neighbor internal port number
Spanning Tree Protocol (5)
We’ve already learned that, on the shared Ethernet segments, the switch with the best path
to reach the root switch is placed in forwarding state. That switch is called the designated
switch and its port is known as the designated port. In order to avoid loops, the non-
designated port on the other end of the link is placed in blocking state.
The designated switch is determined based on the following criteria:
• the switch with the lowest cost to reach the root becomes the designated switch on that
link.
in case of a tie, the switch with the lowest BID becomes the designated switch.
• SW1 has the lowest BID and has been selected as the root switch. SW2 and SW3 have then
determined their own root port to reach the root switch. On the shared network segment
between SW2 and SW3 a designated port needs to be selected. Because SW3 has the lower
cost to reach the root switch (4<19), its Fa0/2 port will be the designated port for the
segment. The Fa0/2 port on SW2 will be placed in blocking state.
Rapid Spanning Tree Protocol
RSTP (Rapid Spanning Tree Protocol) is an evolution of STP. It was originally introduced as IEEE 802.1w standard and
in 2004 IEEE decided to replace STP with RSTP in 802.1D standard. Finally, in 2011, in the IEEE decided to move all the
RSTP details into 802.1Q standard.
RSTP is backwards-compatible with STP and there are many similarities between the two protocols, such as:
• the root switch is elected using the same set of rules in both protocols
• root ports are selected with the same rules, as well as designated port on LAN segments
• both STP and RSTP place each port in either forwarding or blocking state. The blocking state in RSTP is called the
discarding state.
However, there are differences between STP and RSTP:
• RSTP enables faster convergence times than STP (usually within just a couple of seconds)
• STP ports states listening, blocking, and disabled are merged into a single state in RSTP – the discarding state
• STP features two port types – root and designated port. RSTP adds two additional port types – alternate and backup
port.
• with STP, the root switch generates and sends Hellos to all other switches, which are then relayed by the non-root
switches. With RSTP, each switch can generate its own Hellos.
Rapid Spanning Tree Protocol
Just like STP, RSTP creates a topology database of the network. To prevent loops, some interfaces on switches are
placed in forwarding state and other interfaces in discarding state. How does RSTP decides in which state the port
will be placed? A couple of criteria exist:
• 1. all switches in a network elect a root switch. All working interfaces on the root switch are placed in
forwarding state.
• 2. all other switches, called nonroot switches, determine the best path to get to the root switch. The port used
to reach the root switch (root port) is placed in forwarding state.
• 3. on the shared Ethernet segments, the switch with the best path to reach the root switch is placed in
forwarding state. That switch is called the designated switch and its port is known as the designated port.
• 4. all other interfaces are placed in discarding state and will not forward frames.
Let’s say that SW1 is elected as the root switch. All ports on SW1 are placed in forwarding state. SW2 and SW3
choose ports with the lowest cost to reach the root switch to be the root ports. These ports are also placed in
forwarding state. On the shared Ethernet segment between SW2 and SW3, port Fa0/1 on SW2 has the lowest cost
to reach the root switch. This port is placed in forwarding state. To prevent loops, port Fa0/1 on SW3 is placed in
discarding state. If the root port on SW3 fails, this alternate port will quickly take over and become the root port.
Port Security
By default, all interfaces on a Cisco switch are turned on. That means that an attacker could connect to your network through a
wall socket and potentially threaten your network. If you know which devices will be connected to which ports, you can use the
Cisco security feature called port security. By using port security, a network administrator can associate specific MAC addresses
with the interface, which can prevent an attacker to connect his device. This way you can restrict access to an interface so that
only the authorized devices can use it.
1. define the interface as an access interface by using the switchport mode access interface subcommand
2. enable port security by using the switchport port-security interface subcommand
3. define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-
address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand
to dynamically learn the MAC address of the currently connected host
• Two steps are optional:
1. define what action the switch will take when receiving a frame from an unathorized device by using the port security violation
{protect | restrict | shutdown} interface subcommand. All three options discards the traffic from the unauthorized device. The
restrict and shutdown options send a log messsages when a violation occurs. Shut down mode also shuts down the port.
2. define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum
NUMBER interface submode command
EtherChannel
EtherChannel is a technology wherein we bundle physical interfaces together to create a single
logical link. It is also known as Link Aggregation. It provides fault-tolerant and high-speed links
between Cisco switches and routers and is often seen in the backbone network. The approved open
standard is called 802.3ad, which works with other vendors and is often called LAG.
To create an EtherChannel, all of the interfaces should have:
• 1. Same Duplex
• 2. Same Speed
• 3. Same VLAN Configuration (Ex. native VLAN and allowed VLAN should be same)
• 4. Switch Port Modes should be the same (Access or Trunk Mode)
PAgP (Port Aggregation Protocol)
• EtherChannel Port Aggregation Protocol (PAgP)
There are two Cisco EtherChannel Port Aggregation Protocol modes, which we can implement as a
part of the port configuration:
• Auto mode– interface can respond to PAgP packet negotiation but will never start one on its own
• Desirable mode– interface actively attempts a negotiating state for PAgP packet negotiation.
PAgP (Port Aggregation Protocol)
Switch 1#conf t
Switch 1(config)#interface range fa0/1 - 2
Switch 1(config-if-range)#speed 100
Switch 1(config-if-range)#duplex full
Switch 1(config-if-range)#switchport mode trunk
Switch 1(config-if-range)#channel-group 1 mode desirable
Switch 1(config-if-range)#end
Switch1#show etherchannel 1 port-channel
Switch 1#show etherchannel summary
Switch 2#conf t
Switch 2(config)#interface range fa0/1 - 2
Switch 2(config-if-range)#speed 100
Switch 2(config-if-range)#duplex full
Switch 2(config-if-range)#switchport mode trunk
Switch 2(config-if-range)#channel-group 1 mode auto
Switch 2(config-if-range)#end
DHCP (Dynamic Host Configuration
Protocol)
DHCP is a network protocol that is used to assign various network parameters to a device. This greatly
simplifies administration of a network, since there is no need to assign static network parameters for each
device.
DHCP is a client-server protocol. A client is a device that is configured to use DHCP to request network
parameters from a DHCP server. DHCP server maintains a pool of available IP addresses and assignes one of
them to the host. A DHCP server can also provide some other parameters, such as:
• subnet mask
• default gateway
• domain name
• DNS server
DNS (Domain Name Service)
• DNS is a network protocol used to translate hostnames into IP addresses. DNS is not required to
establish a network connection, but it is much more user friendly for human users than the
numeric addressing scheme. Consider this example – you can access the Google homepage by
typing 216.58.207.206, but it’s much easier just to type www.google.com!
• To use DNS, you must have a DNS server configured to handle the resolution process. A DNS
server has a special-purpose application installed. The application maintains a table of dynamic or
static hostname-to-IP address mappings. When a user request some network resource using a
hostname, (e.g. by typing www.google.com in a browser), a DNS request is sent to the DNS server
asking for the IP address of the hostname. The DNS server then replies with the IP address. The
user’s browser can now use that IP address to access www.google.com.
ACL ( Access Control List)
ACLs are a set of rules used most commonly to filter network traffic. They are used on network
devices with packet filtering compatibilities (e.g. routers or firewalls). ACLs are applied on the
interface basis to packets leaving or entering an interface.
• 1. standard access lists – with standard access lists, you can filter only on the source IP address of
a packet. These types of access list are not as powerful as extended access lists, but they are less
processor intensive for the router. Let’s say that server S1 holds some important documents that
need to be available only to company’s management. We could configure an access list on R1 to
enable access to S1 only to users from the management network. All other traffic going to S1 will
be blocked. This way, we can ensure that only authorized user can access sensitive files on S1.
• 2. extended access lists – with extended access lists, you can be more precise in your filtering.
You can evaluate source and destination IP addresses, type of layer 3 protocol, source and
destination port, etc. Extended access lists are more complex to configure and consume more
CPU time than the standard access lists, but they allow a much more granular level of control.
NAT ( Network Address Translation)
• NAT (Network Address Translation) is a process of changing the source and destination IP
addresses and ports. Address translation reduces the need for IPv4 public addresses and hides
private network address ranges. This process is usually done by routers or firewalls.
NAT ( Network Address Translation)
With static NAT, routers or firewalls translate one private IP address to a single public IP address. Each private IP address is
mapped to a single public IP address. Static NAT is not often used because it requires one public IP address for each private IP
address.
To configure static NAT, three steps are required:
• 1. configure private/public IP address mapping by using the ip nat inside source static PRIVATE_IP PUBLIC_IP command
• 2. configure the router’s inside interface using the ip nat inside command
• 3. configure the router’s outside interface using the ip nat outside command
NAT ( Network Address Translation)
• With Port Address Translation (PAT), a single public IP address is used for all internal private IP
addresses, but a different port is assigned to each private IP address. This type of NAT is also
known as NAT Overload and is the typical form of NAT used in today’s networks. It is even
supported by most consumer-grade routers.
• PAT allows you to support many hosts with only few public IP addresses. It works by creating
dynamic NAT mapping, in which a global (public) IP address and a unique port number are
selected. The router keeps a NAT table entry for every unique combination of the private IP
address and port, with translation to the global address and a unique port number.
HSRP ( Hot Standby Routing Protocol)
In every host within the organization’s network, there should be a need for a router as the
default gateway for every host to connect to the Internet. But what if the gateway router goes
offline or the default gateway IP is changed during configuration?Replacing the gateway router
will cause a longer service interruption to the users within the organization, and that is not a
reactive way to handle the issue. This is where FHRP will take place.
First Hop Redundancy Protocol (FHRP) is a hop redundancy protocol that is designed to provide
redundancy to the gateway router within the organization’s network by the use of a virtual IP
address and virtual MAC address.
To implement FHRP, there should be two or more routers that will be used as a gateway router.
The virtual IP address and virtual MAC address will be used on both the router. The virtual IP
address will be the default gateway IP address for all the devices inside the organization’s
network. One router will be used as an active router (gateway router), and the other router will
be standby. If the active router goes offline, the standby router will take its place to be the
gateway router for all the hosts.
HSRP ( Hot Standby Routing Protocol)
HSRP, or Hot Standby Router Protocol, is a Cisco-proprietary router redundancy protocol that enables a cluster
of routers to cooperate, and all routers are willing to be a default router. All the routers within the cluster will
have the same virtual IP address and virtual mac address.
The Two Hot Standby Router Protocol (HSRP) Router States:
• Active Router– the router that actively sends and receives a packet to the host within the organization. It is
the default gateway router. Only one active router will be selected among the cluster of routers.
• Standby Router– the router/s that in case the incumbent active router will go offline, among the standby
router will be chosen as the active router.
If the active router goes offline, router failover will occur. These changes will not affect the hosts. The host
keeps the same IP address and MAC address setting. The default gateway IP address will be the same still on all
hosts. There will be no changes on the host’s ARP table as the gateway router’s virtual MAC address will be the
same. Changes in failover only happen on router and switch, and hosts are not affected.
HSRP ( Hot Standby Routing Protocol)
HSRP Messages
• With HSRP, there are three types of multicast messages sent between the devices:
• Hello – sent between Active and Standby devices every 3 seconds by default. If MLS2 does not
hear from MLS1 in 10 seconds, MLS2 will take over the active role.
• Resign – sent by the active device when it’s going offline or ready to give up the active role for
some other reason. This message tells MLS2 to be ready and take over the active role.
• Coup – used when a standby router wants to assume the active role (preempt).
R1(config)#interface GigabitEthernet 0/0/0 R2(config)#interface GigabitEthernet 0/0/1
R1(config-if)#ip address 192.168.1.2 255.255.255.0 R2(config-if)#ip address 191.168.1.3 255.255.255.0
R1(config-if)#no shutdown R2(config-if)#no shutdown
R1(config-if)#standby 1 ip 192.168.1.1 R2(config-if)#standby 1 ip 192.168.1.1
IP Routing
• IP routing is the process of sending packets from a host on one network to another host on a
different remote network. This process is usually done by routers. Routers examine the
destination IP address of a packet , determine the next-hop address, and forward the packet.
Routers use routing tables to determine the next hop address to which the packet should be
forwarded.
Connected routes
• Subnets directly connected to a router’s interface are added to the router’s routing table.
Interface has to have an IP address configured and both interface status codes must be in the up
and up state. A router will be able to route all packets destined for all hosts in subnets directly
connected to its active interfaces.
• Consider the following example. The router has two active interfaces, Fa0/0 and Fa0/1. Each
interface has been configured with an IP address and is currently in the up-up state, so the router
adds these subnets to its routing table.
IP Routing
Static routes
• By adding static routes, a router can learn a route to a remote network that is not directly connected to one
of its interfaces. Static routes are configured manually by typing the global configuration mode command ip
route DESTINATION_NETWORK SUBNET_MASK NEXT_HOP_IP_ADDRESS. This type of configuration is usually
used in smaller networks because of scalability reasons (you have to configure each route on each router).
Dynamic routes
• A router can learn dynamic routes if a routing protocol is enabled. A routing protocol is used by routers to
exchange routing information with each other. Every router in the network can then use information to build
its routing table. A routing protocol can dynamicaly choose a different route if a link goes down, so this type
of routing is fault-tolerant. Also, unlike with static routing, there is no need to manually configure every route
on every router, which greatly reduces the administrative overhead. You only need to define which routes
will be advertised on a router that connect directly to the corresponding subnets – routing protocols take
care of the rest.
• The disadvantage of dynamic routing is that it increases memory and CPU usage on a router, because every
router has to process received routing information and calculate its routing table.
IP Routing
Floating Static Routes
Floating static routes are used in scenarios wherein the static route is configured with a higher
Administrative Distance than the preferred route so that the best path is chosen for the packet to
traverse towards its destination.
• Since the Administrative Distance (AD) of a static route in Cisco is set to 1 as it is the most trustful
connection after a directly connected route that has an administrative distance of 0, we need to set it
manually to a higher value so as the better route based on other factors are preferred.
• It can be considered that floating static routes are static routes that have their Administrative Distance
value manipulated. Floating routes can be utilized with one more static route, or they can be used
together with dynamic routing protocols. In both cases, floating static routes act as a backup route.
Default Route
• A default route defines where packets will be sent if no specific route for the destination network is
listed in the routing table. If no default route is set, the router will discard all packets with destination
addresses not found its routing table.
OSPF
OSPF (Open Shortest Path First) is a link state routing protocol. Because it is an open standard, it is implemented by a variety of network
vendors. OSPF will run on most routers that doesn’t necessarily have to be Cisco routers (unlike EIGRP which can be run only on Cisco
routers).
• a classless routing protocol
• supports VLSM, CIDR, manual route summarization, equal cost load balancing
• incremental updates are supported
• uses only one parameter as the metric – the interface cost.
• the administrative distance of OSPF routes is, by default, 110.
• uses multicast addresses 224.0.0.5 and 224.0.0.6 for routing updates.
Routers running OSPF have to establish neighbor relationships before exchanging routes. Because OSPF is a link state routing protocol,
neighbors don’t exchange routing tables. Instead, they exchange information about network topology. Each OSFP router then runs SFP
algorithm to calculate the best routes and adds those to the routing table. Because each router knows the entire topology of a network,
the chance for a routing loop to occur is minimal.
• Each OSPF router stores routing and topology information in three tables:
• Neighbor table – stores information about OSPF neighbors
• Topology table – stores the topology structure of a network
• Routing table – stores the best routes