0% found this document useful (0 votes)

11 views360 pages

Ccna 2

The document provides an overview of routing concepts, focusing on router functions, configuration, and operation. It explains how routers interconnect networks, choose the best paths for packet forwarding, and manage IP addressing for devices. Additionally, it covers static and dynamic routing protocols, routing tables, and methods for verifying connectivity.

Uploaded by

jonathan arciniega

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views360 pages

Ccna 2

Uploaded by

jonathan arciniega

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 360

Chapter 1: Routing

Concepts

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
1.1 Router Initial
Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Router Functions
Characteristics of a Network

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Router Functions
Why Routing?
The router is responsible for the routing of traffic
between networks.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Router Functions
Routers are Computers
Routers are specialized computers containing the following
required components to operate:
• Central processing unit (CPU)
• Operating system (OS) - Routers use Cisco IOS
• Memory and storage (RAM, ROM, NVRAM, Flash, hard drive)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Router Functions
Routers are Computers (cont.)
Routers use specialized ports and network interface cards to
interconnect to other networks.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Router Functions
Routers are Computers
Router Memory

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Router Functions
Routers Interconnect Networks

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Router Functions
Routers Choose Best Paths
 Routers use static routes and dynamic routing protocols to learn
about remote networks and build their routing tables.
 Routers use routing tables to determine the best path to send
packets.
 Routers encapsulate the packet and forward it to the interface
indicated in routing table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Router Functions
Packet Forwarding Methods
 Process switching – An
older packet forwarding
mechanism still available for
Cisco routers.
 Fast switching – A common
packet forwarding
mechanism which uses a
fast-switching cache to store
next hop information.
 Cisco Express Forwarding
(CEF) – The most recent,
fastest, and preferred Cisco
IOS packet-forwarding
mechanism.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Connect Devices
Connect to a Network

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Connect Devices
Default Gateways
To enable network
access devices, must be
configured with the
following IP address
information:
 IP address - Identifies a
unique host on a local
network.
 Subnet mask - Identifies
the host’s network subnet.
 Default gateway -
Identifies the router a
packet is sent to when the
destination is not on the
same local network
subnet.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Connect Devices
Document Network Addressing
Network documentation should include at least the following in a topology diagram
and addressing table:
 Device names
 Interfaces
 IP addresses and
subnet masks
 Default gateways

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Connect Devices
Enable IP on a Host
Statically Assigned IP address – The host is manually assigned an IP
address, subnet mask and default gateway. A DNS server IP address can
also be assigned.
• Used to identify specific network resources such as network servers
and printers.
• Can be used in very small networks with few hosts.

Dynamically Assigned IP Address – IP Address information is dynamically

assigned by a server using Dynamic Host Configuration Protocol (DHCP).
• Most hosts acquire their IP address information through DHCP.
• DHCP services can be provided by Cisco routers.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Connect Devices
Enable IP on a Host

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Connect Devices
Enable IP on a Host

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Connect devices
Device LEDs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Console Access

Connect Devices
Console Access

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Connect Devices
Enable IP on a Switch
 Network infrastructure devices require IP addresses to enable remote
management.
 On a switch, the management IP address is assigned on a virtual
interface called a switched virtual interface (SVI)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Router Basic Settings
Configure Router Basic Settings
 Name the device – Distinguishes
it from other routers
 Secure management access –
Secures privileged EXEC, user
EXEC, and Telnet access, and
encrypts passwords .
 Configure a banner – Provides
legal notification of unauthorized
access.
 Save the Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Router Basic Settings
Configure an IPv4 Router Interface
To be available, a router interface
must be:
 Configured with an address and subnet
mask.
 Activated using no shutdown
command. By default LAN and WAN
interfaces are not activated.
 Configured with the clock
rate command on the Serial cable end
labeled DCE.
Optional description can be included.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Router Basic Settings
Configure an IPv6 Router Interface
Configure interface with IPv6 address and subnet mask:
 Use the ipv6 address ipv6-address/ipv6-length [link-local | eui-64]interface configuration
command.
 Activate using the no shutdown command.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Router Basic Settings
Configure an IPv6 Router Interface (cont.)
IPv6 interfaces can support more than one address:
 Configure a specified global unicast – ipv6address
ipv6-address /ipv6-length
 Configure a global IPv6 address with an interface identifier (ID) in the
low-order 64 bits - ipv6address ipv6-address /ipv6-length eui-64
 Configure a link-local address - ipv6address ipv6-address /ipv6-
length link-local

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Router Basic Settings
Configure an IPv4 Loopback Interface
A loopback interface is a logical interface that is internal to the
router:
 It is not assigned to a physical port, it is considered a software interface that is
automatically in an UP state.
 A loopback interface is useful for testing.
 It is important in the OSPF routing process.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Verify Connectivity of Directly Connected Networks
Verify Interface Settings
Show commands are used to
verify operation and configuration
of interface:
 show ip interfaces brief
 show ip route
 show running-config
Show commands that are used to
gather more detailed interface
information:
 show interfaces
 show ip interfaces

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Verify Connectivity of Directly Connected Networks
Verify Interface Settings (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Verify Connectivity of Directly Connected Networks
Verify IPv6 Interface Settings
Common commands to verify the IPv6 interface configuration:
 show ipv6 interface brief - displays a summary for each of the interfaces.
 show ipv6 interface gigabitethernet 0/0 - displays the interface status and all the IPv6
addresses for this interface.
 show ipv6 route - verifies that IPv6 networks and specific IPv6 interface addresses have
been installed in the IPv6 routing table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Verify Connectivity of Directly Connected Networks
Filter Show Command Output
Show command output can be managed using the following
command and filters:
 Use the terminal length number command to specify the number of lines to be
displayed.
 To filter specific output of commands use the (|)pipe character after show command.
Parameters that can be used after pipe include:
• section, include, exclude, begin

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Verify Connectivity of Directly Connected Networks
Command History Feature
The command history feature temporarily stores a list of executed
commands for access:
 To recall commands press Ctrl+P or the UP Arrow.
 To return to more recent commands press Ctrl+N or the Down Arrow.
 By default, command history is enabled and the system captures the last 10 commands
in the buffer. Use the show history privileged EXEC command to display the buffer
contents.
 Use the terminal history size user EXEC command to increase or decrease size of
the buffer.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
1.2 Routing Decisions

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Switching Packets Between Networks
Router Switching Function

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Switching Packets Between Networks
Send a Packet

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Switching Packets Between Networks
Forward to Next Hop

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Switching Packets Between Networks
Packet Routing

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Switching Packets Between Networks
Reach the Destination

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Path Determination
Routing Decisions

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Path Determination
Best Path
 Best path is selected by a routing protocol based on the value or
metric it uses to determine the distance to reach a network:
o A metric is the value used to measure the distance to a given network.
o Best path to a network is the path with the lowest metric.
 Dynamic routing protocols use their own rules and metrics to build
and update routing tables:
o Routing Information Protocol (RIP) - Hop count
o Open Shortest Path First (OSPF) - Cost based on cumulative bandwidth from source to
destination
o Enhanced Interior Gateway Routing Protocol (EIGRP) - Bandwidth, delay, load, reliability

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Path Determination
Load Balancing
 When a router has two or more paths to a destination with equal cost
metrics, then the router forwards the packets using both paths equally:
o Equal cost load balancing can improve network performance.
o Equal cost load balancing can be configured to use both dynamic routing protocols and
static routes.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Path Determination
Administrative Distance
 If multiple paths to a destination are configured on a router, the path
installed in the routing table is the one with the lowest Administrative
Distance (AD):
o A static route with an AD of 1 is more reliable than an EIGRP-discovered route with an
AD of 90.
o A directly connected route with an AD of 0 is more reliable than a static route with an AD
of 1.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
1.3 Router Operation

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Analyze the Routing Table
The Routing Table
 A routing table is a file stored in RAM that contains information about:
o Directly connected routes
o Remote routes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Analyze the Routing Table
Routing Table Sources
The show ip route command is used to display the contents of the routing
table:
o Local route interfaces - Added to the routing table when an interface is configured.
(displayed in IOS 15 or newer for IPv4 routes and all IOS releases for IPv6 routes.)
o Directly connected interfaces - Added to the routing table when an interface is
configured and active.
o Static routes - Added when a route is manually configured and the exit interface is active.
o Dynamic routing protocol - Added when EIGRP or OSPF are implemented and
networks are identified.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Analyze the Routing Table
Routing Table Sources (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
Analyze the Routing Table
Remote Network Routing Entries
Interpreting the entries in the routing table

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Directly Connected Routes
Directly Connected Interfaces
A newly deployed router, without any configured interfaces, has an empty
routing table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Directly Connected Routes
Directly Connected Routing Table Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
Directly Connected Routes
Directly Connected Example

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
Directly Connected Routes
Directly Connected IPv6 Example

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Statically Learned Routes
Static Routes
Static routes and default static routes can be implemented after
directly connected interfaces are added to the routing table:
o Static routes are manually configured.
o They define an explicit path between two networking devices.
o Static routes must be manually updated if the topology changes.
o Their benefits include improved security and control of resources.
o Configure a static route to a specific network using the ip route network
mask {next-hop-ip | exit-intf} command.
o A default static route is used when the routing table does not contain a
path for a destination network.
o Configure a default static route using the ip route 0.0.0.0 0.0.0.0 {exit-
intf | next-hop-ip} command.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Statically Learned Routes
Static Route Example

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Statically Learned Routes
Static Route Example (cont.)
Entering and Verifying a Static Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Statically Learned Routes
Static IPv6 Route Examples

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
Statically Learned Routes
Static IPv6 Route Examples

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Dynamic Routing Protocols
Dynamic Routing
 Dynamic routing is used by
routers to share information
about the reachability and
status of remote networks.
 It performs network
discovery and maintains
routing tables.
 Routers have converged
after they have finished
exchanging and updating
their routing tables.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
Dynamic Routing Protocols
IPv4 Routing Protocols
Cisco routers can support a variety of dynamic IPv4 routing protocols
including:
• EIGRP – Enhanced Interior Gateway Routing Protocol
• OSPF – Open Shortest Path First
• IS-IS – Intermediate System-to-Intermediate System
• RIP – Routing Information Protocol
Use the router ? Command in global configuration mode to determine
which routing protocols are supported by the IOS.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
Dynamic Routing Protocols
IPv4 Dynamic Routing Examples

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
IPv6 Routing Protocols

Dynamic Routing Protocols

IPv6 Routing Protocols
Cisco routers can support a variety of dynamic IPv6 routing protocols
including:
o RIPng (RIP next generation)
o OSPFv3
o EIGRP for IPv6

Use the ipv6 router ? command to determine which routing

protocols are supported by the IOS

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
Dynamic Routing Protocols
IPv6 Dynamic Routing Examples

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 58
Chapter 2: Static Routing

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
2.1 Static Routing
Implementation

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
Static Routing
Reach Remote Networks
A router can learn about
remote networks in one of
two ways:
• Manually - Remote
networks are manually
entered into the route
table using static routes.
• Dynamically - Remote
routes are automatically
learned using a dynamic
routing protocol.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
Static Routing
Why Use Static Routing?
Static routing provides some advantages over dynamic routing, including:
 Static routes are not advertised over the network, resulting in better
security.
 Static routes use less bandwidth than dynamic routing protocols, no
CPU cycles are used to calculate and communicate routes.
 The path a static route uses to send data is known.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62
Static Routing
When to Use Static Routes
Static routing has three primary uses:
 Providing ease of routing table maintenance in smaller networks.
 Routing to and from stub networks. A stub network is a network
accessed by a single route, and the router has no other neighbors.
 Using a single default route to represent a path to any network that does
not have a more specific match with another route in the routing table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63
Types of Static Routes
Static Route Applications
Static Routes are often used to:
 Connect to a specific network.
 Provide a Gateway of Last Resort for a stub network.
 Reduce the number of routes advertised by summarizing several
contiguous networks as one static route.
 Create a backup route in case a primary route link fails.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64
Types of Static Routes
Standard Static Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
Types of Static Routes
Default Static Route
 A default static route is a route that matches all packets.
 A default route identifies the gateway IP address to which the router
sends all IP packets that it does not have a learned or static route.
 A default static route is simply a static route with 0.0.0.0/0 as the
destination IPv4 address.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66
Types of Static Routes
Summary Static Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
Types of Static Routes
Floating Static Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
6.2 Configure Static and
Default Routes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69
Configure IPv4 Static Routes
ip route Command

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70
Configure IPv4 Static Routes
Next-Hop Options
The next hop can be identified by an IP address, exit interface, or both.
How the destination is specified creates one of the three following route
types:
 Next-hop route - Only the next-hop IP address is specified.
 Directly connected static route - Only the router exit interface is
specified.
 Fully specified static route - The next-hop IP address and exit
interface are specified.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
Configure IPv4 Static Routes
Configure a Next-Hop Static Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
Configure IPv4 Static Routes
Configure Directly Connected Static Route

Automatically Installed Host Routes
A host route is an IPv4
address with a 32-bit
mask or an IPv6 address
with a 128-bit mask.
 Automatically installed
when an IP address is
configured on the
router.
 The local routes are
marked with “L” in the
output of the routing
table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91
Verify a Default Static Route
Verify a Default Static Route

Configure Static Host Routes

Configure IPv4 and IPv6 Static Host Routes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 92
Verify a Default Static Route
Verify a Default Static Route

Configure Static Host Routes

Configure IPv4 and IPv6 Static Host Routes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 93
6.2 Troubleshoot Static
and Default Route Issues

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 94
Verify a Default Static Route

Packet Processing with Static Routes

Static Routes and Packet Forwarding

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 95
Verify a Default Static Route

Troubleshoot IPv4 Static and Default Route Configuration

Troubleshoot a Missing Route
IOS troubleshooting
commands include:
 ping
 Extended ping enables you
to specify the source IP
address for the ping packets.
 traceroute
 show ip route
 show ip interface
brief
 show cdp neighbors
detail

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 96
Verify a Default Static Route

Packet Processing with Static Routes

Solve a Connectivity Problem
 Finding a missing (or misconfigured) route requires using the right tools
in a methodical manner.
 Use the ping command to confirm the destination can’t be reached.
 A traceroute would also reveal the closest router (or hop) that fails to
respond as expected. In this case, the router would then send an
Internet Control Message Protocol (ICMP) destination unreachable
message back to the source.
 The next step is to investigate the routing table using the show ip route
command. Look for missing or misconfigured routes.
 Incorrect static routes are a common cause of routing problems.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 97
Chapter 3: Dynamic Routing

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 98
3.1 Dynamic Routing
Protocols

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 99
Dynamic Routing Protocol Overview
Dynamic Routing Protocol Evolution

 Dynamic routing protocols have been used in networks

since the late 1980s.
 Newer versions support the communication based on
IPv6.
Routing Protocols Classification

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 100
Dynamic Routing Protocol Overview
Dynamic Routing Protocols Components

Routing Protocols are used to facilitate the exchange of

routing information between routers.
The purpose of dynamic routing protocols includes:
 Discovery of remote networks
 Maintaining up-to-date routing information
 Choosing the best path to destination networks
 Ability to find a new best path if the current path is no
longer available

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 101
Dynamic Routing Protocol Overview
Dynamic Routing Protocols Components (cont.)

Main components of dynamic routing protocols include:

 Data structures - Routing protocols typically use tables
or databases for its operations. This information is kept
in RAM.
 Routing protocol messages - Routing protocols use
various types of messages to discover neighboring
routers, exchange routing information, and other tasks
to learn and maintain accurate information about the
network.
 Algorithm - Routing protocols use algorithms for
facilitating routing information for best path
determination.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 102
Dynamic versus Static Routing
Static Routing Uses

Networks typically use a combination of both static and

dynamic routing.
Static routing has several primary uses:
 Providing ease of routing table maintenance in smaller networks
that are not expected to grow significantly.
 Routing to and from a stub network. A network with only one
default route out and no knowledge of any remote networks.
 Accessing a single default router. This is used to represent a
path to any network that does not have a match in the routing
table.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 103
Dynamic verses Static Routing
Static Routing Uses (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 104
Dynamic verses Static Routing
Static Routing Advantages and Disadvantages

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 105
Dynamic verses Static Routing
Dynamic Routing Advantages & Disadvantages

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 106
3.2 RIPv2

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 107
Configuring the RIP Protocol
Router RIP Configuration Mode

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 108
Configuring the RIP Protocol
Verify RIP Routing

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 109
Configuring the RIP Protocol
Enable and Verify RIPv2

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 110
Configuring the RIP Protocol
Disable Auto Summarization
 Similarly to RIPv1, RIPv2 automatically summarizes
networks at major network boundaries by default.
 To modify the default RIPv2 behavior of automatic
summarization, use the no auto-summary router
configuration mode command.
 This command has no effect when using RIPv1.
 When automatic summarization has been disabled,
RIPv2 no longer summarizes networks to their classful
address at boundary routers. RIPv2 now includes all
subnets and their appropriate masks in its routing
updates.
 The show ip protocols now states that automatic
network summarization is not in effect.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 111
Configuring the RIP Protocol
Configuring Passive Interfaces

Sending out unneeded

updates on a LAN impacts the
network in three ways:
 Wasted Bandwidth
 Wasted Resources
 Security Risk

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 112
Configuring the RIP Protocol
Propagate a Default Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 113
3.3 The Routing Table

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 114
Parts of an IPv4 Route Entry
Routing Table Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 115
Parts of an IPv4 Route Entry
Routing Table Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 116
Parts of an IPv4 Route Entry
Directly Connected Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 117
Parts of an IPv4 Route Entry
Remote Network Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 118
Dynamically Learned IPv4 Routes
Routing Table Terms
Routes are discussed
in terms of:
 Ultimate route
 Level 1 route
 Level 1 parent route
 Level 2 child routes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 119
Dynamically Learned IPv4 Routes
Ultimate Route

An ultimate route
is a routing table
entry that
contains either a
next-hop IP
address or an
exit interface.

Directly
connected,
dynamically
learned, and link
local routes are
ultimate routes.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 120
Dynamically Learned IPv4 Routes
Level 1 Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 121
Dynamically Learned IPv4 Routes
Level 1 Parent Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 122
Dynamically Learned IPv4 Routes
Level 2 Child Route

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 123
The IPv4 Route Lookup Process
Route Lookup Process
1. If the best match is a level 1 ultimate route, then this route is used
to forward the packet.
2. If the best match is a level 1 parent route, proceed to the next
step.
3. The router examines child routes (the subnet routes) of the parent
route for a best match.
4. If there is a match with a level 2 child route, that subnet is used to
forward the packet.
5. If there is not a match with any of the level 2 child routes, proceed
to the next step.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 124
The Ipv4 Route Lookup Process
Route Lookup Process (cont.)
6. The router continues searching level 1 supernet routes in the
routing table for a match, including the default route, if there is
one.
7. If there is now a lesser match with a level 1 supernet or default
routes, the router uses that route to forward the packet.
8. If there is not a match with any route in the routing table, the
router drops the packet.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 125
The IPv4 Route Lookup Process
Best Route = Longest Match

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 126
The IPv4 Route Lookup Process
IPv6 Routing Table Entries
 Components of the IPv6 routing table are very similar to the
IPv4 routing table (directly connected interfaces, static routes,
and dynamically learned routes).
 IPv6 is classless by design, all routes are effectively level 1
ultimate routes. There is no level 1 parent of level 2 child
routes.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 127
Analyze an IPVv6 Routing Table
Directly Connected Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 128
Analyze an IPVv6 Routing Table
Remote IPv6 Network Entries

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 129
Chapter 4: Switched
Networks

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 130
4.1 LAN Design

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 131
Converged Networks
Growing Complexity of Networks

 Our digital world is

changing.
 Information must be
accessed from
anywhere in the
world.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 132
Converged Networks
Elements of a Converged Network
 To support collaboration, networks
employ converged solutions.
 Data services include voice systems, IP
phones, voice gateways, video support,
and video conferencing.
 Call control, voice messaging, mobility,
and automated attendant are also
common features.
 Multiple types of traffic; only one network
to manage.
 Substantial savings over installation and
management of separate voice, video,
and data networks.
 Integrates IT management.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 133
Converged Networks
Cisco Borderless Networks
 A network architecture
that allows organizations
to connect anyone,
anywhere, anytime, and
on any device securely,
reliably, and seamlessly.
 Designed to address IT
and business challenges,
such as supporting the
converged network and
changing work patterns.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 134
Converged Networks
Hierarchy in the Borderless Switched Network

Borderless switched network

design guidelines are built
upon the following principles:
 Hierarchical
 Modularity
 Resiliency
 Flexibility

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 135
Converged Networks
Access, Distribution, and Core Layers

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 136
Switched Networks
Role of Switched Networks

 Switching technologies are

crucial to network design.
 Switching allows traffic to
be sent only where it is
needed in most cases,
using fast methods.
 A switched LAN:
 Allows more flexibility
 Allows more traffic
management
 Supports quality of service,
additional security, wireless,
IP telephony, and mobility
services

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 137
Switched Networks
Form Factors

Fixed
Configuration
Switches

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 138
Switched Networks
Form Factors

Modular
Platform

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 139
Switched Networks
Form Factors

Stackable
Configuration
Switches

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 140
4.2 The Switched Environment

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 141
Frame Forwarding
Switching as a General Concept in Networking and
Telecommunications
 A switch makes a decision based on ingress and a destination port.
 A LAN switch keeps a table that it uses to determine how to forward
traffic through the switch.
 Cisco LAN switches forward Ethernet frames based on the
destination MAC address of the frames.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 142
Frame Forwarding
Dynamically Populating a Switch MAC Address
Table
 A switch must first learn which devices exist on each port before it
can transmit a frame.
 As a switch learns the relationship of ports to devices, it builds a table
called a MAC address or content addressable memory (CAM) table.
 CAM is a special type of memory used in high-speed searching
applications.
 The information in the MAC address table is used to send frames.
 When a switch receives an incoming frame with a MAC address that
is not found in the CAM table, it floods it to all ports, except the one
that received the frame.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 143
Frame Forwarding
Switch Forwarding Methods

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 144
Frame Forwarding
Store-and-Forward Switching

 Allows the switch to:

 Check for errors
(via FCS check)
 Perform automatic
buffering
 Slower forwarding
process

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 145
Frame Forwarding
Cut-Through Switching

 Allows the switch to

start forwarding in
about 10
microseconds
 No FCS check
 No automatic
buffering

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 146
Switching Domains
Collision Domains
Collision domain - Segment where devices compete to communicate.

Ethernet switch port:

 Operating in half
duplex, each segment
is in its own collision
domain.
 Operating in full duplex
eliminates collisions.
 By default, will auto-
negotiate full duplex
when the adjacent
device can also
operate in full duplex.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 147
Switching Domains
Broadcast Domains
A broadcast domain is the extent of the network where a broadcast
frame can be heard.
 Switches forward broadcast frames to all ports; therefore, switches
do not break broadcast domains.
 All ports of a switch, with its default configuration, belong to the
same broadcast domain.
 If two or more switches are connected, broadcasts are forwarded to
all ports of all switches, except for the port that originally received the
broadcast.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 148
Switching Domains
Alleviating Network Congestion
Switches help alleviate network congestion by:
 Facilitating the segmentation of a LAN into separate collision
domains.
 Providing full-duplex communication between devices.
 Taking advantage of their high-port density.
 Buffering large frames.
 Employing high-speed ports.
 Taking advantage of their fast internal switching process.
 Having a low, per-port cost.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 149
Chapter 5: Switch
Configuration

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 150
5.1 Basic Switch
Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 151
Configure a Switch with Initial Settings
Switch Boot Sequence
1. Power-on self test (POST).
2. Run boot loader software.
3. Boot loader performs low-level CPU initialization.
4. Boot loader initializes the flash file system.
5. Boot loader locates and loads a default IOS operating system software
image into memory and passes control of the switch over to the IOS.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 152
Configure a Switch with Initial Settings
Switch Boot Sequence (cont.)
To find a suitable Cisco IOS image, the switch goes through the following steps:
Step 1. It attempts to automatically boot by using information in the BOOT environment
variable.
Step 2. If this variable is not set, the switch performs a top-to-bottom search through the flash
file system. It loads and executes the first executable file, if it can.
Step 3. The IOS software then initializes the interfaces using the Cisco IOS commands found in
the configuration file and startup configuration, which is stored in NVRAM.
Note: The boot system command can be used to set the BOOT environment variable. Use the
show boot command to see to what the current IOS boot file is set.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 153
Configure a Switch with Initial Settings
Recovering From a System Crash
 The boot loader can also be used to manage the switch if the IOS cannot
be loaded.
 The boot loader can be accessed through a console connection by:
1. Connecting a PC by console cable to the switch console port. Unplug
the switch power cord.
2. Reconnecting the power cord to the switch and press and hold
the Mode button.
3. The System LED turns briefly amber and then solid green. Release
the Mode button.
 The boot loader switch: prompt appears in the terminal emulation
software on the PC.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 154
Configure a Switch with Initial Settings
Switch LED Indicators
 Each port on Cisco Catalyst switches have status LED indicator lights.
 By default, these LED lights reflect port activity, but they can also provide other information
about the switch through the Mode button.
 The following modes are available on Cisco Catalyst 2960 switches:
• System LED
• Redundant Power System (RPS) LED
• Port Status LED
• Port Duplex LED
• Port Speed LED
• Power over Ethernet (PoE) Mode LED

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 155
Configure a Switch with Initial Settings
Preparing for Basic Switch Management
To remotely manage a Cisco switch, it must be configured to access the
network.
 A console cable is used to connect a PC to the console port of a switch for configuration.
 The IP information (address, subnet mask, gateway) is to be assigned to a switch virtual
interface (SVI).
 If managing the switch from a remote network, a default gateway must also be configured.
 Although these IP settings allow remote management and remote access to the switch, they
do not allow the switch to route Layer 3 packets.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 156
Configure a Switch with Initial Settings
Configuring Switch Management Access

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 157
Configure a Switch with Initial Settings
Configuring Switch Management Access
(cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 158
Configure a Switch with Initial Settings
Configuring Switch Management Access
(cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 159
Configure Switch Ports
Duplex Communication

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 160
Configure Switch Ports
Configure Switch Ports at the Physical Layer

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 161
Configure Switch Ports
Auto-MDIX
 Certain cable types (straight-through or crossover) were historically required when
connecting devices.
 The automatic medium-dependent interface crossover (auto-MDIX) feature eliminates
this problem.
 When auto-MDIX is enabled, the interface automatically detects and appropriately
configures the connection.
 When using auto-MDIX on an interface, the interface speed and duplex must be set to
auto.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 162
Configure Switch Ports
Auto-MDIX (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 163
Configure Switch Ports
Auto-MDIX (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 164
Configure Switch Ports
Verifying Switch Port Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 165
Configure Switch Ports
Network Access Layer Issue

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 166
Configure Switch Ports
Network Access Layer Issue (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 167
Configure Switch Ports
Troubleshooting Network Access Layer
Issues

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 168
5.2 Switch Security:
Management and
Implementation

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 169
Secure Remote Access
SSH Operation
 Secure Shell (SSH) is a protocol that provides a secure (encrypted),
command-line based connection to a remote device.
 Because of strong encryption features, SSH should replace Telnet for
management connections.
 SSH uses TCP port 22, by default.
 Telnet uses TCP port 23.
 A version of the IOS software, including cryptographic (encrypted)
features and capabilities, is required to enable SSH on Catalyst 2960
switches.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 170
Secure Remote Access
Configuring SSH

1. Verify SHH Support –

show ip ssh

2. Configure the IP
domain.

3. Generate RSA key

pairs.

4. Configure user
authentication.

5. Configure the vty lines.

6. Enable SSH version 2.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 171
Secure Remote Access
Verifying SSH

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 172
Secure Remote Access
Verifying SSH (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 173
Switch Port Security
Secure Unused Ports

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 174
Switch Port Security
Port Security: Operation
 The MAC addresses of legitimate devices are allowed access, while
other MAC addresses are denied.
 Any additional attempts to connect by unknown MAC addresses
generate a security violation.
 Secure MAC addresses can be configured in a number of ways:
 Static secure MAC addresses – manually configured and added
to running configuration - switchport port-security mac-
address mac-address
 Dynamic secure MAC addresses – removed when switch restarts
 Sticky secure MAC addresses – added to running configuration
and learned dynamically - switchport port-security
mac-address sticky interface configuration mode command

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 175
Switch Port Security
Port Security: Violation Modes
 IOS considers a security violation when:
 The maximum number of secure MAC addresses for that interface have
been added to the CAM, and a station whose MAC address is not in the
address table attempts to access the interface.
 There are three possible actions to take when a violation is detected:
 Protect – no notification received
 Restrict – notification received of security violation
 Shutdown
 switchport port-security
violation {protect | restrict |shutdown} interface
configuration mode command

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 176
Switch Port Security
Port Security: Violation Modes (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 177
Switch Port Security
Port Security: Configuring

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 178
Switch Port Security
Port Security: Verifying

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 179
Switch Port Security
Port Security: Verifying (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 180
Switch Port Security
Ports in Error Disabled State
 A port security violation can put a switch in error disabled state.
 A port in error disabled is effectively shutdown.
 The switch communicates these events through console messages.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 181
Switch Port Security
Ports in Error Disabled State (cont.)

The show interface

command also reveals a
switch port on error disabled
state.

A shutdown or no shutdown
interface configuration mode
command must be issued to re-
enable the port.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 182
Chapter 6: VLANs

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 183
6.1 VLAN Segmentation

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 184
Overview of VLANs
VLAN Definitions

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 185
Overview of VLANs
VLAN Definitions (cont.)
 VLANs allow an administrator to segment networks based on factors such
as function, project team, or application, without regard for the physical
location of the user or device.
 VLANs enable the implementation of access and security policies
according to specific groupings of users.
 A VLAN is a logical partition of a Layer 2 network.
 Multiple partitions can be created, allowing for multiple VLANs to co-exist.
 Each VLAN is a broadcast domain, usually with its own IP network.
 VLANs are mutually isolated, and packets can only pass between them
via a router.
 The partitioning of the Layer 2 network takes place inside a Layer 2
device, usually via a switch.
 The hosts grouped within a VLAN are unaware of the VLAN’s existence.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 186
Overview of VLANs
Benefits of VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 187
Overview of VLANs
Types of VLANs
 Data VLAN – user generated traffic
 Default VLAN – all switch ports become part of this VLAN until switch is
configured, show vlan brief
 Native VLAN – used for untagged traffic
 Management VLAN – used to access management capabilities

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 188
Overview of VLANs
Types of VLANs (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 189
Overview of VLANs
Voice VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 190
Overview of VLANs
Voice VLANs (cont.)
 VoIP traffic is time-sensitive and requires:
• Assured bandwidth to ensure voice quality.
• Transmission priority over other types of network traffic.
• Ability to be routed around congested areas on the network.
• Delay of less than 150 ms across the network.
 The voice VLAN feature enables access ports to carry IP voice traffic from
an IP phone.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 191
VLANs in a Multi-Switched Environment
VLAN Trunks

The links between switches S1 and S2, and S1 and S3 are configured to
transmit traffic coming from VLANs 10, 20, 30, and 99 across the network.
This network could not function without VLAN trunks.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 192
VLANs in a Multi-Switched Environment
VLAN Trunks (cont.)
 A VLAN trunk is a point-to-point link that carries more than one VLAN.
 A VLAN trunk is usually established between switches so same-VLAN
devices can communicate, even if physically connected to different
switches.
 A VLAN trunk is not associated to any VLANs; neither is the trunk ports
used to establish the trunk link.
 Cisco IOS supports IEEE802.1q, a popular VLAN trunk protocol.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 193
VLANs in a Multi-Switched Environment
Controlling Broadcast Domains with VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 194
VLANs in a Multi-Switched Environment
Controlling Broadcast Domains with VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 195
VLANs in a Multi-Switched Environment
Controlling Broadcast Domains with VLANs
 VLANs can be used to limit the reach of broadcast frames.
 A VLAN is a broadcast domain of its own.
 A broadcast frame sent by a device in a specific VLAN is forwarded within
that VLAN only.
 VLANs help control the reach of broadcast frames and their impact in the
network.
 Unicast and multicast frames are forwarded within the originating VLAN.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 196
VLANs in a Multi-Switched Environment
Tagging Ethernet Frames for VLAN
Identification
 Frame tagging is the process of adding a VLAN identification header to
the frame.
 It is used to properly transmit multiple VLAN frames through a trunk link.
 Switches tag frames to identify the VLAN to which they belong.
 Different tagging protocols exist; IEEE 802.1Q is a vey popular example.
 The protocol defines the structure of the tagging header added to the
frame.
 Switches add VLAN tags to the frames before placing them into trunk
links and remove the tags before forwarding frames through non-trunk
ports.
 When properly tagged, the frames can transverse any number of switches
via trunk links and still be forwarded within the correct VLAN at the
destination.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 197
VLANs in a Multi-Switched Environment
Tagging Ethernet Frames for VLAN
Identification (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 198
VLANs in a Multi-Switched Environment
Native VLANs and 802.1Q Tagging
 Control traffic sent on the native VLAN should not be tagged.
 Frames received untagged, remain untagged and are placed in the native
VLAN when forwarded.
 If there are no ports associated to the native VLAN and no other trunk
links, an untagged frame is dropped.
 When configuring a switch port on a Cisco switch, configure devices so
that they do not send tagged frames on the native VLAN.
 In Cisco switches, the native VLAN is VLAN 1, by default.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 199
VLANs in a Multi-Switched Environment
Voice VLAN Tagging

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 200
VLANs in a Multi-Switched Environment
Activity – Predict Switch Behavior

Scenario 1: PC 1 sends a broadcast.

Scenario 2: PC 2 sends a broadcast.
Scenario 3: PC 3 sends a broadcast.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 201
6.2 VLAN Implementations

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 202
VLAN Assignment
VLAN Ranges on Catalyst Switches
 Cisco Catalyst 2960 and 3560 Series switches support over 4,000
VLANs.
 VLANs are split into two categories:
• Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash memory)
• IDs 1002 through 1005 are reserved for Token Ring and Fiber
Distributed Data Interface (FDDI) VLANs, automatically created
and cannot be removed
• Extended Range VLANs
• VLAN numbers from 1,006 to 4,096
• Configurations stored in the running configuration (NVRAM)
• VLAN Trunking Protocol (VTP) does not learn extended VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 203
VLAN Assignment
VLAN Ranges on Catalyst Switches (cont.)
 Normal Range VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 204
VLAN Assignment
Creating a VLAN

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 205
VLAN Assignment
Assigning Ports to VLANs

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 206
VLAN Assignment
Changing VLAN Port Membership
 Remove VLAN Assignment

 Interface F0/18 was previously assigned to VLAN 20 which is still active, F0/18
reset to VLAN1

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 207
VLAN Assignment
Changing VLAN Port Membership (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 208
VLAN Assignment
Changing VLAN Port Membership (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 209
VLAN Assignment
Deleting VLANs

 The entire vlan.dat file can be deleted using the delete flash:vlan.dat
privileged EXEC mode command
 Abbreviated command version (delete vlan.dat) can be used if the
vlan.dat file has not been moved from its default location
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 210
VLAN Assignment
Verifying VLAN Information

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 211
VLAN Assignment
Verifying VLAN Information (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 212
VLAN Trunks
Configuring IEEE 802.1q Trunk Links

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 213
VLAN Assignment
Configuring IEEE 802.1q Trunk Links (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 214
VLAN Trunks
Resetting the Trunk to Default State

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 215
VLAN Trunks
Resetting the Trunk to Default State (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 216
VLAN Trunks
Verifying Trunk Configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 217
Troubleshoot VLANs and Trunks
IP Addressing Issues with VLANs
 It is a common practice to associate a VLAN with an IP network.
 Because different IP networks only communicate through a router, all
devices within a VLAN must be part of the same IP network to
communicate.
 The figure displays that PC1 cannot communicate to the server because
it has a wrong IP address configured.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 218
Troubleshoot VLANs and Trunks
Missing VLANs
 If all the IP address mismatches have been solved, but the device still
cannot connect, check if the VLAN exists in the switch.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 219
Troubleshoot VLANs and Trunks
Missing VLANs (cont.)
 If the VLAN to which a port belongs is deleted, the port becomes inactive. All ports
belonging to the VLAN that was deleted are unable to communicate with the rest of the
network.
 Not functional until the missing VLAN is created using the vlan vlan_id global
configuration.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 220
Troubleshoot VLANs and Trunks
Introduction to Troubleshooting Trunks

Note: To solve a native

VLAN mismatch,
configure the native
VLAN to be the same
VLAN on both sides of
the link.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 221
Troubleshoot VLANs and Trunks
Common Problems with Trunks
 Trunking issues are usually associated with incorrect configurations.
 The most common type of trunk configuration errors are:
 Native VLAN mismatches
 Trunk mode mismatches
 Allowed VLANs on trunks
 If a trunk problem is detected, the best practice guidelines
recommend to troubleshoot in the order shown above.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 222
Troubleshoot VLANs and Trunks
Common Problems with Trunks (cont.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 225
Troubleshoot VLANs and Trunks
Incorrect VLAN List (cont.)
 VLANs must be allowed in the trunk before their frames can be
transmitted across the link.
 Use the switchport trunk allowed vlan command to specify which
VLANs are allowed in a trunk link.
 Use the show interfaces trunk command to ensure the correct
VLANs are permitted in a trunk.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 227
Inter-VLAN Routing Operation
What is Inter-VLAN Routing?
 Layer 2 switches cannot forward traffic between VLANs without the
assistance of a router.
 Inter-VLAN routing is a process for forwarding network traffic from one
VLAN to another, using a router.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 228
Inter-VLAN Routing Operation
Legacy Inter-VLAN Routing
In the past:
 Actual routers were used to route between VLANs.
 Each VLAN was connected to a different physical router interface.
 Packets would arrive on the router through one interface, be routed and
leave through another.
 Because the router interfaces were connected to VLANs and had IP
addresses from that specific VLAN, routing between VLANs was
achieved.
 Large networks with large number of VLANs required many router
interfaces.

In this example, the router was configured with two separate

physical interfaces to interact with the different VLANs and
perform the routing.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 230
Inter-VLAN Routing Operation
Router-on-a-Stick Inter-VLAN Routing
 The router-on-a-stick approach uses only one of the router’s physical
interface.
 One of the router’s physical interfaces is configured as a 802.1Q trunk
port so it can understand VLAN tags.
 Logical subinterfaces are created; one subinterface per VLAN.
 Each subinterface is configured with an IP address from the VLAN it
represents.
 VLAN members (hosts) are configured to use the subinterface address as
a default gateway.

Router interface configured to operate as a trunk link and is connected to a trunked switch
port. The router performs inter-VLAN routing by accepting VLAN-tagged traffic on the trunk
interface coming from the adjacent switch, and then, internally routing between the VLANs
using subinterfaces. The router then forwards the routed traffic, VLAN-tagged for the
destination VLAN, out the same physical interface as it used to receive the traffic.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 233
Inter-VLAN Routing Operation
Identify the Types of Inter-VLAN Routing
Activity (cont.)
 Legacy or Router-on-a-Stick?

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 234
Configure Legacy Inter-VLAN Routing
Configure Legacy Inter-VLAN Routing:
Preparation
 Legacy inter-VLAN routing requires routers to have multiple physical interfaces.
 Each one of the router’s physical interfaces is connected to a unique VLAN.
 Each interface is also configured with an IP address for the subnet associated with the
particular VLAN.
 Network devices use the router as a gateway to access the devices connected to the other
VLANs.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 237
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Preparation
 An alternative to legacy inter-VLAN routing is to use VLAN trunking and subinterfaces.
 VLAN trunking allows a single physical router interface to route traffic for multiple VLANs.
 The physical interface of the router must be connected to a trunk link on the adjacent switch.
 On the router, subinterfaces are created for each unique VLAN.
 Each subinterface is assigned an IP address specific to its subnet or VLAN and is also
configured to tag frames for that VLAN.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 242
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Verifying
Routing
 Access to devices on remote VLANs can be tested using
the ping command.
 The ping command sends an ICMP echo request to the destination
address.
 When a host receives an ICMP echo request, it responds with an ICMP
echo reply.
 Tracert is a useful utility for confirming the routed path taken between
two devices.

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 245
Purpose of ACLs
What is an ACL?
 By default, a router does not have ACLs configured;
therefore, by default a router does not filter traffic.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 246
Purpose of ACLs
Packet Filtering
 Packet filtering, sometimes called static packet filtering, controls access
to a network by analyzing the incoming and outgoing packets and
passing or dropping them based on given criteria, such as the source IP
address, destination IP addresses, and the protocol carried within the
packet.
 A router acts as a packet filter when it forwards or denies packets
according to filtering rules.
 An ACL is a sequential list of permit or deny statements, known as
access control entries (ACEs).

Example

 Calculating wildcard masks can be challenging. One shortcut

method is to subtract the subnet mask from 255.255.255.255.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 258
Guidelines for ACL Placement
Where to Place ACLs (cont.)
 Every ACL should be placed where it has the greatest impact on
efficiency. The basic rules are:
 Extended ACLs - Locate extended ACLs as close as possible to
the source of the traffic to be filtered.
 Standard ACLs - Because standard ACLs do not specify
destination addresses, place them as close to the destination as
possible.
 Placement of the ACL, and therefore the type of ACL used, may
also depend on: the extent of the network administrator’s control,
bandwidth of the networks involved, and ease of configuration.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 259
Guidelines for ACL Placement
Standard ACL Placement
 The administrator wants to prevent traffic originating in the
192.168.10.0/24 network from reaching the 192.168.30.0/24 network.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 261
Configure Standard IPv4 ACLs
Numbered Standard IPv4 ACL Syntax
 Router(config)# access-list access-list-number
{ deny | permit | remark } source [ source-wildcard ] [ log ]

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 273
Securing VTY Ports with a Standard IPv4 ACL
The access-class Command
 The access-class command configured in line configuration mode
restricts incoming and outgoing connections between a particular VTY
(into a Cisco device) and the addresses in an access list.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 276
Processing Packet with ACLs
The Implicit Deny Any
 At least one permit ACE must be configured in an ACL or all traffic is blocked.
 For the network in the figure, applying either ACL 1 or ACL 2 to the S0/0/0 interface of R1 in
the outbound direction will have the same effect.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 279
Processing Packet with ACLs
Cisco IOS Reorders Standard ACLs
Notice that the statements are listed in a different order than they were entered.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 280
Processing Packet with ACLs
Cisco IOS Reorders Standard ACLs (cont.)
The order in which the standard ACEs are listed is the sequence used by the IOS to
process the list.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 281
Processing Packet with ACLs
Routing Processes and ACLs
 As a frame enters an interface, the router checks to see whether the destination Layer 2
address matches its interface Layer 2 address, or whether the frame is a broadcast frame.
 If the frame address is accepted, the frame information is stripped off and the router
checks for an ACL on the inbound interface.
 If an ACL exists, the packet is tested against the statements in the list.
 If the packet matches a statement, the packet is either permitted or denied.
 If the packet is accepted, it is then checked against routing table entries to determine the
destination interface.
 If a routing table entry exists for the destination, the packet is then switched to the
outgoing interface, otherwise the packet is dropped.
 Next, the router checks whether the outgoing interface has an ACL. If an ACL exists, the
packet is tested against the statements in the list. If the packet matches a statement, it is
either permitted or denied.
 If there is no ACL or the packet is permitted, the packet is encapsulated in the new Layer 2
protocol and forwarded out the interface to the next device.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 284
Common Standard IPv4 ACL Errors
Troubleshooting Standard IPv4 ACLs –
Example 2
Security Policy: The 192.168.11.0/24 network should not be able to
access the 192.168.10.0/24 network.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 285
Common Standard IPv4 ACL Errors
Troubleshooting Standard IPv4 ACLs –
Example 2 (cont.)
ACL 20 was applied to the wrong interface and in the wrong direction. All
traffic from the 192.168.11.0/24 is denied inbound access through the
G0/1 interface.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 287
Common Standard IPv4 ACL Errors
Troubleshooting Standard IPv4 ACLs –
Example 3
Problem
Security Policy:
Only PC1 is
allowed SSH
remote access to
R1.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 288
Common Standard IPv4 ACL Errors
Troubleshooting Standard IPv4 ACLs –
Example 3 (cont.)
Solution!
Security Policy:
Only PC1 is
allowed SSH
remote access to
R1.

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 291
DHCPv4 Operation
Introducing DHCPv4
 DHCPv4:
 assigns IPv4 addresses and other network configuration information dynamically
 useful and timesaving tool for network administrators
 dynamically assigns, or leases, an IPv4 address from a pool of addresses
 A Cisco router can be configured to provide DHCPv4 services.
 Administrators configure DHCPv4 servers so that leases expire. Then
the client must ask for another address, although the client is typically
reassigned the same address.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 297
Configure DHCPv4 Server
Configure a Basic DHCPv4 Server
A Cisco router running the Cisco IOS software can be configured to act
as a DHCPv4 server. To set up DHCP:
1. Exclude addresses from the pool.
2. Set up the DHCP pool name.
3. Define the range of addresses and subnet mask. Use the
default-router command for the default gateway. Optional
parameters that can be included in the pool – dns server,
domain-name.

To disable DHCP, use the no service dhcp command.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 298
Configure DHCPv4 Server
Verifying DHCPv4
 Commands to verify DHCP:
show running-config | section dhcp
show ip dhcp binding
show ip dhcp server statistics
 On the PC, issue the ipconfig /all command.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 300
Configure DHCPv4 Server
DHCPv4 Relay (cont.)
 Using an IP helper address enables a router to forward DHCPv4
broadcasts to the DHCPv4 server. Acting as a relay.

 The figure shows an extended ACL permitting only packets with UDP destination ports of
67 or 68. These are the typical ports used by DHCPv4 clients and servers when sending
DHCPv4 messages. The extended ACL is used with the debug ip packet command to
display only DHCPv4 messages.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 306
8.2 DHCPv6

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 307
SLAAC and DHCPv6
Stateless Address Autoconfiguration
(SLAAC)
 SLAAC uses ICMPv6 Router Solicitation and Router Advertisement
messages to provide addressing and other configuration information that
would normally be provided by a DHCP server:

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 308
SLAAC and DHCPv6
SLAAC Operation
 A router must have IPv6 routing enabled before it can send RA
messages: Router(config)# ipv6 unicast-routing

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 310
SLAAC and DHCPv6
SLAAC Option
 SLAAC is the default option on Cisco routers. Both the M flag and
the O flag are set to 0 in the RA, as shown in the figure.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 311
SLAAC and DHCPv6
Stateless DHCPv6 Option
 To modify the RA message sent on the interface of a router to indicate
stateless DHCPv6, use the following command: Router(config-
if)# ipv6 nd other-config-flag

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 312
SLAAC and DHCPv6
Stateful DHCPv6 Option
 This option is the most similar to DHCPv4. In this case, the RA message informs the client
not to use the information in the RA message. All addressing information and configuration
information must be obtained from a stateful DHCPv6 server. Router(config-if)# ipv6 nd
managed-config-flag

If stateless or stateful
DHCPv6 is indicated in
the RA message, then
the device begins
DHCPv6 client/server
communications.

Verify the stateless DHCP client using the following commands:

 show ipv6 interface
 debug ipv6 dhcp detail

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 328
NAT Operation
NAT Characteristics
 IPv4 Private Address Space
• 10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16
 What is NAT?
• Process to translate network IPv4 address
• Conserve public IPv4 addresses
• Configured at the border router for translation
 NAT Terminology
• Inside address
• Inside local address
• Inside global address
• Outside address
• Outside local address
• Outside global address

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 329
NAT Operation
Types of NAT
 Static NAT
• One-to-one mapping of local and global
addresses
• Configured by the network administrator and
remain constant.
 Dynamic NAT
• Uses a pool of public addresses and assigns
them on a first-come, first-served basis
• Requires that enough public addresses for the
total number of simultaneous user sessions
 Port Address Translation (PAT)
• Maps multiple private IPv4 addresses to a single
public IPv4 address or a few addresses
• Also known as NAT overload
• Validates that the incoming packets were
requested
• Uses port numbers to forward the response
packets to the correct internal device
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 330
NAT Operation
NAT Advantages
 Advantages of NAT
• Conserves the legally registered addressing scheme
• Increases the flexibility of connections to the public network
• Provides consistency for internal network addressing schemes
• Provides network security
 Disadvantages of NAT
• Performance is degraded
• End-to-end functionality is degraded
• End-to-end IP traceability is lost
• Tunneling is more complicated
• Initiating TCP connections can be disrupted

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 332
Configuring NAT
Configuring Static NAT
 Configuring Static NAT
• Create the mapping between the inside local and outside local
addresses
ip nat inside source static local-ip global-ip
• Define which interfaces belong to the inside network and which belong
to the outside network
ip nat inside
ip nat outside
 Analyzing Static NAT
 Verifying Static NAT
show ip nat translations
show ip nat statistics
clear ip nat statistics

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 333
Configuring NAT
Configuring Dynamic NAT
 Dynamic NAT Operation
• The pool of public IPv4 addresses (inside global address pool) is
available to any device on the inside network on a first-come, first-
served basis.
• With dynamic NAT, a single inside address is translated to a single
outside address.
• The pool must be large enough to accommodate all inside devices.
• A device is unable to communicate to any external networks if no
addresses are available in the pool.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 334
Configuring NAT
Configuring Dynamic NAT (Cont.)
 Configuring Dynamic NAT
• Create the mapping between the inside local and outside local
addresses
ip nat pool name start-ip end-ip {netmask netmask
| prefix-length prefix-length}
• Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source
[source-wildcard]
• Bind the ACL to the pool
ip nat inside source list access-list-number pool
name
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 335
Configuring NAT
Configuring Dynamic NAT (Cont.)
 Analyzing Dynamic NAT
 Verifying Dynamic NAT
show ip nat translations
show ip nat translations verbose
clear ip nat statistics
clear ip nat translations *

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 336
Configuring NAT
Configuring Port Address Translations (PAT)
 Configuring PAT: Address Pool
• Create the mapping between the inside local and outside local addresses
ip nat pool name start-ip end-ip {netmask netmask |
prefix-length prefix-length}
• Create a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-
wildcard]
• Bind the ACL to the pool
ip nat inside source list access-list-number pool name
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 337
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
 Configuring PAT: Single Address
• Define a standard ACL to permit those addresses to be translated
access-list access-list-number permit source [source-
wildcard]
• Establish dynamic source translation, specify the ACL, exit interface, and
overload option
ip nat inside source list access-list-number
interface type name overload
• Identify the inside and outside interfaces
ip nat inside
ip nat outside

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 338
Configuring NAT
Configuring Port Address Translations (PAT) (Cont.)
 Analyzing PAT
 Verifying PAT
show ip nat translations
show ip nat statistics
slear ip nat statistics

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 339
Configuring NAT
Port Forwarding
 Port Forwarding
• Port forwarding is the act of forwarding a network port from one network node to
another.
• A packet sent to the public IP address and port of a router can be forwarded to a private
IP address and port in inside network.
• Port forwarding is helpful in situations where servers have private addresses, not
reachable from the outside networks.
 Wireless Router Example
 Configuring Port Forwarding with IOS
ip nat inside source [static {tcp | udp local-ip local-port
global-ip global-port} [extendable]

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 340
Configuring NAT
Configuring NAT and IPv6
 NAT for IPv6?
• IPv6 with a 128-bit address provides 340 undecillion addresses.
• Address space is not an issue for IPv6.
• IPv6 makes IPv4 public-private NAT unnecessary by design; however, IPv6 does implement
a form of private addresses, and it is implemented differently than they are for IPv4.
 IPv6 Unique Local Address
• IPv6 unique local addresses (ULAs) are designed to allow IPv6 communications within a
local site.
• ULAs are not meant to provide additional IPv6 address space.
• ULAs have the prefix FC00::/7, which results in a first hextet range of FC00 to FDFF.
• ULAs are also known as local IPv6 addresses (not to be confused with IPv6 link-local
addresses).

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 341
Configuring NAT
Configuring NAT and IPv6 (Cont.)
 NAT for IPv6
• IPv6 also uses NAT, but in a much different context.
• In IPv6, NAT is used to provide transparent communication between IPv6 and IPv4.
• NAT64 is not intended to be a permanent solution; it is meant to be a transition
mechanism.
• Network Address Translation-Protocol Translation (NAT-PT) was another NAT-
based transition mechanism for IPv6, but is now deprecated by IETF.
• NAT64 is now recommended.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 343
Troubleshooting NAT
Troubleshooting NAT Configurations
 Troubleshooting NAT: show commands
clear ip nat statistics
clear ip nat translations *
show ip nat statistics
Show ip nat translations
 Troubleshooting NAT: debug commands
debug ip nat

Routing and Switching Essentials v6.0

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 346
Device Discovery
Device Discovery with CDP
 CDP Overview
• Cisco Discovery Protocol
• Neighbor discovery of physically connected Cisco devices
 Configure and Verify CDP
• show cdp neighbors
• show cdp interface
• cdp run
• cdp enable
 Discover Devices Using CDP
• Device identifiers - The host name of the neighbor device
• Port identifier - The name of the local and remote port
• Capabilities list - Whether the device is a router or a switch
• Platform - The hardware platform of the device

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 347
Device Discovery
Device Discovery with LLDP
 LLDP Overview
• A vendor neutral layer 2 neighbor discovery protocol, similar to CDP
 Configure and Verify LLDP
• show lldp
• lldp run
• lldp transmit
• lldp receive
 Discover Devices Using LLDP
• show lldp neighbors

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 349
Device Management
Implement NTP
 Setting the System Clock
• Manually configure the date and time
• Configure Network Time Protocol (NTP)
 NTP Operation
• Hierarchical system of time sources
• Stratum 0 – Authoritative time source
• Stratum number indicates how far the server
is from the time source
 Configure and Verify NTP
• ntp server ip-address
• show ntp associations
• show ntp status
• show clock
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 350
Device Management
Syslog Operation
 Introduction to Syslog
• Allows devices to send their messages to syslog server
• Supported by most networking devices
• Primary functions:
log information
select the type
specify the destinations
 Syslog Message Format
• Severity level from 0 – 7
• Facility – service identifiers
 Service Timestamp
• Enhances real-time debugging and management
• service timestamps log datetime
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 351
Device Management
Syslog Configuration
 Syslog Server
• Parses the output and places the messages into pre-defined columns
• Timestamps are displayed if configured on networking devices that generated the
log messages
• Allows the network administrators to navigate the large amount of data compiled on
a syslog server.
 Default Logging
• Send log messages of all severity level to the console
• show logging
 Router and Switch Commands for Syslog Clients
• logging ip-address
• logging trap level
• logging source-interface source-interface interface-number
 Verifying Syslog
• show logging
• Use the pipe (|) to limit the amount of displayed
Presentation_ID
log messages
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 352
10.3 Device Maintenance

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 353
Device Maintenance
Router and Switch File Maintenance
 Router and Switch File Systems
• show file systems – lists all available file system
• dir – lists the content of the file system
• pwd - verify the present working directory
• cd – changes the current directory
 Backing up and Restoring using Text Files

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 354
Device Maintenance
Router and Switch File Maintenance (Cont.)
 Backing up and Restoring using TFTP
• copy running-config tftp
• copy startup-config tftp
 Using USB Ports for Backing Up and Restoring
• show file systems
• dir usbflash0:
• copy run usbflash0:/
 Password Recovery
• Enter ROMMON mode
• Change configuration register to 0x2142
• Make changes to the original startup config
• Save the new configuration

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 355
Device Maintenance
IOS System Files
 IOS 15 System Image Packaging
• universalk9 images
• universalk9_npe images
• Technology packages: IP Base, Data, UC, SEC
• Data, UC, and SEC technology packages are activated through licensing
 IOS Image Filenames
• Feature sets and version
• show flash

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 356
Device Maintenance
IOS Image Management
 TFTP Servers as a Backup Location
• Backup location for IOS images and configuration files
 Steps to Backup IOS Image to TFTP Server
• Verify access to TFTP server
• Verify sufficient disk space
• Copy the image to the TFTP server
copy source-url tftp:
 Steps to Copy an IOS Image to a Device
• Download IOS image from Cisco.com and transfer it to TFTP server
• Verify access to TFTP server from device
• Verify sufficient disk space on device
• Copy the image from the TFTP server
copy tftp: destination-url
 The boot system Command
• Command to load the new image during bootup
• boot system file-url
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 357
Device Maintenance
Software Licensing
 Licensing Process
• Purchase the software package or feature
to install
• Obtain a license
Cisco License Manger
Cisco License Portal
Requires PAK number and UDI
show license udi
• Install the license
license install stored-
location-url
reload

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 358
Device Maintenance
License Verification and Management
 License verification
• show version
• show license
 Activate an evaluation right-to-use license
• license accept end user agreement
• license boot module module-name technology-package package-name
 Back up the license
• license save file-sys://lic-location
 Uninstall the license
• Disable the license
license boot module module-name technology-package package-name
disable
• Clear the license
license clear feature-name
no license boot module module-name technology-package package-
name disable

Ch6 Applied Networking
No ratings yet
Ch6 Applied Networking
44 pages
Chapter2 Port Security
No ratings yet
Chapter2 Port Security
41 pages
ITE8 Chp6
No ratings yet
ITE8 Chp6
64 pages
ITNET02 Module 05 InterVLAN Routing
No ratings yet
ITNET02 Module 05 InterVLAN Routing
42 pages
Lecture 3
No ratings yet
Lecture 3
18 pages
Chapter 1: Routing Concepts: Routing and Switching Essentials v6.0
No ratings yet
Chapter 1: Routing Concepts: Routing and Switching Essentials v6.0
63 pages
Instructor Materials Chapter 2: Configure A Network Operating System
No ratings yet
Instructor Materials Chapter 2: Configure A Network Operating System
20 pages
Chapter 2.1 - Routing Concepts
No ratings yet
Chapter 2.1 - Routing Concepts
56 pages
CN Unit 4
No ratings yet
CN Unit 4
180 pages
p3 - m8 13 11 9 Expanded
No ratings yet
p3 - m8 13 11 9 Expanded
139 pages
Chapter 2: Static Routing: Routing and Switching Essentials v6.0
No ratings yet
Chapter 2: Static Routing: Routing and Switching Essentials v6.0
44 pages
CN322 - Routing Concepts
No ratings yet
CN322 - Routing Concepts
68 pages
Topic 8
No ratings yet
Topic 8
19 pages
CCNA RE Chp1
No ratings yet
CCNA RE Chp1
68 pages
ITN PPT Chapter6
No ratings yet
ITN PPT Chapter6
54 pages
Lab 2
No ratings yet
Lab 2
22 pages
Network Layer: Introduction To Networks
No ratings yet
Network Layer: Introduction To Networks
52 pages
RS InstructorPPT Chapter2
No ratings yet
RS InstructorPPT Chapter2
55 pages
ITE7 Chp6
No ratings yet
ITE7 Chp6
57 pages
TBEA Modbus Grid-Connected Inverter Communication Protocol20180605
No ratings yet
TBEA Modbus Grid-Connected Inverter Communication Protocol20180605
22 pages
RS InstructorPPT Chapter66 Final
No ratings yet
RS InstructorPPT Chapter66 Final
61 pages
1 - Basic Device Configuration
No ratings yet
1 - Basic Device Configuration
18 pages
Chapter 1: Routing Concepts: Ts Mohamad Rizal Abdul Rejab CISCO Networking Academy LMC/Manager
No ratings yet
Chapter 1: Routing Concepts: Ts Mohamad Rizal Abdul Rejab CISCO Networking Academy LMC/Manager
70 pages
Chapter 1: Routing Concepts: Instructor Materials
No ratings yet
Chapter 1: Routing Concepts: Instructor Materials
70 pages
Chapter 1: Routing Concepts: CCNA Routing and Switching Routing and Switching Essentials v6.0
No ratings yet
Chapter 1: Routing Concepts: CCNA Routing and Switching Routing and Switching Essentials v6.0
69 pages
Chapter 1: Introduction To Scaling Networks
No ratings yet
Chapter 1: Introduction To Scaling Networks
33 pages
3.2 Build Basic LAN Configuration
No ratings yet
3.2 Build Basic LAN Configuration
55 pages
Respiratory Care
No ratings yet
Respiratory Care
45 pages
Chapter 6: Applied Networking: Instructor Materials
No ratings yet
Chapter 6: Applied Networking: Instructor Materials
60 pages
Module 10: Basic Router Configuration: Instructor Materials
No ratings yet
Module 10: Basic Router Configuration: Instructor Materials
31 pages
Router: Presentation - ID © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential
No ratings yet
Router: Presentation - ID © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential
18 pages
RSE6 Instructor Materials Chapter1
No ratings yet
RSE6 Instructor Materials Chapter1
64 pages
11 5 1
No ratings yet
11 5 1
56 pages
Modul 04-Network Operating System PDF
No ratings yet
Modul 04-Network Operating System PDF
16 pages
Lab 1: Basic Cisco Device Configuration: Topology Diagram
No ratings yet
Lab 1: Basic Cisco Device Configuration: Topology Diagram
17 pages
Basic Router Configration
No ratings yet
Basic Router Configration
12 pages
Instructor Materials Chapter 6: Network Layer: CCNA Routing and Switching Introduction To Networks v6.0
No ratings yet
Instructor Materials Chapter 6: Network Layer: CCNA Routing and Switching Introduction To Networks v6.0
25 pages
ITN Module 2 3
No ratings yet
ITN Module 2 3
22 pages
Module 10 BasicRtrCfg
No ratings yet
Module 10 BasicRtrCfg
23 pages
Resumen de Conmutacion y Ruteo I
No ratings yet
Resumen de Conmutacion y Ruteo I
386 pages
ITN6 Instructor Materials Chapter2
No ratings yet
ITN6 Instructor Materials Chapter2
23 pages
Basic Router Configuration (Network Layer)
No ratings yet
Basic Router Configuration (Network Layer)
25 pages
Chapter 8: Configuring Cisco Devices
No ratings yet
Chapter 8: Configuring Cisco Devices
17 pages
ITN - Module - 10 - Basic Router Configuration
No ratings yet
ITN - Module - 10 - Basic Router Configuration
20 pages
Lec2 Basic Router Configuration
No ratings yet
Lec2 Basic Router Configuration
20 pages
RSE6 Instructor Materials Chapter1
No ratings yet
RSE6 Instructor Materials Chapter1
64 pages
2 - Basic Device Configuration
No ratings yet
2 - Basic Device Configuration
16 pages
RSE6 Instructor Materials Chapter1
No ratings yet
RSE6 Instructor Materials Chapter1
64 pages
RS Chapter4
No ratings yet
RS Chapter4
57 pages
Lab - Configure Ipv4 and Ipv6 Static and Default Routes: Topology
0% (1)
Lab - Configure Ipv4 and Ipv6 Static and Default Routes: Topology
6 pages
Router CLI
No ratings yet
Router CLI
7 pages
Build A Switch and Router Network
No ratings yet
Build A Switch and Router Network
6 pages
104 Electronic Media
No ratings yet
104 Electronic Media
49 pages
RS InstructorPPT Chapter4 Final
No ratings yet
RS InstructorPPT Chapter4 Final
56 pages
Internet Networking Module - 10
No ratings yet
Internet Networking Module - 10
21 pages
Module 7: Routing Between Networks: Networking Essentials (NETESS)
No ratings yet
Module 7: Routing Between Networks: Networking Essentials (NETESS)
27 pages
100-101 Icnd1
No ratings yet
100-101 Icnd1
5 pages
Ye Aung Aung, EMDevS-61, 17th Batch
No ratings yet
Ye Aung Aung, EMDevS-61, 17th Batch
94 pages
19.4.4 Packet Tracer - Build A Switch and Router Network - Fikki Arsy Nurfadilah - TF3B - 202010225026
No ratings yet
19.4.4 Packet Tracer - Build A Switch and Router Network - Fikki Arsy Nurfadilah - TF3B - 202010225026
9 pages
Chapter 1: Introduction To Scaling Networks
No ratings yet
Chapter 1: Introduction To Scaling Networks
35 pages
10.4.4 Packet Tracer Build A Switch and Router Network Physical Mode
No ratings yet
10.4.4 Packet Tracer Build A Switch and Router Network Physical Mode
4 pages
02 Task Sheet 2.2-5 Ip Addressing
No ratings yet
02 Task Sheet 2.2-5 Ip Addressing
13 pages
Brkipm 3017
No ratings yet
Brkipm 3017
257 pages
Lennox IcomfortWiFi Installation Manual
No ratings yet
Lennox IcomfortWiFi Installation Manual
48 pages
Engineering Note. Connectivity To Allen-Bradley Controllers: by Eduardo Ballina
No ratings yet
Engineering Note. Connectivity To Allen-Bradley Controllers: by Eduardo Ballina
16 pages
RFID Based Automatic Billing Trolley
No ratings yet
RFID Based Automatic Billing Trolley
4 pages
Digital Modulation - ASK PDF
No ratings yet
Digital Modulation - ASK PDF
34 pages
1GE+1FE+1POTS+WiFi+CATV GPON HGU Brief Manual EN（印刷版）
No ratings yet
1GE+1FE+1POTS+WiFi+CATV GPON HGU Brief Manual EN（印刷版）
11 pages
ESP32-C3-MINI-1U CE Certification
No ratings yet
ESP32-C3-MINI-1U CE Certification
5 pages
Info - Lantime m300 Gps PDF
No ratings yet
Info - Lantime m300 Gps PDF
5 pages
Call Up Letter Sce Allahabad For TGC 137 Course
No ratings yet
Call Up Letter Sce Allahabad For TGC 137 Course
24 pages
Unit 2 - Network Sniffing
No ratings yet
Unit 2 - Network Sniffing
24 pages
17 3125 REV01 - HF CNTL DNT 01 - Install - Guide PDF
No ratings yet
17 3125 REV01 - HF CNTL DNT 01 - Install - Guide PDF
28 pages
Named-MPSK v0.2
No ratings yet
Named-MPSK v0.2
13 pages
Configure and Verify in Evpn Vxlan Multi
No ratings yet
Configure and Verify in Evpn Vxlan Multi
13 pages
Verizon Asr Feilds
No ratings yet
Verizon Asr Feilds
92 pages
Homework 3 Solution
No ratings yet
Homework 3 Solution
8 pages
Cisco Secure Firewall Threat Defense Hardening Guide, Version 7.2
No ratings yet
Cisco Secure Firewall Threat Defense Hardening Guide, Version 7.2
19 pages
Mitel Technical Configuration Notes
No ratings yet
Mitel Technical Configuration Notes
31 pages
Brocade Basa Exam Study Guide Study Tools
No ratings yet
Brocade Basa Exam Study Guide Study Tools
6 pages
CCNA Security CCNA Voice CCNA Wireless: Specialist Training
No ratings yet
CCNA Security CCNA Voice CCNA Wireless: Specialist Training
12 pages
Cisco Modeling Labs: 1-For Single User
No ratings yet
Cisco Modeling Labs: 1-For Single User
5 pages
Security Issues of Network Mobility (NEMO) With Tor Architecture
No ratings yet
Security Issues of Network Mobility (NEMO) With Tor Architecture
5 pages
Caching Strategies Based On Information Density Estimation in Wireless Ad Hoc Networks
No ratings yet
Caching Strategies Based On Information Density Estimation in Wireless Ad Hoc Networks
7 pages
Newspaper: Definition
No ratings yet
Newspaper: Definition
3 pages
Λέγεται πελαργός γιατί κάνει 9 μήνες να έρθει. Αλλιώς θα λεγόταν πελαγρήγορος.....
No ratings yet
Λέγεται πελαργός γιατί κάνει 9 μήνες να έρθει. Αλλιώς θα λεγόταν πελαγρήγορος.....
4 pages
Omni Antenna PDF
No ratings yet
Omni Antenna PDF
2 pages
The Default Settings Are:: RTU Communication Delay
No ratings yet
The Default Settings Are:: RTU Communication Delay
2 pages
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)

Ccna 2

Uploaded by

Ccna 2

Uploaded by

Chapter 1: Routing

Routing and Switching Essentials v6.0

Dynamically Assigned IP Address – IP Address information is dynamically

Dynamic Routing Protocols

Use the ipv6 router ? command to determine which routing

Routing and Switching Essentials v6.0

Configure IPv4 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Static Routes

Configure IPv6 Default Routes

Configure IPv6 Default Routes

Configure IPv6 Default Routes

Configure IPv6 Default Routes

Configure IPv6 Default Routes

Configure IPv6 Default Routes

Configure Static Host Routes

Configure Static Host Routes

Configure Static Host Routes

Packet Processing with Static Routes

Troubleshoot IPv4 Static and Default Route Configuration

Packet Processing with Static Routes

Routing and Switching Essentials v6.0

 Dynamic routing protocols have been used in networks

Routing Protocols are used to facilitate the exchange of

Main components of dynamic routing protocols include:

Networks typically use a combination of both static and

Sending out unneeded

Routing and Switching Essentials v6.0

 Our digital world is

Borderless switched network

 Switching technologies are

 Allows the switch to:

 Allows the switch to

Ethernet switch port:

Routing and Switching Essentials v6.0

1. Verify SHH Support –

3. Generate RSA key

5. Configure the vty lines.

6. Enable SSH version 2.

The show interface

Routing and Switching Essentials v6.0

Scenario 1: PC 1 sends a broadcast.

Note: To solve a native

In this example, the router was configured with two separate

Routing and Switching Essentials v6.0

 Calculating wildcard masks can be challenging. One shortcut

Routing and Switching Essentials v6.0

To disable DHCP, use the no service dhcp command.

Verify the stateless DHCP client using the following commands:

Routing and Switching Essentials v6.0

Routing and Switching Essentials v6.0

You might also like