Patch Cable Types

Straight-through - Connect PC to hub or switch (router to switch or hub)

Crossover - Connect hub to hub/ switch to switch/PC to PC
Rolled - Console connection for PC to router

Half Duplex Ethernet shares a collision domain resulting in lower throughput than Full
Duplex Ethernet which requires a point-to-point link between two compatible nodes

OSI Model vs. TCP/IP Model

OSI Reference Model
Application - Identifying and establishing the
availability of intended communication partner and
whether there are sufficient resources
Presentation - Data translation, encryption, code
formatting

packet

Network - Manages logical addressing

and path determination

frame

Transport - Provides end-to-end transport

services - establishes logical connections
between hosts. Connection-oriented or
connectionless data transfer.

Data Link - Provides physical transmission

of data, handles error notification, flow
control and network topology. Split into two
sub layers (LLC and MAC)

bits

Protocol Data Units (PDUs)

Segment

Session - Setting up, managing and tearing down

sessions. Keeps applications data separate

Physical - Specifies electrical,

mechanical, procedural and functional
requirements for activating, maintaining
and deactivating a physical link.

TCP/IP Model Protocol Suite

Process/Application layer
FTP - TCP file transfer service port 20-21
Telnet - Terminal emulation program port
23
TFTP - UDP file transfer port 69
SMTP - Send email service port 25
DHCP Assigns IP addresses to hosts
ports 67 and 68
DNS Resolves FQDNs to IP addresses
port 53
Host-to-Host layer
TCP - Connection-oriented protocol,
provides reliable connections
(acknowledgments, flow control, windowing)
UDP - Connectionless protocol, low
overhead but unreliable
Internet layer
IP - connectionless protocol, provides
network addressing and routing
ARP - finds MAC addresses from known
IPs
RARP - finds IPs from known MAC
addresses
ICMP - provides diagnostics, used by ping
and traceroute

Network Access

Cisco 3-Layer Hierarchical Model

Core - Backbone, common to all users, needs to be as fast as possible and fault tolerant, avoid ACL, VLAN trunking
and packet filtering here.
Distribution - Routing - provides access control policies, filtering, WAN access and VLAN trunking
Access - Switching - User and workgroup access, segmentation

Causes of LAN congestion - Broadcast storms, too many hosts with a broadcast
domain, multicasting, low bandwidth, bottlenecks
Collision domain - Switches/bridges breakup collision domains, hubs extend them
Broadcast domains - Routers and VLANs breakup broadcast domains

Troubleshooting Steps

Cisco IOS
Troubleshooting
Commands

1. Ping loopback
2. Ping NIC
3. Ping default gateway
4. Ping remote device

ping 127.0.0.1
traceroute

Windows DOS
Troubleshooting
Commands
ping 127.0.0.1
tracert
ipconfig/all
arp -a

IP Classes
Private Address Ranges
Class A - 10.0.0.0 - 10.255.255.255
Class B - 172.16.0.0 - 172.31.255.255
Class C - 192.168.0.0 - 192.168.255.255

Class Ranges
Class A - 1-126 - network.node.node.node
Class B - 128-191 - network.network.node.node
Class C - 192-223 - network.network.network.node

255.0.0.0
255.128.0.0
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
255.255.128.0
255.255.192.0
255.255.224.0

/8
/9
/10
/11
/12
/13
/14
/15
/16
/17
/18
/19

Subnet Mask
CIDR Notation
(Classless
Inter-Domain
Routing)

255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252

/20
/21
/22
/23
/24
/25
/26
/27
/28
/29
/30

Copyright 2010 Internetwork Training Although the authors of have made every effort to ensure the information in this document is correct, the authors do not assume and hereby disclaim any liability to any party for loss or damage caused by errors, omissions or misleading information.

EIGRP

packetlife.net
Protocol Header

Attributes

16

Version

24

Opcode

32

Type Distance Vector

Checksum

Algorithm DUAL

Flags

Internal AD 90

Sequence Number

External AD 170

Acknowledgment Number

Summary AD 5

Autonomous System Number

Type

Standard Cisco proprietary

Length

Protocols IP, IPX, Appletalk

Value

Transport IP/88

Metric Formula
256 * (K1 * bw +

K2 * bw
256 - load

Authentication MD5

+ K3 * delay) *

K5
rel + K4

bw = 107 / minimum path bandwidth in kbps

delay = interface delay in secs / 10

EIGRP Configuration
Protocol Configuration

! Enable EIGRP
router eigrp <ASN>
! Add networks to advertise
network <IP address> <wildcard mask>

Multicast IP 224.0.0.10
Hello Timers 5/60
Hold Timers 15/180
K Defaults

Packet Types

K1 1

1 Update

K2 0

3 Query

K3 1

4 Reply

K4 0

5 Hello

K5 0

8 Acknowledge

! Configure K values to manipulate metric formula

metric weights 0 <k1> <k2> <k3> <k4> <k5>

Terminology
Reported Distance

! Disable automatic route summarization

no auto-summary

The metric for a route advertised by a neighbor

! Designate passive interfaces

passive-interface (<interface> | default)

The distance advertised by a neighbor plus the cost

to get to that neighbor

! Enable stub routing

eigrp stub [receive-only | connected | static | summary]
! Statically identify neighoring routers
neighbor <IP address> <interface>
Interface Configuration

! Set maximum bandwidth EIGRP can consume

ip bandwidth-percent eigrp <AS> <percentage>
! Configure manual summarization of outbound routes
ip summary-address eigrp <AS> <IP address> <mask> [<AD>]

Feasible Distance

Stuck In Active (SIA)

The condition when a route becomes unreachable
and not all queries for it are answered; adjacencies
with unresponsive neighbors are reset

Passive Interface
An interface which does not participate in EIGRP but
whose network is advertised

Stub Router
A router which advertises only a subset of routes,
and is omitted from the route query process

Troubleshooting

! Enable MD5 authentication

ip authentication mode eigrp <AS> md5
ip authentication key-chain eigrp <AS> <key-chain>

show ip eigrp interfaces

! Configure hello and hold timers

ip hello-interval eigrp <AS> <seconds>
ip hold-time eigrp <AS> <seconds>

show ip eigrp topology

show ip eigrp neighbors

show ip eigrp traffic

clear ip eigrp neighbors

! Disable split horizon for EIGRP

no ip split-horizon eigrp <AS>

by Jeremy Stretch

debug ip eigrp [packet | neighbors]

v2.1

IEEE 802.11 WLAN PART 1

packetlife.net

IEEE Standards
802.11a

802.11b

802.11g

802.11n

11 Mbps

54 Mbps

300 Mbps

2.4 GHz

2.4 GHz

2.4/5 GHz

Modulation OFDM

DSSS

DSSS/OFDM

OFDM

Channels (FCC/ETSI) 21/19

11/13

11/13

32/32

1999

2003

2009

Maximum Throughput 54 Mbps

Frequency 5 GHz

Ratified 1999
WLAN Types
Ad Hoc
A WLAN between isolated stations with
no central point of control; an IBSS

WLAN Components
IBSS

ESS
BSS

BSS

Infrastructure
A WLAN attached to a wired network via
an access point; a BSS or ESS
DS
Frame Types
Type

Class

Association

Management

Authentication

Management

Probe

Management

Beacon

Management

Request to Send (RTS)

Control

Clear to Send (CTS)

Control

Acknowledgment (ACK)

Control

Data

Data
Client Association

Basic Service Area (BSA)

The physical area covered by the wireless signal of a BSS
Basic Service Set (BSS)
A set of stations and/or access points which can directly
communicate via a wireless medium
Distribution System (DS)
The wired infrastructure connecting multiple BSSs to form an ESS
Extended Service Set (ESS)
A set of multiple BSSs connected by a DS which appear to wireless
stations as a single BSS
Independent BSS (IBSS)
An isolated BSS with no connection to a DS; an ad hoc WLAN
Measuring RF Signal Strength

Probe Request
Probe Response
Authentication Request
Authentication Response
Association Request
Association Response
Modulations
Scheme

DSSS

OFDM

Modulation

Throughput

DBPSK

1 Mbps

DQPSK

2 Mbps

CCK

5.5/11 Mbps

BPSK

6/9 Mbps

QPSK

12/18 Mbps

16-QAM

24/36 Mbps

64-QAM

48/54 Mbps

by Jeremy Stretch

Decibel (dB)
An expression of signal strength as compared to a reference signal;
calculated as 10log10(signal/reference)
dBm Signal strength compared to a 1 milliwatt signal
dBw Signal strength compared to a 1 watt signal
dBi Compares forward antenna gain to that of an isotropic antenna
Terminology
Basic Service Set Identifier (BSSID)
A MAC address which serves to uniquely identify a BSS
Service Set Identifier (SSID)
A human-friendly text string which identifies a BSS; 1-32 characters
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)
The mechanism which facilitates efficient communication across a
shared wireless medium (provided by DCF or PCF)
Effective Isotropic Radiated Power (EIRP)
Net signal strength (transmitter power + antenna gain - cable loss)
v2.2

IEEE 802.11 WLAN PART 2

packetlife.net

Distributed Coordination Function (DCF)

DIFS

DIFS

DIFS

DIFS

Frame

Deferral Period

Random Backoff

Contention Window
Interframe Spacing

Client Authentication

Short IFS (SIFS)

Used to provide minimal spacing delay between
control frames or data fragments

Open No authentication is used

DCF IFS (DIFS)

Normal spacing enforced under DCF for management
and non-fragment data frames

Lightweight EAP (LEAP)

Cisco-proprietary EAP method introduced to provide
dynamic keying for WEP (deprecated)

Arbitrated IFS (AIFS)

Variable spacing calculated to accommodate differing
qualities of service (QoS)

EAP-TLS
Employs Transport Layer Security (TLS); PKI
certificates are required on the AP and clients

Extended IFS (EIFS)

Extended delay imposed after errors are detected in a
received frame
Encryption Schemes

Pre-shared Encryption Keys

Keys are manually distributed among clients and APs

EAP-TTLS
Clients authenticate the AP via PKI, then form a secure
tunnel inside which the client authentication takes
place (clients do not need PKI certificates)

Wired Equivalent Privacy (WEP)

Flawed RC4 implementation using a 40- or 104-bit
pre-shared encryption key (deprecated)

Protected EAP (PEAP)

A proposal by Cisco, Microsoft, and RSA which employs
a secure tunnel for client authentication like EAP-TTLS

Wi-Fi Protected Access (WPA)

Implements the improved RC4-based encryption
Temporal Key Integrity Protocol (TKIP) which can
operate on WEP-capable hardware

EAP-FAST
Developed by Cisco to replace LEAP; establishes a
secure tunnel using a Protected Access Credential
(PAC) in the absence of PKI certificates

IEEE 802.11i (WPA2)

IEEE standard developed to replace WPA; requires a
new generation of hardware to implement significantly
stronger AES-based CCMP encryption

RF Signal Interference
Reflection

Scattering

Absorption

Quality of Service Markings

WMM

802.11e

802.1p

Platinum

7/6

6/5

Gold

5/4

4/3

Silver

3/0

Bronze

2/1

2/1

Wi-Fi Multimedia (WMM)

A Wi-Fi Alliance certification for QoS; a subset of
802.11e QoS
IEEE 802.11e
Official IEEE WLAN QoS standard ratified in 2005;
replaces WMM
IEEE 802.1p
QoS markings in the 802.1Q header on wired Ethernet
by Jeremy Stretch

Refraction

Diffraction

Antenna Types
Directional Radiates power in one focused direction
Omnidirectional
Radiates power uniformly across a plane
Isotropic
A theoretical antenna referenced when measuring
effective radiated power
v2.2

IPV4 MULTICAST
Layer 2 Addressing
239.142.57.6
11101111 10001110 00111001 00000110

Group Ranges
224.0.0.0/24 Local network control
224.0.1.0/24 Internetwork control
232.0.0.0/8 Source-specific

01-00-5E-0E-39-06
00000001 00000000 01011110 00001110 00111001 00000110
Terminology
Reverse Path Forwarding (RPF)
Verifies that multicast traffic travels in the reverse direction of
unicast traffic, away from the tree root
Cisco Group Management Protocol (CGMP)
A proprietary protocol used by switches to obtain multicast
membership information for end hosts (deprecated)
Internet Group Management Protocol (IGMP)
Hosts send IGMP requests to local routers to join multicast groups
IGMP Configuration
IGMP Support Router(config-if)# ip igmp [version <#>]
IGMP Snooping Switch(config)# ip igmp snooping
Protocol Independent Multicast (PIM)
Dense Mode
The initial tree encompasses all multicast routers; after a period of
time, routers without IGMP members prune back branches
Sparse Mode
The tree is grown from a central rendezvous point out to the
multicast source and recipients
Sparse-Dense Mode
Allows a PIM-enabled interface to function in either sparse or dense
mode per group
PIMv1
Provides automatic RP discovery with Auto-RP (Cisco proprietary)
PIMv2
Automatic RP discovery is accomplished by the bootstrap router
(BSR) method (standard)
PIM Configuration
ip multicast-routing
!
interface FastEthernet0/0
ip pim {sparse-mode | dense-mode | sparse-dense-mode}
ip pim version {1 | 2}

RP Configuration
Manual ip pim rp-address <IP>
Auto-RP Mapping Agent ip pim send-rp-discovery scope <TTL>
Auto-RP Candidate ip pim send-rp-announce <interface>
BSR Candidate ip pim bsr-candidate <interface>
BSR RP Candidate ip pim rp-candidate <interface>
by Jeremy Stretch

packetlife.net

233.0.0.0/8 GLOP (RFC 3180)

239.0.0.0/8 Admin-scoped
Common Groups
224.0.0.1 All hosts
224.0.0.2 All routers
224.0.1.39 Cisco RP Announce
224.0.1.40 Cisco RP Discovery
Distribution Trees
Shared
A common set of links which carry all
multicast traffic; statically configured
Source-Rooted
Provides the shortest paths from the
source to receivers
IGMP
IGMPv1
Original IGMP specification
IGMPv2
Adds support for dynamic leave requests
and querier election to original IGMP
IGMPv3
Adds multicast source filtering to v2
IGMP Snooping
A switch passively inspects IGMP
requests to determine which hosts
should receive multicast traffic
IGMP Troubleshooting
show ip igmp
show ip igmp group
show ip igmp interface
show ip igmp snooping
ip igmp join-group
PIM Troubleshooting
show ip mroute
show ip pim interface
show ip pim neighbor
show ip pim rp [mapping]
show ip rpf <IP>
v2.0

IPV6

packetlife.net
Protocol Header
8

Ver

16

Address Notation
24

Traffic Class

32

Flow Label

Payload Length

Next Header

Hop Limit

Eliminate leading zeros from all two-byte sets

Replace up to one string of consecutive zeros
with a double-colon (::)
Address Formats

Source Address

Global unicast
Global Prefix

Subnet

Interface ID

48

16

64

Destination Address

Link-local unicast
Version (4 bits) Always set to 6

Interface ID

Traffic Class (8 bits) A DSCP value for QoS

64

Multicast
Flags

Payload Length (16 bits) Length of the payload in bytes

Next Header (8 bits) Header or protocol which follows
Hop Limit (8 bits) Similar to IPv4's time to live field

Group ID

4 4

112

EUI-64 Formation

Source Address (128 bits) Source IP address

Destination Address (128 bits) Destination IP address

64

Scope

Flow Label (20 bits) Identifies unique flows (optional)

MAC

Address Types
EUI-64

Unicast One-to-one communication

Multicast One-to-many communication

Insert 0xfffe between the two halves of the MAC

Anycast An address configured in multiple locations

Flip the seventh bit (universal/local flag) to 1

Multicast Scopes
1 Interface-local

5 Site-local

2 Link-local

8 Org-local

4 Admin-local

E Global

Special-Use Ranges

Extension Headers
Hop-by-hop Options (0)
Carries additional information which must be examined by every
router in the path
Routing (43)
Provides source routing functionality

::/0

Default route

Fragment (44)
Included when a packet has been fragmented by its source

::/128

Unspecified

::1/128

Loopback

Encapsulating Security Payload (50)

Provides payload encryption (IPsec)

::/96

IPv4-compatible*

Authentication Header (51)

Provides packet authentication (IPsec)

::FFFF:0:0/96

IPv4-mapped

2001::/32

Teredo

Destination Options (60)

Carries additional information which pertains only to the recipient

2001:DB8::/32

Documentation

2002::/16

6to4

FC00::/7

Unique local

FE80::/10

Link-local unicast

FEC0::/10

Site-local unicast*

FF00::/8

Multicast

by Jeremy Stretch

Transition Mechanisms
Dual Stack
Transporting IPv4 and IPv6 across an infrastructure simultaneously
Tunneling
IPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredo),
or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Translation
Stateless IP/ICMP Translation (SIIT) translates IP header fields, NAT
* Deprecated Protocol Translation (NAT-PT) maps between IPv6 and IPv4 addresses
v2.0

NETWORK ADDRESS TRANSLATION

Example Topology

packetlife.net

Address Classification
Inside Local

An actual address assigned to

an inside host

An inside address seen from

the outside
An actual address assigned to
Outside Global
an outside host
Inside Global

FastEthernet0
10.0.0.1/16
NAT Inside

FastEthernet1
174.143.212.1/22
NAT Outside

Outside Local

An outside address seen from

the inside

NAT Boundary Configuration

Location

interface FastEthernet0
ip address 10.0.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet1
ip address 174.143.212.1 255.255.252.0
ip nat outside

Perspective
Local

Global

Inside

Inside Local

Inside Global

Outside

Outside Local

Outside Global

Static Source Translation

! One line per static translation
ip nat inside source static 10.0.0.19 192.0.2.1
ip nat inside source static 10.0.1.47 192.0.2.2
ip nat outside source static 174.143.212.133 10.0.0.47
ip nat outside source static 174.143.213.240 10.0.2.181

Dynamic Source Translation

! Create an access list to match inside local addresses
access-list 10 permit 10.0.0.0 0.0.255.255
!
! Create NAT pool of inside global addresses
ip nat pool MyPool 192.0.2.1 192.0.2.254 prefix-length 24
!
! Combine them with a translation rule
ip nat inside source list 10 pool MyPool
!
! Dynamic translations can be combined with static entries
ip nat inside source static 10.0.0.42 192.0.2.42

Terminology
NAT Pool
A pool of IP addresses to be used as inside
global or outside local addresses in translations

Port Address Translation (PAT)

An extension to NAT that translates information
at layer four and above, such as TCP and UDP
port numbers; dynamic PAT configurations
include the overload keyword

Extendable Translation
The extendable keyword must be appended
when multiple overlapping static translations are
configured

Special NAT Pool Types

Rotary Used for load balancing
Match- Preserves the host portion of
Host the address after translation

Port Address Translation (PAT)

! Static layer four port translations
ip nat inside source static tcp 10.0.0.3 8080 192.0.2.1 80
ip nat inside source static udp 10.0.0.14 53 192.0.2.2 53
ip nat outside source static tcp 174.143.212.4 23 10.0.0.8 23
!
! Dynamic port translation with a pool
ip nat inside source list 11 pool MyPool overload
!
! Dynamic translation with interface overloading
ip nat inside source list 11 interface FastEthernet1 overload

Troubleshooting
show ip nat translations [verbose]
show ip nat statistics
clear ip nat translations
NAT Translations Tuning
ip nat translation tcp-timeout <seconds>
ip nat translation udp-timeout <seconds>
ip nat translation max-entries <number>

Inside Destination Translation

! Create a rotary NAT pool
ip nat pool LoadBalServers 10.0.99.200 10.0.99.203 prefix-length 24 type rotary
!
! Enable load balancing across inside hosts for incoming traffic
ip nat inside destination list 12 pool LoadBalServers

by Jeremy Stretch

v1.0

OSPF PART 1

packetlife.net

Protocol Header
8

Attributes

16

Version

24

Type

32

Type Link-State

Length

Algorithm Dijkstra

Router ID

Metric Cost (Bandwidth)

Area ID
Checksum

AD 110

Instance ID

Reserved

Standard RFC 2328, 2740

Data

Protocols IP

Link State Advertisements

Router Link (Type 1)
Lists neighboring routers and the cost to each; flooded within an area
Network Link (Type 2)
Generated by a DR; lists all routers on an adjacent segment; flooded
within an area

Transport IP/89
Authentication Plaintext, MD5
AllSPF Address 224.0.0.5
AllDR Address 224.0.0.6
Metric Formula
100,000 Kbps*

Network Summary (Type 3)

Generated by an ABR and advertised among areas

cost =

ASBR Summary (Type 4)

Injected by an ABR into the backbone to advertise the presence of an
ASBR within an area

* modifiable with
ospf auto-cost reference-bandwidth

External Link (Type 5)

Generated by an ASBR and flooded throughout the AS to advertise a
route external to OSPF
NSSA External Link (Type 7)
Generated by an ASBR in a not-so-stubby area; converted into a
type 5 LSA by the ABR when leaving the area
Router Types

Area Types

Internal Router
All interfaces reside within the
same area
Backbone Router
A router with an interface in
area 0 (the backbone)

Standard Area
Default OSPF area type
Stub Area
External link (type 5) LSAs are
replaced with a default route

Area Border Router (ABR)

Connects two or more areas

Totally Stubby Area

Type 3, 4, and 5 LSAs are
replaced with a default route

AS Boundary Router (ASBR)

Connects to additional routing
domains; typically located in
the backbone

Not So Stubby Area (NSSA)

A stub area containing an ASBR;
type 5 LSAs are converted to type
7 within the area

link speed

Adjacency States
1 Down

5 Exstart

2 Attempt

6 Exchange

3 Init

7 Loading

4 2-Way

8 Full
DR/BDR Election

The DR serves as a common point for

all adjacencies on a multiaccess
segment
The BDR also maintains adjacencies
with all routers in case the DR fails
Election does not occur on point-topoint or multipoint links
Default priority (0-255) is 1; highest
priority wins; 0 cannot be elected
DR preemption will not occur unless
the current DR is reset

External Route Types

E1 Cost to the advertising ASBR plus the external cost of the route
E2 (Default) Cost of the route as seen by the ASBR
Troubleshooting

Virtual Links
Tunnel formed to join two areas
across an intermediate

show ip [route | protocols]

show ip ospf border-routers

Both end routers must share a

common area

show ip ospf interface

show ip ospf virtual-links

At least one end must reside in area 0

show ip ospf neighbor

debug ip ospf []

Cannot traverse stub areas

by Jeremy Stretch

v2.1

OSPF PART 2

packetlife.net
Network Types

Nonbroadcast
(NBMA)

DR/BDR Elected Yes

Neighbor Discovery No
Hello/Dead Timers 30/120
Defined By RFC 2328
Supported Topology Full Mesh

Multipoint
Broadcast

Multipoint
Nonbroadcast

Broadcast

Point-to-Point

No

No

Yes

No

Yes

No

Yes

Yes

30/120

30/120

10/40

10/40

RFC 2328

Cisco

Cisco

Cisco

Any

Any

Full Mesh

Point-to-Point

Configuration Example
WAN

Area 0

Area 9

172.16.0.0/18

Backbone

Totally Stubby Area

A
C

Area 1

Area 2

Stub Area

Standard Area
Router B

interface Ethernet0/0
description Area 0
ip address 192.168.0.2 255.255.255.0
ip ospf 100 area 0
!
interface Ethernet0/1
description Area 2
ip address 192.168.2.1 255.255.255.0
ip ospf 100 area 2
! Optional MD5 authentication configured
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 FooBar
! Give B priority in DR election
ip ospf priority 100
!
interface Ethernet0/2
description Area 1
ip address 192.168.1.1 255.255.255.0
ip ospf 100 area 1
!
interface Loopback0
ip address 10.0.34.2 255.255.255.0
!
router ospf 100
! Define area 1 as a stub area
area 1 stub
! Virtual link from area 0 to area 9
area 2 virtual-link 10.0.34.3

by Jeremy Stretch

Router A
interface Serial0/0
description WAN Link
ip address 172.16.34.2 255.255.255.252
!
interface FastEthernet0/0
description Area 0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback0
! Used as router ID
ip address 10.0.34.1 255.255.255.0
!
router ospf 100
! Advertising the WAN cloud to OSPF
redistribute static subnets
network 192.168.0.0 0.0.0.255 area 0
!
! Static route to the WAN cloud
ip route 172.16.0.0 255.255.192.0 172.16.34.1
Router C

interface Ethernet0/0
description Area 9
ip address 192.168.9.1 255.255.255.0
ip ospf 100 area 9
!
interface Ethernet0/1
description Area 2
ip address 192.168.2.2 255.255.255.0
ip ospf 100 area 2
! Optional MD5 authentication configured
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 FooBar
! Give C second priority (BDR) in election
ip ospf priority 50
!
!
!
!
!
!
interface Loopback0
ip address 10.0.34.3 255.255.255.0
!
router ospf 100
! Define area 9 as a totally stubby area
area 9 stub no-summary
! Virtual link from area 9 to area 0
area 2 virtual-link 10.0.34.2

v2.1

POINT-TO-POINT PROTOCOL

packetlife.net

PPP Components

PPP Summary
Standard RFC 1661

Link Control Protocol (LCP)

Provides for the establishment, configuration, and maintenance of a
PPP link. Protocol-independent options are negotiated by LCP.

Interfaces

Asynchronous serial, synchronous

serial, ISDN, HSSI

Network Control Protocol (NCP)

PPP Features

A separate NCP is used to negotiate the configuration of each

network layer protocol (such as IP) carried by PPP.

Protocol Multiplexing Multiple NCPs

PPP Header
8

Address

Optional Authentication PAP/CHAP

16

Control

24

32

Protocol

Loopback Detection Provided by LCP

Load Balancing Multilink PPP

LCP Header
8

Code

16

Identifier

Optional Compression Stacker/predictor

24

32

Connection Phase Flowchart

Length

Authentication Protocols

Dead

Establish

No Auth

Plaintext Authentication Protocol (PAP)

Original, obsolete authentication protocol which relies on the
exchange of a plaintext key to authenticate peers (RFC 1334).

Challenge Handshake Authentication Protocol (CHAP)

Authenticates peers using the MD5 checksum of a pre-shared secret
key (RFC 1994).

Extensible Authentication Protocol (EAP)

Auth Required

Terminate

Failure

Admin
Shutdown

Authenticate
Success

Network

PPP Connection Example

Provides MD5-based authentication similar to CHAP (RFC 3748).

Could be expanded to support other EAP mechanisms as well.

General PPP Configuration

! Configure a peer account if authentication will be used
username peer-hostname password password
! Configure a local IP address pool if needed
ip pool name first-IP last-IP
interface Serial0/0
! Enable PPP encapsulation
encapsulation ppp
! Enable CHAP and/or PAP for authentication
ppp authentication { chap | pap } [ chap | pap ]
! Enable compression
compress { predictor | stac }
! Enable peer IP address assignment (server side)
peer default ip address { pool name | IP-address }
! Enable IP address negotiation (client side)
ip address negotiated

Multilink PPP Configuration

! Create the multilink interface
interface Multilink1
ip address IP-address subnet-mask
ppp multilink group group
! Assign physical interfaces to the multilink group
interface Serial0/0
encapsulation ppp
ppp multilink group group

by Jeremy Stretch

LCP Configuration Request

LCP Configuration Ack
CHAP Challenge
CHAP Response
CHAP Success
IP Control Configuration Request
IP Control Configuration Ack
CDP Control Configuration Request
CDP Control Configuration Ack

PPP Compression Algorithms

Stacker
Replaces repetitive data with symbols from a
dynamic dictionary (more processor-intensive)
Predictor
Attempts to predict sequential data (more
memory-intensive)
Troubleshooting
show ppp multilink
debug ppp authentication
debug ppp { negotiation | packet }
v1.2

SPANNING TREE PART 1

packetlife.net

Spanning Tree Protocols

Legacy STP

Algorithm Legacy ST
Defined By 802.1D-1998
Instances 1
Trunking N/A

PVST

PVST+

RSTP

RPVST+

MST

Legacy ST

Legacy ST

Rapid ST

Rapid ST

Rapid ST

Cisco

Cisco

802.1w,
802.1D-2004

Cisco

802.1s,
802.1Q-2003

Per VLAN

Per VLAN

Per VLAN

Configurable

ISL

802.1Q, ISL

N/A

802.1Q, ISL

802.1Q, ISL

Spanning Tree Instance Comparison

STP

PVST+
VLAN 1,10 Root
VLAN 20,30 Root

Root
A

All VLANs

xx xx

BPDU Format
Field

MST
MSTI 0 Root

MSTI 1 Root

A
VLAN 1
VLAN 10
VLAN 20
VLAN 30

Spanning Tree Specifications

Link Costs

Bits

802.1s

802.1Q-2003

MSTI 0 (1, 10)

MSTI 1 (20, 30)

802.1Q-2005

Bandwidth

Cost

4 Mbps

250

10 Mbps

100

16 Mbps

62

45 Mbps

39

100 Mbps

19

155 Mbps

14

622 Mbps

Protocol ID

16

Version

BPDU Type

Flags

Root ID

64

Root Path Cost

32

Bridge ID

64

Port ID

16

IEEE 802.1D-1998 Deprecated legacy STP standard

1 Gbps

Message Age

16

IEEE 802.1w Introduced RSTP

10 Gbps

Max Age

16

IEEE 802.1D-2004 Replaced legacy STP with RSTP

20+ Gbps

Hello Time

16

Forward Delay

16

802.1D-1998

802.1Q-1998

IEEE

ISL

Forward Delay

15s

Max Age

20s

Cisco

2s

PVST

802.1w

PVST+

IEEE 802.1s Introduced MST

2
3
4

Port States
Legacy ST

Rapid ST

IEEE 802.1Q-2005 Most recent 802.1Q revision

Disabled

PVST Per-VLAN implementation of legacy STP

Blocking

PVST+ Added 802.1Q trunking to PVST

Listening

RPVST+ Per-VLAN implementation of RSTP

Learning

Learning

Forwarding

Forwarding

Spanning Tree Operation

1

RPVST+

IEEE 802.1Q-2003 Added MST to 802.1Q

Default Timers
Hello

802.1D-2004

Discarding

Port Roles

Determine root bridge

The bridge advertising the lowest bridge ID becomes the root bridge

Legacy ST

Rapid ST

Select root port

Root

Root

Designated

Designated

Each bridge selects its primary port facing the root

Select designated ports

One designated port is selected per segment

Block ports with loops

Blocking

Alternate
Backup

All non-root and non-desginated ports are blocked

by Jeremy Stretch

v3.0

SPANNING TREE PART 2

packetlife.net

PVST+ and RPVST+ Configuration

spanning-tree mode {pvst | rapid-pvst}
! Bridge priority
spanning-tree vlan 1-4094 priority 32768
! Timers, in seconds
spanning-tree vlan 1-4094 hello-time 2
spanning-tree vlan 1-4094 forward-time 15
spanning-tree vlan 1-4094 max-age 20
! PVST+ Enhancements
spanning-tree backbonefast
spanning-tree uplinkfast
! Interface attributes
interface FastEthernet0/1
spanning-tree [vlan 1-4094] port-priority 128
spanning-tree [vlan 1-4094] cost 19
! Manual link type specification
spanning-tree link-type {point-to-point | shared}
! Enables PortFast if running PVST+, or
! designates an edge port under RPVST+
spanning-tree portfast
! Spanning tree protection
spanning-tree guard {loop | root | none}
! Per-interface toggling
spanning-tree bpduguard enable
spanning-tree bpdufilter enable

MST Configuration
spanning-tree mode mst
! MST Configuration
spanning-tree mst configuration
name MyTree
revision 1
! Map VLANs to instances
instance 1 vlan 20, 30
instance 2 vlan 40, 50
! Bridge priority (per instance)
spanning-tree mst 1 priority 32768
! Timers, in seconds
spanning-tree mst hello-time 2
spanning-tree mst forward-time 15
spanning-tree mst max-age 20
! Maximum hops for BPDUs
spanning-tree mst max-hops 20

Bridge ID Format
4

12

48

Pri

Sys ID Ext

MAC Address

Priority
4-bit bridge priority (configurable from 0 to 61440 in
increments of 4096)
System ID Extension
12-bit value taken from VLAN number (IEEE 802.1t)
MAC Address
48-bit unique identifier
Path Selection
1 Bridge with lowest root ID becomes the root
2 Prefer the neighbor with the lowest cost to root
3 Prefer the neighbor with the lowest bridge ID
4 Prefer the lowest sender port ID
Optional PVST+ Ehancements
PortFast
Enables immediate transition into the forwarding state
(designates edge ports under MST)
UplinkFast
Enables switches to maintain backup paths to root
BackboneFast
Enables immediate expiration of the Max Age timer in
the event of an indirect link failure
Spanning Tree Protection
Root Guard
Prevents a port from becoming the root port
BPDU Guard
Error-disables a port if a BPDU is received
Loop Guard
Prevents a blocked port from transitioning to listening
after the Max Age timer has expired
BPDU Filter
Blocks BPDUs on an interface (disables STP)
RSTP Link Types
Point-to-Point
Connects to exactly one other bridge (full duplex)
Shared
Potentially connects to multiple bridges (half duplex)
Edge
Connects to a single host; designated by PortFast
Troubleshooting

! Interface attributes
interface FastEthernet0/1
spanning-tree mst 1 port-priority 128
spanning-tree mst 1 cost 19

show spanning-tree [summary | detail | root]

show spanning-tree [interface | vlan]
show spanning-tree mst []

by Jeremy Stretch

v3.0

VLANS

packetlife.net
Trunk Encapsulation

ISL

Trunk Types

26

ISL
Header

Dest
MAC

Source
MAC

Type

FCS

Dest
MAC

Source
MAC

Type

Untagged
802.1Q

802.1Q

Header Size 4 bytes

Dest
MAC

Source
MAC

802.1Q

Type

Switch(config)# vlan 100

Switch(config-vlan)# name Engineering

mode access
nonegotiate
access vlan 100
voice vlan 150

Trunk Port Configuration

Switch(config-if)#
Switch(config-if)#
Switch(config-if)#
Switch(config-if)#

switchport
switchport
switchport
switchport

mode trunk
trunk encapsulation dot1q
trunk allowed vlan 10,20-30
trunk native vlan 10

SVI Configuration
Switch(config)# interface vlan100
Switch(config-if)# ip address 192.168.100.1 255.255.255.0

VLAN Trunking Protocol (VTP)

Domain
Common to all switches participating in VTP
Server Mode
Generates and propagates VTP advertisements to clients;
default mode on unconfigured switches
Client Mode
Receives and forwards advertisements from servers; VLANs
cannot be manually configured on switches in client mode
Transparent Mode
Forwards advertisements but does not participate in VTP;
VLANs must be configured manually
Pruning
VLANs not having any access ports on an end switch are
removed from the trunk to reduce flooded traffic
VTP Configuration
Switch(config)#
Switch(config)#
Switch(config)#
Switch(config)#
Switch(config)#

vtp
vtp
vtp
vtp
vtp

by Jeremy Stretch

mode {server | client | transparent}

domain <name>
password <passsword>
version {1 | 2}
pruning

4 bytes

Standard IEEE

Cisco

Maximum VLANs 4094

1000

VLAN Numbers
0 Reserved

1004 fdnet

1 default

1005 trnet

1002 fddi-default

1006-4094 Extended

1003 tr

Access Port Configuration

switchport
switchport
switchport
switchport

26 bytes

Trailer Size N/A

VLAN Creation

Switch(config-if)#
Switch(config-if)#
Switch(config-if)#
Switch(config-if)#

ISL

4095 Reserved
Terminology

Trunking
Carrying multiple VLANs over the same
physical connection
Native VLAN
By default, frames in this VLAN are untagged
when sent across a trunk
Access VLAN
The VLAN to which an access port is assigned
Voice VLAN
If configured, enables minimal trunking to
support voice traffic in addition to data traffic
on an access port
Dynamic Trunking Protocol (DTP)
Can be used to automatically establish trunks
between capable ports (insecure)
Switched Virtual Interface (SVI)
A virtual interface which provides a routed
gateway into and out of a VLAN
Switch Port Modes
trunk
Forms an unconditional trunk
dynamic desirable
Attempts to negotiate a trunk with the far end
dynamic auto
Forms a trunk only if requested by the far end
access
Will never form a trunk
Troubleshooting
show vlan
show interface [status | switchport]
show interface trunk
show vtp status
show vtp password
v2.0