Professional Documents
Culture Documents
Essential
www.supinfo.com
Copyright SUPINFO. All rights reserved
The ranges of private addresses defined by the RFC 1918 are the followings:
These ranges of private addresses collectively used in the address’s translations, allow many networks
to use the same addresses. The translation of addresses takes all its interest by translating, or replacing,
private addresses in one or more public addresses to cross on Internet.
That creates many private addresses "cells" which can be identical for various networks, knowing that
every cell is accessible from Internet only from the public addresses attributed to every company.
Even if private addresses are being reserved for an internal use; they cannot be used directly on
Internet. This is why the routers of edge of the FAI are configured to prevent the routing of these
addresses.
NAT was made to save IP addresses by allowing the translation of private IP addresses (RFC1918),
internals in an entity (a company, a school etc.), in one or more public IP addresses routable on
Internet.
Remark: the IP address used for the translation is not always a public IP address and can be again a
private IP that can be, itself, translated.
Essential – Cisco CCNA 4 5 / 60
This address translation is mainly made on a company’s border routers connected to Internet. The
network using the private IP addresses is called the internal network (inside), whereas the part of the
network using public IP addresses (Internet) is called the external network (outside).
When a internal network (inside) user wants to communicate with a host of the external network
(outside), the router receives the packet with the private IP address and rewrites the packet by
changing the IP source address with the public IP address of the router (it’s the operation of
translation).
Then the router consults its routing table to forward the packet until the good destination. The address
will receive the packet with source public IP address of router and not the host’s private IP address
that sends the packet to the internal network.
Beyond naming "inside" and "outside", Cisco defined 4 types of addresses for the NAT:
• Inside local address: IP address attributed to a host in a LAN.
• Inside global address: IP address attributed by the ISP recognized on the Internet used to
represent a LAN.
• Outside local address: IP address attributed to a host of the external network known by users
of the internal network.
• Outside global address: IP address attributed to a host of the external network.
NAT can be used in several cases; however it can be configured by two different manners statically or
dynamically:
• Static NAT always translates a private IP address with the same public IP address. If 4 users
require a translation of address, it will thus be necessary to use 4 public IP addresses.
• Dynamic NAT translates a private IP address with a public IP address belonging to a pool of
addresses. The public IP address used for the translation is still not the same. If there aren’t
enough public IP addresses available, users will have to wait an address releases itself to be
able translated.
The advantage of NAT, besides the big economy of IP addresses, is to avoid rebuilding all the
addressing IP space during an Internet Service Provider change.
This technology also brings some security within an internal network because machines are not
accessible from outside (Internet).
Essential – Cisco CCNA 4 6 / 60
PAT (Port Address Translation) or Overloading allows attribution of a single public IP address for the
translation of several private IP addresses. Every user is differentiated thanks to a unique port number
which is attributed to him when he wants to communicate.
Given that there are 65536 different ports, a router could translate until 65536 different private IP
addresses. However really, equipment can manage on average that the translation about 4000 ports by
public IP addresses.
1.3. Configuration
1.3.1. Commands
• ip nat inside
o Interface configuration mode
o Specifies inside interface
o Additional to others NAT commands
• ip nat outside
o Interface configuration mode
o Specifies outside interface
o Additional to others NAT commands
• Specify the outside and inside interfaces (ip nat outside / inside)
o Static NAT
Specify every address one by one (ip nat inside static source ip1 ip2)
o Dynamic NAT
Specify the private block
Specify the public pool
Activate NAT with the private block and the public pool in argument
o PAT
Specify the private block
Activate NAT on the outside interface with the private block argument
1.3.3. Verification
• show running-config
o privileged mode
o displays router configuration
• debug ip nat
o privileged mode
o displays all translated packets in real-time
Essential – Cisco CCNA 4 8 / 60
2. DHCP protocol
2.1. Introduction
DHCP (Dynamic Host Configuration Protocol) is a protocol working on a client-server mode. It
provides to the client a layer 3 configuration: principally an address (IP), but also gateway address,
DNS, NETBIOS, domain names, etc.
This protocol allows a dynamic management of the level 3 addressing. It also reduces the work of a
network administrator.
On most operational systems, DHCP clients are provided to users. By sending a request to the server,
the client can receive layer 3 addresses. Only user equipments have to benefit of this service, the
servers and network equipments must get a static address.
The DHCP works on a rent principle or lease. The server attributes an address to a client for
predetermined duration (days, minutes, and seconds). The client has to make again a request to get his
lease prolonged.
DHCP servers are generally managed by workgroup servers (service generally assured by the
Operating System), but they can also be configured on routers.
BOOTP (Bootstrap Protocol) is the ancestor of the DHCP protocol. Its purpose was to attribute a
layer 3 configuration to workstations without hard disk. DHCP takes back some of its characteristics:
• Functions in client / server mode
• Uses the UDP ports 67 (server) and 68 (client), called BOOTP ports
• Attributes an IP address
• Attributes a subnet mask
• Attributes a gateway address
• Attributes a DNS server address
The protocol BOOTP assigns addresses in a static way: first, the BOOTP server has to get a
correspondence table of MAC - IP to attribute an IP. BOOTP doesn’t get notion about lease and thus
makes a permanent mapping between a host and an IP address that it’ll give to host.
Finally, the DHCP protocol can provide until 30 configuration options, against only 4 for BOOTP (IP,
mask, gateway, DNS address).
Essential – Cisco CCNA 4 9 / 60
1) DHCP DISCOVER
• When a DHCP configuration client is located on an workstation’s user, it sends a
broadcast request to the servers DHCP, called DHCP DISCOVER
2) DHCP OFFER
• The DHCP server receiving the broadcast and being able to response the request sends
a unicast request to the client. This DHCP OFFER contains all necessary information
for the client (IP, gateway, duration of lease, DNS server, WINS, etc.)
3) DHCP REQUEST
• The client sends then a broadcast answer to confirm the offer that he selected (the one
which arrived firstly at it).
• If there were several DHCP servers, every one knows each other and can release their
offer together as a consequence.
• If it is about a lease renewal, the client suggests to the server the IP that he wants to
get again.
4) DHCP ACK
• A unicast ACK confirmation is sent by the DHCP server to the client. Once, DHCP
ACK successful, the client can then use the IP address as well as the rest of the
attributed configuration.
• DHCP DECLINE: If the client detects the IP that was proposed on the same network
segment, it sends this request to the server. The process restarts.
• DHCP NACK: When a server detects that the IP for which it has to send back an ACK, is
already used on the network, it sends a DHCP NACK. The process has to restart for the
concerned client.
Essential – Cisco CCNA 4 10 / 60
• DHCP RELEASE: When a client wants to cancel the lease (stopping system, ipconfig
/release Windows command), this request is sent to the server so that he releases the address’s
booking.
The DHCP server is a part of the company’s server. It is very current that these servers are placed on a
different sub-network from the user’s one.
A problem occurs: although client requests are being sent to the DHCP server by broadcast, a router
by segmenting the network (broadcast domain) will also stop these broadcasts the same way it does for
DNS services, TFTP, TACACS (authentication service), etc.
We can avoid this problem by applying the “ip helper-address” command to the interface of a router.
This one allows to relieve broadcast UDP towards a unicast defined address. Those relays are done for
all the following UDP services:
• Time Protocol
• TACACS
• DNS protocol
• BOOTP / DHCP service
• TFTP
• NetBIOS service
DHCP DISCOVER
Serveur DHCP (Unicast)
10.0.0.1
F 0/0
F 0/0 ip helper-address 10.0.0.1
DHCP DISCOVER
(Broadcast)
IP = ?
Essential – Cisco CCNA 4 11 / 60
2.2. Configuration
Like for NAT, the DHCP configuration requires to define groups of attributed addresses range.
2.2.1. Commands
• default-router {prefix}
o DHCP configuration mode
o Specifies default gateway
• netbios-name-server {prefix}
o DHCP configuration mode
o Specifies NETBIOS WINS server
• domain-name {name}
o DHCP configuration mode
o Specifies domain name
• ip helper-address {prefix}
o Interface configuration mode
o Relays UDP broadcasts (received on interface) towards specified unicast address
Essential – Cisco CCNA 4 12 / 60
Optional commands:
2.2.3. Verification
Two show commands allow verifying the good functioning of DHCP protocol:
• show ip dhcp binding
o Privileged mode
o Displays connections created by DHCP (MAC - IP)
o Displays the date of the end of lease
o Displays the address allowance type (Automatic, Manuel, Dynamic)
3. WAN networks
3.1. Definitions
Main characteristics of WAN networks:
• Operate on a wide geographical area
• Make us of Telecom operator services
• Carry several kind of traffic
• Focused on physical and data-link layers of the OSI model
The “local loop” is the part located between the customer’s POP and the service provider Central
Office (CO).
A WAN network, from a global general point of view, is a group of interconnected link from several
service providers.
Service provider’s role is to supply end-to-end communication, using several switching methods
(circuits, packets, cells).
Communication Establishment
• Also called signalization, this service allows to establish or to end the communication between
users of the telephony system.
Data transit
• Time-division multiplexing: Simple principle that allocates all the available bandwidth of a
line during a fixed time interval to each user.
• Bandwidth sharing: We have all the bandwidth available on the backbone, and the users that
are connected to it share the bandwidth equally.
The main objective of the DCE is to be the interface between the DTE and the WAN communication
link of the provider:
• Point-to-point circuit: Physical circuit dedicated to both extremity (Example: POTS or ISND
circuit)
• Virtual circuit : Logical circuit that goes trough networks ( Example: Frame Relay, X25)
Essential – Cisco CCNA 4 14 / 60
• SVC
o Dynamically established on demand and closed at the end of the transmission.
o Communication in 3 steps: Circuit establishment, data transfer, circuit closing.
o Consume bandwidth because of the several communication steps.
o Cost related to the occupation (in Time) of the circuit
• PVC
o Permanently Established
o Is used to transmit constant throughput
o Communication in one step: data transmission
o Bandwidth consumption reduced compared to SVC
o Greater cost because of the permanent availability of the service
Router
Communication server
• Router: Routing device, that features several services and interface ports for LAN and WAN
network.
• Communication server: Inbound and outbound communication concentrator.
• WAN switches: Multi-ports devices that ensure WAN traffic switching.
• Modem: Equipment used to convert a digital signal to an analogical one using modulation and
demodulation principle.
• CSU/DSU: Digital interface (or two separated interfaces, if the CSU and the DSU are
separated) that adapt the DTE interface to the DCE one. This unit is usually inside the router.
Essential – Cisco CCNA 4 15 / 60
• CPE: Equipment placed in the customers premises that belong to him or rent out by the
provider (Example: Modem).
• Demarcation line: Demarcation between the customer and the provider part (local loop). The
responsibility of each side (customer and provider) stops there.
• Local loop: Part that link the demarcation line to the service provider equipment.
• Central Office Switch: Switching point that is nearest to the customer.
• Service provider interurban network: Units and switches (call network lines) located in the
“provider’s cloud”.
The main organisms that define and manage WAN norms are:
The physical layer of a WAN network mainly describes the interface between the DTE (connected
unit) and the DCE (provider side):
• EIA/TIA-232: Similar to the V.24 and formerly called RS-232. Used for the asymmetrical
circuits whom bandwidth can reach 64 Kbits/s.
• EIA/TIA-449: Faster version of EIA/TIA-232 (2 Mbits/s).
• EIA/TIA-612/613: Describe the HSSI interface (for T3, E3, SDH STM-0, etc.).
• V.24.
• V.35: Describe a synchronous protocol, used for communication in a packet network.
• X.21: For the synchronous digital lines.
• G.703: Connection using BNC connector and working at E1 throughput.
• EIA-530: Two electrical implementation of EIA/TIA-449:
o RS-422: Symmetrical transmission.
o RS-423: Asymmetrical transmission.
• HDLC:
o Can be incompatible between providers because each of them has their own
implementation of HDLC.
o Take in charge point-to-point and point-to-multipoint configuration.
o Comes from the SDLC protocol.
o Protocol enable by default on serial interface of Cisco router.
o Extremely simplified: do not contains any windowing or flow control feature.
o Address field contains only some “1”, with a proprietary code written on 2 bytes
indicating the locking type of the provider frame.
The HDLC protocol is recommended on a link interconnecting two equipment using IOS. If not the
case, it is highly recommended to use PPP.
• Switched connection:
o Circuit switching:
Physical commutation of telephony central offices in order to get a point-to-
point link.
o Packets/cells Switching:
“Logical” switching performed at the layer2 of the OSI model.
• Circuit switching:
o Physical dedicated circuit enable by switching of central telephony offices.
o Established, maintained and closed at each session.
o Established on demand.
o Also used as backup link for main link.
o Provided a dedicated bandwidth
• Packet/cells switching:
o Usage of a PVC similar to a point-to-point link.
o Possibility to forward variable length frames (packets) or fixed length frames (cells).
o The network equipment shares a unique point-to-point link.
o More flexible and use the bandwidth better that circuit switching services.
Essential – Cisco CCNA 4 19 / 60
4. WAN design
Those two criterions are fundamentally in conflict. It is then necessary to keep the balance between the
significance of the resources availability and the global cost.
Then, we are left to make a sensitivity test by breaking working links and looking at the result. We can
use one of theses methods:
• Delete one active interface: Observation of the traffic redirection, of one connectivity loss.
• Modify the network load: Observation of the network behavior during the network
saturation.
• Hierarchical
o Network divided in layers.
o Separated function associated to each layer
• Mesh
o Linear topology.
o All equipments have the same function.
• Make easy the modification and understanding of the network ( modular network)
• Limit the costs and complexity of network updates (applied to one sub-group exclusively)
• Make easy the identification of weak point.
In a design model, layers are separated by layer 3 of the OSI model equipment that divide network in
broadcast domain.
Essential – Cisco CCNA 4 21 / 60
Core layer
Distribution layer
Campus Backbone
Enterprise
Server
Inter-Building
Access layer Backbone
Workgroup
Server
In a two-layered model, each site is interconnected using WAN link at the Core layer. Each site can
contain several LAN.
Essential – Cisco CCNA 4 23 / 60
Core WAN
Workgroup
Server
Enterprise
Server
Heavy traffic rate
A one-layered model (linear model) is set up within companies that do not have lots of remote sites
and if the application needed to be access are mainly within the LAN.
Essential – Cisco CCNA 4 24 / 60
5. PPP protocol
• Flag: indicate the beginning or the end of the frame (Value = 01111110).
• Address: standard broadcast address (Value = 11111111), because PPP does not attribute
host's address (Layer 2).
• Control: supply a not oriented connection service (similar to LLC) (Value = 00000011).
• Protocol: identification of the encapsulated protocol (IP, IPX, etc.).
• Data: contains either zero value, or data (1500 bytes max).
• FCS: Frame Control Sequence for checking errors.
• Establishing a connection.
• Determinate the link’s quality.
• Configure one or several network layer protocols.
• Close the connection.
We can verify the state of protocols LCP and NCP with the show interfaces command.
Essential – Cisco CCNA 4 26 / 60
5.3. Authentication/configuration
PPP protocol can take care of several authentication modes:
• No authentication.
• Using of PAP protocol.
• Using of CHAP protocol.
These commands allow configuration of all the various aspects of the PPP protocol:
• PPP encapsulation
o Interface configuration mode.
o Specifies the encapsulation type for the current interface.
For any problem about the authentication and the negotiation link related to the PPP protocol,
we can use the following commands:
• debug ppp authentication
• debug ppp negociation
Essential – Cisco CCNA 4 28 / 60
Hostname : Hostname :
Password : Password :
First, we are going to study the configuration which is necessary to use for a unidirectional
authentication:
Hostname : Hostname :
Password : Password :
The authentication schema above represents the authentication in a single way. We must
repeat this schema in both ways of the CHAP authentication.
For that purpose, we are going to make the following configuration tasks on the router Lab_A:
6. ISDN technologies
6.1. Technology
There are two types of ISDN services:
• BRI: Basic Rate Interface.
o Also called 2B+D channel.
o 2 B channels - 64 Kbits/s (8 bits).
o 1 D channel - 16 Kbits/s (2 bits).
o Bit rate: 192 Kbits/s (8000 24 bits frames).
o Real rate: 144 Kbits/s (2 B channels + 1 D channel).
• PRI: Primary Rate Interface (working on dedicated lines).
o T1 (Runs at 1.544 Mbits/s):
23 B channels - 64 Kbits/s (8 bits).
1 D channel - 64 Kbits/s (8 bits).
1 bit for frames locking.
8000 frames per second.
o E1 (Runs at 2.048 Mbits/s):
30 B channels - 64 Kbits/s (8 bits).
1 D channel - 64 Kbits/s (8 bits).
1 channel - 8 bits for frames locking.
Speed transmission is always of 8000 frames per second per channel. This two services use multiples
channels, divided in two types:
• B channel (Bearer):
o Traffic transportation of voice and data.
o IDSN offers a great flexibility of use, because it’s possible to use each B channel
separately, to transmit both voice (phone) and data (computer).
o Multilink PPP protocol can be used to regroup bandwidth when multiple B
channels are used for data traffic.
o The possible use of a SPID for B channel. This identifier allows determining the line
configuration, and looks like a telephone number. The switch can therefore link asked
services at the connection
• D channel (Delta):
o Channel of signalization of channel B data processing instructions.
o The signalization protocol for this channel executes at the layers 1 to 3 from the OSI
model.
The LAPD protocol (layer 2) is used on D channel and allows circulation and adequate reception of
information flows of control and signalization. This protocol is similar to HDLC and LAPB (X.25).
Essential – Cisco CCNA 4 31 / 60
It’s possible to connect many user devices on the same ISDN connection. In this case collisions may
occur. D channel takes in charge functions allowing determining conflicts on the line. A simple
principle has been implemented to allow each terminal to transmit:
IDSN switch: Layer 2 device enabling switching between different ISDN links.
• TA (Terminal Adapter):
o Device which converts standard signals (coming from a TE2) into ISDN format.
o Linked upstream from a NT1 or 2.
6.3. Standards
The IDSN technology has been created in order to uniform services offered by providers. This
standardization includes the UNI interface (Correspond to basic generic information and network
functions). In addition, a complete stack of protocols (layers 1 to 3) has been defined.
The different ISDN protocols have been divided into three categories:
• E: ISDN phone network standards.
o E.164: ISDN international addressing.
• I: Concepts, terminology and general methods.
o I.100 Series: General concepts.
o I.200 Series: ISDN services aspect.
o I.300 Series: Network aspect.
o I.400 Series: How the UNI interface is provided.
• Q: Signalization and switching working.
o Q.921: Describes LAPD process protocols (D channel).
o Q.931: Precise layer 3 functions (between the termination point and the ISDN
switch).
The Q.931 standards don’t impose recommendation from one end to the other. This standard can be
used according to the provider and the switch type. During the configuration this point must be
explicit.
Essential – Cisco CCNA 4 33 / 60
The different standards we will study according to the OSI model layers are:
• Physical layer:
o I.430: BRI physical layer specification.
o I.431: PRI physical layer specification.
• Data link layer:
o Q.920 to Q.923: Specification built on LAPD.
• Network layer:
o Q.930 (I.450) et Q.931 (I.451): Connection definition between users, packets or
circuit switching. Establishing, holding and closing signalization of ISDN
network connections is the main objective of these two standards. They also
provide a lot of messages (configuration, connection, release, information on
users, cancellation, status and disconnection).
They are 48 bits long, of which 36 is data. In reality, there’s two successive 24bits (2 B channel 8 bits
+ one D channel 2 bits + 6 bits of locking frame):
6.4. Use/implementation
ISDN technology has many applications:
• Backup for dedicated lines.
• Remote access:
o Distant nodes.
o SOHO (Small Office / Home Office) connectivity.
Essential – Cisco CCNA 4 34 / 60
The Internet
Cisco 2610
+ WIC-1T
+WIC-1B-U Backup link (RNIS BRI)
on the WIC-1B-U
Use of IDSN as an alternative to dedicated lines allows service continuity in case of main link failure.
The use of backup link is automatic, because the best metric route going through the main link will be
disabled, leaving the backup link as the only crossing choice.
LAN
Distant access for an isolated node (Moving employees, etc.) allows an ephemeral connectivity.
The environment presented to the user is the same to what he would see if he was on the local network
(VPN use). The only difference for a distant node is that the link is slower than a LAN, and cross by
the intermediary of an access server, which provide LAN services.
BRI
Distant access for a SOHO (company branch, etc.) allows to a small users group to have an access to
main site resources. The SOHO router does the address translation, in order to provide services to
multiple workers using a single WAN connection (only one IP).
The interesting traffic notion for DDR is traffic, or a packet set, that the router has to send by a
WAN link. This can be based:
• On layer 3 addresses.
• On specific network services, based on port numbers of layer 4 protocols.
The traffic crossing a line using DDR is less important and more intermitting than the traffic crossing
a LAN network or a dedicated line.
6.6. Commands
The necessary to know commands in order to be able to configure a router plugged on an IDSN link
are:
• dialer-group {group_number}
o BRI or Dialer interface configuration mode.
o Assigns the interface to a dialer group to control access to the interface
(corresponding dialer-list).
• dialer in-band
o BRI or Dialer interface configuration mode.
o Indicate that we will let cross the signalization flow in the data channel.
Essential – Cisco CCNA 4 37 / 60
• PPP multilink
o Interface configuration mode.
o Indicate that PPP protocol on the current interface will be able to take in charge the
multiple lines management.
In order to solve possible problems and to watch for protocols and connections status, IOS provide
different commands:
• show interfaces bri {number}:{bearer}: Allow visualizing the status of a particular B
channel of a BRI interface.
• show isdn status: ISDN link status. This command indicates the type of ISDN switch
configured the layer 1-2 status, and the number of actives connections on the link.
• show isdn active: Shows active connections.
• show dialer: Shows parameters and statistics regarding the DDR interface (Dialer).
• debug isdn events: Allows obtaining ISDN events information.
• debug isdn q921: Allows verifying the connection to the ISDN switch (problems linked to the
SPID).
• debug isdn q931: Allows identifying problems between the router and the switch (problems
linked to a bad configuration of ISDN switch type).
• debug dialer [events | packets]: Allows visualizing DDR state.
6.7. Configuration
We can choose between multiple encapsulation types when configuring an ISDN line:
• HDLC (default)
• PPP (Generally used)
7.1. Technology
The Frame Relay technology has the following characteristics:
• Designated for high-tech numerical equipment and with high bandwidth.
• Functioning on the level of layers 1 and 2 of OSI model.
• Use virtual circuits in a switched environment.
• Technology with packet switching, and multiple accesses.
• DTE and DCE are respectively generally the client router and the operator switch.
• Replace point-to-point networks, too expensive.
• Base itself on HDLC encapsulation.
• Use the multiplexing to share the total bandwidth of the Frame Relay cloud.
Definitions:
• Local loop speed: Clock rate connection.
• DLCI (Data Link Connection Identifier): It is a number indicating an extremity point. The
switch Frame Relay maps two DLCI (Source and destination) in order to create a PVC. It has
a local range.
• PVC (Permanent Virtual Circuit): Virtual circuit acting like a connection point-to-point
dedicated to connect two extremities in a switched environment.
• LMI (Local Management Interface): Signals standard between the point of extremity and
the Frame Relay switch in charge of management and maintenance of the state between the
units.
• CIR (Committed information rate): Data flow which the operator commits itself providing.
• Bc (Committed burst rate): Numbers maximum of bits which the switch accepts to transfer
on a given period.
• Be (Committed excess rate): Numbers maximum unguaranted bits that the switch will try to
transfer beyond the CIR. It is generally limited by the speed of the port of the local loop. The
frame emitted in excess have their eligibility bit to the suppression put at 1.
• FECN (Forward Explicit Congestion Notification): Bit defined in a screen which
announces to the receiving unit of launching prevention of congestion procedures.
• BECN (Backward Explicit Congestion Notification): Idem but for the unit source. A router
receiving this notification will reduce the rate of transmission of 25%.
• Bit of deleting eligibility: Bit which indicates that the frame can be removed in priority in
case of congestion.
Essential – Cisco CCNA 4 39 / 60
The diagram above represents a Frame Relay frame specific to messages LMI.
• DLCI LMI: DLCI for messages LMI. It is fixed at 1023.
• Protocol indicator: Defined on a value specifying LMI interface.
• Type of message: Two types were defined, which make it possible to check the integrity of
the logical and physical connections.
o State message: Emitted in response to a message of request for state. Wakefulness
message before or state message on each DLCI defined for the connection.
o Request state message.
Essential – Cisco CCNA 4 40 / 60
• Information elements (IE): Contain one or more data elements of 1 byte each one, and one
or more bytes of data.
DLCI identifier are locally recognized, that implicate they are not necessarily unique in the Frame
Relay cloud (excepted if we use LMI global addressing extension). Two ETTD units can use the same
DLCI value or different to design the distant PVC.
The DLCI space addressing is limited to 10 bits. An address range (0 to 1023) can be used for the end
point addresses (to transport users data), and the rest is reserved to be implemented by the constructor
(LMI messages, multicast address, etc.).
The DLCI exploitable address range is defined by the LMI used type:
• ansi: The DLCI host range is from 16 to 992.
• cisco: The DLCI host range is from 16 to 1007.
• q933a: Same DLCI range as ansi version.
There is an inverse-resolving address process (Inverse-ARP), which allows to the router to create
automatically the Frame Relay card:
• The router learns the DLCI when the LMI is sent by the switch.
• It sends an Inverse-ARP request for each DLCI and each layer 3 protocol locally configured.
• Information which is sent is used to fill in the Frame Relay card.
This switching table is based on a switch port; there are as much tables as used ports. Once more, the
table is managed, which mean the provider decide about each table contents. It will be used for:
• At the moment of first LMI exchange, in order to inform the router of the DLCI of the distant
nodes which are accessible for it.
• During the data transmission, where it functions like a switch LAN table.
Serial 0
Subinterfaces are logical subdivisions of a physical interface and can be of two types:
• Point-to-point.
• Multipoint.
Essential – Cisco CCNA 4 43 / 60
7.5. Commands
The commands relating to Frame Relay are:
• interface serial {number}
o Global configuration mode.
o Allows passing in the desired interface configuration mode.
• bandwidth {bp}
o Interface configuration mode
o Allow to specify the bandwidth of an interface. The value is NOT use to shape the
connection. This value is only use for routing protocol.
• frame-relay switching
o Global configuration mode.
o Allow to activate PVC switching on an ETCD unit.
o Activate the LMI interface.
IOS give us ‘show’ and ‘debug’ command in order to verify the network and especially the Frame
Relay details. Those commands are used to locate and identify the problems.
7.6. Configuration
The DTE interface configuration procedure uses the following steps:
• Go the interface configuration mode (interface serial {number})
• Define a layer address (ip address {IP} {SM}).
• Define the encapsulation type (encapsulation frame-relay).
• Define the local DLCI when the LMI (frame-relay local-dlci {dlci}).(optional)
• Define the link bandwidth (bandwidth {bp}).
• Activate the interface (no shutdown).
Essential – Cisco CCNA 4 46 / 60
The same procedure is not exactly the same when it’s about sub-interface:
• Go the interface configuration mode
• Remove the layer 3 address (no ip address).
• Define the interface encapsulation
• Go the sub interface configuration mode (interface serial {if.subif} {point-to-point |
multipoint}).
• Define a layer 3 address
• Define the local DLCI, (LMI is not supported for sub interfaces) (frame-relay interface-dlci
{dlci}).
• Define the link bandwidth.
• Activate the subinterface
It is possible to simulate a Frame Relay switch with a router. The interfaces are then DCE.
• Activate the frame relay switching on the router (frame-relay switching).
• Go the interface configuration mode
• Remove layer 3 addresses
• Define the encapsulation type
• Define the speed link (clock rate {value}).
• Define the Frame Relay interface type
• Define a route to each reachable destination (frame-relay route {src_dlci} interface serial
{number} {dest_dlci}).
• Activate the interface
Essential – Cisco CCNA 4 47 / 60
8.1.1. Workstations
A workstation is a user post which executes an application and which is connected to a server from
whom it obtains shared data. Most of them have network connections and support multi-user access. A
workstation can be:
• a desktop computer
• a laptop
• a hard disk-less computer
8.1.2. Servers
A server is a computer which executes a network operating system in which workstations will come to
connect. Generally, servers are machine more powerful and sturdier than workstations.
There are several families of network operating system (Windows, Unix, Linux, and Apple). The most
known are detailed below.
Essential – Cisco CCNA 4 48 / 60
• UNIX
UNIX is a name given to a group of operating system coming from Bell's laboratories of 1969. It's a
multi-user and multi-tasks system that supports Internet network protocols. With passing years, several
companies contributed to the development of UNIX, what led in the 1980's its marketing under
different naming:
• Hewlett Packard UNIX (HP-UX)
• Santa Cruz Operation (SCO) UNIX
• Sun Solaris
• IBM UNIX (AIX)
Berkley Software Design, INC. (BSD UNIX) will also distribute its UNIX version which will produce
by-products such as:
• FreeBSD
• OpenBSD
• NetBSD
UNIX, under its different forms, composes and strengthens its position of reliable and secure operating
system today. However, UNIX is often associated to expensive and owning material, but the creation
of Linux is changing this image.
1
Security Accounts Management Database
Essential – Cisco CCNA 4 49 / 60
• Linux
In 1991, frustrated by the office operating system's state, but also by the cost and the problem
licenses, a Finnish student named Linus Torvald started to work on an operating system intended
for computers base on processor 80386. His system was similar to UNIX, and the peculiarity of
this was that the code was opened and free for all user. His work led to an international
collaboration in the community of developers, and from the end of the 1990's, Linux had become
an alternative of UNIX servers and office system Windows.
• Following the example of Unix, there are several versions of Linux among which :
• Red Hat Linux – distributed by Red Hat Software
• OpenLinux – distributed by Caldera
• Corel Linux
• Slackware
• Debian GNU/Linux
• SuSE Linux
Linux is endowed with integrated network components, allowing logging on a local area network, to
establish a network connection commuted towards the Internet, or to make tunneling. The pile of
protocol TCP/IP is moreover directly integrated into the Linux's core.
Apple also has a server version of its famous operating system Mac OS X. This one, named
Mac OS X Server, is able to manage computers under various operating system Apple or competitors
(Mac OS 9, Microsoft Windows, UNIX and Linux, etc…). The core of Mac OS X, which is called
"Darwin", is a derivate from the BSD4.5 and 5.0 technologies. It results from it an overall of the most
popular open-source server technology, combined in the easy installation and the easy use of the
Apple System. The ordinary network applications are all supported (NTP, SMTP, DNS, LDAP, etc.)
and the data sharing with UNIX and Windows is also supported (NFS, Samba).
A network evolves. As this one extends, it becomes a more and more crucial resource for the
organization. Its management gets complicated, and consequently, it becomes more and more
complex. In this case, the administrator’s work becomes hard: if there is a failing service, it can lead to
heavy consequences, particularly in a production environment.
The administrator has to manage the network in an actively, diagnose the troubles, foresee
breakdowns, and prevent them for arising. Bad performances and loss of network resources aren't
acceptable for the users. It becomes very hard for an administrator, even impossible, to carry out all
these tasks without software help, neither automatic network management tools.
Essential – Cisco CCNA 4 50 / 60
To have a builder’s common model, the ISO took care of creating a standard for network management.
The creation of a common network administration model was given to a committee managed by the
OSI group.
The committee in charge of this modeling created a network administration model shared in four parts:
• Organization model: it defines different network administration components, administrator,
NMS, SNMP agent, etc, as their relations.
• Information model: it defines the administration information stocking structure, called SMI
• Communication model: it defines the way witch data is forwarded from NMS to SNMP
agent. It deals with communication protocol (SNMP).
• Functional model: it handles network administration’s applications which work on the NMS.
Network
monitoring
8.4.1. Introduction
SNMP (Simple Network Management Protocol) was adopted as standard for TCP/IP network in 1989.
This protocol indicates a set of administration standards, notably:
• a communication protocol
• a database structure specification
• a data objects set
Very popular and present in most of the company networks, SNMP knows an upgrade (SNMP v2c) in
1993, improving, among others, administration information structure, authentication and the protocol
itself. SNMP evolves to arrive at the version 3 (SNMP v3) which support authentication and
communication encoding, while remaining compatible with previous versions.
8.4.2. Functioning
The amount of accessible and recoverable information is very numerous and detailed. SNMP is a
simple protocol, but its functions are enough efficient to manage problems bound to the administration
of heterogeneous networks. The organizational model of the SNMP network administration contains
four elements:
The NMS is generally an autonomous workstation. It consists of a set of software named NMA.
Those integrate a user interface allowing administrator to supervise the network by getting back
information on SNMP agents. Those are situated on the different network equipments (router, bridge,
hub, switch, application server).
A SNMP agent can answer an action execution request from the NMS. It can also go back up useful
information, not asked by the NMS, such as the loss of connectivity between two routers, or a
dysfunction of the company mail service.
To allow a NMS to have a dialogue with a SNMP agent, the protocol defines a chain of characters:
"the community string". Exchanges are possible only between agents and NMA of the same SNMP
community.
This very basic form of checking stays a simple identification implemented by the SNMP protocol
(SNMPv1)
Because this represents a big security failure (the identifier travels without being encoded), the version
2 of SNMP benefited from the implementation of authentication and integrity mechanisms (symmetric
encoding with private keys, using algorithm HMAC-MD5-96).
This one raising compatibility problems with previous versions, the version 3 was conceived to
prevent these problems. SNMPv3 allows a greater security, as a compatibility with previous versions.
A community sting can have read only or reading / writing permissions on objects. The community by
default for read only is "public", and "private" for the access in reading and writing.
SNMP is a protocol of the application layer, which uses 161 (NMS) and 162 (Agent) UDP ports. It
works according to a system of exchange of message. Those can be of types:
• Get: recovery of the value of a MIB objects from the agent; requires at last reading rights.
• Set: allocate a value to one of the MIB objects, thanks to the agent; requires reading and
writing rights.
• Trap: used by the agent to indicate information considered as "important" for the NMS.
8.4.3. MIB
The MIB is organized in a tree structure defined by the SMI1 standard. SMI also specifies the data
types used to stock an object (integer, character string), the way witch are called those objects etc.
Every final element of the MIB represents an attribute of the network equipment concerned.
It’s a system of reference holding a full of information about the equipment. You can find standard a
proprietary MIB
Essential – Cisco CCNA 4 54 / 60
The diagram below presents different group of the MIB as their OID:
8.4.4. Configuration
The following commands allow configuring a communication between the different network
equipments and the NMS:
8.4.5. RMON
RMON defines a monitoring MIB witch complete MIB-II. This MIB contain statistics
information got by analyzing every frame from a network segment. To do this, material monitoring
equipment (RMON probe) are located on the network segment to monitor. Those equipments allow
creating alerts defined by the user, but above all gathering multiple crucial statistics thank to a serious
analyze of every frame.
With RMON, the administrator can get information about the global estate of a LAN segment
(collisions rate on the segment, terminal sending the most broadcast etc.). Now the administrator is not
restricted to see local information and own to equipment executing a classic SNMP agent.
RMON did not require the SNMP protocol change, to integrate RMON it just need to add MIB entities
in the MIB. There are two versions:
• History group
Keep samples from statistics group in order to reply to the later administrator request.
• Alarm group
Allow to configure alarms (threshold, intervals) about data coming from statistics group.
• Host group
Measure the different type of traffic from a source host to a destination network.
• Filter group
Define a set of filters to identify and catch a flow of packets matching to a different plan.
• Event group
Stock the events for the administrator. It can be personalized reports base on the alarm type.
• Ip mapping group
Conserve information about binds between MAC et IP addresses.
Iso
Org
DoD
Capture
Filter
Matrix
Host TopN
Hosts
Alarm
History
Statistics
protocolDir
protocolDist
addressMap
nlHost
nlMatrix
alHost
alMatrix
RMON1
userHistory
RMON2
probeConfig
TOKEN RING
TokenRing
Essential – Cisco CCNA 4 59 / 60
8.5. Syslog
8.5.1. Functioning
Syslog is a monitoring events utility of Cisco based on the utility Syslog of UNIX. Originally, Syslog
was developed only for the software called Sendmail. But the usefulness of this last was such as, that
many application went on to use it. Syslog works on a client – server architecture.
The used port on the server is the UDP port 514 and the messages size can not up to 1024 bytes.
On routers and switches Cisco Syslog events can be sent on a NMS. So the messages sent will “non-
solicited” (Traps).
Every Syslog message is time stamped, and contain a severity level as a log message. Those messages
are sometimes the only way to resolve a problem on the equipments. It exist 8 severity levels in the
Syslog Traps. (0 to 7). The level 0 is the most critical and 7 the least.
A network equipment will not send Syslog messages to the server witch the severity is upper (lower
with the number) to the defined limit.
The default level of severity is 6 on the Cisco equipments. All the messages will available except for
the debug messages.
The default level of severity is 6 on the Cisco equipments. This parameter is configurable.
Essential – Cisco CCNA 4 60 / 60
8.5.2. Configuration
In order to NMS could receive Syslog traps of an equipment, it must have a Syslog (CiscoWorks2000,
Kiwi Syslog, etc.) application server configured on this last.
You have to configure the router for sending events on the NMS. Bellow, different needed
configuration commands on the router 2620xm:
• logging on
o Global configuration mode
o Enable events recording