1

Course Introduction

Cisco Career Certifications

CCIE

Expert

Required Exam
CCNA

Recommended Training Through Cisco Learning Partners

Cisco Certified Network Associate

CCNP

Professional

CCNA Exam 640-802

CCNA

Associate
3 http://www.cisco.com/go/certifications

Cisco Different Certifications Fields

CCIE Routing and Switching CCNP None CCNP CCIE Service Provider CCIP

CCNA

CCDA or CCNA

CCNA

Network Implementation
CCIE Security CCSP CCNA

Network Design
CCIE Voice CCVP

Network Service Provider

CCIE CCIE Service Provider Storage Networking
CCIP None CCNA CCNA

CCNA

Network Security

Voice Networks

Storage Networking
4

Course Topics
- Introduction , OSI & TCP/IP - OSI & TCP/IP Layers - IP Addressing & Subnetting - Introduction to Cisco IOS - Routing - Access lists - Switching - WAN

Networking Technologies
Network: is basically all the components (H/W & S/W) involved in connecting computer across small and large distance

Importance of Networks: Easy access and sharing of information Sharing of expensive devices and network resources Modern Technologies (IP telephony, Video on Demand, .etc)
6

Network components
Network has three main components Computers (servers and hosts) - Source of applications (network aware applications) - ex: HTTP (Hyper Text Transmission Protocol), FTP (File Transfer Protocol), SNMP (Simple Network Management Protocol) Telnet

Network Devices - Devices that interconnect different computers together - ex: Repeaters, hub, bridge, switch, router, NIC and modems
Connectivity - Media that physically connect the computers and network devices - ex: Wireless and cables

Network Types
LAN (Local Area Network): It is a group of network components that work within small area WAN (Wide Area Network): It is a group of LANs that are interconnected within large area

Reference Models
- describe data transfer standards - a framework (guideline) for network implementation and troubleshooting

- Reference model types : - OSI - TCP/IP

Reference Models
7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical

Application Transport
Internet

Network Access
10

The OSI Reference model

- Transmission example:
A B

7 Application 6 Presentation 5 Session 4 Transport 3 Network

Segment
Packet Frame User Data

7 Application 6 Presentation 5 Session 4 Transport 3 Network

2 Data Link
1 Physical

2 Data Link
1 Physical

Bits

11

Encapsulation Process

12

Layer 7 - The Application Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
This layer deals with networking applications.
Examples: Email Web browsers Each application uses a certain service from Transport Layer (reliable or unreliable) PDU - User Data
13

Layer 6 - The Presentation Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
14

This layer is responsible for presenting the data in the required format which may include: Encryption Compression
PDU - Formatted Data

Layer 5 - The Session Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
15

This layer establishes, manages, and terminates sessions between two communicating hosts. Example: Client Software ( Used for logging in)
PDU - Formatted Data

Layer 4 - The Transport Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
16

- This layer breaks up the data from the sending host and then reassembles it in the receiver. (segmentation) - It also is used to insure reliable data transport across the network (reliability and flow control) PDU - Segments

Layer 3 - The Network Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
17

- Logical addressing (IP address) - Best Path Determination (routing) PDU - Packets

Layer 2 - The Data Link Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
18

This layer provides reliable transit of data across a physical link hop by hop . Makes decisions based on physical addresses (usually MAC addresses)
PDU - Frames

Layer 1 - The Physical Layer

7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
This is the physical media through which the data, represented as electronic signals, is sent from the source host to the destination host. Examples: UTP Coaxial (like cable TV) Fiber optic PDU - Bits

19

TCP/IP model

7 Application 6 Presentation
5 Session 4 Transport 3 Network 2 Data Link 1 Physical Transport Internet Network Access Application

20

Hierarchical Network Model

21

The Physical Layer

22
22

Physical Layer Responsibilities

Description of LAN/WAN cables & connectors

Description of LAN/WAN standards (maximum length, bit rates, pin assignment, voltage levels)

Physical Layer Devices

23

LAN Physical Layer

Ethernet cables :
- Copper ( UTP , STP , Coaxial ) - Fiber

24

Unshielded Twisted Pair (UTP) Cable

prevents EMI , RFI

CAT5

CAT 5e , CAT6

RJ-45 to avoid attenuation

25

Using UTP cable to connect devices

1- straight cable 2- cross cable 3- roll over cable

26

Straight-Through or Crossover cables

Cross cable

PC
router

switch hub

Cross cable

modem

straight cable

27

Shielded Twisted Pair (STP) Cable

28

Coaxial Cable

thick coaxial , thin coaxial (200 m)

29

Fiber Optic Cable

30

Fiber Optic Connectors

single mode fiber

multimode fiber
31

WAN Physical Layer

serial cables

32

WAN Terminologies
DTE : DCE :

33

Transmission modes
- Full duplex : devices can send , receive data at the same time (two ways for transmission) - Half duplex: one circuit for transmission , so only one device can use the bus (send or receive) at a time , if two devices sent at the same time collision occurs .
34

Layer 1 devices 1- Repeater

A repeater is a network device used to regenerate a signal. Repeaters regenerate analog or digital signals distorted by transmission loss due to attenuation. Rule : no more than four
repeaters can be used between hosts on a LAN.

35

2- Hub
A Hub is a multi-port Repeater Hubs takes data bits from input port and forward it to all other ports

repeater and hub work in half duplex mode

36

The Data-Link Layer

37
37

Data-Link Layer Responsibilities

Description of H/W addressing MAC (Media Access Control) address

frame format

Error detection between hop to hop

Data-Link layer standards : LAN: Ethernet, Token Ring, FDDI WANs: HDLC, PPP, ISDN, X.25, Frame-Relay, ATM
38

Ethernet Overview
- Ethernet is now the dominant LAN technology in the world.

- Ethernet is not one technology but a family of LAN technologies.

- Ethernet specifications support different media, bandwidths, and other Layer 1 and 2 variations.

39

MAC Address
- MAC address is 48 bits in length and expressed as twelve hexadecimal digits. - MAC addresses are burned into read-only memory (ROM) of the NIC - each NIC has a unique MAC address - MAC address can represent unicast , broadcast and multicast ex. A34C.52BD.1234

40

CSMA/CD operation in half duplex media

Host can not send whenever bus is busy

41

Ethernet Frame Structure

IEEE802.2

Type

Data
42

Layer 2 devices
A layer 2 device is a device that understand MAC, for example: NIC (Network Interface Card) Bridge : - address learning - forwarding decisions are based on software - bridge is used for LAN segmentation Switch: - a multi-port bridge - forwarding decisions are based on hardware ASIC (faster than bridge)
43

Ethernet Switches and Bridges

All ports of the Switch and Bridge are members in single broadcast domain, and multiple collision domains

Transparent Bridge and Switche has 3 main functions

Address learning Forward/filter decision Loop avoidance
44

1- Address Learning

Switch learns which MACs are connected to which ports by checking the frame source MAC address .
45

2- Forwarding

- Forwarding is done by checking the destination MAC address

- If the destination MAC is unknown unicast or broadcast or multicast the frame will be flooded (sent out of all switch ports) - for the known unicast, switch will forward frame through the learned port only
46

Types of frame errors

1 CRC error : Frame contents changed during transmission

2 Runt frame :
Frame size is less than 64 byte 3 Giant Frame :

Frame size is larger than 1518 byte

47

Forwarding modes
Cut-Through Switch checks destination address and immediately begins forwarding frame. Store and Forward Complete frame is received and checked before forwarding.

Fragment-Free Switch checks the first 64 bytes, then begins forwarding frame.

48

3- Remove Layer 2 loops

MAC A A

port 3 1 Solution : using Spanning tree protocol (STP)

49

Frame creation
Source MAC Destination MAC Source IP Destination IP

Burned on the NIC

- ARP

- Static

DNS

- Proxy ARP

- Dynamic (RARP , BOOTP , DHCP)

50

- Source MAC

Burned on the NIC

51

- Source IP
1- by static configuration

52

- Source IP
- DHCP :
- Dynamic host configuration protocol

- DHCP allows a host to obtain an IP address dynamically without the network administrator having to set up an individual profile for each device. - a range of IP addresses on a DHCP server is defined . - the entire network configuration of a computer can be obtained in one message from the server.

53

- Destination IP
DNS :

Application specified in the TCP/IP suite

Means to translate human-readable names into IP addresses

54

- Destination MAC
- ARP :
- each PC form an ARP table containing the learned MACs

55

- Destination MAC
- Proxy ARP :
A
B A B

Router R

I take care, to forward IP packets to B

Broadcast Message to all: If your IP address matches B then please tell me your Ethernet address

Yes, I know the destination network, let me give you my Ethernet address 56

The Transport Layer

57
57

The Transport Layer

reliable service

unreliable service

58

Flow Control
- Windowing (PAR):

error in
2 2 2

2
3

Flow Control
- Windowing (PAR):

60

Layer 4 Addressing
Port Numbers :

Port numbers are classified to Well Known port (0-1023): it identifies different applications, ex:FTP(20,21), Telnet(23), SMTP(25), DNS(53), HTTP(80)
User defined port (1024-65535): it is given randomly by the operating system for each session initiated by the hot
61

Multiplexing applications
2 1

12.0.0.1 13.0.0.1 web server

12.0.0.2

Source IP
1 2 12.0.0.1

Destination IP Source port Destination port

13.0.0.1 1200 80

12.0.0.1 12.0.0.2

13.0.0.1 13.0.0.1

1500 1200

80 80

62

TCP Header

UDP Header

The Application Layer

65
65

TCP/IP Application Layer Overview

File transfer FTP TFTP E-mail Simple Mail Transfer Protocol Remote login

Telnet
Network management

Simple Network Management Protocol

Name management Domain Name System

66

Port Numbers

67

The TCP/IP Internet Layer

68
68

Internet Layer
Internet Layer is responsible for the following: Support of logical addressing for network components Routing (Finding the best path for data) Layer 3 devices

Internet Layer protocols are IP (Internet Protocol) ICMP (Internet Control Management Protocol) ARP (Address Resolution Protocol), RARP (Revere ARP) Routing Protocols ex. OSPF , EIGRP , IP has the following characteristics Provide Logical addressing Provide connectionless best effort delivery of data
69

IP Packet
IP packets consist of the data from upper layers plus an IP header. The IP header consists of the following:

70

IP addressing
- Each host in the network must have a unique IP address because duplicate addresses would make routing impossible - IP Addressing is a hierarchical structure as the IP address combines two identifiers into one number . the first part identifies the network address , the second part, called the host part, identifies which particular machine it is on the network. - IP address is a 32 bit (4 bytes= 4 octets) address that is mainly divided to network part (representing the network ID where the device is located in) & Host part (representing the ID of the host) - It is represented in a dotted decimal form, where each octet is transformed to its decimal value. 71 ex. 192.168.1.3

IP Address Classes
IP addresses are divided into classes to define the large, medium, and small networks. Class A addresses are assigned to larger networks. Class B addresses are used for medium-sized networks, Class C for small networks, Class D for Multicasting Class E for Experimental purposes

72

Identifying Address Classes

Note : for Class A , networks 0 & 127 are reserved (class A range 1 - 126)

73

Public IP Addresses
- Unique addresses are required for each device on a network - Originally, an organization known as the Internet Assigned Numbers Authority (IANA) handled this procedure. - No two machines that connect to a public network can have the same IP address because public IP addresses are global and standardized.

74

Private IP Addresses
Private IP addresses are another solution to the problem of the impending exhaustion of public IP addresses.As mentioned, public networks require hosts to have unique IP addresses. However, private networks that are not connected to the Internet may use any host addresses, as long as each host within the private network is unique.

75

IP address types
IP address could be one of three categories Network address Host address Broadcast address

76

Network / Broadcast Addresses

- Network address : the first IP address in it which all host part bits = 0 - Broadcast address: the last IP address in the network which all host part bits = 1
no. of host bits

- other addresses are host addresses = 2 - Here are some examples:

Class Network Address

-2

Broadcast Address

A B C

12.0.0.0 172.16.0.0 192.168.1.0

12.255.255.255 172.16.255.255 192.168.1.255

77

Subnet Mask

- 32 bit mask ( 1s followed by 0s ) - Used by routers and hosts to determine the number of network- significant bits ( identified by 1s ) and host- significant bits in an IP address (identified by 0s) - example :
Class A B C Network Address 12.0.0.0 172.16.0.0 192.168.0.0 Default subnet mask 255.0.0.0 or 255.255.0.0 or 255.255.255.0 or /8 /16 /24

78

Octet Values of a Subnet Mask

Subnet masks like IP addresses can be represented in the dotted decimal format like 255.255.255.0.

79

Subnetting
- Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller, more efficient and manageable segments, or subnets. - Subnetting is done by taking part of host bits then add it to the network part

IP address

Network part

Host part

Subnet bits

Network part

Host part

80

Subnetting Example
Divide network 192.168.1.0/24 into 4 subnets
Solution: 4 subnets need 2 bits
192.168.1 . 0 192.168.1 . 0000 0000 to 0011 1111 192.168.1 . 0100 0000 to 0111 1111 192.168.1 . 1000 0000 to 1011 1111 192.168.1 . 1100 0000 to 1111 1111 subnet mask is 255.255.255.192 or /26 The first subnet is 192.168.1.0/26 The second subnet is 192.168.1.64/26 The third subnet is 192.168.1.128/26 The fourth subnet is 192.168.1.192/26
0 - 63

64 - 127
128 - 191 192 - 255

81

Divide network 192.168.1.0/24 into 4 subnets

Solution :
- 4 subnets need 2 bits - subnet mask = 255.255.255.192 - interesting octet is 192 - hop count = 256 192 = 64 - The first subnet is 192.168.1.0/26 - The second subnet is 192.168.1.64/26 - The third subnet is 192.168.1.128/26 - The fourth subnet is 192.168.1.192/26

82

Determine if this IP is network address or host address or broadcast address 172.16.5.0/23

Solution : - subnet mask = 255.255.254.0 - interesting octet is 254 - hop count = 256 254 = 2 - The first subnet is 172.16.0.0/23 - The second subnet is 172.16.2.0/23 - The third subnet is 172.16.4.0/23 - The fourth subnet is 172.16.6.0/23 So 172.16.5.0/23 is a host address

172.16.5.0/23

83

- Which IP address should be assigned to PC B ?

A . 192.168.5.5 B . 192.168.5.32 C . 192.168.5.40 D . 192.168.5.63 E . 192.168.5.75 Answer : C

A B

192.168.5.33/27
?

84

- Given the choices below, which address represents a unicast address?

A. B. C. D. E.

224.1.5.2 FFFF. FFFF. FFFF. 192.168.24.59/30 255.255.255.255 172.31.128.255/18

Answer : E
85

ICMP
Internet control message protocol verifies network devices connectivity (Ping)

D:\>ping 192.110.1.140

Pinging 192.110.1.140 with 32 bytes of data:

Request timed out

86

Layer 3 devices
Router :
- best path determination - creating routing table - connecting different LANs

All interfaces of the router are members in multiple broadcast domains, and multiple collision domains
87

Find number of broadcast domains and number of collision domains

Solution :
no. of broadcast domains = 2 no. of collision domains =4
88

89

Operating Cisco IOS Software

90
90

Cisco Software components

Cisco IOS (Internetwork Operating System) It is the operating system that manages the hardware platform it is working on. Configuration File It is a program file that contains commands that reflect how the router will react.

91

Router Internal Components

Current Config. Configuration file

IOS

92

External Components of a 2600 Router

93

Computer/Terminal Console Connection

94

HyperTerminal Session Properties

95

Setup mode
- Permit the administrator to install a minimal configuration for a router ( appeared if no saved configuration , Ctrl-C to skip )

96

Other Router Modes

97

IOS Features

Support context help and abbreviations ( ? ) Support of auto complete ( Tab button ) Support syntax error detection

98

Context help features

99

Configuring Router Identification

100

Configuring a Router Password

101

Configuring Interfaces
S0/0

S0/1
192.168.1.2/30

192.168.1.1/30 Router#config t RouterA(config)# interface serial 0/0 RouterA(config-if)# ip address 192.168.1.1 255.255.255.252 RouterA(config-if)# no shutdown RouterA(config-if)# clock rate 56000 (required for serial DCE only)
RouterB(config)# int serial 0/1 RouterB(config-if)# ip address 192.168.1.2 255.255.255.252 RouterB(config-if)# no shutdown RouterB(config-if)# exit RouterB(config)# exit Router# To know which interface is the DCE : RouterA# show controller s0/0

102

monitoring and debugging

show commands are typed in the privileged EXEC mode (enable mode) #show interface #show interface s0/1 #show ip interface brief #show controllers s0/0 Displays all the statistics for all the interfaces Displays statistics for interface Serial 0/1 Displays a summary about interfaces Displays information-specific to the interface hardware

#show flash #show start #show run #show version #show ARP #erase start #reload #copy run start

Displays info about flash memory and what IOS in it Displays the saved configuration located in NVRAM Displays the configuration currently running in RAM Displays info about the router and the IOS Displays the ARP table of the router
erase the saved configuration file in NVRAM

restart the router

save the current configuration in RAM into the NVRAM
103

show flash command

104

show running-config and show startup-config Commands

Displays the current and saved configuration

105

show interfaces Command

106

Serial Interface show controller Command

Shows the cable type of serial cables

107

Using Telnet to Connect to Remote Devices

Telnet is used to check all the TCP/IP stack

108

Using the ping and trace Commands

Ping commands tests the connectivity and path to a remote device ( test layer 3 in TCP/IP )
109

Interpreting the Interface Status

S0/1 S0/0

Interface is working properly

Layer 1 status Layer 2 status

Other interface status :

- Serial0/1 is administratively down , line protocol is down
interface is shut down

- Serial0/1 is down , line protocol is down

interface or cable H/W failure ( no keep-alives ) - Serial0/1 is up , line protocol is down

different encapsulation type ( PPP , HDLC , FR ) or no clock rate on the DCE device.

110

show version Command

111

Configuration Register Values

The configuration register value set the boot option

0x2100 0x2101
0x2102 to 0x210F The value 0x2142 is used to bypass the NVRAM
112

Boot system command

- beside the configuration register you can use the boot system command to force booting location. Router(config)# boot system flash Router(config)# boot system rom Router(config)# boot system tftp
113

Discovering Neighbors with CDP

CDP runs on routers with Cisco IOS to get information about the direct connected Cisco devices. Summary information includes: Device identifiers Address list Port identifier Capabilities list Platform
114

Using the show cdp neighbors Command

RouterA# show cdp neighbors detail

provide also the neighbors ip addresses.
115

Cisco IOS copy Command

To save IOS image or configuration file # #

#
# #

116

Managing configuration file with TFTP application

FLASH

TFTP application

wg_ro_a#copy tftp flash

Address or name of remote host [10.1.1.1]? Source filename []? c2500-js-l_120-3.bin Destination filename [c2500-js-l_120-3.bin]? Accessing tftp://10.1.1.1/c2500-js-l_120-3.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeee (output omitted) ...erased Erase of flash: complete Loading c2500-js-l_120-3.bin from 10.1.1.1 (via Ethernet0): !!!!!!!!!!!!!!!!!!!!

(output omitted) [OK - 10084696/20168704 bytes]

Verifying checksum... OK (0x9AA0) 10084696 bytes copied in 309.108 secs (32636 bytes/sec) wg_ro_a#

Managing configuration file with TFTP application

wg_ro_a# copy run tftp
Address or name of remote host []? 10.1.1.1 Destination filename [running-config]? wgroa.cfg .!! 1684 bytes copied in 13.300 secs (129 bytes/sec)

wg_ro_a# copy tftp run

Address or name of remote host []? 10.1.1.1 Source filename []? wgroa.cfg Destination filename [running-config]? Accessing tftp://10.1.1.1/wgroa.cfg... Loading wgroa.cfg from 10.1.1.1 (via Ethernet0): ! [OK - 1684/3072 bytes]

1684 bytes copied in 17.692 secs (99 bytes/sec)

118

119

Introducing Routing

120
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-120

What Is Routing ?

To route, a router needs to do the following:

Discover the connected networks . Select the best paths (routes) to these networks. Maintain and verify routing information using a routing table.
121

Routing table

Routing table contains the best paths discovered by a routing protocol

122

Routing Protocols

Static Route a route (path) that a network administrator enters into the router manually

Dynamic Route a route (path) that a network routing protocol discovers automatically and adjusted when topology changes
123

Routing Protocols
Static
Direct connected Static Default route route
IGP Distance vector (RIPv1 , IGRP)

Dynamic
EGP
(EGP , BGP)

Link state (OSPF , ISIS)

Hybrid (EIGRP , RIPv2)

124

Autonomous Systems: Interior or Exterior Routing Protocols

125

Routing table creation

Routing table contains only the decisions of the best routing protocol and the best paths to reach networks. - The best routing protocol is elected based on its administrative distance. - The best paths depend on its metric

126

Administrative Distance
it is a value between ( 0 255 ) that reflects the truthfulness of routing protocol (the best protocol has the least admin. distance)
OSPF
110

127

Selecting the Best Route with Metrics

- The best path has the least metric. - each routing protocol use a metric type (hop count , BW , delay , load , reliability , MTU)

128

Static routing protocol

1- Direct connected networks :
- Direct connected networks are automatically detected by the router without configuration - symbol in routing table is C - admin. Distance = 0
10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0

C 10.0.0.0 C 11.0.0.0

C 11.0.0.0 C 12.0.0.0

C 12.0.0.0 C 13.0.0.0
129

Static routing protocol

2- Static route :
- manually you can define a path to reach a certain network - symbol in routing table is S - admin. Distance = 1
192.168.1.0/24

Internet
12.0.0.1/8 12.0.0.2/8

192.168.1.0

S0 12.0.0.2
130

OR

192.168.1.0

Static routing protocol

3- Default route :
- This route allows the stub network to reach all known networks beyond router A (gateway of last resort) - symbol in routing table is S*
192.168.1.0/24

Internet

S0 12.0.0.1/8 12.0.0.2/8

12.0.0.1

131

Displaying the routing table

router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C S*

12.0.0.0 is directly connected, Serial0 0.0.0.0/0 is directly connected, Serial0

132

Dynamic routing protocols

Distance Vector Routing Protocols :
- each router detects its direct connected networks and form its initial routing table - routers pass periodic copies of routing table to neighbor routers and learn the best paths to all networks ( the paths with the least metric ) and form the final routing table (convergence) - after convergence periodic updates (full routing table) are sent to indicate any change in the topology .

133

Distance Vector Routing Protocols

10.0.0.0 11.0.0.0 12.0.0.0

13.0.0.0

10.0.0.0

11.0.0.0

12.0.0.0 13.0.0.0

11.0.0.0
12.0.0.0 13.0.0.0

12.0.0.0
13.0.0.0 10.0.0.0

11.0.0.0 10.0.0.0
134

Routing loops
- when network 10.0.0.0 fails , router A will mark its metric by 16 (a max. hop count value to avoid counting to infinity) and send its routing table to B after the periodic interval.
- before B sends its periodic update to C , router C sent its routing table to B containing a path to 10.0.0.0 with a better metric so B think that 10.0.0.0 can be reached by C while C depends on B for that so loop occurs .
10.0.0.0

10.0.0.0

E0

16 down

10.0.0.0 10.0.0.0

S0 S1

16 3

10.0.0.0

S0

2
135

Routing loops solutions

- Split Horizon :
route learned from an interface can not be sent back on the same interface
10.0.0.0

10.0.0.0

E0

16 down

10.0.0.0

S0

16

10.0.0.0

S0

136

Routing loops solutions

- Hold-down Timers :
- router that informed with a failed route dont accept any update about it for a time equal to the hold down timer so by the end of the timer all routers would know that route failed ( it is useful in flapping networks ). - hold finish if : The hold-down timer expires. Another update is received with a better metric.
10.0.0.0

10.0.0.0
137

Routing loops solutions

- Triggered Updates :
instead of sending updates after a time interval , router sends the update as soon as a route fails or any change occurs so other routers immediately modify their routing tables ( this is the most used solution ).

138

Properties of Distance Vector Routing Protocols

- simple configuration - low processing / memory usage - bandwidth waste due to the periodic updates - unreliable (no ack. for the protocol messages) - updates are sent broadcast on all active interfaces so it may affect the hosts PCs - classful : do not include the subnet mask with the route advertisement and often sends a summary routes - These are examples of distance vector protocols: RIP version 1 (RIPv1) IGRP 139

RIP v1
- distance vector routing protocol - symbol in routing table is R - admin. Distance = 120 - metric is hop count , metric 16 means unreachable - full routing tables are flooded in the network till convergence occurs (use Bellman Ford algorithm) - after convergence , periodic updates are sent every 30 seconds - at change , triggered update is sent - support load balancing if many paths to the same network exist with an equal metric - Classful
140

RIP Configuration
Router(config)#router rip

- Starts the RIP routing process

Router(config-router)#network direct connected network

- Advertise about the connected networks

Router# debug ip rip

141

RIP Configuration Example

142

Verifying the RIP Configuration

143

Displaying the IP Routing Table

144

145

Link-State Routing Protocols

11.0.0.2/8 11.0.0.1/8
10.0.0.1/8 12.0.0.1/8 12.0.0.2/8 13.0.0.1/8 13.0.0.2/8 14.0.0.2/8 14.0.0.1/8 15.0.0.1/8

- Operation :
- each router will discover its direct connected neighbors using the hello protocol (layer-3 protocol) - each router will form a packet called link state advertisement L (LSA) S A
10.0.0.1/8 11.0.0.1/8 12.0.0.1/8 State , Cost C
146

Link-State Routing Protocols

- each router will flood its LSA to all neighbors on special multicast address then neighbors continue flooding of the LSAs to each other. - each router will form the link state database (LSDB) from the received LSAs so all routers will have the same LSDB form.

A
B C

13.0.0.1/8 14.0.0.1/8 15.0.0.1/8

11.0.0.2/8 14.0.0.2/8 10.0.0.1/8 11.0.0.1/8 12.0.0.1/8 12.0.0.2/8 13.0.0.2/8

147

Link-State Routing Protocols

- every router will form the Link State Tree that describe the actual connection of the network topology then apply the Dijekstra algorithm on the tree to form the routing table.

- after convergence: no periodic updates - at change: partial triggered update for the affected route is sent so all 148 routers repeat the link state process.

Link-State Routing Protocols

149

Benefits of Link-State Routing

Fast convergence:
changes are reported immediately by the source affected (partial triggered updates)

Robustness against routing loops:

Routers know the topology. Link-state packets are sequenced and acknowledged (reliable protocol)

Lower bandwidth waste:

no periodic updates

classless
150

disadvantages of Link-State Routing

Significant demands for resources: Memory (three tables: adjacency, topology, forwarding) CPU (Dijkstras algorithm can be intensive, especially when a lot of instabilities are present.) Complex configuration Requires very strict network design (multiple areas)

151

OSPF
Open standard Shortest path first (SPF) algorithm Link-state routing protocol Use Dijkstras algorithm Administrative Distance = 110 Metric called cost = 10^8 / BW Hop-count is unlimited Symbol in routing table is O Loop free protocol Classless routing protocol
152

OSPF (Cont.)
discover neighbors and maintain neighbor relationship using hello protocol send hello every 10 seconds in point-to-point and broadcast multi-access networks on multicast address 224.0.0.5 to reach neighbors only dead interval = 4 hello timer (40 sec) send LSAs (updates) on multicast address 224.0.0.5 (all OSPF routers) and 224.0.0.6 (DR and BDR routers) Every OSPF router receives LSA updates its Link State Database (LSDB) by copy of this LSA and flood it to all OSPF neighbors except the one that send it, and then runs the Dijkstra OSF algorithm to the new LSDB to draw the new topology tree then form the routing table. 153

OSPF (Cont.)
After convergence : no periodic updates are sent except a periodic refreshment message for LSDB every 30 minutes At change : OSPF sends a triggered update for the affected route so OSPF process repeated again OSPF tables : 1- neighbor table : contains neighbor router IDs and maintained by Hellos 2- topology table : all paths to all networks 3- routing table : 154 best paths to all networks

OSPF Hierarchical Routing

OSPF supports Hierarchical multiple area design Multiple areas minimizes routing update traffic and limits the frequent SPF calculations and tends scalability to infinity Area 0 is the backbone area and all other areas must be connected to area 0
155

Router ID
every router in OSPF environment is identified by RID RID is 32 bit value, it is selected to be : 1- the highest IP address of loopback interface if exist (logical interface that is always up) to configure loopback interface : (config)# interface loopback no. 255.255.255.255 (config-if)# ip address ip mask

2- if no loopback interfaces the RID will take the highest IP of the active physical interfaces when the OSPF process get started
156

OSPF operation
1- in point to point topology :
- neighbor discovery : by sending hello messages periodically on multicast 224.0.0.5
- for OSPF routers to be neighbors they must have: - the same area ID - same hello and dead intervals - same authentication password - route discovery : exchange LSAs on 224.0.0.5 so as each router has the same LSDB - route selection : form the routing table

157

OSPF operation
2- Broadcast Multiple Access (BMA) Operation :
- Neighbor Discovery : as in point to point - DR & BDR Election: - DR : Designated Router is a router that has 1- highest priority (range 0 255 , default = 1) 2- if equal priorities , DR is the highest RID - BDR : Backup DR is a router that has the second highest priority or RID Note: - if anew router with highest priority added ,it wont be the DR directly (non-preemptive) - router with priority=0 cant be the DR or BDR 158 - the routers that are not DR or BDR called drothers

OSPF operation in BMA (cont.)

- Route Discovery: form the adjacency with DR & BDR on 224.0.0.6 new Hello
- Route Selection:

DR 224.0.0.5

unicast here is my routing table Ack. here is my routing table

Update to 224.0.0.6 to other routers

Hello Unicast update

The router will form a topology table from all routing tables it receives. Then apply the Dijekstra algorithm on the tree to extract the routing table

update
159

Update to 224.0.0.5

OSPF operation in BMA (cont.)

- At change :

new update 224.0.0.6

DR

Ack. - Other routers repeat the OSPF process (SPF tree) to other routers
Update to 224.0.0.5 Ack.

update

160

Configuring Single-Area OSPF

Router(config)#router ospf process-id

Defines OSPF as the IP routing protocol

Router(config-router)#network network wildcard-mask area area-id

Assigns networks to a specific OSPF area

161

OSPF Configuration Example

0 0

255 area 0 255 area 0

RouterA(config)# interface serial 0/2 RouterA(config-if)# bandwidth 64 (a value in kbps)

162

OSPF Configuration Example

163

Verifying the OSPF Configuration

Router#show ip protocols

Verifies that OSPF is configured

Router#show ip route

Displays all the routes learned by the router

Router#show ip ospf interface

Displays area ID and adjacency information

Router#show ip ospf neighbor

Displays OSPF neighbor information on a per-interface basis

164

OSPF debug Commands

Router#debug ip ospf events

OSPF:hello with invalid timers on interface Ethernet0 hello interval received 10 configured 10 net mask received 255.255.255.0 configured 255.255.255.0 dead interval received 40 configured 30 Router# debug ip ospf packet OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117 aid:0.0.0.0 chk:6AB2 aut:0 auk: Router#debug ip ospf packet
OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116 aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0

165

166

Hybrid Routing Protocols

167

Determining IP Routes

Enabling EIGRP

168
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-168

EIGRP (Enhanced IGRP)

advanced distance vector protocol. Cisco proprietary. maintain neighbor relationship using hello protocol. send hello every 5 sec. on fast link (>1.54Mbps). send hello every 60 sec. on slow link (<1.54Mbps). dead interval = 3 * hello interval. rapid convergence by using DUAL algorithm ( store a backup route for each best route). support multiple network layer protocols (IP, IPX, Apple talk). support equal and unequal load balancing between many paths to the same destination network. admin. Distance = 90 for internal routes. 169 symbol ( D ) in routing table.

EIGRP (cont.)
Max. hop count = 224. Classless Reliable protocol. Have the same operation in all topologies.

- Use composite metric - EIGRP routers to be neighbors:

Bandwidth Delay Reliability Loading MTU

1- Must have the same AS (autonomous system) number. 2- Must have the same K-values. (the same metric equation constants)
170

EIGRP terminologies
Neighbor table: List of all neighbors. Topology table: list of all routes to destination networks. Routing table: list of best routes to all destination networks. Successor ( S ): best route to destination network , stored in routing table and topology. - Feasible successor (FS): backup route to destination network, stored in topology table. - Feasible distance (FD): metric between source and destination network. - Advertised distance (AD): metric between my neighbor and the destination network . AD
- FD = next hop metric + AD.
S FD
171

FS

EIGRP operation
- At start up :
new Hello 224.0.0.10

The router will form a topology table from all routing tables it receives. Then apply the DAUL algorithm on topology table to extract the routing table (S) and calculate the backup routes (FS).

unicast here is my routing table Ack. here is my routing table

Update to 224.0.0.10 Ack.

Hello Unicast update

172

EIGRP operation (cont.)

- After convergence:
No periodic updates are sent

- At change: 1- New network appear :

update

224.0.0.10
Ack.
173

EIGRP operation (cont.)

2- Network failure: - If there is a backup route (FS) :

The FS will be the new successor for this rote

update

224.0.0.10 Ack.

- If there is no backup route (FS) : 224.0.0.10 Ack. Yes / no Ack.

query
Does any one know another route to the failed network

reply174

Configuring EIGRP

Router(config)# router eigrp autonomous-system

Defines EIGRP as the IP routing protocol

Router(config-router)# network network-number [wild card mask]

Selects participating attached networks

175

EIGRP Configuration Example

To advertise details (work as classles) we need to add command (config-router)# no auto-summary

or advertise network by network using the wild card mask Router(config-router)# network network-number [wild card mask] 176

Verifying the EIGRP Configuration

Router# show ip eigrp neighbors

Displays the neighbors discovered by IP EIGRP

Router# show ip eigrp topology

Displays the IP EIGRP topology table (S & FS)

Router# show ip route eigrp

Displays current EIGRP entries in the routing table (S only)

Router# show ip protocols

Displays the parameters and current state of the active routing protocol process
Router# show ip eigrp traffic

Displays the number of IP EIGRP packets sent and received 177

debug ip eigrp Command

Router#debug ip eigrp IP-EIGRP: Processing incoming UPDATE packet IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 256000 104960 IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 256000 104960 IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 256000 104960 IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200 IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480 IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400 IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1 IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080 IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1

178

EIGRP Load Balancing

Metric 20

Metric 40 Metric 60

- Configuration :
Router(config)# router eigrp 100
Router(config-router)# variance multiplier

Router(config-router)#traffic share-balance
179

RIP v2
Advanced distance vector protocol. No periodic updates, only partial triggered updates. Updates are sent on multicast 224.0.0.9 Classless. Admin. Distance = 120 Symbol ( R ) in routing table. Metric = hop count.

- Configuration :
Router(config)# router rip
Router(config-router)# version 2

Router(config-router)#network direct connected network

180

Route Summarization

181
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-181

Route summarization
It is grouping block of subnets and advertise them as a single network address. (single IP address represent group of contiguous subnets).

182

Route summarization (cont.)

Advantages of route summarization: - reduce the size of routing table for the router who know the summary only. - summary requires less bandwidth. - router that know the summary dont affected by network instability.

183

Classless Inter domain Routing (CIDR)

It is grouping of major networks into one address -

EX :

8.0.0.0/8
9.0.0.0/8 10.0.0.0/8 11.0.0.0/8 0000 10 00 . 0 . 0 . 0 0000 10 01 . 0 . 0 . 0

0000 10 10 . 0 . 0 . 0
0000 10 11 . 0 . 0 . 0 CIDR 8 . 0 . 0 . 0 / 6
184

Summarizing Routes in a Discontiguous Network

RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets. OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets.
185

Implementing Variable Length Subnet Masks (VLSM)

186
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-186

Variable Length Subnet Mask (VLSM)

- VLSM means that in a single class A, B, or C network, more than one subnet mask is used. - VLSM allows some subnets to be smaller and some subnets to be larger, which reduce the waste in IP addresses. - VLSM allows you to apply different subnet masks to the same class address. - Steps : - begin with the largest subnet - continue giving addresses with the suitable subnet mask
187

VLSM example
- For s1, s2 , s3 to support 60 host we need 6 bits - so subnet mask is 255.255.255.192 - hop count = 256-192 = 64

Divide network 192.168.1.0 /24

s1 60 host
s4

2 hosts

s2

s5
60 host

2 hosts

- s1 address 192.168.1.0 /26

s2 address 192.168.1.64 /26 s3 address 192.168.1.128 /26

s3

60 host

s6

2 hosts

- starting from address 192.168.1.192 give addresses to s4 , s5 , s6 - 2 hosts need 2 bits - new subnet mask is 255.255.255.252 , hop count = 256-252 = 4 - s4 address 192.168.1.192 /30 s5 address 192.168.1.196 /30 VLSM is supported only by the classless routing protocols
188

s6 address 192.168.1.200 /30

189

Managing IP Traffic with Access Lists (ACL)

190
2004 Cisco Systems, Inc. All rights reserved. ICND v2.24-190

Access control list (ACL)

Manage IP traffic as network access grows Filter packets as they pass through the router

191

ACL Structure
- ACL is a set of commands that are grouped under certain name or number to control traffic flow (permit or deny). - Access list is configured on the router then activated on interfaces.

ACL processing: - statements are checked from up to down. - once a match found, no further checking. - if no match found, the packet will be dropped due to the implicit deny statement at the end of the ACL. - ACL must contain at least one permit statement otherwise all packets will be dropped. - in any ACL , you can not add statement between statements (any new statements can only be added to the end of ACL). - you can have one ACL per interface per protocol per direction. 192

ACL types
ACL
Standard ACL
Numbered 1 - 99 1300 - 1999 Named

Extended ACL
Numbered 100 - 199 2000 - 2699 Named

Note : - in numbered ACL, you can not delete a certain statement , only delete the whole ACL. - In named ACL, you can delete a certain statement between statements.
193

Standard ACLs
- It filters the packets based on the source ip address - Configuration : Router(config)# access-list ACL-number {permit|deny} source ip [w.c.mask]
IP standard ACLs use 1 to 99 default wildcard mask = 0.0.0.0 (exactly match the ip address) 12.0.0.1 0.0.0.0 = host 12.0.0.1 & 0.0.0.0 255.255.255.255 = any no access-list ACL-number removes entire ACL

Router(config-if)# ip access-group ACL-number {in | out}

Activates the list on an interface Sets inbound or outbound testing no ip access-group ACL-number removes ACL from the interface
194

Standard IP ACL example

- Deny traffic from host 172.16.4.13 to host A and permit all other traffic.
Note: commands order is important A 12.0.0.0

= host 172.16.4.13

= any
195

Standard ACL (cont.)

control telnet access to router : we want to restrict the telnet access from host 10.1.1.1 to the router.
10 . 1 . 1 . 1

(config)# access-list 1 deny host 10.1.1.1

(config)# access-list 1 permit any (config)# line vty 0 4

(config-line)# access-class 1 in

196

Standard Named IP ACL

Router(config)# ip access-list standard name

Router(config-std-nacl)# {permit|deny} source ip [ w.c.mask ] Router(config-std-nacl)# no {permit|deny} source ip [w.c.mask ]

Permit or deny statements have no prepended number.

no removes the specific test from the named ACL.

Router(config-if)# ip access-group name {in | out} Activates the named IP ACL on an interface.

197

Placement of standard ACL

192.168.2.0/24 Host X 192.168.5.1/24

e0

Server

192.168.1.1/24

- we want to restrict the user X from accessing the server.

C(config)# access-list 1 deny host 192.168.5.1 C(config)# access-list 1 permit any

C(config)# interface e0
C(config-if)# ip access-group 1 out

- Rule: Standard ACL is placed as close as possible to destination.

198

Extended ACL
- It is more flexible than standard ACL.
- extended ACL can match on:

1- source IP , destination IP. 2- TCP/IP protocols ( IP, TCP, UDP, ICMP,.).

3- protocol information ( port no. ).

199

Extended IP ACL Configuration

Router(config)# access-list access-list-number {permit | deny} protocol source ip source-wildcard [operator port] destination ip destination-wildcard [operator port]

Sets parameters for this list entry

Router(config-if)# ip access-group access-list-number {in | out}

Activates the extended list on an interface
200

Extended ACL
Note: - 0.0.0.0 is called host mask. - 12.0.0.1 0.0.0.0 = host 12.0.0.1 - 0.0.0.0 255.255.255.255 = any

- The operator and port values : (eq) operator means equal (Lt) operator means less than or equal. (gt) operator means greater than or equal. range 10 80 ---- all ports between 10 , 80
eq 80 = eq http ---- put the port number or name
201

Extended ACL example

internet

1 in

Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 Permit all other traffic.

202

Extended ACL example

internet

1 in

Deny only Telnet from subnet 172.16.4.0 Permit all other traffic.

203

Extended Named ACL

Router(config)# ip access-list extended name

Alphanumeric name string must be unique.

Router(config-ext-nacl)# {permit | deny} {ip access list test conditions} Router(config-ext-nacl)# no {permit | deny} {ip access list test conditions}

Permit or deny statements have no prepended number.

no removes the specific test from the named ACL. Router(config-if)# ip access-group name {in | out} Activates the named IP ACL on an interface.
204

Placement of Extended ACL

192.168.2.0/24

Host X 192.168.5.1/24

Server

192.168.1.1/24

- We want to restrict the user X from accessing the server

- Rule: Extended ACL is placed as close as possible to source.

205

Monitoring ACL Statements

router# show {protocol} access-list {access-list number}

router# show access-lists {access-list number}

wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1 Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data

206

Verifying ACLs
router# show ip interfaces e0 Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled <text ommitted>

207

Scaling the Network with NAT and PAT

208
2004 Cisco Systems, Inc. All rights reserved. ICND v2.24-208

Network address translation (NAT)

- Address translation allows you to translate your internal private address to a public address before the packets leave your local network to the public network. - NAT terminologies: 1- Inside local IP: an internal device that has a private IP. 2- Inside global IP: an internal device that has a public IP. 3- Outside local IP: an outside device that has a private IP. 4- Outside global IP: an outside device that has a public IP.
- Types of Address Translation: Static Translation. Dynamic Translation.

209

Static NAT
10.0.0.1 10.0.0.1 12.0.0.1 12.0.0.1

10.0.0.1

12.0.0.1

NAT table is formed manually translating private IPs to public IPs.

- Static NAT is used when outside users are trying to access your internal resources

210

Configuring Static Translation

Router(config)# ip nat inside source static local-ip global-ip

Establishes static translation between an inside local address and an inside global address
Router(config-if)# ip nat inside

Marks the interface as connected to the inside

Router(config-if)# ip nat outside

Marks the interface as connected to the outside

211

Static NAT Example

212

Dynamic NAT
- the router is given a pool of IPs that contains global IPs, so every user tries to access a public network will be given an IP from the pool. - To configure Dynamic NAT: 1- Define the pool of IPs. 2- Define which inside addresses are allowed to be translated. (ACL)

213

Configuring Dynamic NAT

Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

Defines a pool of global addresses to be allocated as needed.

Router(config)# access-list access-list-number permit source ip [source-wildcard]

Defines a standard IP ACL permitting those inside local addresses that are to be translated.
Router(config)# ip nat inside source list access-list-number pool pool-name

Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
214

Dynamic NAT Example

215

port address translation (PAT)

- Static or dynamic NAT provide only one to one translation while PAT supports many to one translation using port numbers.

10.0.0.1

10.0.0.1 13.0.0.1 2000 80

12.0.0.1 13.0.0.1 2000 80 internet

10.0.0.2 13.0.0.1 3000 80 10.0.0.2

12.0.0.1 13.0.0.1 3000 80 13.0.0.1

Inside local ip

inside global Inside local inside global ip port port

10.0.0.1 10.0.0.2 10.0.0.2

2000 3000 2000

12.0.0.1 12.0.0.1 12.0.0.1

2000 3000 4000

216

Configuring PAT
Router(config)# access-list access-list-number permit

source-ip source-wildcard

Defines a standard IP ACL that will be permit the inside local addresses that are to be translated

Router(config)# ip nat inside source list access-list-number interface interface overload

Establishes dynamic source translation, specifying the ACL that was defined in the prior step

217

Dynamic NAT Example

overload

218

PAT Example

219

Displaying Information with show Commands

Router# show ip nat translations

Displays active translations

Router#show ip nat translation Pro Inside global Inside local --- 172.16.131.1 10.10.10.1 Outside local --Outside global ---

Router# show ip nat statistics

Displays translation statistics

Router#show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0

220

Using the debug ip nat Command

Router#debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825] NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]

221

222

Switching

223
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-223

Spanning Tree Protocol IEEE 802.1D

224
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-224

Layer 2 loops

MAC A A

port 3 1 Solution : using Spanning tree protocol (STP)

225

Spanning Tree Protocol

- provides a loop-free redundant network topology by placing certain ports in the blocking state (logical blocking) - STP protocol enables switches to become aware of each other so they can negotiate a loop free path. - when the used path fails the STP opens the blocked port (activate the other path)
226

Spanning Tree Operation

1- BPDU Flooding:

- BPDUs (bridge protocol data unit) are flooded from each switch to the other switches on a well known multicast MAC address. - every switch will take a copy of the BPDU and resend it to other switches. - every switch will form a database from all the BPDUs. - BPDU is sent every two seconds.
accumulated path cost bridge ID (BID)
227

BPDU

Port ID

Spanning Tree Operation (cont.)

2- Root Bridge election

- Root bridge is the bridge with the lowest bridge ID

- Bridge ID =

priority 2 bytes default = 32768

Bridge MAC address 6 bytes

- Root bridge has the lowest priority , if equal priorities then it has the lowest MAC address 228 - after election, the root bridge only sends the BPDUs every 2 sec.

Spanning Tree Operation (cont.)

3- Root port election: (RP) - each non-root switch will elect the best port to reach the root switch. - Root port is the port having: 1- the lowest accumulative path cost to the root switch. 2- If equal costs, it is the port that closer to the second lowest switch BID. 3- if equal , it is the port that has the lowest serial number

229

Spanning Tree Operation (cont.)

assume BID of A<B<C < D A is Root bridge
root bridge

2 RP

RP 3
B 5

to get RP : which port is closer to A ? (compare 4,6)

C 6

(compare 3,5)
(compare 7,8) RP 7 D

8
230

Spanning Tree Operation (cont.)

4- Designated port election: (DP) - DP has the lowest accumulative path cost from the root switch on every LAN segment. 5- Blocked Port: (BP) - It is the port that neither RP nor DP. - BP will logically blocked till any change happen.

231

Spanning Tree Operation (cont.)

blocked port BP is not RP or DP (port 8)
root bridge

DP 1

DP 2
RP

RP 3
B

DP

to get DP : which port is closer to A ? (compare 1,3) (compare 2,4) (compare 5,7) (compare 6,8) RP

C 6
DP

8
D BP
232

Spanning Tree Operation (cont.)

after convergence : ports are either forwarding (RP , DP) or blocked (BP) a blocked port keeps listening to BPDUs, if for 20 sec. (Max. age time =10 BPDUs) hasnt receive a BPDU, then the port will automatically change its state (move to listening state).

at change : the first switch which feels the change sends a BPDU called TCN (Topology change notification) destined the root switch indicating the change. the Root switch sends a configuration BPDU with TCN flag to all switches then the STP will be recalculated. if a new switch added with a lower priority , it will be the 233 root switch

Spanning Tree Port States

Spanning tree transits each port through several different states:

STP convergence time is from 30 sec. to 50 sec.

234

Rapid STP (IEEE 802.1w)

RSTP significantly speeds the recalculation of the spanning tree when the network topology change. to enhance the convergence time, RSTP : 1- elects a backup port for every RP or DP. 2- merges the Blocking state and Listening state into one state called Discarding state.

235

the show spanning-tree command

236

Configuring the Root Bridge

237

Virtual LANs (VLAN)

238
2004 Cisco Systems, Inc. All rights reserved. ICND v2.22-238

Virtual LANs (VLANs)

Before VLANs: - All switch ports are in single broadcast domain
After VLANs: - each VLAN is a single broadcast domain and one logical subnet. - VLANs provides: 1- Segmentation 2- Flexibility 3- Security

239

VLAN Overview

Segmentation Flexibility Security

VLAN = Broadcast Domain = Logical Network (Subnet)

240

VLAN Operation

Traffic can be transferred between only the same VLANs on different switches. To transfer traffic between different Vlans , a router should be used
Trunks carry traffic for multiple VLANs.
241

VLAN membership
1- Static VLAN membership: - assign certain port to a certain VLAN ( port based VLAN ) - by default, all ports of the switch are assigned to VLAN 1 (native VLAN). 2- Dynamic VLAN membership: - assign certain MAC to a certain VLAN ( MAC based VLAN ) - even if the PC changes its port on the switch , the PC still be connected to its VLAN. - This is done by using VMPS ( VLAN membership policy server ).
242

VLAN connection (Port) types

1- Access port: - It is a port which is member in only one Vlan. ex: a switch port that connected to a pc.

2- Trunk port: - switch port that is member in all Vlans by default. ex: a switch port that connected to another switch.

243

Trunking problem
A 1 5

C Vlan 1

Vlan 1 B
Vlan 2

3 2

Trunk

E
port VLAN MAC

F
port

6
VLAN

D Vlan 2

MAC

A B C,D

1 2 3

1 2 all

C D A,B

5 6 4

1 2 all

- if host B sends a broadcast to Vlan 2, the frames will be passed to port 4 on switch F over the trunk link . - the switch F will broadcast the frames to all ports 5,6 although port 6 is not a member in Vlan 2 because it doesnt know the source VLAN of the frame. - Solution: trunk add a field that identify the source Vlan ID to the frame
244

VLAN trunking Methods

- to provide inter VLAN communication , frame tagging is used to identify the frame source VLAN . - Tagging methods: 1- ISL (Inter switch Link) for Ethernet. 2- IEEE 802.1q (dot1q) for Ethernet. 3- LANE for ATM. 4- IEEE 802.10 for FDDI. - so for Ethernet we concerns on ISL and dot1q methods.

245

1- ISL (Inter switch link)

- Cisco proprietary

- It encapsulates the original Ethernet frame with 30 bytes.

- 26 bytes header (contains 10 bits Vlan id) and 4 bytes trailer - Vlan range: 0 1023 Vlan

- Vlan 1 - 1001 for Ethernet. - Vlan 1002 - 1023 reserved . ( ex : 1002 - 1005 for token ring and FDDI )
- ISL is not supported now by Cisco.
246

2- IEEE 802.1q (dot1q)

- add 4 bytes tagging to the Ethernet frame and recalculate new CRC. - Vlan ID is 12 bits inside the Tag field so, the Vlan range is 0 - 4095. - dot1q makes less overhead on frame than ISL. - dot1q can support both tagged and untagged frames, where the untagged Vlan traffic belongs to the Native Vlan - by default, Native Vlan is VLAN 1. - Native Vlan is a management Vlan where all management traffic between switches are sent through it. ( BPDU, STP, VTP,.. ).
247

Inter VLAN routing

- We have to use a router to route between different VLANs. Method 1: - Inter VLAN routing using access ports. - Disadvantage: for each Vlan you need 1 router interface and 1 switch port.
Vlan1
Vlan2 Vlan3
Vlan1 Vlan2 Vlan3

VLAN configuration: 1- Create VLAN. 2- Naming VLAN (optional). 3- Assign ports to VLAN.

248

VLAN configuration
To create and name VLAN: - New method (config)# vlan <vlan id> (config-vlan)# name <name> - Old method # vlan database (vlan)# vlan <valn id> [name <name>]

To assign port to vlan: (config)# int <int. name> (config-if)# switchport mode access (config-if)# switchport access vlan <vlan id>

249

VLAN configuration
To create and name VLAN: Global Mode

Database Mode

To assign port to vlan:

(config)#interface fastethernet 0/2 (config-if)#switchport mode access (config-if)#switchport access vlan 3

250

Inter VLAN routing (cont.)

- Method 2: - Router on stick:
Vlan1
Vlan2 Vlan3 fa1/1

trunk e0/0.1 e0/0.2 e0/0.3

- Switch port fa1/1 configuration: Switch(config)# int fa1/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation {isl | dot1q}

- Router sub-interface e0/0.1 configuration: Router(config)# int e0/0.1 Router(config-if)# encapsulation {isl | dot1q} <vlan id> Router(config-if)# ip address <ip> <mask>

251

Routing Between VLANs with 802.1Q Trunks

VLAN 2

VLAN 3

3
3

252

Verifying a VLAN
switch# show vlan [brief | id vlan-id | name vlan-name]

253

Configuring the Switch IP Address

(config)# interface vlan 1 (config-if)# ip address <ip address> <mask> (config-if)# no shutdown

Configures an IP address and subnet mask for the switch VLAN1 interface to allow ping and telnet to switch
switch# show interfaces vlan 1

Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is 10.2.2.11/24
254

Configuring the Switch Default Gateway

switch(config)# ip default-gateway <ip address> Configures the switch default gateway for the 2950 series switches

Setting Duplex Options

switch(config)# interface fa0/1 switch(config-if)# duplex {auto | full | half}
Switch# show interfaces fa0/1
255

Per VLAN Spanning Tree PVST+

256

Verifying STP for a VLAN

257

Verifying a Trunk
switch# show interfaces fa0/11 switchport
Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default)

switch# show interfaces fa0/11 trunk

Port Mode Native vlan Fa0/11 desirable
Port Fa0/11 Port domain Fa0/11

Encapsulation
802.1q

Status
trunking

Vlans allowed on trunk 1-4094 Vlans allowed and active in management 1-13
258

VTP (VLAN Trunknig Protocol)

Cisco introduces an easy administration method to transfer Vlan information between switches connected on the same domain without repeating commands on all switches. VTP manages addition, deletion, and modification of Vlan information in a certain VTP domain. VTP has a messaging system that advertises VLAN configuration information from one switch to all others maintains VLAN configuration consistency throughout a common administrative domain sends advertisements on trunk ports only - VTP domain:

Area with common VLAN requirements (all switches have the same function and VLAN policy). The switch can only be in one VTP domain.

259

VTP modes
- VTP Modes: 1- server mode: default mode on switch - can add, delete, modify Vlans - generate VTP messages to apply this configuration on the other switches. 2- client mode: - can not add, delete, modify Vlans - accept VTP messages and apply it on itself then forward it - can not generate VTP messages 3- transparent mode: - can add, delete, modify Vlans locally (by console configuration) and can not generate VTP messages - forward VTP messages without applying it on itself 260

VTP Operation
VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number (highest number overrides lower ones).

VTP advertisements are sent every 5 minutes or when there is a change.

261

VTP Pruning
Increases available bandwidth by reducing unnecessary flooded traffic
Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN

262

VTP configuration
New Method
switch(config)# switch(config)# switch(config)# switch(config)# switch(config)#

vtp vtp vtp vtp end

mode [ server | client | transparent ] domain <domain-name> password <password> pruning

Old Method
switch# vlan database switch(vlan)# vtp [ server | client | transparent ] switch(vlan)# vtp domain <domain-name>

263

VTP Troubleshooting
Switch(config)#vtp domain ICND Switch(config)#vtp mode transparent Switch#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05 Switch#
264

DTP (Dynamic Trunking Protocol)

It negotiates a common trunking mode between two switches by sending periodic messages every 30 sec. The router can never participating in DTP.
(config-if)# switchport {mode dynamic {auto | desirable} | nonegotiate}

Trunk ?

#show dtp

265

DTP Mode Access

Generate DTP frames

Trunking

Trunk Dynamic desirable Dynamic auto

Yes in case that other side: -Trunk. -Desirable. -Auto.
Yes in case that other side: -Trunk. -Desirable.

Nonegotiate
266

Managing the MAC Address Table

switch# show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports ------------------------All 0008.a445.9b40 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0008.e3e8.0440 DYNAMIC Fa0/2 Total Mac Addresses for this criterion: 5

Setting a Static MAC Address

switch(config)# mac-address-table static <mac-address> vlan <vlan-id> interface <interface-id>

267

Configuring Port Security

switch(config-if)# switchport port-security [mac-address <mac-address>] | [maximum value] | [violation {protect |restrict | shutdown}]

switch(config)# interface fa0/1 switch(config-if)# switchport mode access switch(config-if)# switchport port-security switch(config-if)# switchport port-security maximum 1 switch(config-if)# switchport port-security mac-address 0008.eeee.eeee switch(config-if)# switchport port-security violation shutdown

268

Verifying Port Security on the Catalyst 2950 Series

switch# show port-security interface <interface-id>

switch# show port-security interface fastethernet 0/5

Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address Security Violation Count : : : : : : : : : : : : Enabled Secure-up Shutdown 20 mins Absolute Disabled 1 1 0 0 0000.0000.0000 0
269

270

Introducing Wide Area Networks

271
2004 Cisco Systems, Inc. All rights reserved. ICND v2.25-271

WAN Overview

- WANs connects remote sites over large geographical area by using the infrastructure of the service provider. - WANs are a L2 technologies concern by hop-to-hop delivery - Connection requirements vary depending on user requirements, cost, and availability.
272

Interfacing Between WAN Service Providers

Provider assigns connection parameters to subscriber

273

WAN terminologies
- DTE: data terminal equipment, It is a source of data. - DCE: data communication (circuit) equipment, a device that terminates a connection and provides clocking & synchronization for the connection. - Demarcation point: this is where the responsibility of the service provider is passed to you (logical boundary) - CPE: customer premises equipment, this is your own network equipments which include DTE & DCE. - Local loop: this is the connection from the carriers switch to the demarcation point. - CO switch : central office switch (WAN switch) - Toll network: this is the carrier infrastructure.
274

WAN connection types

WAN connections
Dedicated (leased line)
Broadband Circuit switching Packet switching (Satellite, (analog modem , (X.25 , Frame relay Wireless, ISDN) , ATM) cable modem, DSL)

275

Serial Point-to-Point Connections

276

Configuring Serial PointTo-Point Encapsulation

277
2004 Cisco Systems, Inc. All rights reserved. ICND v2.25-277

HDLC Frame Format

uses a proprietary data field to support multiprotocol environments (but is a Cisco proprietary) default encapsulation method on Cisco routers

supports only single-protocol environments

278

Configuring HDLC Encapsulation

Router(config-if)# encapsulation hdlc

enables HDLC encapsulation uses the default encapsulation on synchronous serial interfaces

279

Point to point protocol (PPP)

Overview: - data link layer protocol used on point to point WAN connections. - used in dedicated and circuit switching technologies - works with synchronous & asynchronous serial connections. - support multiple network layer protocols. - open standard by IETF. (RFC 1332, 1661 & 2153)
- PPP frame format :

Flag

address control protocol Payload

FCS
280

PPP components
1- Link control protocol (LCP) : - responsible for negotiating & maintaining a PPP connection including some options (establish, configure, negotiate options, test, terminate the PPP connection). - LCP options are: authentication, compression, multilink, call back, error detection 2- Network control protocol: - negotiate the upper layer protocols that will be used during the PPP connection.

281

PPP operation

Open connection LCP OK

Negotiate options What is my IP ? Your IP is .

NCP What is my IPX ? No IPX
282

PPP options
1- Authentication:
a- PPP authentication protocol (PAP): - 2 way handshaking - 1 way authentication

client

server

283

1- Authentication (cont.)
- PAP configuration:

Client configuration : (config-if)# encapsulation ppp (config-if)# ppp authentication pap (config-if)# ppp pap sent username <client username> password <password>
Server configuration: (config)# username <client username> password <password> (config-if)# encapsulation ppp (config-if)# ppp authentication pap
284

1- Authentication (cont.)
b- Challenge handshake authentication protocol (CHAP): - 3 way handshaking. - 2 way authentication.

285

1- Authentication (cont.)
- CHAP configuration:

(config)# hostname <local name> (config)# username <remote name> password <password> (config-if)# ppp authentication chap

Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap}

Enables PAP or CHAP authentication

286

1- Authentication (cont.)
- CHAP Configuration Example :

287

1- Authentication (cont.)
- Verifying the HDLC and PPP encapsulation configuration :
Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

288

1- Authentication (cont.)
- Verifying PPP Authentication :

debug ppp authentication shows successful CHAP output.

289

PPP options (cont.)

2- Multilink : - B.W aggregation by combining multiple physical interfaces into one link (logically). - splitting L3 packets & send fragments over parallel links. - Configuration: (config-if)# ppp multilink.

290

PPP options (cont.)

3- Call back: - enable a router to place a call and request call back. - once the request is made, the call disconnect and the other router (server) dial the router (client) back. 4- Compression: - to improve the throughput on slower links. - PPP compression support : 1- Stack 2- Predictor 3- MPPC (Microsoft point to point) 4- TCP header
291

PPP options (cont.)

5- Error detection: - using LQM (link quality monitor) - getting a ratio between corrupted frames and the total no. of frames sent. - if this ratio is more than certain reference no., the link will be dropped. 6- Looped link detection: - using Magic no. - every router have a magic no. - if the router receives a frame have its own magic no., then the link is looped & would go down.
292

Troubleshooting
# show interface s0/0.

the status of interface, encapsulation, LCP state, NCP state. #debug ppp negotiation. #debug ppp authentication.

293

294

Frame Relay

295
2004 Cisco Systems, Inc. All rights reserved. ICND v2.26-295

Frame Relay topology

connections made by virtual circuits connection-oriented service

296

Frame Relay overview

- FR is a data link layer protocol packet switching technology. - defines only the interaction between the CPE and the FR switch. - FR is a multiple access technology depending on the virtual circuit concept. - FR is a connection oriented protocol through the FR feature called LMI. - Encapsulation protocol is LAPF , LAPF types are : 1- Cisco 2- IETF - note : the same encapsulation type must be used in the source and destination routers
297

Frame Relay Topologies

Frame Relay default: nonbroadcast multiaccess (NBMA)

298

Frame Relay addressing

- DLCI number : - DLCI ( data link connection identifier ) is the VCID of the FR (the L2 path address) - DLCI no. is a local significant - different DLCIs on the same path doesnt affect the connection
DLCI 200 DLCI 100

DLCI 300 DLCI 400

299

Frame Relay management

LMI (Local Management Interface) : - signaling protocol between the router and the FR switch. - used for management purpose and allows directly connected devices to share the information about the status of VCs as well as their configuration. - It is used so as a router can get its local DLCI from the FR switch.
- LMI types: 1- Cisco 2- ANSI (Annex-D) 3- Q.933a (Annex-A) (ITU-T) - Note : different LMI type on the same path doesnt affect the connection

300

Frame Relay management (cont.)

- LMI status : 1- Active : connection using this DLCI is all right 2- Inactive : there is a problem in the remote site 3- Deleted : there is a problem in your local site
301

Frame Relay Address Mapping

- To map between destination ip and its DLCI : 1- manual resolution : mapping between the DCLI no. and the next hop ip address using configuration. (config-if)# frame-relay map <protocol> <next hop address> <dlci no.> [broadcast] [ietf]

2- Dynamic Resolution. (Inverse ARP) : allows the router to automatically discover the address of next hop on each VC that in active state.

302

LMI Signaling and Inverse ARP

303

Inverse ARP (cont.)

304

Inverse ARP (cont.)

Use LMI to get locally significant DLCI from the Frame Relay switch. Use Inverse ARP to map the local DLCI to the remote router network layer address.

305

Reachability Issues with Routing Updates

Problem:
Broadcast traffic must be replicated for each active connection. Split-horizon rule prevents routing updates received on an interface from being forwarded out the same interface.

306

Resolving Reachability Issues

Use sub-interfaces

split horizon can cause problems in NBMA environments. solution: sub-interfaces can resolve split-horizon issues. a single physical interface simulates multiple logical interfaces. each corresponding peers are in a separate subnet dont assign ip address to the main interface 307

Configuring Subinterfaces
Point-to-point : Subinterfaces act like leased lines. Each point-to-point subinterface requires its own subnet. Point-to-point is applicable to hub-and-spoke topologies. Multipoint : Subinterfaces act like NBMA networks, so they do not resolve the split-horizon issues. Multipoint can save address space because it uses a single subnet. Multipoint is applicable to partial mesh and full mesh topologies.

308

Frame Relay configuration

(config)# int s0/0 (config-if)# encapsulation frame-relay [cisco / ietf] (config-if)# frame-relay lmi-type { cisco / q933a / ansi } (config-if)# frame-relay map <protocol> <next hop address> <dlci no.> [broadcast] [ietf] Sub-interface configuration: (config)# int s0/0.1 [ point-to-point / multipoint ] (config-subif)# frame-relay interface dlci <dlci no.>

309

Configuring a Static Frame Relay Map

310

Configuring Point-to-Point Subinterfaces

311

Multipoint Subinterfaces Configuration Example

312

Verifying Frame Relay Operation

Router#show frame-relay traffic

Displays Frame Relay traffic statistics

Router#show interfaces name

Displays information about Frame Relay DLCIs and the LMI

Router#show frame-relay lmi [int.name]

Displays LMI statistics

Router#show frame-relay map

Displays the current Frame Relay map entries

Router#show frame-relay pvc [int.name [dlci]]

Displays PVC statistics

313

show interfaces Example

Router#show interfaces s0
Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5 Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops <Output omitted>

Displays line, protocol, DLCI, and LMI information

314

show frame-relay lmi Example

Router#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100 Num Update Status Rcvd 0 Num Status Timeouts 0

Displays LMI information

315

show frame-relay pvc Example

Router#show frame-relay pvc 100
PVC Statistics for interface Serial0 (Frame Relay DTE) DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 28 output pkts 10 in bytes 8398 out bytes 1198 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 10 out bcast bytes 1198 pvc create time 00:03:46, last time pvc status changed 00:03:47

Displays PVC traffic statistics

316

show frame-relay map Example

Router# show frame-relay map

Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic, broadcast,, status defined, active

Displays the route maps, either static or dynamic

317

Troubleshooting Basic Frame Relay Operations

Router#debug frame-relay lmi
Frame Relay LMI debugging is on Displaying all Frame Relay LMI data Router# 1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 01 03 02 8C 8B 1w2d: 1w2d: Serial0(in): Status, myseq 140 1w2d: RT IE 1, length 1, type 1 1w2d: KA IE 3, length 2, yourseq 140, myseq 140 1w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up 1w2d: datagramstart = 0xE008EC, datagramsize = 13 1w2d: FR encap = 0xFCF10309 1w2d: 00 75 01 01 01 03 02 8D 8C 1w2d: 1w2d: Serial0(in): Status, myseq 142 1w2d: RT IE 1, length 1, type 0 1w2d: KA IE 3, length 2, yourseq 142, myseq 142 1w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0

Displays LMI debug information

318

Frame Relay Traffic Shaping

CIR : committed information rate EIR : excessive information rate Rate < CIR , DE = 0 CIR < Rate < EIR , DE = 1 Rate > EIR , Frame will be dropped

LAPF

DE

FECN

BECN

DE : discard eligibility FECN : forward explicit congestion notification BECN : backward explicit congestion notification
319

320

Differences between WLAN standards

802.11b Ratified 1999 802.11g 2003 802.11a 1999

Frequency band No of channels Transmission Data rates [Mbps] Throughput [Mbps]

2.4 GHz 3 DSSS 1, 2, 5.5, 11 DSSS

2.4 GHz 3 OFDM 6, 9, 12, 18, 24, 36, 48, 54

5 GHz Up to 12 OFDM 6, 9, 12, 18, 24, 36, 48, 54

1, 2, 5.5, 11

Up to 6

Up to 22

Up 28

321

In IEEE 802.11 terminology, any group of wireless devices is known as a service set. The devices must share a common service set identifier (SSID), which is a text string included in every frame sent. If the SSIDs match across the sender and receiver, the two devices can communicate.

This is a summary of the different WLAN topologies: Ad hoc mode: This mode is called Independent Basic Service Set (IBSS). Mobile clients connect directly without an intermediate access point. Infrastructure mode: In infrastructure mode, where clients connect through an access point, there are two modes: Basic Service Set (BSS): Mobile clients use a single access point for connectivity to each other or to wired network resources. Extended Services Set (ESS): In this mode, two or more Basic Service Sets are connected by a common distribution system. An Extended Services Set generally includes a common SSID to allow roaming from access point to access point without requiring client configuration.

322