Professional Documents
Culture Documents
Course Introduction
CCIE
Expert
Required Exam
CCNA
CCNP
Professional
Associate
3 http://www.cisco.com/go/certifications
CCNA
CCDA or CCNA
CCNA
Network Implementation
CCIE Security CCSP CCNA
Network Design
CCIE Voice CCVP
CCNA
Network Security
Voice Networks
Storage Networking
4
Course Topics
- Introduction , OSI & TCP/IP - OSI & TCP/IP Layers - IP Addressing & Subnetting - Introduction to Cisco IOS - Routing - Access lists - Switching - WAN
Networking Technologies
Network: is basically all the components (H/W & S/W) involved in connecting computer across small and large distance
Importance of Networks: Easy access and sharing of information Sharing of expensive devices and network resources Modern Technologies (IP telephony, Video on Demand, .etc)
6
Network components
Network has three main components Computers (servers and hosts) - Source of applications (network aware applications) - ex: HTTP (Hyper Text Transmission Protocol), FTP (File Transfer Protocol), SNMP (Simple Network Management Protocol) Telnet
Network Devices - Devices that interconnect different computers together - ex: Repeaters, hub, bridge, switch, router, NIC and modems
Connectivity - Media that physically connect the computers and network devices - ex: Wireless and cables
Network Types
LAN (Local Area Network): It is a group of network components that work within small area WAN (Wide Area Network): It is a group of LANs that are interconnected within large area
Reference Models
- describe data transfer standards - a framework (guideline) for network implementation and troubleshooting
Reference Models
7 Application 6 Presentation 5 Session
4 Transport 3 Network 2 Data Link 1 Physical
Application Transport
Internet
Network Access
10
2 Data Link
1 Physical
2 Data Link
1 Physical
Bits
11
Encapsulation Process
12
This layer is responsible for presenting the data in the required format which may include: Encryption Compression
PDU - Formatted Data
This layer establishes, manages, and terminates sessions between two communicating hosts. Example: Client Software ( Used for logging in)
PDU - Formatted Data
- This layer breaks up the data from the sending host and then reassembles it in the receiver. (segmentation) - It also is used to insure reliable data transport across the network (reliability and flow control) PDU - Segments
- Logical addressing (IP address) - Best Path Determination (routing) PDU - Packets
This layer provides reliable transit of data across a physical link hop by hop . Makes decisions based on physical addresses (usually MAC addresses)
PDU - Frames
19
TCP/IP model
7 Application 6 Presentation
5 Session 4 Transport 3 Network 2 Data Link 1 Physical Transport Internet Network Access Application
20
21
22
22
Description of LAN/WAN standards (maximum length, bit rates, pin assignment, voltage levels)
23
24
CAT5
CAT 5e , CAT6
25
26
Cross cable
PC
router
switch hub
Cross cable
modem
straight cable
27
28
Coaxial Cable
29
30
multimode fiber
31
32
WAN Terminologies
DTE : DCE :
33
Transmission modes
- Full duplex : devices can send , receive data at the same time (two ways for transmission) - Half duplex: one circuit for transmission , so only one device can use the bus (send or receive) at a time , if two devices sent at the same time collision occurs .
34
35
2- Hub
A Hub is a multi-port Repeater Hubs takes data bits from input port and forward it to all other ports
37
37
frame format
Ethernet Overview
- Ethernet is now the dominant LAN technology in the world.
39
MAC Address
- MAC address is 48 bits in length and expressed as twelve hexadecimal digits. - MAC addresses are burned into read-only memory (ROM) of the NIC - each NIC has a unique MAC address - MAC address can represent unicast , broadcast and multicast ex. A34C.52BD.1234
40
41
IEEE802.2
Type
Data
42
Layer 2 devices
A layer 2 device is a device that understand MAC, for example: NIC (Network Interface Card) Bridge : - address learning - forwarding decisions are based on software - bridge is used for LAN segmentation Switch: - a multi-port bridge - forwarding decisions are based on hardware ASIC (faster than bridge)
43
1- Address Learning
Switch learns which MACs are connected to which ports by checking the frame source MAC address .
45
2- Forwarding
- If the destination MAC is unknown unicast or broadcast or multicast the frame will be flooded (sent out of all switch ports) - for the known unicast, switch will forward frame through the learned port only
46
2 Runt frame :
Frame size is less than 64 byte 3 Giant Frame :
47
Forwarding modes
Cut-Through Switch checks destination address and immediately begins forwarding frame. Store and Forward Complete frame is received and checked before forwarding.
Fragment-Free Switch checks the first 64 bytes, then begins forwarding frame.
48
MAC A A
Frame creation
Source MAC Destination MAC Source IP Destination IP
- ARP
- Static
DNS
- Proxy ARP
- Source MAC
51
- Source IP
1- by static configuration
52
- Source IP
- DHCP :
- Dynamic host configuration protocol
- DHCP allows a host to obtain an IP address dynamically without the network administrator having to set up an individual profile for each device. - a range of IP addresses on a DHCP server is defined . - the entire network configuration of a computer can be obtained in one message from the server.
53
- Destination IP
DNS :
54
- Destination MAC
- ARP :
- each PC form an ARP table containing the learned MACs
55
- Destination MAC
- Proxy ARP :
A
B A B
Router R
Yes, I know the destination network, let me give you my Ethernet address 56
57
57
unreliable service
58
Flow Control
- Windowing (PAR):
error in
2 2 2
2
3
Flow Control
- Windowing (PAR):
60
Layer 4 Addressing
Port Numbers :
Port numbers are classified to Well Known port (0-1023): it identifies different applications, ex:FTP(20,21), Telnet(23), SMTP(25), DNS(53), HTTP(80)
User defined port (1024-65535): it is given randomly by the operating system for each session initiated by the hot
61
Multiplexing applications
2 1
12.0.0.2
Source IP
1 2 12.0.0.1
12.0.0.1 12.0.0.2
13.0.0.1 13.0.0.1
1500 1200
80 80
62
TCP Header
UDP Header
65
65
Telnet
Network management
66
Port Numbers
67
68
68
Internet Layer
Internet Layer is responsible for the following: Support of logical addressing for network components Routing (Finding the best path for data) Layer 3 devices
Internet Layer protocols are IP (Internet Protocol) ICMP (Internet Control Management Protocol) ARP (Address Resolution Protocol), RARP (Revere ARP) Routing Protocols ex. OSPF , EIGRP , IP has the following characteristics Provide Logical addressing Provide connectionless best effort delivery of data
69
IP Packet
IP packets consist of the data from upper layers plus an IP header. The IP header consists of the following:
70
IP addressing
- Each host in the network must have a unique IP address because duplicate addresses would make routing impossible - IP Addressing is a hierarchical structure as the IP address combines two identifiers into one number . the first part identifies the network address , the second part, called the host part, identifies which particular machine it is on the network. - IP address is a 32 bit (4 bytes= 4 octets) address that is mainly divided to network part (representing the network ID where the device is located in) & Host part (representing the ID of the host) - It is represented in a dotted decimal form, where each octet is transformed to its decimal value. 71 ex. 192.168.1.3
IP Address Classes
IP addresses are divided into classes to define the large, medium, and small networks. Class A addresses are assigned to larger networks. Class B addresses are used for medium-sized networks, Class C for small networks, Class D for Multicasting Class E for Experimental purposes
72
Note : for Class A , networks 0 & 127 are reserved (class A range 1 - 126)
73
Public IP Addresses
- Unique addresses are required for each device on a network - Originally, an organization known as the Internet Assigned Numbers Authority (IANA) handled this procedure. - No two machines that connect to a public network can have the same IP address because public IP addresses are global and standardized.
74
Private IP Addresses
Private IP addresses are another solution to the problem of the impending exhaustion of public IP addresses.As mentioned, public networks require hosts to have unique IP addresses. However, private networks that are not connected to the Internet may use any host addresses, as long as each host within the private network is unique.
75
IP address types
IP address could be one of three categories Network address Host address Broadcast address
76
-2
Broadcast Address
A B C
Subnet Mask
- 32 bit mask ( 1s followed by 0s ) - Used by routers and hosts to determine the number of network- significant bits ( identified by 1s ) and host- significant bits in an IP address (identified by 0s) - example :
Class A B C Network Address 12.0.0.0 172.16.0.0 192.168.0.0 Default subnet mask 255.0.0.0 or 255.255.0.0 or 255.255.255.0 or /8 /16 /24
78
Subnet masks like IP addresses can be represented in the dotted decimal format like 255.255.255.0.
79
Subnetting
- Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller, more efficient and manageable segments, or subnets. - Subnetting is done by taking part of host bits then add it to the network part
IP address
Network part
Host part
Subnet bits
Network part
Host part
80
Subnetting Example
Divide network 192.168.1.0/24 into 4 subnets
Solution: 4 subnets need 2 bits
192.168.1 . 0 192.168.1 . 0000 0000 to 0011 1111 192.168.1 . 0100 0000 to 0111 1111 192.168.1 . 1000 0000 to 1011 1111 192.168.1 . 1100 0000 to 1111 1111 subnet mask is 255.255.255.192 or /26 The first subnet is 192.168.1.0/26 The second subnet is 192.168.1.64/26 The third subnet is 192.168.1.128/26 The fourth subnet is 192.168.1.192/26
0 - 63
64 - 127
128 - 191 192 - 255
81
82
172.16.5.0/23
83
A B
192.168.5.33/27
?
84
A. B. C. D. E.
Answer : E
85
ICMP
Internet control message protocol verifies network devices connectivity (Ping)
D:\>ping 192.110.1.140
Layer 3 devices
Router :
- best path determination - creating routing table - connecting different LANs
All interfaces of the router are members in multiple broadcast domains, and multiple collision domains
87
Solution :
no. of broadcast domains = 2 no. of collision domains =4
88
89
90
90
91
IOS
92
93
94
95
Setup mode
- Permit the administrator to install a minimal configuration for a router ( appeared if no saved configuration , Ctrl-C to skip )
96
97
IOS Features
Support context help and abbreviations ( ? ) Support of auto complete ( Tab button ) Support syntax error detection
98
99
100
101
Configuring Interfaces
S0/0
S0/1
192.168.1.2/30
192.168.1.1/30 Router#config t RouterA(config)# interface serial 0/0 RouterA(config-if)# ip address 192.168.1.1 255.255.255.252 RouterA(config-if)# no shutdown RouterA(config-if)# clock rate 56000 (required for serial DCE only)
RouterB(config)# int serial 0/1 RouterB(config-if)# ip address 192.168.1.2 255.255.255.252 RouterB(config-if)# no shutdown RouterB(config-if)# exit RouterB(config)# exit Router# To know which interface is the DCE : RouterA# show controller s0/0
102
#show flash #show start #show run #show version #show ARP #erase start #reload #copy run start
Displays info about flash memory and what IOS in it Displays the saved configuration located in NVRAM Displays the configuration currently running in RAM Displays info about the router and the IOS Displays the ARP table of the router
erase the saved configuration file in NVRAM
104
106
107
Ping commands tests the connectivity and path to a remote device ( test layer 3 in TCP/IP )
109
different encapsulation type ( PPP , HDLC , FR ) or no clock rate on the DCE device.
110
111
0x2100 0x2101
0x2102 to 0x210F The value 0x2142 is used to bypass the NVRAM
112
#
# #
116
TFTP application
118
119
Introducing Routing
120
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-120
What Is Routing ?
Routing table
122
Routing Protocols
Static Route a route (path) that a network administrator enters into the router manually
Dynamic Route a route (path) that a network routing protocol discovers automatically and adjusted when topology changes
123
Routing Protocols
Static
Direct connected Static Default route route
IGP Distance vector (RIPv1 , IGRP)
Dynamic
EGP
(EGP , BGP)
124
125
126
Administrative Distance
it is a value between ( 0 255 ) that reflects the truthfulness of routing protocol (the best protocol has the least admin. distance)
OSPF
110
127
128
C 10.0.0.0 C 11.0.0.0
C 11.0.0.0 C 12.0.0.0
C 12.0.0.0 C 13.0.0.0
129
Internet
12.0.0.1/8 12.0.0.2/8
192.168.1.0
S0 12.0.0.2
130
OR
192.168.1.0
Internet
S0 12.0.0.1/8 12.0.0.2/8
12.0.0.1
131
C S*
132
133
13.0.0.0
10.0.0.0
11.0.0.0
12.0.0.0 13.0.0.0
11.0.0.0
12.0.0.0 13.0.0.0
12.0.0.0
13.0.0.0 10.0.0.0
11.0.0.0 10.0.0.0
134
Routing loops
- when network 10.0.0.0 fails , router A will mark its metric by 16 (a max. hop count value to avoid counting to infinity) and send its routing table to B after the periodic interval.
- before B sends its periodic update to C , router C sent its routing table to B containing a path to 10.0.0.0 with a better metric so B think that 10.0.0.0 can be reached by C while C depends on B for that so loop occurs .
10.0.0.0
10.0.0.0
E0
16 down
10.0.0.0 10.0.0.0
S0 S1
16 3
10.0.0.0
S0
2
135
10.0.0.0
E0
16 down
10.0.0.0
S0
16
10.0.0.0
S0
136
10.0.0.0
137
138
RIP v1
- distance vector routing protocol - symbol in routing table is R - admin. Distance = 120 - metric is hop count , metric 16 means unreachable - full routing tables are flooded in the network till convergence occurs (use Bellman Ford algorithm) - after convergence , periodic updates are sent every 30 seconds - at change , triggered update is sent - support load balancing if many paths to the same network exist with an equal metric - Classful
140
RIP Configuration
Router(config)#router rip
141
142
143
144
145
- Operation :
- each router will discover its direct connected neighbors using the hello protocol (layer-3 protocol) - each router will form a packet called link state advertisement L (LSA) S A
10.0.0.1/8 11.0.0.1/8 12.0.0.1/8 State , Cost C
146
A
B C
147
- after convergence: no periodic updates - at change: partial triggered update for the affected route is sent so all 148 routers repeat the link state process.
149
classless
150
151
OSPF
Open standard Shortest path first (SPF) algorithm Link-state routing protocol Use Dijkstras algorithm Administrative Distance = 110 Metric called cost = 10^8 / BW Hop-count is unlimited Symbol in routing table is O Loop free protocol Classless routing protocol
152
OSPF (Cont.)
discover neighbors and maintain neighbor relationship using hello protocol send hello every 10 seconds in point-to-point and broadcast multi-access networks on multicast address 224.0.0.5 to reach neighbors only dead interval = 4 hello timer (40 sec) send LSAs (updates) on multicast address 224.0.0.5 (all OSPF routers) and 224.0.0.6 (DR and BDR routers) Every OSPF router receives LSA updates its Link State Database (LSDB) by copy of this LSA and flood it to all OSPF neighbors except the one that send it, and then runs the Dijkstra OSF algorithm to the new LSDB to draw the new topology tree then form the routing table. 153
OSPF (Cont.)
After convergence : no periodic updates are sent except a periodic refreshment message for LSDB every 30 minutes At change : OSPF sends a triggered update for the affected route so OSPF process repeated again OSPF tables : 1- neighbor table : contains neighbor router IDs and maintained by Hellos 2- topology table : all paths to all networks 3- routing table : 154 best paths to all networks
OSPF supports Hierarchical multiple area design Multiple areas minimizes routing update traffic and limits the frequent SPF calculations and tends scalability to infinity Area 0 is the backbone area and all other areas must be connected to area 0
155
Router ID
every router in OSPF environment is identified by RID RID is 32 bit value, it is selected to be : 1- the highest IP address of loopback interface if exist (logical interface that is always up) to configure loopback interface : (config)# interface loopback no. 255.255.255.255 (config-if)# ip address ip mask
2- if no loopback interfaces the RID will take the highest IP of the active physical interfaces when the OSPF process get started
156
OSPF operation
1- in point to point topology :
- neighbor discovery : by sending hello messages periodically on multicast 224.0.0.5
- for OSPF routers to be neighbors they must have: - the same area ID - same hello and dead intervals - same authentication password - route discovery : exchange LSAs on 224.0.0.5 so as each router has the same LSDB - route selection : form the routing table
157
OSPF operation
2- Broadcast Multiple Access (BMA) Operation :
- Neighbor Discovery : as in point to point - DR & BDR Election: - DR : Designated Router is a router that has 1- highest priority (range 0 255 , default = 1) 2- if equal priorities , DR is the highest RID - BDR : Backup DR is a router that has the second highest priority or RID Note: - if anew router with highest priority added ,it wont be the DR directly (non-preemptive) - router with priority=0 cant be the DR or BDR 158 - the routers that are not DR or BDR called drothers
DR 224.0.0.5
The router will form a topology table from all routing tables it receives. Then apply the Dijekstra algorithm on the tree to extract the routing table
update
159
Update to 224.0.0.5
DR
Ack. - Other routers repeat the OSPF process (SPF tree) to other routers
Update to 224.0.0.5 Ack.
update
160
161
0 0
163
OSPF:hello with invalid timers on interface Ethernet0 hello interval received 10 configured 10 net mask received 255.255.255.0 configured 255.255.255.0 dead interval received 40 configured 30 Router# debug ip ospf packet OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117 aid:0.0.0.0 chk:6AB2 aut:0 auk: Router#debug ip ospf packet
OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116 aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0
165
166
167
Determining IP Routes
Enabling EIGRP
168
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-168
EIGRP (cont.)
Max. hop count = 224. Classless Reliable protocol. Have the same operation in all topologies.
1- Must have the same AS (autonomous system) number. 2- Must have the same K-values. (the same metric equation constants)
170
EIGRP terminologies
Neighbor table: List of all neighbors. Topology table: list of all routes to destination networks. Routing table: list of best routes to all destination networks. Successor ( S ): best route to destination network , stored in routing table and topology. - Feasible successor (FS): backup route to destination network, stored in topology table. - Feasible distance (FD): metric between source and destination network. - Advertised distance (AD): metric between my neighbor and the destination network . AD
- FD = next hop metric + AD.
S FD
171
FS
EIGRP operation
- At start up :
new Hello 224.0.0.10
The router will form a topology table from all routing tables it receives. Then apply the DAUL algorithm on topology table to extract the routing table (S) and calculate the backup routes (FS).
172
update
224.0.0.10
Ack.
173
update
224.0.0.10 Ack.
query
Does any one know another route to the failed network
reply174
Configuring EIGRP
175
Displays the parameters and current state of the active routing protocol process
Router# show ip eigrp traffic
178
Metric 40 Metric 60
- Configuration :
Router(config)# router eigrp 100
Router(config-router)# variance multiplier
Router(config-router)#traffic share-balance
179
RIP v2
Advanced distance vector protocol. No periodic updates, only partial triggered updates. Updates are sent on multicast 224.0.0.9 Classless. Admin. Distance = 120 Symbol ( R ) in routing table. Metric = hop count.
- Configuration :
Router(config)# router rip
Router(config-router)# version 2
Route Summarization
181
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-181
Route summarization
It is grouping block of subnets and advertise them as a single network address. (single IP address represent group of contiguous subnets).
182
183
EX :
8.0.0.0/8
9.0.0.0/8 10.0.0.0/8 11.0.0.0/8 0000 10 00 . 0 . 0 . 0 0000 10 01 . 0 . 0 . 0
0000 10 10 . 0 . 0 . 0
0000 10 11 . 0 . 0 . 0 CIDR 8 . 0 . 0 . 0 / 6
184
RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets. OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets.
185
186
2004 Cisco Systems, Inc. All rights reserved. ICND v2.23-186
VLSM example
- For s1, s2 , s3 to support 60 host we need 6 bits - so subnet mask is 255.255.255.192 - hop count = 256-192 = 64
2 hosts
s2
s5
60 host
2 hosts
s3
60 host
s6
2 hosts
- starting from address 192.168.1.192 give addresses to s4 , s5 , s6 - 2 hosts need 2 bits - new subnet mask is 255.255.255.252 , hop count = 256-252 = 4 - s4 address 192.168.1.192 /30 s5 address 192.168.1.196 /30 VLSM is supported only by the classless routing protocols
188
189
190
2004 Cisco Systems, Inc. All rights reserved. ICND v2.24-190
Manage IP traffic as network access grows Filter packets as they pass through the router
191
ACL Structure
- ACL is a set of commands that are grouped under certain name or number to control traffic flow (permit or deny). - Access list is configured on the router then activated on interfaces.
ACL processing: - statements are checked from up to down. - once a match found, no further checking. - if no match found, the packet will be dropped due to the implicit deny statement at the end of the ACL. - ACL must contain at least one permit statement otherwise all packets will be dropped. - in any ACL , you can not add statement between statements (any new statements can only be added to the end of ACL). - you can have one ACL per interface per protocol per direction. 192
ACL types
ACL
Standard ACL
Numbered 1 - 99 1300 - 1999 Named
Extended ACL
Numbered 100 - 199 2000 - 2699 Named
Note : - in numbered ACL, you can not delete a certain statement , only delete the whole ACL. - In named ACL, you can delete a certain statement between statements.
193
Standard ACLs
- It filters the packets based on the source ip address - Configuration : Router(config)# access-list ACL-number {permit|deny} source ip [w.c.mask]
IP standard ACLs use 1 to 99 default wildcard mask = 0.0.0.0 (exactly match the ip address) 12.0.0.1 0.0.0.0 = host 12.0.0.1 & 0.0.0.0 255.255.255.255 = any no access-list ACL-number removes entire ACL
= host 172.16.4.13
= any
195
(config-line)# access-class 1 in
196
Router(config-if)# ip access-group name {in | out} Activates the named IP ACL on an interface.
197
e0
Server
192.168.1.1/24
C(config)# interface e0
C(config-if)# ip access-group 1 out
198
Extended ACL
- It is more flexible than standard ACL.
- extended ACL can match on:
199
Extended ACL
Note: - 0.0.0.0 is called host mask. - 12.0.0.1 0.0.0.0 = host 12.0.0.1 - 0.0.0.0 255.255.255.255 = any
- The operator and port values : (eq) operator means equal (Lt) operator means less than or equal. (gt) operator means greater than or equal. range 10 80 ---- all ports between 10 , 80
eq 80 = eq http ---- put the port number or name
201
1 in
Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 Permit all other traffic.
202
1 in
Deny only Telnet from subnet 172.16.4.0 Permit all other traffic.
203
Host X 192.168.5.1/24
Server
192.168.1.1/24
205
wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1 Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data
206
Verifying ACLs
router# show ip interfaces e0 Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled <text ommitted>
207
208
2004 Cisco Systems, Inc. All rights reserved. ICND v2.24-208
209
Static NAT
10.0.0.1 10.0.0.1 12.0.0.1 12.0.0.1
10.0.0.1
12.0.0.1
- Static NAT is used when outside users are trying to access your internal resources
210
Establishes static translation between an inside local address and an inside global address
Router(config-if)# ip nat inside
212
Dynamic NAT
- the router is given a pool of IPs that contains global IPs, so every user tries to access a public network will be given an IP from the pool. - To configure Dynamic NAT: 1- Define the pool of IPs. 2- Define which inside addresses are allowed to be translated. (ACL)
213
Defines a standard IP ACL permitting those inside local addresses that are to be translated.
Router(config)# ip nat inside source list access-list-number pool pool-name
Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
214
215
- Static or dynamic NAT provide only one to one translation while PAT supports many to one translation using port numbers.
10.0.0.1
Inside local ip
216
Configuring PAT
Router(config)# access-list access-list-number permit
source-ip source-wildcard
Defines a standard IP ACL that will be permit the inside local addresses that are to be translated
Establishes dynamic source translation, specifying the ACL that was defined in the prior step
217
218
PAT Example
219
220
221
222
Switching
223
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-223
224
2004 Cisco Systems, Inc. All rights reserved. ICND v2.21-224
Layer 2 loops
MAC A A
- provides a loop-free redundant network topology by placing certain ports in the blocking state (logical blocking) - STP protocol enables switches to become aware of each other so they can negotiate a loop free path. - when the used path fails the STP opens the blocked port (activate the other path)
226
- BPDUs (bridge protocol data unit) are flooded from each switch to the other switches on a well known multicast MAC address. - every switch will take a copy of the BPDU and resend it to other switches. - every switch will form a database from all the BPDUs. - BPDU is sent every two seconds.
accumulated path cost bridge ID (BID)
227
BPDU
Port ID
- Bridge ID =
- Root bridge has the lowest priority , if equal priorities then it has the lowest MAC address 228 - after election, the root bridge only sends the BPDUs every 2 sec.
229
2 RP
RP 3
B 5
C 6
(compare 3,5)
(compare 7,8) RP 7 D
8
230
231
DP 1
DP 2
RP
RP 3
B
DP
to get DP : which port is closer to A ? (compare 1,3) (compare 2,4) (compare 5,7) (compare 6,8) RP
C 6
DP
8
D BP
232
at change : the first switch which feels the change sends a BPDU called TCN (Topology change notification) destined the root switch indicating the change. the Root switch sends a configuration BPDU with TCN flag to all switches then the STP will be recalculated. if a new switch added with a lower priority , it will be the 233 root switch
235
236
237
238
2004 Cisco Systems, Inc. All rights reserved. ICND v2.22-238
239
VLAN Overview
VLAN Operation
Traffic can be transferred between only the same VLANs on different switches. To transfer traffic between different Vlans , a router should be used
Trunks carry traffic for multiple VLANs.
241
VLAN membership
1- Static VLAN membership: - assign certain port to a certain VLAN ( port based VLAN ) - by default, all ports of the switch are assigned to VLAN 1 (native VLAN). 2- Dynamic VLAN membership: - assign certain MAC to a certain VLAN ( MAC based VLAN ) - even if the PC changes its port on the switch , the PC still be connected to its VLAN. - This is done by using VMPS ( VLAN membership policy server ).
242
2- Trunk port: - switch port that is member in all Vlans by default. ex: a switch port that connected to another switch.
243
Trunking problem
A 1 5
C Vlan 1
Vlan 1 B
Vlan 2
3 2
Trunk
E
port VLAN MAC
F
port
6
VLAN
D Vlan 2
MAC
A B C,D
1 2 3
1 2 all
C D A,B
5 6 4
1 2 all
- if host B sends a broadcast to Vlan 2, the frames will be passed to port 4 on switch F over the trunk link . - the switch F will broadcast the frames to all ports 5,6 although port 6 is not a member in Vlan 2 because it doesnt know the source VLAN of the frame. - Solution: trunk add a field that identify the source Vlan ID to the frame
244
245
- Vlan 1 - 1001 for Ethernet. - Vlan 1002 - 1023 reserved . ( ex : 1002 - 1005 for token ring and FDDI )
- ISL is not supported now by Cisco.
246
VLAN configuration: 1- Create VLAN. 2- Naming VLAN (optional). 3- Assign ports to VLAN.
248
VLAN configuration
To create and name VLAN: - New method (config)# vlan <vlan id> (config-vlan)# name <name> - Old method # vlan database (vlan)# vlan <valn id> [name <name>]
To assign port to vlan: (config)# int <int. name> (config-if)# switchport mode access (config-if)# switchport access vlan <vlan id>
249
VLAN configuration
To create and name VLAN: Global Mode
Database Mode
250
- Switch port fa1/1 configuration: Switch(config)# int fa1/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation {isl | dot1q}
- Router sub-interface e0/0.1 configuration: Router(config)# int e0/0.1 Router(config-if)# encapsulation {isl | dot1q} <vlan id> Router(config-if)# ip address <ip> <mask>
251
VLAN 2
VLAN 3
3
3
252
Verifying a VLAN
switch# show vlan [brief | id vlan-id | name vlan-name]
253
Configures an IP address and subnet mask for the switch VLAN1 interface to allow ping and telnet to switch
switch# show interfaces vlan 1
Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is 10.2.2.11/24
254
256
257
Verifying a Trunk
switch# show interfaces fa0/11 switchport
Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default)
Encapsulation
802.1q
Status
trunking
Vlans allowed on trunk 1-4094 Vlans allowed and active in management 1-13
258
Area with common VLAN requirements (all switches have the same function and VLAN policy). The switch can only be in one VTP domain.
259
VTP modes
- VTP Modes: 1- server mode: default mode on switch - can add, delete, modify Vlans - generate VTP messages to apply this configuration on the other switches. 2- client mode: - can not add, delete, modify Vlans - accept VTP messages and apply it on itself then forward it - can not generate VTP messages 3- transparent mode: - can add, delete, modify Vlans locally (by console configuration) and can not generate VTP messages - forward VTP messages without applying it on itself 260
VTP Operation
VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number (highest number overrides lower ones).
261
VTP Pruning
Increases available bandwidth by reducing unnecessary flooded traffic
Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN
262
VTP configuration
New Method
switch(config)# switch(config)# switch(config)# switch(config)# switch(config)#
Old Method
switch# vlan database switch(vlan)# vtp [ server | client | transparent ] switch(vlan)# vtp domain <domain-name>
263
VTP Troubleshooting
Switch(config)#vtp domain ICND Switch(config)#vtp mode transparent Switch#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05 Switch#
264
Trunk ?
#show dtp
265
Trunking
Nonegotiate
266
267
switch(config)# interface fa0/1 switch(config-if)# switchport mode access switch(config-if)# switchport port-security switch(config-if)# switchport port-security maximum 1 switch(config-if)# switchport port-security mac-address 0008.eeee.eeee switch(config-if)# switchport port-security violation shutdown
268
270
271
2004 Cisco Systems, Inc. All rights reserved. ICND v2.25-271
WAN Overview
- WANs connects remote sites over large geographical area by using the infrastructure of the service provider. - WANs are a L2 technologies concern by hop-to-hop delivery - Connection requirements vary depending on user requirements, cost, and availability.
272
WAN terminologies
- DTE: data terminal equipment, It is a source of data. - DCE: data communication (circuit) equipment, a device that terminates a connection and provides clocking & synchronization for the connection. - Demarcation point: this is where the responsibility of the service provider is passed to you (logical boundary) - CPE: customer premises equipment, this is your own network equipments which include DTE & DCE. - Local loop: this is the connection from the carriers switch to the demarcation point. - CO switch : central office switch (WAN switch) - Toll network: this is the carrier infrastructure.
274
275
276
277
2004 Cisco Systems, Inc. All rights reserved. ICND v2.25-277
uses a proprietary data field to support multiprotocol environments (but is a Cisco proprietary) default encapsulation method on Cisco routers
278
enables HDLC encapsulation uses the default encapsulation on synchronous serial interfaces
279
Flag
FCS
280
PPP components
1- Link control protocol (LCP) : - responsible for negotiating & maintaining a PPP connection including some options (establish, configure, negotiate options, test, terminate the PPP connection). - LCP options are: authentication, compression, multilink, call back, error detection 2- Network control protocol: - negotiate the upper layer protocols that will be used during the PPP connection.
281
PPP operation
PPP options
1- Authentication:
a- PPP authentication protocol (PAP): - 2 way handshaking - 1 way authentication
client
server
283
1- Authentication (cont.)
- PAP configuration:
Client configuration : (config-if)# encapsulation ppp (config-if)# ppp authentication pap (config-if)# ppp pap sent username <client username> password <password>
Server configuration: (config)# username <client username> password <password> (config-if)# encapsulation ppp (config-if)# ppp authentication pap
284
1- Authentication (cont.)
b- Challenge handshake authentication protocol (CHAP): - 3 way handshaking. - 2 way authentication.
285
1- Authentication (cont.)
- CHAP configuration:
(config)# hostname <local name> (config)# username <remote name> password <password> (config-if)# ppp authentication chap
1- Authentication (cont.)
- CHAP Configuration Example :
287
1- Authentication (cont.)
- Verifying the HDLC and PPP encapsulation configuration :
Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
288
1- Authentication (cont.)
- Verifying PPP Authentication :
290
Troubleshooting
# show interface s0/0.
the status of interface, encapsulation, LCP state, NCP state. #debug ppp negotiation. #debug ppp authentication.
293
294
Frame Relay
295
2004 Cisco Systems, Inc. All rights reserved. ICND v2.26-295
300
- LMI status : 1- Active : connection using this DLCI is all right 2- Inactive : there is a problem in the remote site 3- Deleted : there is a problem in your local site
301
2- Dynamic Resolution. (Inverse ARP) : allows the router to automatically discover the address of next hop on each VC that in active state.
302
303
304
Use LMI to get locally significant DLCI from the Frame Relay switch. Use Inverse ARP to map the local DLCI to the remote router network layer address.
305
Problem:
Broadcast traffic must be replicated for each active connection. Split-horizon rule prevents routing updates received on an interface from being forwarded out the same interface.
306
Use sub-interfaces
split horizon can cause problems in NBMA environments. solution: sub-interfaces can resolve split-horizon issues. a single physical interface simulates multiple logical interfaces. each corresponding peers are in a separate subnet dont assign ip address to the main interface 307
Configuring Subinterfaces
Point-to-point : Subinterfaces act like leased lines. Each point-to-point subinterface requires its own subnet. Point-to-point is applicable to hub-and-spoke topologies. Multipoint : Subinterfaces act like NBMA networks, so they do not resolve the split-horizon issues. Multipoint can save address space because it uses a single subnet. Multipoint is applicable to partial mesh and full mesh topologies.
308
309
310
311
312
314
316
317
LAPF
DE
FECN
BECN
DE : discard eligibility FECN : forward explicit congestion notification BECN : backward explicit congestion notification
319
320
1, 2, 5.5, 11
Up to 6
Up to 22
Up 28
321
In IEEE 802.11 terminology, any group of wireless devices is known as a service set. The devices must share a common service set identifier (SSID), which is a text string included in every frame sent. If the SSIDs match across the sender and receiver, the two devices can communicate.
This is a summary of the different WLAN topologies: Ad hoc mode: This mode is called Independent Basic Service Set (IBSS). Mobile clients connect directly without an intermediate access point. Infrastructure mode: In infrastructure mode, where clients connect through an access point, there are two modes: Basic Service Set (BSS): Mobile clients use a single access point for connectivity to each other or to wired network resources. Extended Services Set (ESS): In this mode, two or more Basic Service Sets are connected by a common distribution system. An Extended Services Set generally includes a common SSID to allow roaming from access point to access point without requiring client configuration.
322