© 2002, Cisco Systems, Inc. All rights reserved.

Networking Basics
How a LAN Is Built

www.cisco.com © 1999, Cisco Systems, Inc.

Local-Area Network—LAN
• What is a LAN?
– A collection of computers, printers, and other
devices that can communicate with each other in a
small area (< ~ 3000 m or 1000 feet)
• What are the components?
– Computers, operating system (OS),
network interface card (NIC), and hubs
• How is a LAN controlled?
– Protocols—Formal descriptions of sets of rules and
conventions that govern how devices on a network
exchange information
 Local-Area Networks

• LANs are designed to:

– Operate within a limited geographic area
– Allow multi-access to high-bandwidth media
– Control the network privately under local
administration
– Provide full-time connectivity to local services
– Connect physically adjacent devices
Network Operating System (OS)
• Software that allows
communicating and sharing
of data and network
resources
• Examples:
– AppleTalk
– NetWare
– Win NT

PC or Workstation
Loaded with NOS
 Network Interface Card
• Amplifies electronic signals
• Packages data for transmission
• Physically connects computer to
transmission
media (cable)

PC or Workstation
Loaded with NOS

Connector Port

Network Interface
Card (NIC)
1990s—Global Internetworking

• 1992—1 major backbone, 3,000 networks, 200K computers

• 1995—Multiple backbones, hundreds of regional nets, tens of thousands
of LAN’s, millions of hosts, tens of millions of users
Doubling every year!
 The OSI Model
• OSI Layer is meant for Networking
manufacturers and developers to provide
them a standard based on which they can
make their products.
• All OSI Layers are independent from each
other, which makes introducing changes
easier as no other layers are effected.
• Ease of Troubleshooting.
 The Layered Model

© 1999, Cisco Systems, Inc. www.cisco.com

 Layered Communication
Location A
I like
Message
rabbits

L: Dutch Information
Ik hou for the
Remote
van Translator
konijnen

Fax #:--- Information

L: Dutch for the
Ik hou Remote
van Secretary
konijnen
Source: Tanenbaum, 1996
 Layered Communication
Location A Location B
I like J’aime
Message
rabbits les lapins

L: Dutch Information L: Dutch

Ik hou for the Ik hou
Remote
van van
Translator
konijnen konijnen

Fax #:---
Fax #:--- Information L: Dutch
L: Dutch for the Ik hou
Ik hou Remote
van
van Secretary
konijnen
konijnen
 Layered Communication
Location A Location B
Layers
I like J’aime
rabbits
Message
3 les lapins

L: Dutch Information L: Dutch

for the
Ik hou
van
remote 2 Ik hou
van
translator
konijnen konijnen

Fax #:---
Fax #:--- Information L: Dutch
L: Dutch for the Ik hou
Ik hou remote
van secretary 1 van
konijnen
konijnen
Why a Layered Network Model?

7 Application • Reduces complexity (one big

problem to seven smaller
6 Presentation ones)
5 Session • Standardizes interfaces
• Facilitates modular
4 Transport
engineering
3 Network • Assures interoperable
2 Data Link technology
• Accelerates evolution
1 Physical
• Simplifies teaching and
learning
 Devices Function at Layers

7 Application
6 Presentation
NIC Card
5 Session

4 Transport
3 Network
2 Data Link
1 Physical Hub
 Host Layers

}
7 Application
6 Presentation Host layers: Provide
5 Session accurate data delivery
between computers
4 Transport
Network
3 Data Link

1 Physical
 Media Layers

}
7 Application
6 Presentation Host layers: Provide
5 Session accurate data delivery
between computers
4
Transport
3
2
1
Network
Data Link
Physical
} Media layers: Control
physical delivery of messages
over the network
 Layer Functions
7 Application Provides network services to
application processes (such as
electronic mail, file transfer, and
terminal emulation)
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

• Ensures data is readable by
receiving system
• Format of data
• Data structures
• Negotiates data transfer
syntax for application layer
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

• Establishes, manages, and
terminates sessions between
applications
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

• Concerned with data transport
issues between hosts
• Data transport reliability
• Establishes, maintains, and
terminates virtual circuits
• Fault detection and recovery
• Information flow control
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

• Provides connectivity and path
selection between two end
systems
• Domain of routing
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

2 Data Link Access to media

• Provides reliable transfer of data
across media
• Physical addressing, network
topology, error notification, flow
control
 Layer Functions
7 Application Network services to applications

6 Presentation Data representation

5 Session Inter-host communication

4 Transport End-to-end connection reliability

3 Network Addresses and best path

2 Data Link Access to media

1 Physical Binary transmission

• Wires, connectors, voltages,
data rates
Peer-to-Peer Communications

Host A Host B
7 Application Application
6 Presentation Presentation
5 Session Session
4 Transport Segments Transport
3 Network Packets Network
2 Data Link Frames Data Link
1 Physical Bits Physical
 Application Layer
• This is where users communicate to the
computer.
• This is where communication between two
users are established.
• This is a point where user or application
interfaces with the protocols to gain access to
the network.
• Examples are WWW, Telnet, FTP, TFTP, E-
mail, SNMP, DNS
 Presentation Layer

• Tasks like Translation, Encryption, decryption,

compression, decompression are associated with
this layer.
• It receives the data in native format & converts in
standard format or receives data in standard
format and converts in native format, ie. EBCDIC
to ASCII.
• It is mainly responsible for how the data is to be
presented to the Application Layer.
• Examples are PICT, TIFF, JPEG, MIDI, MPEG,
GIFF etc.
 Presentation Layer
• Text • Graphics
• Data • Visual images
ASCII PICT
login:
EBCDIC TIFF
Encrypted JPEG
• Sound GIF
MIDI
• Video
MPEG
QuickTime

• Provides code formatting and

conversion for applications
 Session Layer

– Session Establishment
•Establishes a session between two devices before actual
transmission of data.
– Dialog Control
•Simplex
•Half Duplex
•Full Duplex
 Session Layer
• Simplex
– Data travels only one way.
• Radio transmission is the best example of this.

• Half Duplex
– Both way but one at a time. By default all LAN Cards (NICs)
work on Half Duplex.

• Full Duplex
– Both way at the same time.
 Session Layer
• Network File System (NFS)
• Structured Query Language (SQL)
• Remote-Procedure Call (RPC)
• X Window System
• AppleTalk Session Protocol (ASP)
• DEC Session Control Protocol (SCP)

Service Request

Service Reply

• Coordinates applications as
they interact on different hosts
 Transport Layer
• Segments upper-layer applications
• Establishes an end-to-end connection
• Sends segments from one end host to another
• Optionally, ensures data reliability
 Transport Layer
• Transport Layer never actually transports the data but only
prepares for transporting.
• Uses Socket to define the services running on a particular
node, the data is associated with.
• Responsible for the following :
– Segmentation
– End-to-end Communication
– Flow Control
– Error Control
– Multiplexing of Applications
• TCP, UDP and SPX work at this layer
 Socket
• Socket is a software component and points to a particular service running
on a particular node.
• Structure of a socket
– IP Address + Port Address
• Each service has a unique Port address
• Max. Port Addresses can be 65,536
• Port address 1-1023 is reserved for specific Services like
– WWW - 80
– FTP - 21
– SMTP - 25
• Port Addresses are reserved for standardization purpose.
 Transport Layer—
Segments Upper-Layer
Applications
Application Electronic File Terminal

Presentation Mail Transfer Session

Session

Transport Application Application

Data Data
Port Port

Segments
 Port Numbers

F T S D T S R
Application T E M N F N I
Layer P L T S T M P
N P P P
E
T

21 23 25 53 69 161 520 Port

Transport Numbers
Layer TCP UDP
 Segmentation

• This is a mechanism wherein the data is divided into multiple

segments and sent over the network.
• By doing this different segments can use different links for
travelling across the network.
• If one segment is lost the only segment is required to be re-
sent and not the entire data.
• Once all segments reach to the destination the received
segments have to be sequenced back, which is also done at
this layer.
 Transport Layer—
Sends Segments with Flow Control
Transmit

Sender Receiver

Buffer Full
Not Ready
Stop
Process
Segments

Go Ready
Buffer OK

Resume Transmission
 Flow Control

• Used while connection oriented communication

• It helps to have a control on over flow of Buffer.
• Advantages are:
– The segments delivered are acknowledged if received
– Any segment not acknowledged are retransmitted
– segments are sequenced back upon their arrival
– Congestion, Overloading and data loss are avoided
• To achieve all this it uses the technique of Sliding window or
Windowing
 Transport Layer—
Establishes Connection

Sender Receiver
Synchronize
Negotiate Connection
Synchronize
Acknowledge

Connection Established
Data Transfer

(Send Segments)
 End-to-End Communication
• Connection Less Transmission
– UDP is used
– Not reliable
– Faster
• Connection Oriented Transmission
– TCP or SPX is used
– Reliable
– Slower
 Connection Oriented Protocol

• These protocols relies on Acknowledgement.

• Positive acknowledgement means data has been
received.
• Negative acknowledgement means data is lost no
further data is sent till positive acknowledgement is
received.
• It is slow but Reliable.
• Eg. TCP and SPX
 Transport Layer—
Reliability with Windowing
• Window Size = 1
Send 1 Receive 1
Ack 2
Sender Send 2 Receive 2 Receiver
Ack 3

• Window Size = 3
Send 1 Receive 1
Send 2 Receive 2
Sender
Send 3 Receive 3 Receiver
Ack 4
Send 4
 Transport Layer—
An Acknowledgement Technique

Sender Receiver

1 2 3 4 5 6 7 1 2 3 4 5 6 7
Send 1
Send 2
Send 3
Ack 4
Send 4
Send 5
Send 6
Ack 5
Send 5
Ack 7
 Connection Less Protocol
• They do not provide acknowledgement neither
sequence numbers.

• It is faster but not reliable

• Eg. UDP
 Network Layer
• It is responsible for communicating Networks
• It recognizes Networks with the help of Netwok Addresses
– Network Address is a logical address like IP Address or IPX Address
– It is common for a group of computers
• It works only with Network IDs and has got nothing to do with host Ids.
• Path determination or Routing is performed at this layer.
• Router works at this layer.
 Network Layer: Path
Determination

Which
Which Path?
Path?

• Layer 3 functions to find the best

path through the internetwork
Network Layer: Communicate
Path

5
2 9
6 8
4
10 11
1 3
7

• Addresses represent the path of media

connections
Addressing—Network and Node

Network Node

1 1
2.1
2
3 1.2

2 1 1.3 1.1 3.1

3 1

• Network address—Path part used by the router

• Node address—Specific port or device on the network
Protocol Addressing Variations

General Network Node

Example 1
1

Network Host
TCP/IP
Example 10. 8.2.48 (Mask 255.0.0.0)

Network Node
Novell IPX
Example 1aceb0b. 0000.0c00.6e25
 Network Layer
Protocol Operations
X Y
C
C

A
A

• Each router provides its services to support

upper layer functions
 Routed Versus Routing Protocol
• Routed protocol
used between
routers to direct
user traffic

Examples: IP, IPX,

AppleTalk

• Routing protocol
used only between
routers to maintain
routing tables
Examples: RIP, IGRP, OSPF
Static Versus Dynamic Routes
Static Route
Uses a protocol route that a network
administrator enters into the router

Dynamic Route
Uses a route that a network protocol
adjusts automatically for topology or
traffic changes
 Static Route Example

Point-to-point or
A
A circuit-switched
connection

Only a single network

connection with no need B
B
for routing updates

“Stub” network
• Fixed route to address reflects
administrator’s knowledge
Adapting to Topology Change

A
A B
B

D
D C
C

• Can an alternate route substitute

for a failed route?
Adapting to Topology Change

A
A B
B

X
D
D C
C
Adapting to Topology Change

A
A B
B

X
D
D C
C

• Can an alternate route substitute

for a failed route?
Yes—With dynamic routing enabled
 Data Link Layer
• It uniquely identifies each device in the Network.
• It translates data from Network Layer into bits for the Physical
layer to transmit.
• It formats the messages into Data Frames
• Adds a customized header containing Source and Destination
hardware address
• This layer works with Frames
This layer is logically divided in two sub-layers:
LLC (Logical Link Control)
MAC (Media Access Control)
 Physical Layer
• Electrical and Mechanical settings are provided at this layer.
• Transmits data in the form of bits.
• This layer communicates directly with actual communication media.
• At this layer DCE & DTE are identified
– DCE (Data Circuit-Terminating Equipment)
• Located at Service Provider’s side
– DTE (Data Terminal Equipment)
• The attached device at customer’ Place eg. Modem
– Services available to a DTE is most often accessed via a Modem or
Channel Service Unit (CSU) Data Service Unit (DSU).
• HUBs & REPEATERS are working at this layer.
• Max. troubleshooting occurs at this layer.
© 2002, Cisco Systems, Inc. All rights reserved.
DOD MODEL
 The DoD Model
• The Process / Application Layer

• The Host-to-Host Layer

• The Internet Layer

• The Network Layer

 The DoD & OSI
DoD Model OSI Model
Application
Application Presentation
Session
Host-to-Host Transport
Internet Network
Network Data Link
Access Physical
 Process/Application Layer

• The Process / Application layer defines protocols

for node-to-node application communication and
also controls user-interface specification.
• A vast array of protocols combine at this layer of
DoD’s Model to integrate the activities and duties
of upper layer of OSI.
–Examples for this layer are :
Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS
DHCP, BootP etc.
 Host-to-Host Layer
• The Host-to-Host layer parallels the functions of
the OSIs Transport layer
• It performs the following:
– Defining protocols for setting up the level of
transmission service for Applications
– It tackles issues like creating reliable ene-to-
end communication.
– It ensures the error free delivery of data
– It handles packet sequencing and maintains
data integrity.
 Internet Layer
• Internet Layer corresponds to the OSI’s Network
Layer.
• It performs the following:
–Designating the protocols relating to the logical
transmission of packets over the entire network.
–It takes care of the addressing of hosts by
giving them an IP address.
–It handles routing of packets among multiple
networks.
 Network Access Layer
•This layer is equivalent of the Data Link and Physical
Layer of OSI model.
•It performs the following
– It monitors the data exchange between the host and
the network.
– Network Access Layer overseas hardware addressing
and defines protocols for the physical transmission of
the Data.

Lets have a look on how TCP/IP Protocol suit relates to

the DoD model layers.
 TCP/IP Protocol Suit at DoD
DoD Model TCP/IP Protocol Suit
Telnet FTP LPD SNMP
Process /
Application TFTP SMTP NFS X Window

Host-to-Host TCP UDP

ICMP BootP ARP RARP
Internet
IP

Network Fast Token

Ethernet FDDI
Access Ethernet Ring
LOWER LAYERS
PROTOCOLS
Common LAN Technologies

• Ethernet

Token
• Token Ring Ring

FDDI
• FDDI Dual Ring
 Ethernet

© 1999, Cisco Systems, Inc. www.cisco.com

 Introduction
• Ethernet is a methodology for accessing a media
• It allows all hosts on a network to share the same bandwidth of
a link.
• It is popular because :
– It is easy to implement & Troubleshoot
– It is easy to add new technologies like Fast Ethernet and
Gigabit Ethernet to existing infrastructure.
• Ethernet uses Data Link Layer and Physical Layer
Specification
• It uses something called CSMA/CD
Ethernet Operation
A B C D
Ethernet Operation
A B C D

D
Application
Presentation
Session
Transport
Network
Data Link
Physical
Ethernet Operation
A B C D

D B and C
Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network
Data Link Data Link
Physical Physical
 Ethernet LANs:
How do they work?

• Multiple workstations
are connected to a
“segment”
• Each station has to take
turns sending traffic
• All stations listen to all
traffic on their segment
• Stations can only send
data (Ethernet Frames)
when no one else is
sending
 Ethernet LANs:
MAC Addresses

0000.0c12.3456 • Every workstation has

a Network Interface
Card (NIC)
• Every NIC has a unique
MAC address
• Stations use MAC
addresses to send
Ethernet Frames to a
0000.1018.321a 0000.0c12.1111 specific station
 Ethernet LANs:
Unicast Frames
0000.0c12.3456 • Ethernet frames contain
the MAC address of the
station that the frame
was sent to
• These are called
Frame
To: 0000.0c12.3456 “unicast” frames
• All stations receive the
Ethernet frame, but
ignore the frames that
0000.1018.321a 0000.0c12.1111
are not addressed to
their MAC address
 Ethernet LANs:
Broadcast Frames

0000.0c12.3456
• Some Ethernet frames
are sent to all stations
• These are called
“broadcast” frames
Frame
To: FFFF.FFFF.FFFF
• All stations process
this frame

0000.1018.321a 0000.0c12.1111
 Flow Control Mechanism
on Ethernet

• CSMA/CD is the
mechanism that
Frame Packet
regulates the segment
• Each station listens for
other traffic before they
transmit
 Ethernet Collisions

Collision!

Packe
• Sometimes stations
Frame Packe
Frame t
t transmit
Frame Packet Frame Packet
simultaneously
• Two frames on the
same segment collide
• Collisions require
each station to wait
and resend
 Ethernet Reliability

A B C D
Figure 1

A B C D
Figure 2

Collision
Ethernet Reliability

A B C D

Collision
A B C D

JAM JAM JAM JAM JAM JAM

 Ethernet Reliability
A B C D

Collision
A B C D

JAM JAM JAM JAM JAM JAM

• Carrier sense multiple access with

collision detection (CSMA/CD)
 CSMA/CD
• CSMA/CD stands for Carrier Sense Multiple Access /
Collision Detect.

• It is used by all NICs in Ethernet Networking

• In this method all NICs first sense whether the cable is

free or not.

• If it is free the request is sent otherwise it waits.

 Half Duplex Ethernet
• It is defined in 802.3 Ethernet specifications
• It uses only one wire pair for signals running
in both direction.
• CSMA/CD is used to prevent collision.
• Half Duplex typically 10base T is 50-60 %
efficient. (In CISCO views)
• In a large 10 base T network you only get 3 to
4 MBPS at most.
 Full Duplex
• Full Duplex Ethernet uses two pairs of wires.
• It uses Point-to-Point connection
• There is no collision in Full Duplex
• Full Duplex is suppose to offer 100%
efficiency in both direction
• Means you can get 20 MBPS in 10 MBPS or
200 MBPS in Fast Ethernet running Full
Duplex.
 Auto Detect Mechanism
• When a Full Duplex port is powered on, it first
checks with remote end and decides whether
it can run on 10 or 100 MBPS.

• Then it checks to see whether it can run Full

duplex or half duplex.

• This is called Auto Detect Mechanism.

• Ethernet Addressing uses MAC Address
– MAC addresses are burned on every NIC
Ethernet Addressing
– It is a 48-bit address
– It is written in the same format even if different LAN
Technologies are used.

24 bits 24 bits

Organizationally
Unique Identifier (OUI) Vender Assigned
(Assigned by IEEE)
Ethernet Addressing using MAC Addresses
 Ethernet and IEEE 802.3
• Benefits and background
– Ethernet is the most popular physical layer LAN technology because it
strikes a good balance between speed, cost, and ease of installation
– Supports virtually all network protocols
– Xerox initiated, then joined by DEC & Intel in 1980
• Revisions of Ethernet specification
– Fast Ethernet (IEEE 802.3u) raises speed from 10 Mbps to 100 Mbps
– Gigabit Ethernet is an extension of IEEE 802.3 which increases speeds to
1000 Mbps, or 1 Gbps
Ethernet and IEEE 802.3

• Several framing variations exist for this

common LAN technology
 Ethernet Frames
• Frames are used at the Data Link Layer to
encapsulate packets coming down for
transmission on a type of Media Access
• Types of Media Access
– Contention (Ethernet)
– Token Passing (Token Ring or FDDI)
We will be covering only “Contention”, as rest all are beyond the scope of our course.
 MAC SUB-LAYER

MAC Layer - 802.3

# Bytes 8 6 6 2 Variable 4
Preamble Dest add Source add Length Data FCS

Ethernet II
uses “Type”
0000.0C xx.xxxx here and
does not use
IEEE assigned Vendor 802.2.
assigned

MAC Address
 Preamble
• It allows the receiving devices to lock the
incoming bit stream.
• The Peamble is used to indicate to the
receiving station that the data portion of
the message will follow.
 Destination Address (DA)
• DA is used by receiving stations to determine
if an incoming packet is addressed to a
particular node.
• Uses LSB (Least Significant Bit) first
• Destination can be individual, multicast or
broadcast
– Broadcast will be all 1s or Fs and will be sent to
all.
– Multicast will be sent to the specific subnet
 Source Address (SA)
• SA is a 48 bit MAC Address supplied by
the transmitting device.
• Broadcast and Multicast address formats
are illegal within the SA fields.
• It uses LSB (Least significant bit first)
 Length or Type Field
• 802.3 uses length field where as Ethernet frame
uses type field to identify the network layer
protocol.

• 802.2 can identify upper-layer protocol and must

be used with 802.3 frame.
 Data
• This is the packet sent down to the Data
Link Layer from the Network layer.

• The size can vary from 46-1500 bytes.

 Frame Check Sequence (FCS)
• FCS is a field at the end of the frame that
is used to store the cyclic redundancy
check.
Data Link Layer Functions (cont.)
802.2 (SNAP)
# Bytes 1 1 1 or 2 3 2 Variable

Dest SAP Source SAP Ctrl OUI

Type Data
AA AA 03 ID

OR 802.2 (SAP)
# Bytes 1 1 1 or 2 Variable
Dest Source
Ctrl Data
SAP SAP

Preamble Dest add Source add Length Data FCS

MAC Layer - 802.3

 802.2 Frame
• 802.2 Frame has two new fields
– DSAP (Destination Service Access Pointer)
– SSAP (Source Service Access Pointer)

• 802.2 frame type is nothing but 802.3 frame

with LLC information

• Because of the LLC information we know

what upper layer protocol is.
•
SNAP Frame
The SNAP Frame has its own protocol field to identify
the upper layer protocol.
• To Identify SNAP Frame:
– DSAP and SSAP fields are always AA to indicate that
this is a SNAP header coming up.
– it is an LLC data unit (sometimes called a Logical
Protocol Data Unit (LPDU)) of Type 1 (indicated by 03)
– The SNAP header then indicates the vender via the
Organisational Unique Identifier (OUI) and the protocol
type via the Ethertype field
CISCO uses SNAP frame with their proprietary protocol
CDP (CISCO Discovery Protocol)
 EXAMPLE - SNAP

In the example above we have the OUI as

00-00-00 which means that there is an Ethernet
frame, and the Ethertype of 08-00 which
indicates IP as the protocol.
ETHERNET
CABLING
 Network Cabling
• Media connecting network components
– NIC cards take turns transmitting on the cable
– LAN cables only carry one signal at a time
– WAN cables can carry multiple signals
simultaneously
• Three primary types of cabling
– Twisted-pair (or copper)
– Coaxial cable
– Fiber-optic cable
 Twisted-Pair (UTP and STP)
STP only:
Twisted-Pair
Shielded Insulation
to Reduce EMI Color-Coded
Outer Jacket Plastic Insulation

Speed and throughput: 10/100 Mbps RJ-45

Relative cost: Least costly Connector

Media and connector size: Small

Maximum cable length: 100 m
 Coaxial Cable
Braided Copper Shielding
OuterJacket
Plastic Insulation
Copper Conductor

BNC Connector
Speed and throughput: 10/100 Mbps
Relative cost: More than UTP, but still low
Media and connector size: Medium
Maximum cable length: 200/500 m
 Fiber-Optic Cable
Plastic
Kevlar Reinforcing
Outer Jacket Shield Glass Fiber
Material
and Cladding

Speed and throughput: 100+ Mbps

Average cost per node: Most expensive
Media and connector size: Small
Maximum cable length: Up to 2 km
 Optical Fiber

•Metal cables transmit signals in the form of electric

current
•Optical fiber is made of glass or plastic and transmits
signals in the form of light.
•Light, a form of electromagnetic energy, travels at
300,000 Kilometers/second ( 186,000 miles/second), in
a vaccum.
•The speed of the light depends on the density of the
medium through which it is traveling ( the higher
density, the slower the speed).
 Ethernet Local Area Network
• Ethernet was first created and implemented by a group called
DIX (Digital, Intel and Xerox).
• The first Ethernet specification was modified by IEEE and
IEEE 802.3 was created.
• This was a 10Mbps network running on co-axial, twisted pair
and fiber physical media.
• IEEE 802.3 was further modified by IEEE only and 802.3u
(Fast Ethernet) and 802.3g (Gigabit Ethernet) was created.
• 802.3u and 802.3g are specified only on twisted pair and fiber
physical media.
 Ethernet Protocol Names
100BaseFX

LAN Indicates type of cable

speed (bps) and maximum length.
If a number,
max. length = # x 100 m

“Base” = baseband
“Broad” = broadband
 Cable Specification

Cables Distance Throughput Ethernet Connectors

Standard
Co-axial 185 Mtrs. 10 MBPS 10Base2 T-connector
Thinnet
Co-axial 500 Mtrs. 100 MBPS 10Base5 AUI
Thicknet
Category 3 100 Mtrs. 10 MBPS 10BaseT RJ-45

Category 5 100 Mtrs. 100 MBPS 10BaseX / RJ-45

Fast Ethernet
 UTP Connections (RJ-45)
• UTP Cables have eight colored wire.
• These wires are twisted into 4 pairs
• Four (two pairs) carry the voltage and are
considered tip.
• The more twists per inch in the wire, the less
interference.
• CAT 5 & 6 have many more twists per inch than
CAT 3 UTP.
 Crimping
• There are two types of Crimping used with UTP cables and
RJ-45 connectors.
– Straight-Through
This is used while connecting
• Router to a Hub or Switch
• Server to Hub or Switch
• Workstation to a Hub or Switch
– Crossover
This is used while connecting
• Uplinks between Switches
• Hubs to Switches
• Hub to another Hub
• Router Interface to another Router Interface
 UTP Implementation
Straight-through
Cable 10BaseT/
Straight-through Cable
100BaseTx Straight-through

8 1
Hub/Switch Server/Router
1 8
Pin Label Pin Label
1 TD+ 1 8 1 8
1 RD+
2 RD- 2 TD-
3 TD+ 3 RD+
4 NC 4 NC
5 NC 5 NC w g w b w o w br w g w b w o w br
g o b br
g o b br
6 TD- 6 RD-
7 NC 7 NC Wires on cable ends
8 NC 8 NC
are in same order
 UTP Implementation
Crossover
Cable 10BaseT/
100BaseT Crossover Crossover Cable

Hub/Switch Hub/Switch 8 1
Pin Label Pin Label 1 8
1 RD+ 1 RD+ 8 1 8 1
2 RD- 2 RD-
3 TD+ 3 TD+
4 NC 4 NC
5 NC 5 NC w ww w
br b o g
br w g w b w o w
6 TD- g br o b
6 TD- br b g o
7 NC 7 NC Some wires on cable
8 NC 8 NC
ends are crossed
CISCO MODEL
Network Structure Defined by
Hierarchy
Core Layer

Distribution
Layer

Access
Layer

118
The Three Layers are :

•Core Layer

•Distribution Layer

•Access Layer
Core Layer Characteristics

Core Layer

• Fast transport to enterprise services

• No packet manipulation

120
 Core Layer

–Core Layer is actually the core of the network.

–It is responsible for transporting large amount
of traffic reliably and quickly.
–Core Layer failure affects each individual user,
hence fault tolerance becomes an issue at this
layer.
–Core layer is likely to see large volume of
traffic, hence speed and latency is the driving
concerns.
–There are few thing we do not want to do at
core layer but few things are recommended to
do at this layer.
 Distribution Layer
Characteristics
• Access Layer
Aggregation Point Distribution Layer
• Routes traffic
• Broadcast/Multicast
Domains
• Media Translation
• Security
• Possible point for remote access
122
 Distribution Layer
– It is sometimes also referred as workgroup layer.
– It is communication point between Access Layer
and Core Layer.
– Routing, Filtering & WAN Access is the Primary
function of the distribution layer.
– Network policies are implemented at Distribution
Layer.
– Best path is determined and request are
forwarded to Core Layer.
 At Distribution Layer
We do the following:
– Implementation of tools like access lists, packet
filtering etc.
– Implementation of security and network policies
like address translation and firewalls
– Redistribution between routing protocols, including
static routing
– Routing between VLANs
– Definition of Broadcast and Multicast Domains
Access Layer Characteristics

Access Layer

End station entry point to the network

125
 The Access Layer
• Access Layer controls users and workgroup
access to network resources.
• This layer is also referred to as Desktop
Layer.
• Continues access control and policies from
distribution layer
• Creation of separate collision domains
(segmentation)
• Workgroup connectivity into the distribution
layer
© 2002, Cisco Systems, Inc. All rights reserved.
UPPER LAYER PROTOCOLS
 What Is TCP/IP?

• A suite of protocols
• Rules that dictate how packets
of information are sent across
multiple networks
• Addressing
• Error checking
 TCP/IP Protocol
• The Transmission Control Protocol/Internet Protocol (TCP/IP)
suit was created by the Department of Defense (DoD).
• The Internet Protocol can be used to communicate across
any set of interconnected networks.
• TCP/IP supports both LAN and WAN communications.
• IP suite includes not only Layer 3 and 4 specifications but
also specifications for common applications like e-mail,
remote login, terminal emulation and file transfer.
• The TCP/IP protocol stack maps closely to the OSI model in
the lower layers.
 The DoD & OSI
DoD Model OSI Model
Application
Application Presentation
Session
Host-to-Host Transport
Internet Network
Network Data Link
Access Physical
 TCP/IP Protocol Suit at DoD
DoD Model TCP/IP Protocol Suit
Telnet FTP LPD SNMP
Process /
Application TFTP SMTP NFS X Window

Host-to-Host TCP UDP

ICMP BootP ARP RARP
Internet
IP

Network Fast Token

Ethernet FDDI
Access Ethernet Ring
 TCP/IP Applications
• Application layer
– File Transfer Protocol (FTP)
– Remote Login (Telnet)
– E-mail (SMTP)
• Transport layer
– Transport Control Protocol (TCP)
– User Datagram Protocol (UDP)
• Network layer
– Internet Protocol (IP)
• Data link & physical layer
– LAN Ethernet, Token Ring, FDDI, etc.
– WAN Serial lines, Frame Relay, X.25, etc.
 Internet Layer Overview

Internet Protocol (IP)

Application
Internet Control Message
Transport Protocol (ICMP)

Internet Address Resolution

Protocol (ARP)
Data-Link
Reverse Address
Physical Resolution Protocol (RARP)

• In the OSI reference model, the network layer

corresponds to the TCP/IP Internet layer.
 Internet Protocol

• Provides connectionless,best - effort

delivery routing of datagrams.

• IP is not concerned with the content of

the datagrams.

• It looks for a way to move the datagrams

to their destination.
 IP Datagram
Bit
1 0 Bit 15 Bit 16 Bit 31
Version Header Type
(4) Length (4) Total Length (16)
of Service (8)
Flags
Identification (16) (3) Fragment Offset (13)

Time-to-Live (8) Protocol (8) Header Checksum (16) 20

Bytes
Source IP Address (32)

Destination IP Address (32)

Options (0 or 32 if Any)

Data (Varies if Any)

 IP Datagram
• Version – Currently used IP version
• Header Length – Datagram header length
• TOS – Level of importance assigned by a particular upper-layer protocol
• Total Length- Length of packet in bytes including Data and Header
• Identification – Identifies current datagram (Sequence Number)
• Flags – Specifies whether the packet can be fragmented or not
• Fragment Offset – Used to piece together datagram fragments
•TTL – It maintains a counter that gradually decreases, in increments, to zero
• Protocol – It indicates which upper-layer protocol receives incoming packets
• Header Checksum – Calculated checksum of the header to check its integrity
• Source IP Address – Sending node IP Address
• Destination IP Address – Receiving node IP Address
• Options – It allows IP to support various options like security
• Data – Upper layer information (maximum 64Kb)
 Protocol Field

Transport
TCP UDP
Layer

6 17 Protocol
Numbers
Internet
Layer IP

• Determines destination upper-layer protocol

 Address Resolution Protocol
(ARP)
• ARP works at Internet Layer of DoD Model
• It is used to resolve MAC address with the help
of a known IP address.
• All resolved MAC addresses are maintained in
ARP cache table is maintained.
• To send a datagram this ARP cache table is
checked and if not found then a broadcast is sent
along with the IP address.
• Machine with that IP address responds and the
MAC address is cached.
 Address Resolution Protocol
I need the
Ethernet
address of
176.16.3.2.

172.16.3.1 172.16.3.2

IP: 172.16.3.2 = ???

 Address Resolution Protocol
I need the
I heard that broadcast.
Ethernet
The message is for me.
address of
Here is my Ethernet
176.16.3.2.
address.

172.16.3.1 172.16.3.2

IP: 172.16.3.2 = ???

 Address Resolution Protocol
I need the
I heard that broadcast.
Ethernet
The message is for me.
address of
Here is my Ethernet
176.16.3.2.
address.

172.16.3.1 172.16.3.2

IP: 172.16.3.2 = ???

IP: 172.16.3.2
Ethernet: 0800.0020.1111
 Address Resolution Protocol
I need the
I heard that broadcast.
Ethernet
The message is for me.
address of
Here is my Ethernet
176.16.3.2.
address.

172.16.3.1 172.16.3.2

IP: 172.16.3.2 = ???

IP: 172.16.3.2
Ethernet: 0800.0020.1111

Map IP Ethernet
 RARP (Reverse ARP)
• This also works at Internet Layer.
• It works exactly opposite of ARP
• It resolves an IP address with the help of a
known MAC addres.
• DHCP is the example of an RARP
implementation.
• Workstations get their IP address from a RARP
server or DHCP server with the help of RARP.
 Reverse ARP

What is
my IP
address?

Ethernet: 0800.0020.1111 IP = ???

 Reverse ARP
I heard that
broadcast.
What is
Your IP
my IP
address is
address?
172.16.3.25.

Ethernet: 0800.0020.1111 IP = ???

 Reverse ARP
I heard that
broadcast.
What is
Your IP
my IP
address is
address?
172.16.3.25.

Ethernet: 0800.0020.1111 IP = ???

Ethernet: 0800.0020.1111
IP: 172.16.3.25
 Reverse ARP
I heard that
broadcast.
What is
Your IP
my IP
address is
address?
172.16.3.25.

Ethernet: 0800.0020.1111 IP = ???

Ethernet: 0800.0020.1111
IP: 172.16.3.25

•Map Ethernet IP
 Bootstrap Protocol (BootP)

• BootP stands for BootStrap Protocol.

• BootP is used by a diskless machine to learn the
following:
– Its own IP address
– The IP address and host name of a server
machine.
– The boot filename of a file that is to be loaded
into memory and executed at boot-up.
• BootP is an old program and is now called the
DHCP.
DHCP (Dynamic Host Configuration Protocol)

• The DHCP server dynamically assigns IP address to hosts.

• All types of Hardware can be used as a DHCP server, even a Cisco
Router.
• BootP can also send an operating system that a host can boot
from. DHCP can not perform this function.
• Following information is provided by DHCP while host registers for
an IP address:
• IP Address
– Subnet mask
– Domain name
– Default gateway (router)
– DNS
 Internet Control Message
Protocol
•ICMP messages are carried in IP datagrams and used to send
error and control messages.

Application

Transport Destination
1 Unreachable
ICMP
Echo (Ping)
Internet
Other
Data-Link

Physical
ICMP Ping
 Transport Layer Overview

Transmission Control Connection-

Application Protocol (TCP) Oriented

Transport User Datagram Connectionless

Protocol (UDP)
Internet

Data-Link

Physical
Transmission Control Protocol
(TCP)
• TCP works at Transport Layer

• TCP is a connection oriented protocol.

• TCP is responsible for breaking messages into

segments and reassembling them.

• Supplies a virtual circuit between end-user

application.
 TCP Segment Format
Bit 0 Bit 15 Bit 16 Bit 31

Source Port (16) Destination Port (16)

Sequence Number (32)

Acknowledgment Number (32) 20

Bytes
Header
Length (4) Reserved (6) Code Bits (6) Window (16)

Checksum (16) Urgent (16)

Options (0 or 32 if Any)

Data (Varies)
 TCP Segment Format
• Source port – Number of the calling port
• Destination Port – Number of the called port
• Sequence Number – Number used to ensure correct sequencing of the
arriving data
• Acknowledgement Number – Next expected TCP octet
• Header Length – Length of the TCP header
• Reserved – Set to zero
• Code Bits – Control Functions (setup and termination of a session)
• Window – Number of octets that the sender is willing to accept
• Checksum – Calculated checksum of the header and data fields
• Urgent Pointer – Indication of the end of the urgent data
• Options – One option currently defined (maximum TCP segment size)
• Data – Upper layer protocol data
 Port Numbers

F T S D T S R
T E M N F N I
Application P
P L T S T M
Layer
N P P P
E
T

21 23 25 53 69 161 520 Port

Transport Numbers
Layer TCP UDP
 TCP Port Numbers

Source Destination
…
Port Port

Telnet Z
Host A Host Z

SP DP Destination port = 23.

Send packet to my
1028 23 …
Telnet
application.
 TCP Three-Way Handshake/Open
Connection
Host A Host B

Send SYN
1
(seq = 100 ctl = SYN)
SYN Received

Send SYN, ACK 2

SYN Received (seq = 300 ack = 101
ctl = syn,ack)
Established
3 (seq = 101 ack = 301
ctl = ack)
TCP Simple Acknowledgment
Sender Receiver
Send 1
Receive 1
Send ACK 2
Receive ACK 2

Send 2
Receive 2
Send ACK 3
Receive ACK 3
Send 3
Receive 3

Receive ACK 4 Send ACK 4

• Window Size = 1
 TCP Sequence and
Acknowledgment Numbers
Source Destination Sequence Acknowledgment
…
Port Port

I just
sent number I just got number
10 10, now I need
number 11.

Source Dest. Seq. Ack.

1028 23 10 1
Source Dest. Seq. Ack.
23 1028 1 11
Source Dest. Seq. Ack.
1028 23 11 2
.
 TCP Windowing

Window Size = 3 Window Size = 3

Sender Send 1 Receiver
Window Size = 3
Send 2
Window Size = 3
Send 3
ACK 3 Packet 3 Is
Window Size = 2 Dropped
Window Size = 3
Send 3
Window Size = 3
Send 4
ACK 5
Window Size = 2
 UDP (User Datagram
• Protocol)
A connectionless and unacknowledged protocol.
• UDP is also responsible for transmitting messages.
• But no checking for segment delivery is provided.
• UDP depends on upper layer protocol for reliability.
• TCP and UDP uses Port no. to listen to a particular
services.
 UDP Segment Format
Bit
1 0 Bit 15 Bit 16 Bit 31

Source Port (16) Destination Port (16)

8
Bytes
Length (16) Checksum (16)

Data (if Any)

• No sequence or acknowledgment fields

 UDP Segment Format

• Source port – Number of the calling port

• Destination Port – Number of the called port
• Length – Number of bytes, including header and data
• Checksum – Calculated checksum of the header and data
fields
• Data – Upper layer protocol data
Application Layer Overview
File Transfer
- TFTP*
- FTP*
- NFS
E-Mail
- SMTP
Remote Login
Application
- Telnet*
- rlogin*
Transport Network Management
- SNMP*
Internet Name Management
- DNS*
Data-Link
*Used by the Router
Physical
 Telnet

• Telnet is used for Terminal Emulation.

• It allows a user sitting on a remote machine to
access the resources of another machine.
• It allows you to transfer files from one machine to
another.
• It also allows access to both directories and files.
• It uses TCP for data transfer and hence slow but
reliable.
 Network File System (NFS)

• It is jewel of protocols specializing in file

sharing.
• It allows two different types of file systems to
interoperate.
• This is striped down version of FTP.
• It has no directory browsing abilities.
• It can only send and receive files.
• It uses UDP for data transfer and hence faster
but not reliable.
 LPD (Line Printer Daemon)

• The Line Printer Protocol is designed for Printer

sharing.

• The LPD along with the LPR (Line Printer

Program) allows print jobs to spooled and sent to
the network’s printers using TCP/IP.
X Window
• X-windows defines a protocol for the writing of
graphical user interface-based client/Server
application.
 Simple Network Management
Protocol
• SNMP enable a central management of
Network.
• Using SNMP an administrator can watch the
entire network.
• SNMP works with TCP/IP.
• IT uses UDP for transportation of the data.
 DNS (Domain Name Service)
• DNS resolves FQDNs with IP address.
• DNS allows you to use a domain name to
specify and IP address.
• It maintains a database for IP address and
Hostnames.
• On every query it checks this database and
resolves the IP.
© 2002, Cisco Systems, Inc. All rights reserved.
 Introduction to TCP/IP
Addresses

172.18.0.1 172.16.0.1

172.18.0.2 172.16.0.2
HDR SA DA DATA
10.13.0.0 192.168.1.0
10.13.0.1 172.17.0.1 172.17.0.2 192.168.1.1

– Unique addressing allows communication

between end stations.
– Path choice is based on destination address.
• Location is represented by an address
 IPv4 Addressing

• 32-bit addresses
• Commonly expressed in dotted
decimal format (e.g., 192.168.10.12)
• Each “dotted decimal” is commonly
called an octet (8 bits)
 IP Addressing
32 bits
Dotted
Decimal Network Host

Maximum 255 255 255 255

 IP Addressing
32 bits
Dotted
Decimal Network Host

Maximum 255 255 255 255

1 8 9 16 17 24 25 32

Binary 11111111 11111111 11111111 11111111

64
32
128

16
8
4
2
1
128
64
32
16
8
4
2
1
1
128
64
32
16
8
4
2

128
64
32
16
8
4
2
1
 IP Addressing
32 bits
Dotted
Decimal Network Host

Maximum 255 255 255 255

1 8 9 16 17 24 25 32

Binary 11111111 11111111 11111111 11111111

1
128
64
32
16
8
4
2
2
128
64
32
16
8
4
1
16

4
128
64
32
8
4
2
1
128
64
32
16
8
2
1
Example
Decimal 172 16 122 204
Example 10101100 00010000 01111010 11001100
Binary
 IP Address Classes
8 bits 8 bits 8 bits 8 bits

•Class A: Network Host Host Host

•Class B: Network Network Host Host

•Class C: Network Network Network Host

•Class D: Multicast
•Class E: Research
 IP Addressing—Class A

• 10.222.135.17
• Network # 10
• Host # 222.135.17
• Range of class A network IDs: 1–126
• Number of available hosts: 16,777,214
 IP Addressing—Class B

• 128.128.141.245
• Network # 128.128
• Host # 141.245
• Range of class B network IDs:
128.1–191.254
• Number of available hosts: 65,534
IP Addressing—Class C

• 192.150.12.1
• Network # 192.150.12
• Host # 1
• Range of class C network IDs:
192.0.1–223.255.254
• Number of available hosts: 254
IP Network Address Classes
Class # Networks # Hosts Example

A 126 16,777,214 01111111 00000000 00000000 00000000

B 16,384 65,534 10111111 11111111 00000000 00000000

C 2,097,152 254 11011111 11111111 11111111 00000000

Class A 35.0.0.0 Host Address Space

Class B 128.5.0.0
Network Address Space
Class C 132.33.33.0
 IP Address Classes
Bits: 1 8 9 16 17 24 25 32
0NNNNNNN Host Host Host
Class A:
Range (1-126)

Bits: 1 8 9 16 17 24 25 32
10NNNNNN Network Host Host
Class B:
Range (128-191)
1 8 9 16 17 24 25 32
Bits:
110NNNNN Network Network Host
Class C:
Range (192-223)
1 8 9 16 17 24 25 32
Bits:
1110MMMM Multicast Group Multicast Group Multicast Group
Class D:
Range (224-239)
 Private Addresses

• Class A – 10.0.0.0 to 10.255.255.255

• Class B – 172.16.0.0 to 172.31.255.255
• Class C – 192.168.0.0 to 192.168.255.255
 Determining Available Host
Addresses
Network Host
172 16 0 0
N

13

4
3
16
15
14
12
11
10
9
8
7
6
5

2
1
10101100 00010000 00000000 00000000 1
00000000 00000001 2
00000000 00000011 3

...

...

...
11111111 11111101 65534
11111111 11111110 65535
11111111 11111111 65536
- 2
2N-2 = 216-2 = 65534 65534
 Subnet Mask
Network Host

IP
Address
172 16 0 0
Network Host
Default
Subnet
Mask
255 255 0 0
11111111 11111111 00000000 00000000
Also written as “/16” where 16 represents the number of 1s
in the mask.
Network Subnet Host
8-bit
Subnet 255 255 255 0
Mask
Also written as “/24” where 24 represents the number of 1s
in the mask.
Decimal Equivalents of Bit
Patterns
128 64 32 16 8 4 2 1

1 0 0 0 0 0 0 0 = 128
1 1 0 0 0 0 0 0 = 192
1 1 1 0 0 0 0 0 = 224
1 1 1 1 0 0 0 0 = 240
1 1 1 1 1 0 0 0 = 248
1 1 1 1 1 1 0 0 = 252
1 1 1 1 1 1 1 0 = 254
1 1 1 1 1 1 1 1 = 255
 Subnet Mask without Subnets
Network Host

172.16.2.160 10101100 00010000 00000010 10100000

255.255.0.0 11111111 11111111 00000000 00000000

10101100 00010000 00000000 00000000

Network
172 16 0 0
Number

•Subnets not in use—the default

 Subnet Mask with Subnets
Network Subnet Host

172.16.2.160 10101100 00010000 00000010 10100000

255.255.255.0 11111111 11111111 11111111 00000000

10101100 00010000 00000010 00000000

255
128
192
224
240
248
252
254
Network
Number 172 16 2 0

•Network number extended by eight bits

 Subnet Mask with Subnets
(cont.)
Network Subnet Host

172.16.2.160 10101100 00010000 00000010 10100000

255.255.255.192 11111111 11111111 11111111 11000000

10101100 00010000 00000010 10000000

255

255
128
192
224
240
248
252
254

128
192
224
240
248
252
254
Network
Number 172 16 2 128

•Network number extended by ten bits

 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 Mask

Subnet 4

Broadcast

First

Last
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

Subnet

Broadcast

First

Last
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

Subnet

Broadcast

First

Last 7
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

10000000 Subnet 4

Broadcast

First

Last
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

10000000 Subnet 4

10111111 Broadcast
5
First 6

Last
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

10000000 Subnet 4

10111111 Broadcast
5
10000001 First 6

Last
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

10000000 Subnet 4

10111111 Broadcast
5
10000001 First 6

10111110 Last 7
 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

8
10101100 00010000 00000010 10000000 Subnet 4

10101100 00010000 00000010 10111111 Broadcast

5
10101100 00010000 00000010 10000001 First 6

10101100 00010000 00000010 10111110 Last 7

 Addressing Summary Example
172 16 2 160

172.16.2.160 10101100 00010000 00000010 10100000 Host 1

255.255.255.192 11111111 11111111 11111111 11000000 Mask 2

9 8
172.16.2.128 10101100 00010000 00000010 10000000 Subnet 4

172.16.2.191 10101100 00010000 00000010 10111111 Broadcast

5
172.16.2.129 10101100 00010000 00000010 10000001 First 6

172.16.2.190 10101100 00010000 00000010 10111110 Last 7

 Variable-Length
Subnet Masks

© 2001, Cisco Systems, Inc. 3-200

What Is a Variable-Length
Subnet Mask?

HQ
172.16.0.0/16
What Is a Variable-Length
Subnet Mask? (cont.)

HQ
HQ
172.16.0.0/16
 What Is a Variable-Length
Subnet Mask? (cont.)

172.16.14.32/27
A

172.16.14. 64/27
B
HQ
HQ
172.16.0.0/16

172.16.14.96/27
C

– Subnet 172.16.14.0/24 is divided into smaller subnets:

• Subnet with one mask at first (/27)
 What Is a Variable-Length
Subnet Mask? (cont.)

172.16.14.32/27
A

172.16.14. 64/27

B
HQ
HQ
172.16.0.0/16
172.16.14.96/27

– Subnet 172.16.14.0/24 is divided into smaller subnets:

• Subnet with one mask at first (/27)
• Then further subnet one of the unused /27 subnets into multiple /30
subnets
 Calculating VLSMs

Subnetted Address: 172.16.32.0/20

In Binary 10101100. 00010000.00100000.00000000
 Calculating VLSMs (cont.)

Subnetted Address: 172.16.32.0/20

In Binary 10101100. 00010000.00100000.00000000

VLSM Address: 172.16.32.0/26

In Binary 10101100. 00010000.00100000.00000000
 Calculating VLSMs (cont.)

Subnetted Address: 172.16.32.0/20

In Binary 10101100. 00010000.00100000.00000000

VLSM Address: 172.16.32.0/26

In Binary 10101100. 00010000.00100000.00000000

1st subnet: 10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26

Network Subnet VLSM Host

subnet
 Calculating VLSMs (cont.)

Subnetted Address: 172.16.32.0/20

In Binary 10101100. 00010000.00100000.00000000

VLSM Address: 172.16.32.0/26

In Binary 10101100. 00010000.00100000.00000000

1st subnet: 10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26

2nd subnet: 172 . 16 .0010 0000.01 000000=172.16.32.64/26
3rd subnet: 172 . 16 .0010 0000.10 000000=172.16.32.128/26
4th subnet: 172 . 16 .0010 0000.11 000000=172.16.32.192/26
5th subnet: 172 . 16 .0010 0001.00 000000=172.16.33.0/26
Network Subnet VLSM Host
Subnet
A Working VLSM Example

Derived from the 172.16.32.0/20 Subnet

A Working VLSM Example
(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26

172.16.32.64/26

172.16.32.128/26

172.16.32.192/26

26 bit mask
(62 hosts)
A Working VLSM Example
(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26

172.16.32.64/26

172.16.32.128/26

172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet

30 bit mask 26 bit mask

(2 hosts) (62 hosts)
A Working VLSM Example
(cont.)
Derived from the 172.16.32.0/20 Subnet

172.16.32.0/26

172.16.33.0/30

172.16.32.64/26
172.16.33.4/30

172.16.33.8/30
172.16.32.128/26

172.16.33.12/30

172.16.32.192/26
Derived from the
172.16.33.0/26 Subnet

30-Bit Mask 26-Bit Mask

(2 Hosts) (62 Hosts)
 Route Summarization

© 2001, Cisco Systems, Inc. 3-213

 What Is Route Summarization?

172.16.25.0/24

172.16.26.0/24

A
172.16.27.0/24
Routing table
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24
 What Is Route
Summarization? (cont.)
172.16.25.0/24
I can route to the
172.16.0.0/16 network.
172.16.26.0/24

A B
172.16.27.0/24 Routing Table
Routing Table 172.16.0.0/16
172.16.25.0/24
172.16.26.0/24
172.16.27.0/24

– Routing protocols can summarize addresses of several

networks into one address
 Summarizing Within an Octet

172.16.168.0/24 = 10101100 . 00010000 . 10101 000 . 00000000

172.16.169.0/24 = 172 . 16 . 10101 001 . 0

172.16.170.0/24 = 172 . 16 . 10101 010 . 0

172.16.171.0/24 = 172 . 16 . 10101 011 . 0

172.16.172.0/24 = 172 . 16 . 10101 100 . 0

172.16.173.0/24 = 172 . 16 . 10101 101 . 0

172.16.174.0/24 = 172 . 16 . 10101 110 . 0

172.16.175.0/24 = 172 . 16 . 10101 111 . 0

Number of Common Bits = 21 Noncommon
Summary: 172.16.168.0/21 Bits = 11
 Summarizing Addresses in
a VLSM-Designed Network
172.16.128.0/20
B

172.16.32.64/26
172.16.32.0/24 Corporate
Network
C A
172.16.0.0/16
172.16.32.128/26

D
172.16.64.0/20
 Classless
Interdomain Routing

© 2001, Cisco Systems, Inc. 3-218

Classless Interdomain Routing

• Mechanism developed to alleviate

exhaustion of addresses and reduce
routing table size
• Blocks of Class C addresses assigned
to ISPs—ISPs assign subsets of
address space to organizations
• Blocks are summarized in routing tables
 CIDR Example

192.168.8.0/24 A

192.168.9.0/24
B
192.168.8.0/21
192.168.9.0/24 ISP

192.168.15.0/24
H

– Networks 192.168.8.0/24 through 192.168.15.0/24 are

summarized by the ISP in one advertisement
192.168.8.0/21
© 2002, Cisco Systems, Inc. All rights reserved.
WAN Basics
 What Is a WAN?
• A network that serves users across a broad
geographic area
• Often uses transmission devices provided by
public carriers (Pacific Bell, AT&T, etc.)
– This service is commonly referred to as “plain old
telephone service” (POTS)
• WANs function at the lower three layers of the
OSI reference model
– Physical layer, data link layer, and network layer
 WAN Overview

Service
Provider

• WANs connect sites

• Connection requirements vary depending on
user requirements and cost
 What is a
WAN?

A WAN is a data communications network that covers a relatively broad geographic

area and often uses transmission facilities provided by common carriers, such as
telephone companies. WAN technologies function at the lower three layers of the OSI
reference model: the physical layer, the data link layer, and the network layer.
 WAN connection types
• Point-to-Point Links or Leased Lines
• Circuit Switching
• Packet Switching
 Point-to-Point Links or
Leased Lines

• A point-to-point link is also known as a leased line because its

established path is permanent and fixed for each remote network reached
through the carrier facilities. It uses synchronous serial lines upto 45
Mbps
 Leased Line

• One connection per physical interface

• Bandwidth: 56 kbps–1.544 Mbps
• Cost effective at 4–6 hours daily usage
• Dedicated connections with predictable throughput
• Permanent
• Cost varies by distance
 Circuit Switching

Modem Modem
WAN

• Dedicated physical circuit established, maintained, and

terminated through a carrier network for each
communication session
• Datagram and data stream transmissions
• Operates like a normal telephone call
• Example: ISDN
 Circuit Switching

•Sets up line like a phone call. No data

can transfer before the end-to-end
connection is established.

•Uses dial-up modems and ISDN. It is

used for low-bandwidth data transfers.
 POTS Using Modem Dialup
Modem
Corporate Network

Telecommuters Basic
Telephone Server
Service Modem
Access Router

• Widely available
Mobile
Users
• Easy to set up
• Dial on demand
• Asynchronous transmission
• Low cost, usage-based
• Lower bandwidth access requirements
 Integrated Services Digital
Network (ISDN)
LAN
ISDN Server
BRI BRI/PRI
Telecommuter/After- 2B+D 23B+D
Hours, Work-at- 30B+D (Europe)
Home
• High bandwidth Company Network

• Up to 128 Kbps per basic rate interface

• Dial on demand
• Multiple channels
• Fast connection time
• Monthly rate plus cost-effective,
usage-based billing
• Strictly digital
 Packet Switching
Multiplexing
Demultiplexing

Modem Modem
WAN

• Network devices share a point-to-point link to transport

packets from a source to a destination across a carrier
network
• Statistical multiplexing is used to enable devices to
share these circuits
• Examples: ATM, Frame Relay, X.25
 Packet Switching

•WAN switching method that allows you to share

bandwidth with other companies to save money.

•Think of packet switching networks as a party line. As long

as you are not constantly transmit-ting data and are instead
using bursty data transfers, packet switching can save you
a lot of money. However, if you have constant data
transfers,then you will need to get a leased line.

• Frame Relay and X.25 are packet-switching technologies.

Speeds can range from 56Kbps to 2.048Mbps.
 Frame Relay
• Permanent, not dialup
• Multiple connections per
physical interface
(permanent virtual circuits)
• Efficient handling of
bursty (peak performance
period) data
• Guaranteed bandwidth
(typical speeds are
56/64 Kbps, 256 Kbps, Permanent Virtual Circuit (PVC)
and 1.544 Mbps)—
committed information
rate (CIR)
• Cost varies greatly by region
 X.25
DTE DTE
DCE X.25 DCE

• Very robust protocol for low-quality lines

• Packet-switched
• Bandwidth: 9.6 kbps–64 kbps
• Well-established technology;
large installed base
• Worldwide availability
 Asynchronous Transfer Mode
(ATM)
• Technology capable of transferring voice, video, and data
through private and public networks
• Uses VLSI technology to segment data, at high speeds,
Header Data
into
units called cells
– 5 bytes of header information 5 48
– 48 bytes of payload
– 53 bytes total
• Cells contain identifiers that specify the data stream to
which they belong
• Primarily used in enterprise backbones or WAN links
 Cabling the WAN

Legend
FastEthernet/
Ethernet
ISDN
Dedicated
ISL
Core_
core_sw_b core_sw_b
core_sw_a
Server

Leased Line/
ISDN Cloud Frame Relay
 WAN Physical Layer
Implementations
• Physical layer implementations vary
• Cable specifications define speed of link

Frame
HDLC

Relay
PPP

ISDN BRI (with PPP)

EIA/TIA-232 RJ-45
EIA/TIA-449 NOTE: Pinouts are
X.21 V.24 V.35 different than RJ-45
HSSI used in campus
 Differentiating Between WAN
Serial Connectors
End user Router connections
device
DTE

CSU/ DCE
DSU
Service
provider EIA/TIA-232 EIA/TIA-449 V.35 X.21 EIA-530
Network connections at the CSU/DSU
 Serial Implementation of
DTE versus DCE
Data Terminal Equipment Data Communications Equipment
End of the user’s device • End of the WAN provider’s
on the WAN link side of the communication facility
• DCE is responsible for clocking

Modem
CSU/DSU
DTE DCE

S S
S
S
S S
DTE DCE DCE DTE
 WAN Terminating Equipment
Physical Cable Types
EIA/TIA-232 WAN Provider
V.35 (Carrier) Network
X.21
Router HSSI
To Corporate
Network Modem
Usually on the
Customer’s
Premises

DTE DCE
Data Terminal Equipment Data Circuit-Terminating Equipment
The Customer’s The Service Providers
Equipment Equipment
 Serial Transmission
• WAN Serial connectors use serial transmission
– Serial transmission uses one bit at time over a
single channel.
– Parallel transmission can use 8 bits at a time,
but all WANs use serial transmission.
• Cisco Routers use a proprietary 60 pin serial
connector.
– Connector at the other end of the cable will
depend on your service provider or end device
requirements.
LAN/WAN Devices

www.cisco.com © 1999, Cisco Systems, Inc.

LAN/WAN Devices

• Hubs
• Bridges
• Switches
• Routers
 Hub

• Device that serves as the center of a

star topology network, sometimes
referred to as a multiport repeater,
no forwarding intelligence
 Hubs
123 126

124
127

Hub
125
128

• Amplifies signals
• Propagates signals through the network
• Does not filter data packets based on destination
• No path determination or switching
• Used as network concentration point
Hubs Operate at Physical layer

Physical

A B C D

• All devices in the same collision domain

• All devices in the same broadcast domain
• Devices share the same bandwidth
Hubs: One Collision Domain

• More end stations means

more collisions
• CSMA/CD is used
 Bridge

• Device that connects and passes

packets between two network
segments.
• More intelligent than hub—analyzes
incoming packets and forwards (or
filters) them based on addressing
information.
 Bridge Example
123 126

Bridge
124
127
Hub Hub
125
128
Corporate Intranet
Segment 1 Segment 2

• More intelligent than a hub—can analyze incoming packets and

forward (or filter) them based on addressing information
• Collects and passes packets between two network segments
• Maintains address tables
 Switches

• Use bridging technology to

forward traffic between ports.
• Provide full dedicated data
transmission rate between two stations
that are directly connected to the switch
ports.
• Build and maintain address
tables called content-addressable
memory (CAM).
Switching—“Dedicated” Media
Workstation
10-Mbps
31 UTP Cable
“Dedicated”
Switch 34
32
35

100 Mbps 100 Mbps

36
33 Corporate Intranet

• Uses bridging technology to forward traffic (i.e.

maintains address tables, and can filter)
• Provides full dedicated transmission rate between
stations that are connected to switch ports
• Used in both local-area and in wide-area networking
• All types available—Ethernet, Token Ring, ATM
 Switches and Bridges Operate
at Data Link Layer
Data Link

1 2 3 4 OR 1 2

• Each segment has its own collision domain

• All segments are in the same broadcast domain
 Switches

Switch
Memory
• Each segment has its
own collision domain
• Broadcasts are
forwarded to all
segments
 Routers

• Interconnect LANs and WANs

• Provide path determination using
metrics
• Forward packets from one network
to another
• Control broadcasts to the network
Network Layer Functions (cont.)
1.1 1.0 4.0 4.1

2.1 2.2
1.3 4.3
1.2 4.2
E0 S0 S0 E0

Routing Table Routing Table

NET INT Metric NET INT Metric
1 E0 0 1 S0 1
2 S0 0 2 S0 0
4 S0 1 4 E0 0

• Logical addressing allows for hierarchical network

• Configuration required
• Uses configured information to identify paths to networks
 Routers: Operate at the
Network Layer
• Broadcast control
• Multicast control
• Optimal path
determination
• Traffic management
• Logical addressing
• Connects to WAN
services
 Using Routers to Provide
Remote Access
Modem or ISDN TA
Telecommuter

Mobile User

Branch Office

Main Office

Internet
 Network Device Domains
Hub Bridge Switch Router

Collision Domains:
1 4 4 4
Broadcast Domains:
1 1 1 4
© 2002, Cisco Systems, Inc. All rights reserved.
 Product Selection
Considerations
• Provides functionality and features you need today
• Capacity and performance
• Easy installation and centralized management
• Provides network reliability
• Investment protection in existing infrastructure
• Migration path for change and growth
• Seamless access for mobile users and
branch offices
 Cisco Router Products
Cisco
Selection Issues: 12000 GSR
Series
• Scale of the routing features needed Cisco
10000
• Port density/variety requirements Cisco Series
AS 7000
• Capacity and performance 5000 Series
Series
Cisco
• Common user interface
3600
Cisco Series
2600 Central Site Solutions
Cisco Series
2500
Cisco Series
1600/1700 Branch Office Solutions
Cisco Series
700/800
Series Small Office Solutions

Home Office Solutions

 Visual Objective

Use the product selection tool to

select Cisco Equipment
Router – 7200
Router – 7300
Router – 7500
Router – 7600
Router – 10000
Router 12000
 Fixed and Moduler Interfaces
• Some Cisco Routers have fixed interfaces while other are
modular.
– 2500 series routers have set interfaces that can’t be changed.
• The 2501 Router has two serial connections one 10BaseT AUI
interface.
• If you need to add a third serial connection you need to buy a new
router.
– The 1600, 1700, 2600, 3600 and higher routers have modular
interfaces.
• These Routers allow you to buy what you need and add almost any
type of interface you may need later.
 Fixed Interfaces

2500 Router—rear view

Serial WAN ports can be fixed

 Modular Interfaces
WAN
Serial WAN ports can be modular Interface
Card
1603 Router—rear view

Ethernet 10BaseT Ethernet AUI ISDN BRI S/T Console Module

3640 Router—
rear view
Router Internal Components
 RAM
• It contains the software and data
structures that allow the router to function.
The principal software running in RAM is
the Cisco IOS image and the running
configuration. Some routers, such as the
2500 series, run IOS from Flash and not
RAM.
 ROM Functions

• Contains microcode for basic functions

 ROM
• POST : The microcode used to test the basic
functionality of the router hardware and to
determine what components are present.
 ROM
• Bootstrap code : the bootstrap code is
used to bring the router up during
initialization. It contains microcode for basic
functions to start and maintain the router. It
reads the configuration register to
determine how to boot and then, if
instructed to do so, loads the IOS
software.
 ROM
• ROM monitor : A low-level operating system normally
used for manufacturing, testing and troubleshooting.
• A “partial” IOS : This partial IOS can be used to load a
new software image into Flash memory and to perform
some other maintainence operations. It does not
support the IP routing and most other routing
functions. Sometimes, this subset of the IOS is
referred to as RXBOOT code.
 Flash memory
• Flash memory : is used to contain the IOS
software image. Some router run IOS image
directly from Flash and do not need to
transfer it to RAM.
 NVRAM
• NVRAM : is used mainly to store the
configuration. NVRAM uses a battery to
maintain the data when the power is removed
from the router.
 Configuration Register

• Configuration Register : is used to control

how the router boots up.
External Configuration Sources

• Configurations can come

from many sources.
• Configurations will act in
device memory.
 Basics of Cisco IOS
• IOS Software delivers Network Services and enables network
services.
• Cisco IOS enable the following network services:
– Features to carry the chosen network protocols & functions.
– Connectivity to provide high-speed traffic between devices.
– Security to control access and discourage unauthorized network use.
– Scalability to add interfaces and capability as the need for networking
grows.
– Reliability to ensure dependable access to networked resources.
Cisco IOS Software Features

• Cisco IOS software delivers network

services and enables networked
applications.
 Cisco IOS User Interface
Functions
– A CLI is used to enter commands.
– Operations vary on different
internetworking devices.
– Users type or paste entries in the
console command modes.
– Enter key instructs device to parse and
execute the command.
– Two primary EXEC modes are user
mode and privileged mode.
– Command modes have distinctive
prompts.
 Setting Up A Console
Connection
Device with Console

– PCs require an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter.

– COM port settings are 9600 bps, 8 data bits, no parity, 1
stop bit, no flow control.
– This provides out-of-band console access.
– AUX switch port may be used for a modem-connected
console.
•
Console Connection
Console connection is required to configure the router for the
first time.
– All Cisco devices are shipped with one Console cable.
– It allows you to connect a device and configure, verify and
monitor it.
– The cable is a rollover cable with RJ-45 connectors
– Pinouts for the rollover cable is:
1-8 4-5 7-2
2-7 5-4 8-1
3-6 6-3 ---
 Console Connection
• Setup terminal emulation program to run at
– 9600 bps
– 8 data bits
– no parity
– 1 stop bit
– no flow control
• Most of the router has an auxiliary port which can connect to a
modem
– This will give you console access to a remote router.
– The console port and auxiliary port are considered out-of-band
management since you are configuring router out of the network
– Telnet is considered in-band.
 Initial Startup of the Cisco
Router
– System startup routines initiate router software
– Router falls back to startup alternatives if needed
 Router Power-On/Bootup
Sequence
1. Perform power-on self test (POST).
2. Load and run bootstrap code.
3. Find the Cisco IOS software.
4. Load the Cisco IOS software.
5. Find the configuration.
6. Load the configuration.
7. Run the configured Cisco IOS software.
 Router Configuration from
CLI
• First method of Router configuration is Setup utility
– allows a basic initial configuration
• Command Line Interface (CLI) can be used for more complex and
specific configurations
• CLI provides following modes of operation:
– User Mode
– EXEC Mode
– Terminal Configuration / Global Configuration Mode
• Terminal configuration Mode gives you access to different
configuration Modes.
Bootup Output from the Router

Unconfigured Versus Configured Router

 Setup: The Initial
Configuration Dialog
Router#setup

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity

for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: no

 Setup Interface Summary
First, would you like to see the current interface summary? [yes]:

Interface IP-Address OK? Method Status Protocol

BRI0 unassigned YES unset administratively down down

BRI0:1 unassigned YES unset administratively down down

BRI0:2 unassigned YES unset administratively down down

Ethernet0 unassigned YES unset administratively down down

Serial0 unassigned YES unset administratively down down

Interfaces Found During Startup

 Setup Initial
Global Parameters
Configuring global parameters:

Enter host name [Router]:wg_ro_c

The enable secret is a password used to protect access to

privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco

The enable password is used when you do not specify an

enable secret password, with some older software versions, and
some boot images.
Enter enable password: sanfran

The virtual terminal password is used to protect

access to the router over a network interface.
Enter virtual terminal password: sanjose
Configure SNMP Network Management? [no]:
 Setup Initial
Protocol Configurations

Configure LAT? [yes]: no

Configure AppleTalk? [no]:
Configure DECnet? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
Configure CLNS? [no]:
Configure IPX? [no]:
Configure Vines? [no]:
Configure XNS? [no]:
Configure Apollo? [no]:
 Setup Interface
Parameters
BRI interface needs isdn switch-type to be configured
Valid switch types are :
[0] none..........Only if you don't want to configure BRI.
[1] basic-1tr6....1TR6 switch type for Germany
[2] basic-5ess....AT&T 5ESS switch type for the US/Canada
[3] basic-dms100..Northern DMS-100 switch type for US/Canada
[4] basic-net3....NET3 switch type for UK and Europe
[5] basic-ni......National ISDN switch type
[6] basic-ts013...TS013 switch type for Australia
[7] ntt...........NTT switch type for Japan
[8] vn3...........VN3 and VN4 switch types for France
Choose ISDN BRI Switch Type [2]:
Configuring interface parameters:
Do you want to configure BRI0 (BRI d-channel) interface? [no]:
Do you want to configure Ethernet0 interface? [no]: yes
Configure IP on this interface? [no]: yes
IP address for this interface: 10.1.1.33
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24

Do you want to configure Serial0 interface? [no]:

 Setup Script
Review and Use
The following configuration command script was created:

hostname Router
interface BRI0
enable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0
shutdown
enable password sanfran
no ip address
line vty 0 4
!
password sanjose
interface Ethernet0
no snmp-server
no shutdown
!
ip address 10.1.1.31 255.255.255.0
no appletalk routing
no mop enabled
no decnet routing
!
ip routing
interface Serial0
no clns routing
shutdown
no ipx routing
no ip address
no vines routing
<text omitted>
no xns routing
end
no apollo routing
isdn switch-type basic-5ess
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]:

Logging In to the Router
 Cisco IOS Software EXEC
Mode
• There are two main EXEC modes for
entering commands.
 Router User-Mode
Command List
wg_ro_c>?
Exec commands:
access-enable Create a temporary Access-List entry
atmsig Execute Atm Signalling Commands
cd Change current device
clear Reset functions
connect Open a terminal connection
dir List files on given device
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lat Open a lat connection
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
-- More --

– You can abbreviate a command to the fewest characters

that make a unique character string.
Cisco IOS Software EXEC
Mode (Cont.)
 Router Privileged-Mode
wg_ro_c#?
Command List
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
bfe For manual emergency modes setting
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
erase Erase a filesystem
exit Exit from the EXEC
help Description of the interactive help system
-- More --

• You can complete a command string by entering the

unique character string, then pressing the Tab key.
 Access to Configuration
• Modes
Interface configuration Mode
– Support commands for per-interface basis configuration
– Promp looks like
• Router(Config-if)#

• Subinterface Configuration Mode

– Support command that configures multiple virtual (Logical)
interfaces on single physical interfaces.
– Prompts looks like
• Router(config-subif)#
 Router Configuration Mode

– Support commands that configures IP Routing Protocol

– Prompt looks like
• Router(Config-router)#

• IPX-router Configuration Mode

– Support command that configures the Novell Network
Layer Protocol
– Prompts looks like
• Router(config-router)#
 Exiting Configuration Mode
• Exit command will take you one level back and eventually
allowing you to log out.

• CTRL+Z can also be used instead of Exit command

 Router Command Line
Help Facilities
Context-Sensitive Help Console Error Messages
Provides a list of Identify problems with router
commands and the commands incorrectly
arguments associated entered so that you can alter
with a specific command. or correct them.
Command History Buffer
Allows recall of long or
complex commands or
entries for reentry, review, or
correction.
Router Context-Sensitive Help
Router# clok
Translating "CLOK"
% Unknown command or computer name, or unable to find computer address

Router# cl?
clear clock

Router# clock
• Symbolic translation
% Incomplete command.
• Command prompting
Router# clock ?
set Set the time and date • Last command recall
Router# clock set
% Incomplete command.

Router# <Ctrl-P>clock set ?

hh:mm:ss Current Time
 Router Context-Sensitive Help
(cont.)
Router# clok

Translating "CLOK"
% Unknown command
Router#or computer
clock name,
set or unable to find computer address
19:56:00
% Incomplete command.
Router#

clear Router#
clock clock set 19:56:00 ?
• Command
<1-31> Day of the month
Router# MONTH Month of the year
prompting
% Incomplete command.

Router# clock set 19:56:00 04 8 • Syntax checking

Router# ^
set Set%the time and input
Invalid date detected at the '^' marker • Command
prompting
Router# Router# clock set 19:56:00 04 August
% Incomplete
% command.
Incomplete command.

Router# Router# clock set 19:56:00 04 August ?

hh:mm:ss <1993-2035>
Current Time Year
 Using Enhanced Editing
Commands

Router>Shape the future of internetworking by creating unpreced

Shape the future of internetworking by creating

unprecedented value for customers, employees,
and partners.
 Using Enhanced Editing
Commands
Router>$ future of internetworking by creating unprecedented op

(Automatic scrolling of long lines).

 Using Enhanced Editing
Commands
Router>Shape the value of internetworking by creating unpreced

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.
 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.

<Esc-B> Move back one word.

 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.

<Esc-B> Move back one word.

<Ctrl-F> Move forward one character.
 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.

<Esc-B> Move back one word.

<Ctrl-F> Move forward one character.
<Ctrl-B> Move back one character.
 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.

<Esc-B> Move back one word.

<Ctrl-F> Move forward one character.
<Ctrl-B> Move back one character.

<Esc-F> Move forward one word.

 Using Enhanced Editing
Commands
Router>$ value for customers, employees, and partners.

(Automatic scrolling of long lines).

<Ctrl-A> Move to the beginning of the command line.
<Ctrl-E> Move to the end of the command line.

<Esc-B> Move back one word.

<Ctrl-F> Move forward one character.
<Ctrl-B> Move back one character.

<Esc-F> Move forward one word.

<Ctrl-D> Delete a single character.

 Reviewing Router Command
History

Ctrl-P or Up arrow Last (previous) command recall

Ctrl-N or Down arrow More recent command recall

Router> show history Show command buffer contents

Router> terminal history size lines Set session command buffer size
 show version Command
wg_ro_a#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 08-Feb-99 18:18 by phanguye
Image text-base: 0x03050C84, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1)

wg_ro_a uptime is 20 minutes

System restarted by reload
System image file is "flash:c2500-js-l_120-3.bin"
(output omitted)
--More--

Configuration register is 0x2102

Viewing the Configuration
RAM NVRAM

Config Config

IOS
show show
running-config startup-config

Console

Setup utility

Setup saves the configuration to NVRAM

show running and show startup
Commands
In RAM In NVRAM
wg_ro_c#show running-config wg_ro_c#show startup-config
Building configuration... Using 1359 out of 32762 bytes
Current configuration: !
! version 12.0
version 12.0 !
! -- More --
-- More --

Display current and saved configuration

 Overview of Router Modes
•User EXEC mode Router>enable
Ctrl-Z (end)
•Privileged EXEC mode Router#config term

•Global configuration mode Exit

Router(config)#

Configuration
Mode Prompt
Interface Router(config-if)#
Subinterface Router(config-subif)#
Controller Router(config-controller)#
Line Router(config-line)#
Router Router(config-router)#
IPX router Router(config-ipx-router)#
 Saving Configurations

wg_ro_c#
wg_ro_c#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…

wg_ro_c#

Copy the current configuration to NVRAM

Configuring Router Identification

Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#

Message of the Day Banner

wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #

Sets local identity or message for the accessed router

or interface
Configuring Router Identification
Router Name
Router(config)#hostname wg_ro_c
wg_ro_c(config)#

Message of the Day Banner

wg_ro_c(config)#banner motd #
Accounting Department
You have entered a secured
system. Authorized access
only! #

Interface Description
wg_ro_c(config)#interface ethernet 0
wg_ro_c(config-if)#description Engineering LAN, Bldg. 18

– Sets local identity or message for the accessed

router or interface
Router Password Configuration
Console Password
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password cisco

Virtual Terminal Password

Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password sanjose
Router Password Configuration
Console Password
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password cisco

Virtual Terminal Password

Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password sanjose

Enable Password
Router(config)#enable password cisco

Secret Password
Router(config)#enable secret sanfran
Other Console Line Commands
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0

• Prevents console session timeout

Router(config)#line console 0
Router(config-line)#logging synchronous

• Redisplays interrupted console input

Configuring an Interface
Router(config)#interface type number
Router(config-if)#

• type includes serial, ethernet, token ring, fddi, hssi,

loopback, dialer, null, async, atm, bri, and tunnel
• number is used to identify individual interfaces

Router(config)#interface type slot/port

Router(config-if)#

• For modular routers

Router(config-if)#exit

• Quit from current interface configuration mode

Configuring a Serial Interface
Router#configure term
•Enter global Router(config)#
configuration mode

Router(config)#interface serial 0
Specify interface Router(config-if)#
Configuring a Serial Interface
Router#configure term
•Enter global Router(config)#
configuration mode

Router(config)#interface serial 0
Specify interface Router(config-if)#

Set clock rate Router(config-if)#clock rate 64000

(on DCE interfaces Router(config-if)#
only)

Set bandwidth Router(config-if)#bandwidth 64

Router(config-if)#exit
Router(config)#exit
Router#
 Verifying Your Changes
Router#show interface serial 0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address
addressisis10.140.4.2/24
10.140.4.2/24
MTU 1500 bytes, BWBW6464Kbit,
Kbit,DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:09, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
(output omitted)
 Disabling or Enabling an
Interface
Router#configure term
Router(config)#interface serial 0
Router(config-if)#shutdown
%LINK-5-CHANGED: Interface Serial0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down

Administratively turns off an interface

Router#configure term
Router(config)#interface serial 0
Router(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Seria0, changed state to up
%LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up

Enables an interface that is administratively shutdown

 Router show interfaces
Command
Router#show interfaces
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f)
Internet address is 10.1.1.11/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
81833 packets input, 27556491 bytes, 0 no buffer
Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort
0 input packets with dribble condition detected
55794 packets output, 3929696 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 4 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
 Interpreting Interface Status
Router#show interfaces serial 1

Serial1 is up, line protocol is up

Hardware is HD64570
Description: 64Kb Line to San Jose
:: :: :: :: :: :: :: :: ::

Carrier Detect Keepalives

Operational.................. Serial1 is up, line protocol is up

Connection problem... Serial1 is up, line protocol is down
Interface problem........ Serial1 is down, line protocol is down
Disabled ...................... Serial1 is administratively down, line protocol is down
Serial Interface show controller
Command

Router#show controller serial 0

HD unit 0, idb = 0x121C04, driver structure at 0x127078
buffer size 1524 HD unit 0, V.35 DTE cable
.
.
.

Shows cable type of serial cables

© 2002, Cisco Systems, Inc. All rights reserved.
ROUTING
 What is Routing?
10.120.2.0 172.16.1.0

•To route a router need to know:

– Destination addresses
– Sources it can learn from
– Possible routes
– Best route
– Maintain and verify routing information
What is Routing? (cont.)
10.120.2.0 172.16.1.0

E0
S0

Network Destination Exit

Protocol Network Interface

Connected 10.120.2.0 E0 Routed Protocol: IP

Learned 172.16.1.0 S0

– Routers must learn destinations that are

not directly connected
Identifying Static and Dynamic
Routes

•Static Route •Dynamic Route

Uses a route that a network
Uses a route that a
routing protocol adjusts
network administrator automatically for topology or
enters into the router traffic changes
manually
 STATIC ROUTING
• Static Routing: The administrator must hand-
type all network locations into the routing table.
– In Static Routing, the administrator is
responsible for updating all changes by hand
into all routers.
 IP Route command

ip route [destination_network ][mask ]

[next_hop_address or exit interface ]
It is a Global configuration mode
command.

Above command is used for configuring

routing table in Static Routing
 Static Routing
The following list describes each command in the string:
ip route The command used to create the static route.
destination network The network you are placing in the
routing table.
mask Indicates the subnet mask being used on the
network.
next hop address The address of the next hop router that
will receive the packet and forward it to the
remote network. This is a router interface
that is on a directly connected network. You
must be able to ping the router interface before
you add the route.
 Static Route Example
Stub Network

172.16.1.0
SO
Network A B
B
172.16.2.2 172.16.2.1

ip route 172.16.1.0 255.255.255.0 172.16.2.1

This is a unidirectional route. You must have a route configured in

the opposite direction.
 Default Routing

• Default routing is used to send packets with a

remote destination network not in the routing
table to the next hop router.
• You can only use default routing on stub
networks, which means that they have only
one exit port out of the network.
 Default Routes
Stub Network

172.16.1.0
SO
Network A BB
172.16.2.2 172.16.2.1

ip route 0.0.0.0 0.0.0.0 172.16.2.2

This route allows the stub network to reach all known networks
beyond router A.
 Static Routing
• Static Routing is the process of an administrator manually adding routes in each
router’s routing table.
• Benefits of Static Routing
– No overhead on the Router CPU
– No Bandwidth usage between routers
– Security (Administrator can allow routing to selected networks)
• Disadvantage of Static Routing
– The administrator must really understand the full internetwork to configure
routes correctly.
– If one network is added to the internetwork the administrator must add a route
to it on all routers.
– It is not feasible in large networks because it would be a full-time job.
© 2002, Cisco Systems, Inc. All rights reserved.
Dynamic Routing Basics
 Routed versus Routing
Protocols
• Routed protocols
used between
routers to direct user
traffic; also called
network protocols
– Examples: IP, IPX,
DECnet, AppleTalk,
NetWare, OSI, VINES

• Routing protocols
Network Destination Exit Port
used between Protocol Network to Use
routers to maintain
Protocol name 1.0 1.1
routing tables 2.0 2.1
– Examples: RIP, IGRP, 3.0 3.1
OSPF, BGP, EIGRP
 DYNAMIC ROUTING

• Dynamic Routing: Dynamic routing is the

process of routing protocols running on the router
communicating with neighbor routers.
– If a change occurs in the network the dynamic
routing protocols automatically inform all
routers about the change.
 Dynamic Routing
• Most internetworks use dynamic routing

A B A B
X D
X D
C C

A network change blocks …and an alternate route is

the established path... found dynamically.
 Routing Protocols

© 1999, Cisco Systems, Inc. www.cisco.com

 What is a Routing Protocol?

10.120.2.0 172.16.1.0

• Routing protocols are E0

used between S0
routers to determine
paths and maintain
routing tables.
• Once the path is
determined a router can
route a routed protocol. Network Destination Exit 172.17.3.0
Protocol Network Interface
Connected 10.120.2.0 E0
RIP 172.16.2.0 S0
IGRP 172.17.3.0 S1

Routed Protocol: IP
Routing protocol: RIP, IGRP
Autonomous Systems: Interior or
Exterior Routing Protocols
IGPs: RIP, IGRP EGPs: BGP

Autonomous System 100 Autonomous System 200

– An autonomous system is a collection of networks

under a common administrative domain
– IGPs operate within an autonomous system
– EGPs connect different autonomous systems
 Administrative Distance:
Ranking Routes
I need to send a packet to
Network E. Both router B IGRP
and C will get it there. Administrative
Which route is best? Distance=100

Router A Router B

RIP
Administrative
Distance=120

E
Router C Router D
 Distance Vector versus Link
State
• Distance vector
– Sends routing table info only to neighbors, so change
communication may need one min/router
– Also called “routing by rumor”
– Easy to configure, but slow
• Link state
– Floods routing information about itself to all nodes, so
changes are known immediately
– Efficient, but complex to configure
• Cisco’s EIGRP hybrid
– Efficient and easy to configure
 Routing Protocol Evolutions
EIGRP
• Hybrid protocol
IGRP • Developed by Cisco
• Distance vector • Superior convergence
• Developed by Cisco and operating efficiency
• Addresses problems in • Merges benefits of link
large, heterogeneous state & distance vector
RIP
networks
• Distance vector
• Most common IGP
• Uses hop count OSPF
• Link state, hierarchical
• Successor to RIP
• Uses least-cost routing,
Distance Vector multipath routing, and
load balancing
Hybrid • Derived from IS-IS
Link State
Classes of Routing Protocols
B
Distance Vector
C A

Hybrid Routing

B
Link State
C A

D
 Distance Vector Routing
Protocols
B

C A

Distance—How far
Vector—In which direction D

D C B A

Routing Routing Routing Routing

Table Table Table Table

•Pass periodic copies of routing table to neighbor

routers and accumulate distance vectors
 Distance Vector—Sources of
Information and Discovering Routes
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 E0 0

•Routers discover the best path to

destinations from each neighbor
 Distance Vector—Sources of
Information and Discovering Routes
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 E0 0
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.1.0.0 S0 1

•Routers discover the best path to

destinations from each neighbor
 Distance Vector—Sources of
Information and Discovering Routes
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 E0 0
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 S0 1 10.1.0.0 S0 2

•Routers discover the best path to

destinations from each neighbor
 Distance Vector—Selecting
Best Route with Metrics
A IGRP

Bandwidth
56
RIP Delay

Hop count
T1 56

T1

Information used to select the best path for routing

Distance Vector—Maintaining
Routing Information
Process to
update this
routing
table

Topology
change
causes
routing
A table
update

•Updates proceed step-by-step

from router to router
Distance Vector—Maintaining
Routing Information
Process to
update this
routing
table

Router A sends Topology

out this updated change
routing table causes
after the routing
next period A table
expires update

•Updates proceed step-by-step

from router to router
 Distance Vector—Maintaining
Routing Information
Process to Process to
update this update this
routing routing
table table

Router A sends Topology

out this updated change
routing table causes
after the routing
B next period A table
expires update

•Updates proceed step-by-step

from router to router
 Maintaining Routing Information
Problem—Routing Loops
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 E0 0
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 S0 1 10.1.0.0 S0 2

•Each node maintains the distance from itself to each possible

destination network
 Maintaining Routing Information
Problem—Routing Loops
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 E0 Down
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 S0 1 10.1.0.0 S0 2

• Slow convergence produces inconsistent routing

 Maintaining Routing Information
Problem—Routing Loops
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 2
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 S1 1 10.1.0.0 S0 2

Router C concludes that the best path to network

10.4.0.0 is through Router B
 Maintaining Routing Information
Problem—Routing Loops
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 2
10.3.0.0 S0 1 10.4.0.0 S1 3 10.2.0.0 S0 1
10.4.0.0 S0 4 10.1.0.0 S0 1 10.1.0.0 S0 2

Router A updates its table to reflect the new but

erroneous hop count
 Symptom: Counting to Infinity
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 4
10.3.0.0 S0 1 10.4.0.0 S1 5 10.2.0.0 S0 1
10.4.0.0 S0 6 10.1.0.0 S0 1 10.1.0.0 S0 2

• Packets for network 10.4.0.0 bounce between routers A,

B, and C
• Hop count for network 10.4.0.0 counts to infinity
 Solution: Defining a Maximum
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 16
10.3.0.0 S0 1 10.4.0.0 S1 16 10.2.0.0 S0 1
10.4.0.0 S0 16 10.1.0.0 S0 1 10.1.0.0 S0 2

•Define a limit on the number of hops to prevent infinite

loops
 Solution: Split Horizon
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X
X X
Routing Table Routing Table Routing Table
10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 0
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 E1 2 10.1.0.0 S0 2

•It is never useful to send information about a route back in

the direction from which the original packet came
 Solution: Route Poisoning
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X

Routing Table Routing Table Routing Table

10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 Infinity
10.3.0.0 S0 1 10.4.0.0 S1 1 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 E1 2 10.1.0.0 S0 2

•Routers set the distance of routes that have gone down to

infinity
 Solution: Poison Reverse
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X
Poison
Reverse
Routing Table Routing Table Routing Table
10.1.0.0 E0 0 10.2.0.0 S0 0 10.3.0.0 S0 0
10.2.0.0 S0 0 10.3.0.0 S1 0 10.4.0.0 S0 Infinity
Possibly
10.3.0.0 S0 1 10.4.0.0 S1 Down 10.2.0.0 S0 1
10.4.0.0 S0 2 10.1.0.0 E1 2 10.1.0.0 S0 2

• Poison Reverse overrides split horizon

 Solution: Hold-Down Timers

Network 10.4.0.0
Update after is unreachable
hold-down Time
10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0
E0 A S0 S0 B S1 S0 C E0 X
Update after
hold-down Time Network 10.4.0.0 is down
then back up
then back down

•Router keeps an entry for the network possibly down state,

allowing time for other routers to recompute for this topology
change
 Solution: Triggered Updates

Network 10.4.0.0 Network 10.4.0.0 Network 10.4.0.0

is unreachable is unreachable is unreachable

10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0

E0 A S0 S0 B S1 S0 C E0 X

•Router sends updates when a change in its routing table

occurs
Implementing Solutions in
Multiple Routes

10.4.0.0

E B X C

A
 Implementing Solutions in
Multiple Routes (cont.)
Holddown

10.4.0.0

E B X C

Holddown

Holddown
 Implementing Solutions in
Multiple Routes (cont.)
Holddown

Poison Reverse
D
Poison Reverse

10.4.0.0

E B X C

Holddown

Poison Reverse

Poison Reverse
A

Holddown
 Implementing Solutions in
Multiple Routes (cont.)
Holddown

10.4.0.0

E B X C

Holddown
Packet for
Packet for Network 10.4.0.0
Network 10.4.0.0
A

Holddown
Implementing Solutions in
Multiple Routes (cont.)

10.4.0.0

E B C
Link up!

A
Implementing Solutions in
Multiple Routes (cont.)

10.4.0.0

E B C
Link up!

A
Link-State Routing Protocols
B

C A

D
Link-State Packets
Topological
Database
Routing
SPF Table
Algorithm

Shortest Path First Tree

• After initial flood, pass small event-triggered link-state
updates to all other routers
 Hybrid Routing
Choose a
routing path based
on distance vectors

Balanced Hybrid Routing

Converge rapidly using

change-based
updates

•Share attributes of both distance-vector

and link-state routing
 IP Routing
Configuration Tasks

Network 172.16.0.0
RIP
• Router configuration
– Select routing protocols IGRP, IGRP
RIP
– Specify networks or
Network
interfaces 160.89.0.0
RIP
Network 172.30.0.0
 Dynamic Routing Configuration

Router(config)#router protocol [keyword]

– Defines an IP routing protocol

Router(config-router)#network network-number

• Mandatory configuration command for each

IP routing process

• Identifies the physically connected network

that routing updates are forwarded to
 RIP Overview

19.2 kbps

T1 T1

T1

– Hop count metric selects the path

– Routes update every 30 seconds
 RIP Configuration

Router(config)#router rip

– Starts the RIP routing process

Router(config-router)#network network-number

• Selects participating attached networks

• The network number must be a major classful
network number
 RIP Configuration Example
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

router rip
2.3.0.0 router rip
2.3.0.0
network 172.16.0.0 network 192.168.1.0
network 10.0.0.0 network 10.0.0.0

router rip
network 10.0.0.0
 Verifying the Routing Protocol—
RIP
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Ethernet0 1 1 2
Serial2 1 1 2
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.2 120 00:00:10
Distance: (default is 120)
 Displaying the
IP Routing Table
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 2 subnets
R 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2
C 10.1.1.0 is directly connected, Serial2
R 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2
 debug ip rip Command
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#debug ip rip
RIP protocol debugging is on
RouterA#
00:06:24: RIP: received v1 update from 10.1.1.2 on Serial2
00:06:24: 10.2.2.0 in 1 hops
00:06:24: 192.168.1.0 in 2 hops
00:06:33: RIP: sending v1 update to 255.255.255.255 via
Ethernet0 (172.16.1.1)
00:06:34: network 10.0.0.0, metric 1
00:06:34: network 192.168.1.0, metric 3
00:06:34: RIP: sending v1 update to 255.255.255.255 via
Serial2 (10.1.1.1)
00:06:34: network 172.16.0.0, metric 1
Introduction to IGRP

IGRP

– More scalable than RIP

– Sophisticated metric
– Multiple-path support
IGRP Composite Metric
19.2 kbps 19.2 kbps

Source

Destination

–Bandwidth
–Delay
–Reliability
–Loading
–MTU
IGRP Unequal Multiple Paths

New Route

Source

Initial
Route Destination

– Maximum six paths

– Next-hop router closer to destination
– Within metric variance
 Configuring IGRP

Router(config)#router igrp autonomous-system

• Defines IGRP as the IP routing protocol

Router(config-router)#network network-number

• Selects participating attached networks

 Configuring IGRP (cont.)

Router(config-router)#variance multiplier
• Control IGRP load balancing

Router(config-router)#traffic-share
{ balanced | min }

• Control how load-balanced traffic is distributed

 IGRP Configuration Example
Autonomous System = 100
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

router igrp 100 router igrp 100

network 172.16.0.0 network 192.168.1.0
network 10.0.0.0 network 10.0.0.0

router igrp 100

network 10.0.0.0
 Verifying the Routing Protocol—
IGRP
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip protocols
Routing Protocol is "igrp 100"
Sending updates every 90 seconds, next due in 21 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 100
Routing for Networks:
10.0.0.0
172.16.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.2 100 00:01:01
Distance: (default is 100)
 Displaying the
IP Routing Table
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 2 subnets
I 10.2.2.0 [100/90956] via 10.1.1.2, 00:00:23, Serial2
C 10.1.1.0 is directly connected, Serial2
I 192.168.1.0/24 [100/91056] via 10.1.1.2, 00:00:23, Serial2
 debug ip igrp transaction
Command
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#debug ip igrp transactions

IGRP protocol debugging is on
RouterA#
00:21:06: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:21:06: network 10.0.0.0, metric=88956
00:21:06: network 192.168.1.0, metric=91056
00:21:07: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:21:07: network 172.16.0.0, metric=1100
00:21:16: IGRP: received update from 10.1.1.2 on Serial2
00:21:16: subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:21:16: network 192.168.1.0, metric 91056 (neighbor 89056)
 debug ip igrp events Command
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA#debug ip igrp events

IGRP event debugging is on
RouterA#
00:23:44: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1)
00:23:44: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes.
00:23:44: IGRP: Total routes in update: 2
00:23:44: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:23:45: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:23:45: IGRP: Total routes in update: 1
00:23:48: IGRP: received update from 10.1.1.2 on Serial2
00:23:48: IGRP: Update contains 1 interior, 1 system, and 0 exterior routes.
00:23:48: IGRP: Total routes in update: 2
 Updating Routing Information
Example
E0

172.16.1.0 X A
S2 S2
B
S3 S3
C
E0
192.168.1.0
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1

RouterA# debug ip igrp trans

00:31:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down
00:31:15: IGRP: edition is now 3
00:31:15: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1)
00:31:15: network 172.16.0.0, metric=4294967295
00:31:16: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes.
00:31:16: IGRP: Total routes in update: 1
00:31:16: IGRP: broadcasting request on Serial2
00:31:16: IGRP: received update from 10.1.1.2 on Serial2
00:31:16: subnet 10.2.2.0, metric 90956 (neighbor 88956)
00:31:16: network 172.16.0.0, metric 4294967295 (inaccessible)
00:31:16: network 192.168.1.0, metric 91056 (neighbor 89056)
00:31:16: IGRP: Update contains 1 interior, 2 system, and 0 exterior routes.
00:31:16: IGRP: Total routes in update: 3
 Updating Routing Information
Example (cont.)
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1
RouterB#debug ip igrp trans
IGRP protocol debugging is on
RouterB#
1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2)
1d19h: subnet 10.2.2.0, metric=88956
1d19h: network 192.168.1.0, metric=89056
1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2)
1d19h: subnet 10.1.1.0, metric=88956
1d19h: network 172.16.0.0, metric=89056
1d19h: IGRP: received update from 10.1.1.1 on Serial2
1d19h: network 172.16.0.0, metric 4294967295 (inaccessible)
1d19h: IGRP: edition is now 10
1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2)
1d19h: subnet 10.2.2.0, metric=88956
1d19h: network 172.16.0.0, metric=4294967295
1d19h: network 192.168.1.0, metric=89056
1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2)
1d19h: subnet 10.1.1.0, metric=88956
1d19h: network 172.16.0.0, metric=4294967295
 Updating Routing Information
Example (cont.)
E0
S2 S2 S3 S3 E0
172.16.1.0 X A B C
192.168.1.0
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1
RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set

I 172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2

10.0.0.0/24 is subnetted, 2 subnets
C 10.1.1.0 is directly connected, Serial2
C 10.2.2.0 is directly connected, Serial3
I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:14, Serial3
RouterB#ping 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RouterB#
 Updating Routing Information
Example (cont.)
E0 S2 S2 S3 S3 E0
172.16.1.0 A 192.168.1.0
B C
172.16.1.1 10.1.1.1 10.1.1.2 10.2.2.2 10.2.2.3 192.168.1.1
RouterB#debug ip igrp transactions
RouterB#
1d20h: IGRP: received update from 10.1.1.1 on Serial2
1d20h: network 172.16.0.0, metric 89056 (neighbor 1100)
RouterB#
RouterB#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route

Gateway of last resort is not set

I 172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2

10.0.0.0/24 is subnetted, 2 subnets
C 10.1.1.0 is directly connected, Serial2
C 10.2.2.0 is directly connected, Serial3
I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:18, Serial3
RouterB#ping 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
 EIGRP Overview

© 2000, Cisco Systems, Inc. www.cisco.com 6-412

 What Is Enhanced IGRP
(EIGRP)?
IP Routing IP Routing
Protocols Protocols
AppleTalk Enhanced AppleTalk
Routing Protocol IGRP Routing Protocol

IPX Routing IPX Routing

Protocols Protocols

– EIGRP supports:
• Rapid convergence
• Reduced bandwidth usage
• Multiple network-layer protocols
 EIGRP Features

• Advanced distance vector

• 100% loop free
• Fast convergence
• Easy configuration
• Less network design constraints
than OSPF
 EIGRP Features (cont.)

• Incremental updates
• Supports VLSM and discontiguous networks
• Classless routing
• Compatible with existing IGRP networks
• Protocol independent
(supports IPX and AppleTalk)
 Advantages of EIGRP

• Uses multicast instead of broadcast

• Utilizes link bandwidth and delay
– EIGRP metric = IGRP metric x 256
(32 bit vs. 24 bit)
• Unequal cost path load balancing
• More flexible than OSPF
– Manual summarization can be done in
any interface at any router within the
network
 EIGRP Support for Route
Summarization
172.16.0.0 /24 192.168.42.0 /27 10.0.0.0 /18

172.16.0.0 /16 172.16.0.0 /16

192.168.42.0 /24

• EIGRP performs route summarization

– Classful network boundaries (default)
– Arbitrary network boundaries (manual)
 EIGRP Packets

• Hello: Establish neighbor relationships

• Update: Send routing updates
• Query: Ask neighbors about
routing information
• Reply: Response to query about
routing information
• ACK: Acknowledgement of a reliable packet
 EIGRP Neighbor Relationship
• Two routers become neighbors when they see each other’s
hello packet
– Hello address = 224.0.0.10
• Hellos sent once every 5 seconds on the following links:
– Broadcast media: Ethernet, Token Ring, FDDI
– Point-to-point serial links: PPP, HDLC,
point-to-point Frame Relay/ATM subinterfaces
– Multipoint circuits with bandwidth greater than T1: ISDN
PRI, Frame Relay
 EIGRP Neighbor Relationship
(cont.)
• Hellos sent once every 60 seconds on the
following links:
– Multipoint circuits with bandwidth less than T1:
ISDN BRI, Frame Relay, and so on
• Neighbor declared dead when no EIGRP
packets are received within hold interval
– Not only hello can reset the hold timer
• Hold time by default is three times the hello
time
 EIGRP Neighbor Relationship
(cont.)
• EIGRP will form neighbors even though hello
time and hold time don’t match
• EIGRP sources hello packets from primary
address of the interface
• EIGRP will not form neighbor if K-values are
mismatched
• EIGRP will not form neighbor if AS numbers
are mismatched
 What Is in a Neighbor Table?

p2r2

p2r2#show ip eigrp neighbors

IP-EIGRP neighbors for process 400
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.68.2.2 To0 13 02:15:30 8 200 0 9
0 172.68.16.2 Se1 10 02:38:29 29 200 0 6
 EIGRP Reliability
• EIGRP reliable packets are packets that require
explicit acknowledgement:
– Update
– Query
– Reply
• EIGRP unreliable packets are packets that do not
require explicit acknowledgement:
– Hello
– ACK
 EIGRP Reliability (cont.)

• The router keeps a neighbor list and a

retransmission list for every neighbor
• Each reliable packet (update, query, reply) will
be retransmitted when packet is
not acknowledged
• Neighbor relationship is reset when retry limit
(limit = 16) for reliable packets is reached
Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello
Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello

2
Here is my complete routing information. Update

3
Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello

2
Here is my complete routing information. Update

3 Thanks for the information!

Ack

5
 Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello

2
Here is my complete routing information. Update
4
Topology 3 Thanks for the information!
Ack
Table

5
 Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello

2
Here is my complete routing information. Update
4
Topology 3 Thanks for the information!
Ack
Table

5
Update Here is my complete route information.

6
 Initial Route Discovery

A B

1 I am router A, who is on the link?

Hello

2
Here is my complete routing information. Update
4
Topology 3 Thanks for the information!
Ack
Table

5
Update Here is my complete route information.

Thanks for the information! Ack 6

Converged
EIGRP Route Selection

IP IP
A B
AppleTalk 19.2 AppleTalk
T1 T1

IPX IPX
T1
C D

• EIGRP uses a composite metric to

pick the best path
 EIGRP Metrics Calculation
• Metric = [K1 x BW + (K2 x BW) / (256 - load) +
K3 x delay] x [K5 / (reliability + K4)]
– By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0
• Delay is sum of all the delays of the links
along the paths
– Delay = [Delay in 10s of microseconds] x 256
• Bandwidth is the lowest bandwidth of the links
along the paths
– Bandwidth = [10000000 / (bandwidth in Kbps)] x 256
• By default, metric = bandwidth + delay
 EIGRP DUAL
• Diffusing Update Algorithm (DUAL)
• Finite-state machine
– Tracks all routes advertised by neighbors
– Select loop-free path using a successor and remember
any feasible successors
– If successor lost:
• Use feasible successor
– If no feasible successor:
• Query neighbors and recompute new successor
 DUAL Example (Start)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D 4 2 (fs)
via E 4 3

(1)
D EIGRP FD AD Topology
(1) (a) 2 (fd)
B D via B 2 1 (Successor)
via C 5 3
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 3 (fd)
C E via D 3 2 (Successor)
via C 4 3
 DUAL Example
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D 4 2 (fs)
via E 4 3

(1)
D EIGRP FD AD Topology
(1) (a) 2 (fd)
B X D via B 2 1 (Successor)
via C 5 3
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 3 (fd)
C E via D 3 2 (Successor)
via C 4 3
 DUAL Example (cont.)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E 4 3

(1)
D EIGRP FD AD Topology
(a) **ACTIVE** -1 (fd)
B D via E (q)
via C 5 3 (q)
(2)
(2) Q (1)
Q
E EIGRP FD AD Topology
(1) (a) 3 (fd)
C E via D 3 2 (Successor)
via C 4 3
 DUAL Example (cont.)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E

(1)
D EIGRP FD AD Topology
(a) **ACTIVE** -1 (fd)
B D via E (q)
via C 5 3
(2) R
(2) (1)
E EIGRP FD AD Topology
(1) (a) **ACTIVE** -1 (fd)
C Q E via D
via C 4 3 (q)
 DUAL Example (cont.)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E

(1)
D EIGRP FD AD Topology
(a) **ACTIVE** -1 (fd)
B D via E (q)
via C 5 3
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 4 (fd)
C R E via C 4 3 (Successor)
via D
 DUAL Example (cont.)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E

(1)
D EIGRP FD AD Topology
(a) 5 (fd)
B D via C 5 3 (Successor)
R via E 5 4 (Successor)
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 4 (fd)
C E via C 4 3 (Successor)
via D
 DUAL Example (cont.)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E

(1)
D EIGRP FD AD Topology
(a) 5 (fd)
B D via C 5 3 (Successor)
via E 5 4 (Successor)
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 4 (fd)
C E via C 4 3 (Successor)
via D
 DUAL Example (Start)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D 4 2 (fs)
via E 4 3

(1)
D EIGRP FD AD Topology
(1) (a) 2 (fd)
B D via B 2 1 (Successor)
via C 5 3
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 3 (fd)
C E via D 3 2 (Successor)
via C 4 3
 DUAL Example (End)
(a) C EIGRP FD AD Topology
(a) 3 (fd)
via B 3 1 (Successor)
A via D
via E

(1)
D EIGRP FD AD Topology
(a) 5 (fd)
B D via C 5 3 (Successor)
via E 5 4 (Successor)
(2)
(2) (1)
E EIGRP FD AD Topology
(1) (a) 4 (fd)
C E via C 4 3 (Successor)
via D
 EIGRP Load Balancing

• Routes with metric equal to the minimum metric

will be installed in the routing table (equal-cost
load balancing)
• Up to six entries in the routing table for the same
destination
– Number of entries is configurable
– Default is four
 EIGRP Unequal-Cost Load
Balancing
• EIGRP offers unequal-cost load balancing
– variance command
• Variance allows the router to include routes
with a metric smaller than multiplier times the
minimum metric route to that destination
– Multiplier is the number specified by the
variance command
 Variance Example

20 B 10
10 10
Network Z
E C A
(config)#
variance 2 20 25

• Router E will choose Router C to get to Network Z

because FD = 20
• With variance of 2, Router E will also choose Router B to
get to Network Z (20 + 10) < (2 x [FD])
• Router D will not be used to get to Network Z (45 > 40)
 Configuring
EIGRP

© 2000, Cisco Systems, Inc. www.cisco.com 6-446

 Configuring EIGRP for IP
AS = 109 10.4.0.0 Token 172.16.6.0
Ring

172.16.7.0 E
192.168.1.0
T0 S1 172.16.5.0
10.1.0.0 172.16.2.0
A
S0 S2
B 172.16.1.0
D

10.2.0.0 C 172.16.3.0

Token
Ring router eigrp 109
172.16.4.0 network 10.0.0.0
network 172.16.0.0
• Network 192.168.0.0 is not configured on Router
A because it is not directly connected to Router A
EIGRP Summarization—Automatic
• Purpose: Smaller routing tables, smaller updates, query
boundary
• Autosummarization:
– On major network boundaries, subnetworks are summarized to a
single classful (major) network
– Autosummarization is turned on by default

172.16.X.X 172.17.X.X

172.16.0.0/16
EIGRP Summarization—Manual
• Manual summarization
– Configurable on a per-interface basis in any
router within network
– When summarization is configured on an interface,
the router immediate creates a route pointing to null
zero
• Loop prevention mechanism
– When the last specific route of the summary goes
away, the summary is deleted
– The minimum metric of the specific routes is used
as the metric of the summary route
 Configuring Summarization
(config-router)#

no auto-summary

• Turns off autosummarization for the

EIGRP process
(config-if)#

ip summary-address eigrp <as-number>

<address> <mask>

• Creates a summary address to be generated

by this interface
 Summarizing EIGRP Routes
192.168.4.2
172.16.1.0 A
10.0.0.0 S0
C World
172.16.2.0 B

router eigrp 1
network 10.0.0.0
network 172.16.0.0
no auto-summary
 Verifying EIGRP
Operation
© 2000, Cisco Systems, Inc. www.cisco.com 6-452
 Verifying EIGRP Operation
Router#
show ip eigrp neighbors

Router#
– Displays the neighbors discovered by
show ip eigrp topology IP EIGRP
– Displays the IP EIGRP topology table
Router# – Displays current EIGRP entries in the
show ip route eigrp routing table
– Displays the parameters and current
Router# state of the active routing protocol
process
show ip protocols
– Displays the number of IP EIGRP
packets sent and received
Router#
show ip eigrp traffic
 Verifying EIGRP Operation
(cont.)
Router#
debug eigrp packet

Router# – Displays all types of EIGRP packets,

both sent and received
debug eigrp neighbor
– Displays the EIGRP neighbor
interaction
Router#
– Displays advertisements and
debug ip eigrp route changes EIGRP makes to the
routing table
Router# – Displays a brief report of the EIGRP
debug ip eigrp summary routing activity
– Displays the different categories of
EIGRP activity, including route
Router#
calculations
show ip eigrp events
© 2002, Cisco Systems, Inc. All rights reserved.
ACCESS-LISTS
 Why Use Access Lists?

Token
Ring

FDDI

– Manage IP Traffic as network access grows

 Why Use Access Lists?
172.16.0.0

Token Internet
Ring

FDDI

172.17.0.0

– Manage IP traffic as network access grows

– Filter packets as they pass through the router
 Access List Applications
Transmission of packets on an interface

Virtual terminal line access (IP)

– Permit or deny packets moving through the router

– Permit or deny vty access to or from the router
– Without access lists all packets could be transmitted onto all
parts of your network
 Other Access List Uses
Priority and custom queuing

Queue
List

Special handling for traffic based on packet tests

 Other Access List Uses
Priority and custom queuing

Queue
List
Dial-on-demand routing

Special handling for traffic based on packet tests

What Are Access Lists?
E0 Access List Processes
Outgoing
Incoming Source Packet
Packet Permit?
S0

– Standard
– Checks Source address
– Generally permits or denies entire protocol suite
What Are Access Lists?
E0 Access List Processes
Outgoing
Source Protocol Packet
Incoming
Packet and Permit?
Destination S0

– Standard
– Checks Source address
– Generally permits or denies entire protocol suite
– Extended
– Checks Source and Destination address
– Generally permits or denies specific protocols
What Are Access Lists?
E0 Access List Processes
Outgoing
Source Protocol Packet
Incoming
Packet and Permit?
Destination S0

– Standard
– Checks Source address
– Generally permits or denies entire protocol suite
– Extended
– Checks Source and Destination address
– Generally permits or denies specific protocols
• Inbound or Outbound
 Outbound Access Lists
Packet
Choose S0
Inbound Interface
Y
Interface Outbound
Packets Interfaces
Routing
Table
Entry
?
N Access N
List
?
Y

Packet Discard Bucket

 Outbound Access Lists
Packet
Choose S0
Inbound Interface
Y Outbound
Interface
Packets Test Interfaces
Routing
Access List
Table E0
Statements
Entry
? Packet
N Access N
List Y
? Permit
?
Y

Packet Discard Bucket

 Outbound Access Lists
Packet
Choose S0
Inbound Interface
Y Outbound
Interface
Packets Test Interfaces
Routing
Access List
Table E0
Statements
Entry
? Packet
N Access N
List Y
? Permit
?
Y
N
Discard Packet

Notify Sender
Packet Discard Bucket

If no access list statement matches then discard the packet

A List of Tests: Deny or Permit
Match
First
Packets to interfaces Test
in the access group Y ? Y

Deny Permit

Destination

Interface(s)

Packet
Discard Deny
Bucket
A List of Tests: Deny or Permit
Match
First
Packets to Interface(s) Test
in the Access Group Y ? Y
N

Deny Permit
Match
Y Y
Deny Next Permit
Test(s) Destination
?
Interface(s)

Packet
Discard Deny
Bucket
A List of Tests: Deny or Permit
Match
First
Packets to Interface(s) Test
in the Access Group Y ? Y
N

Deny Permit
Match
Y Y
Deny Next Permit
Test(s) Destination
?
N
Interface(s)

Y Match Y
Deny Last Permit
Test
?

Packet
Discard Deny
Bucket
A List of Tests: Deny or Permit
Match
First
Packets to Interface(s) Test
in the Access Group Y ? Y
N

Deny Permit
Match
Y Y
Deny Next Permit
Test(s) Destination
?
N
Interface(s)

Y Match Y
Deny Last Permit
Test
?
N Implicit
Deny
Packet
Discard If no match
Deny
Bucket deny all
 Access List Configuration
Guidelines
– Access list numbers indicate which protocol is filtered
– One access list per interface, per protocol, per direction
– The order of access list statements controls testing
– Most restrictive statements should be at the top of list
– There is an implicit deny any as the last access list test—
every list should have at least one permit statement
– Create access lists before applying them to interfaces
– Access list, filter traffic going through the router; they do not
apply to traffic originated from the router
Access List Command Overview
Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }
Access List Command Overview
Step 1: Set parameters for this access list test
statement (which can be one of several statements)
Router(config)#
access-list access-list-number { permit | deny } { test conditions }

Step 2: Enable an interface to use the specified

access list
Router(config-if)#
{ protocol } access-group access-list-number {in | out}

IP Access lists are numbered 1-99 or 100-199

 How to Identify Access Lists
Access List Type Number Range/Identifier

IP Standard 1-99

– Standard IP lists (1 to 99) test conditions of all IP packets from source

addresses
 How to Identify Access Lists
Access List Type Number Range/Identifier

IP Standard 1-99
Extended 100-199

– Standard IP lists (1 to 99) test conditions of all IP packets from source

addresses
– Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports
 How to Identify Access Lists
Access List Type Number Range/Identifier

IP Standard 1-99
Extended 100-199
Named Name (Cisco IOS 11.2 and later)

IPX Standard 800-899

Extended 900-999
SAP filters 1000-1099
Named Name (Cisco IOS 11.2. F and later)

– Standard IP lists (1 to 99) test conditions of all IP packets from source

addresses
– Extended IP lists (100 to 199) can test conditions of source and destination
addresses, specific TCP/IP protocols, and destination ports
– Other access list number ranges test conditions for other networking
protocols
 Testing Packets with
Standard Access Lists
Frame
Header Packet Segment
(IP header) (for example, Data
(for example,
HDLC) TCP header)

Source
Address Use
access
list statements
1-99
Deny Permit
 Testing Packets with
Extended Access Lists
• An Example from a TCP/IP Packet
Frame
Header Packet Segment
(IP header) (for example, Data
(for example,
HDLC) TCP header)

Port
Number

Protocol
Source Use
Address access
Destination list statements
Address 1-99 or 100-199 to
test the
Deny packet Permit
Wildcard Bits: How to Check the
Corresponding Address Bits
Octet bit position and
128 64 32 16 8 4 2 1 address value for bit

Examples
check all address bits
0 0 0 0 0 0 0 0 = (match all)

0 0 1 1 1 1 1 1 = ignore last 6 address bits

0 0 0 0 1 1 1 1 = ignore last 4 address bits

1 1 1 1 1 1 0 0 = check last 2 address bits

1 1 1 1 1 1 1 1 = do not check address

(ignore bits in octet)

– 0 means check corresponding address bit value

– 1 means ignore value of corresponding address bit
 Wildcard Bits to Match a
Specific IP Host Address
Test conditions: Check all the address bits (match all)
An IP host address, for example:
172.30.16.29

Wildcard mask: 0.0.0.0

(checks all bits)

– Example 172.30.16.29 0.0.0.0 checks all the

address bits
– Abbreviate this wildcard mask using the IP address
preceded by the keyword host (host 172.30.16.29)
 Wildcard Bits to Match
Any IP Address
Test conditions: Ignore all the address bits (match any)
Any IP address
0.0.0.0

Wildcard mask: 255.255.255.255

(ignore all)

– Accept any address: 0.0.0.0 255.255.255.255

– Abbreviate the expression using the
keyword any
 Wildcard Bits to Match IP
Subnets
Check for IP subnets 172.30.16.0/24 to 172.30.31.0/24
Address and wildcard mask:
172.30.16.0 0.0.15.255
Network .host
172.30.16.0

0 0 0 1 0 0 0 0
Wildcard mask: 0 0 0 0 1 1 1 1
|<---- match ---->|<----- don’t care ----->|
0 0 0 1 0 0 0 0 = 16
0 0 0 1 0 0 0 1 = 17
0 0 0 1 0 0 1 0 = 18
: :
0 0 0 1 1 1 1 1 = 31
 Configuring Standard
IP Access Lists

© 1999, Cisco Systems, Inc. www.cisco.com 10-484

 Standard IP Access List
Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]

• Sets parameters for this list entry

• IP standard access lists use 1 to 99
• Default wildcard mask = 0.0.0.0
• “no access-list access-list-number” removes entire access-list
 Standard IP Access List
Configuration
Router(config)#
access-list access-list-number {permit|deny} source [mask]

• Sets parameters for this list entry

• IP standard access lists use 1 to 99
• Default wildcard mask = 0.0.0.0
• “no access-list access-list-number” removes entire access-list

Router(config-if)#
ip access-group access-list-number { in | out }

– Activates the list on an interface

– Sets inbound or outbound testing
– Default = Outbound
– “no ip access-group access-list-number” removes access-list from the interface
Standard IP Access List
Example 1
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 permit 172.16.0.0 0.0.255.255

(implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0 255.255.255.255)
Standard IP Access List
Example 1
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 permit 172.16.0.0 0.0.255.255

(implicit deny all - not visible in the list)
(access-list 1 deny 0.0.0.0 255.255.255.255)

interface ethernet 0
ip access-group 1 out
interface ethernet 1
ip access-group 1 out

Permit my network only

Standard IP Access List
Example 2
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 deny 172.16.4.13 0.0.0.0

Deny a specific host

Standard IP Access List
Example 2
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 deny 172.16.4.13 0.0.0.0

access-list 1 permit 0.0.0.0 255.255.255.255
(implicit deny all)
(access-list 1 deny 0.0.0.0 255.255.255.255)

Deny a specific host

Standard IP Access List
Example 2
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 deny 172.16.4.13 0.0.0.0

access-list 1 permit 0.0.0.0 255.255.255.255
(implicit deny all)
(access-list 1 deny 0.0.0.0 255.255.255.255)

interface ethernet 0
ip access-group 1 out

Deny a specific host

Standard IP Access List
Example 3
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 deny 172.16.4.0 0.0.0.255

access-list 1 permit any
(implicit deny all)
(access-list 1 deny 0.0.0.0 255.255.255.255)

Deny a specific subnet

Standard IP Access List
Example 3
Non-
172.16.3.0 172.16.0.0 172.16.4.0

S0
172.16.4.13
E0 E1

access-list 1 deny 172.16.4.0 0.0.0.255

access-list 1 permit any
(implicit deny all)
(access-list 1 deny 0.0.0.0 255.255.255.255)

interface ethernet 0
ip access-group 1 out

Deny a specific subnet

 Control vty Access
With Access Class

© 1999, Cisco Systems, Inc. www.cisco.com 10-494

 Filter Virtual Terminal (vty)
Access to a Router
console e0
0 1 2 34
Console port (direct connect) Physical port e0 (Telnet)

Virtual ports (vty 0 through 4)

– Five virtual terminal lines (0 through 4)

– Filter addresses that can access into the
router’s vty ports
– Filter vty access out from the router
 How to Control vty Access
e0
0 1 2 34
Physical port (e0) (Telnet)
Router#
Virtual ports (vty 0 through 4)

– Setup IP address filter with standard access list

statement
– Use line configuration mode to filter access with the
access-class command
– Set identical restrictions on all vtys
 Virtual Terminal Line
Commands
Router(config)#

• line vty#{vty# | vty-range}

– Enters configuration mode for a vty or vty range

Router(config-line)#

• access-class access-list-number {in|out}

– Restricts incoming or outgoing vty connections for

address in the access list
 Virtual Terminal Access
Example
Controlling Inbound Access
• access-list 12 permit 192.89.55.0
0.0.0.255
• !
• line vty 0 4
• access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to
the router’s vtys
 Configuring Extended
IP Access Lists

© 1999, Cisco Systems, Inc. www.cisco.com 10-499

 Standard versus External
Access List

Standard Extended

Filters Based on Filters Based on

Source. Source and destination.

Permit or deny entire Specifies a specific IP

TCP/IP protocol suite. protocol and port number.

Range is 1 through 99 Range is 100 through 199.

 Extended IP Access List
Configuration
Router(config)#
access-list access-list-number { permit | deny } protocol source
source-wildcard [operator port] destination destination-wildcard
[ operator port ] [ established ] [log]

– Sets parameters for this list entry

 Extended IP Access List
Configuration
Router(config)# access-list access-list-number
{ permit | deny } protocol source source-wildcard
[operator port] destination destination-wildcard
[ operator port ] [ established ] [log]

– Sets parameters for this list entry

Router(config-if)# ip access-group access-list-

number { in | out }

• Activates the extended list on an interface

 Extended Access List
Example 1
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20

– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0

– Permit all other traffic
 Extended Access List
Example 1
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
access-list 101 permit ip any any
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0

– Permit all other traffic
 Extended Access List
Example 1
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21

access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
access-list 101 permit ip any any
(implicit deny all)
(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)

interface ethernet 0
ip access-group 101 out

– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0

– Permit all other traffic
 Extended Access List
Example 2
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23

– Deny only Telnet from subnet 172.16.4.0 out of E0

– Permit all other traffic
 Extended Access List
Example 2
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23

access-list 101 permit ip any any
(implicit deny all)

– Deny only Telnet from subnet 172.16.4.0 out of E0

– Permit all other traffic
 Extended Access List
Example 2
Non-
172.16.3.0 172.16.4.0
172.16.0.0

S0
172.16.4.13
E0 E1

access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23

access-list 101 permit ip any any
(implicit deny all)
interface ethernet 0
ip access-group 101 out

– Deny only Telnet from subnet 172.16.4.0 out of E0

– Permit all other traffic
Using Named IP Access Lists
• Feature for Cisco IOS Release 11.2 or later
Router(config)#
ip access-list { standard | extended } name

• Alphanumeric name string must be unique

Using Named IP Access Lists
• Feature for Cisco IOS Release 11.2 or later
Router(config)#
ip access-list { standard | extended } name

• Alphanumeric name string must be unique

Router(config {std- | ext-}nacl)#
{ permit | deny } { ip access list test conditions }
{ permit | deny } { ip access list test conditions }
no { permit | deny } { ip access list test conditions }
• Permit or deny statements have no prepended number
• "no" removes the specific test from the named access list
 Using Named IP Access Lists
• Feature for Cisco IOS Release 11.2 or later
Router(config)# ip access-list { standard | extended } name

• Alphanumeric name string must be unique

Router(config {std- | ext-}nacl)# { permit | deny }
{ ip access list test conditions }
{ permit | deny } { ip access list test conditions }
no { permit | deny } { ip access list test conditions }

• Permit or deny statements have no prepended number

• "no" removes the specific test from the named access list

Router(config-if)# ip access-group name { in | out }

• Activates the IP named access list on an interface

 Access List Configuration
Principles
– Order of access list statements is crucial
Recommended: use a text editor on a TFTP server or use PC to
cut and paste
– Top-down processing
Place more specific test statements first
– No reordering or removal of statements
Use no access-list number command to remove entire access list
Exception: Named access lists permit removal of individual
statements
– Implicit deny all
Unless access list ends with explicit permit any
Where to Place IP Access Lists
S0
E0 B
S0
E0 S1
C
A S1 E0

To0 Token D E0
Ring
E1

Recommended:
– Place extended access lists close to the source
– Place standard access lists close to the destination
 Verifying Access Lists
wg_ro_a#show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 10.1.1.11/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 1
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
<text ommitted>
 Monitoring Access List
Statements
wg_ro_a#show {protocol} access-list {access-list number}

wg_ro_a#show access-lists {access-list number}

wg_ro_a#show access-lists
Standard IP access list 1
permit 10.2.2.1
permit 10.3.3.1
permit 10.4.4.1
permit 10.5.5.1
Extended IP access list 101
permit tcp host 10.22.22.1 any eq telnet
permit tcp host 10.33.33.1 any eq ftp
permit tcp host 10.44.44.1 any eq ftp-data
SILICON COMNET PVT `.LTD.
WAN PROTOCOLS
 Typical WAN Encapsulation
Protocols: Layer 2
HDLC, PPP, SLIP
Leased Line

X.25, Frame Relay, ATM

Packet-switched Service
Provider

PPP, SLIP, HDLC

Circuit-switched Telephone
Company
 HDLC Frame Format
Cisco HDLC
Flag Address Control Proprietary Data FCS Flag

• Cisco’s HDLC has a proprietary data field to support

multiprotocol environments

HDLC
Flag Address Control Data FCS Flag

• Supports only single protocol environments

 HDLC Command

Router(config-if)#encapsulation hdlc

• Enable hdlc encapsulation

• HDLC is the default encapsulation on
synchronous serial interfaces
 An Overview of PPP
Multiple protocol
encapsulations using
NCPs in PPP

TCP/IP PPP Encapsulation

Novell IPX
AppleTalk

Link setup and control

using LCP in PPP

• PPP can carry packets from several protocol suites using

Network Control Programs
• PPP controls the setup of several link options using LCP
 Layering PPP Elements
Network
IP IPX Layer 3 Protocols Layer

IPCP IPXCP Many Others

PPP Network Control Protocol Data Link

Layer
Authentication, other options
Link Control Protocol

Synchronous or Asynchronous Physical

Physical Media Layer

• PPP—A data link with network-layer services

 PPP LCP Configuration Options
Feature How It Operates Protocol

Require a password PAP

Authentication
Perform Challenge Handshake CHAP
Compress data at source; Stacker or
Compression reproduce data at Predictor
destination
Error Monitor data dropped on link Magic Number
Detection
Avoid frame looping

Multilink Load balancing across Multilink

multiple links Protocol (MP)
PPP Authentication Overview
Dialup or
Circuit-Switched
Network

PPP Session Establishment

1 Link Establishment Phase
2 Optional Authentication Phase
3 Network-Layer Protocol Phase

•Two PPP authentication protocols:

PAP and CHAP
Selecting a PPP Authentication
Protocol
Remote Router PAP Central-Site Router
(SantaCruz) 2-Way Handshake (HQ)

“santacruz, boardwalk”

Accept/Reject

Hostname: santacruz username santacruz

Password: boardwalk password boardwalk

• Passwords sent in clear text

• Peer in control of attempts
 Selecting a PPP Authentication
Protocol (cont.)
CHAP
Remote Router Central-Site Router
(SantaCruz) 3-Way Handshake (HQ)
Challenge

Response

Hostname: santacruz
Accept/Reject username santacruz
Password: boardwalk password boardwalk

•Use “secret” known only to authenticator and

peer
 Configuring PPP and
Authentication Overview
Verify who
you are.
Service
Provider

Authenticating Router Router to Be Authenticated

(The router that received the (The router that initiated the call.)
call.)
Enabling PPP Enabling PPP

  ppp encapsulation
ppp encapsulation
Enabling PPP Authentication Enabling PPP Authentication

 hostname  hostname
 username / password  username / password
 ppp authentication  ppp authentication
 Configuring PPP

Router(config-if)#encapsulation ppp
Enable PPP encapsulation
Configuring PPP Authentication

Router(config)#hostname name

• Assigns a host name to your router

Router(config)#username name password password

• Identifies the username and password of

authenticating router
Configuring PPP Authentication
(cont.)

Router(config-if)#ppp authentication
{chap | chap pap | pap chap | pap}

Enables PAP and/or CHAP authentication

 Configuring CHAP Example

Left Right
PSTN/ISDN
router router

• hostname left hostname right

• username right password sameone username left password sameone
• ! !
• int serial 0 int serial 0
• ip address 10.0.1.1 255.255.255.0 ip address 10.0.1.2 255.255.255.0
• encapsulation ppp encapsulation ppp
• ppp authentication CHAP ppp authentication CHAP
 Verifying HDLC and PPP
Encapsulation Configuration
Router#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:05, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
38021 packets input, 5656110 bytes, 0 no buffer
Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38097 packets output, 2135697 bytes, 0 underruns
0 output errors, 0 collisions, 6045 interface resets
0 output buffer failures, 0 output buffers swapped out
482 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying PPP Authentication with the
debug ppp authentication Command

Left Service Right

router Provider router

•4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up

•4d20h: Se0 PPP: Treating connection as a dedicated line
•4d20h: Se0 PPP: Phase is AUTHENTICATING, by both
•4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"
•4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"
•4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"
•4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"
•4d20h: Se0 CHAP: O SUCCESS id 2 len 4
•4d20h: Se0 CHAP: I SUCCESS id 3 len 4
•4d20h: dialer Protocol up for Se0
•4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up

debug ppp authentication successful CHAP output

Frame Relay Overview
DCE or
Frame
Relay Switch

CSU/DSU

Frame Relay works here.

– Virtual circuits make connections

– Connection-oriented service
 Frame Relay Stack
OSI Reference Model Frame Relay
Application

Presentation

Session
Transport
Network IP/IPX/AppleTalk, etc.
Data Link Frame Relay
EIA/TIA-232,
Physical EIA/TIA-449, V.35,
X.21, EIA/TIA-530
 Frame Relay Terminology
PVC
DLCI: 100
DLCI: 200
LMI
100=Active
400=Active

DLCI: 400
Local Access
Local Loop=64 kbps
Access
Loop=T1

PVC
Local Access
Loop=64 kbps
DLCI: 500
 Frame Relay
Address Mapping
DLCI: 500 PVC 10.1.1.1
CSU/DSU

Inverse ARP or
Frame Relay map

Frame IP
Relay DLCI (500) (10.1.1.1)

– Get locally significant DLCIs from provider

– Map your network addresses to DLCIs
 Frame Relay Signaling
DLCI: 500 PVC 10.1.1.1
CSU/DSU
LMI
500=Active
400=Inactive
DLCI: 400 x PVC

Keepalive

• Cisco supports three LMI standards:

– Cisco
– ANSI T1.617 Annex D
– ITU-T Q.933 Annex A
Frame Relay Inverse ARP and
LMI Operation
1
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7
Frame Relay Inverse ARP and
LMI Operation
1
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7

Status Inquiry Status Inquiry

2 2
Frame Relay Inverse ARP and
LMI Operation
1
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7

Status Inquiry Status Inquiry

2 2

Local DLCI 100=Active Local DLCI 400=Active

3 34
Frame Relay Inverse ARP and
LMI Operation
1
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7

Status Inquiry Status Inquiry

2 2

Local DLCI 100=Active Local DLCI 400=Active

3 34

Hello, I am 172.168.5.5 on DLCI 100. who r u ?

4
Frame Relay Inverse ARP and
LMI Operation (cont.)
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7
Frame Relay Map
5
172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7 on DLCI 400.

4
Frame Relay Map
5
172.168.5.7 DLCI 100 Active
Frame Relay Inverse ARP and
LMI Operation (cont.)
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7
Frame Relay Map
5
172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7.
4
Frame Relay Map
5
172.168.5.7 DLCI 100 Active

Hello, I am 172.168.5.5 on DLCI 100.

6
Frame Relay Inverse ARP and
LMI Operation (cont.)
Frame Relay
DLCI=100 Cloud DLCI=400

172.168.5.5 172.168.5.7
Frame Relay Map
5
172.168.5.5 DLCI 400 Active

Hello, I am 172.168.5.7.
4
Frame Relay Map
5
172.168.5.7 DLCI 100 Active

Hello, I am 172.168.5.5.
6
Keepalives Keepalives
7 7
 Configuring Basic Frame Relay
Rel. 11.2 Router Rel. 10.3 Router

HQ Branch

interface Serial1 interface Serial1

ip address 10.16.0.1 255.255.255.0 ip address 10.16.0.2 255.255.255.0
encapsulation frame-relay encapsulation frame-relay
bandwidth 64 bandwidth 64
frame-relay lmi-type ansi
 Configuring Basic Frame Relay
(cont.)
Rel. 11.2 Router Rel. 10.3 Router

HQ Branch

interface Serial1 interface Serial1

ip address 10.16.0.1 255.255.255.0 ip address 10.16.0.2 255.255.255.0
encapsulation frame-relay encapsulation frame-relay
bandwidth 64 bandwidth 64
frame-relay lmi-type ansi

Inverse ARP
• Enabled by default
• Does not appear in configuration output
Configuring a Static Frame
Relay Map
DLCI=110
IP address=10.16.0.1/24

p1r1
HQ Branch
DLCI=100
IP address=10.16.0.2/24

interface Serial1
ip address 10.16.0.1 255.255.255.0
encapsulation frame-relay
bandwidth 64
frame-relay map ip 10.16.0.2 110 broadcast
 Verifying Frame Relay
Operation
Router#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
<Output omitted>

Displays line, protocol, DLCI, and LMI information

 Verifying Frame Relay
Operation (cont.)
Router#show frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100
Num Update Status Rcvd 0 Num Status Timeouts 0

Displays LMI information

 Verifying Frame Relay
Operation (cont.)
Router#show frame-relay pvc 100

PVC Statistics for interface Serial0 (Frame Relay DTE)

DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

input pkts 28 output pkts 10 in bytes 8398

out bytes 1198 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 10 out bcast bytes 1198
pvc create time 00:03:46, last time pvc status changed 00:03:47

Displays PVC traffic statistics

 Verifying Frame Relay
Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active

Displays the route maps, either static or dynamic

 Verifying Frame Relay
Operation (cont.)
Router#show frame-relay map
Serial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
Router#clear frame-relay-inarp
Router#sh frame map
Router#

Clears dynamically created Frame Relay maps

 Verifying Frame Relay
Operation (cont.)
Router#debug Frame lmi
Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
Router#
1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8C 8B
1w2d:
1w2d: Serial0(in): Status, myseq 140
1w2d: RT IE 1, length 1, type 1
1w2d: KA IE 3, length 2, yourseq 140, myseq 140
1w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up
1w2d: datagramstart = 0xE008EC, datagramsize = 13
1w2d: FR encap = 0xFCF10309
1w2d: 00 75 01 01 01 03 02 8D 8C
1w2d:
1w2d: Serial0(in): Status, myseq 142
1w2d: RT IE 1, length 1, type 0
1w2d: KA IE 3, length 2, yourseq 142, myseq 142
1w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0

Displays LMI debug information

 Selecting a Frame Relay
Topology

Full Mesh

Partial Mesh

Star (Hub and Spoke)

Frame Relay default: nonbroadcast, multiaccess (NMBA)

Reachability Issues with
Routing Updates
B
Routing 1
Update B

2
AA C
C
3
D

•Problem:
Broadcast traffic must be replicated for
each active connection
Resolving Reachability Issues
Logical Interface Physical
Interface Subnet A
S0.1 S0
S0.2 Subnet B
S0.3

Subnet C

• Solution:
– Split horizon can cause problems in NBMA environments
– Subinterfaces can resolve split horizon issues
– A single physical interface simulates multiple logical interfaces
 Configuring Subinterfaces
– Point-to-Point
– Subinterfaces act as leased line
– Each point-to-point subinterface requires its own subnet
– Applicable to hub and spoke topologies
• Multipoint
– Subinterfaces act as NBMA network so they do not resolve the split
horizon issue
– Can save address space because uses single subnet
– Applicable to partial-mesh and full-mesh topology
 Configuring Point-to-Point
Subinterfaces
10.17.0.1
s0.2 DLCI=110 10.17.0.2
A
s0.3
10.18.0.1 B

interface Serial0
no ip address
encapsulation frame-relay
!
10.18.0.2
interface Serial0.2 point-to-point
ip address 10.17.0.1 255.255.255.0
bandwidth 64 C
frame-relay interface-dlci 110
!
interface Serial0.3 point-to-point
ip address 10.18.0.1 255.255.255.0
bandwidth 64
frame-relay interface-dlci 120
!
 Multipoint Subinterfaces
Configuration Example
B
s2.2=10.17.0.1/24 s2.1=10.17.0.2/24
DLCI=130
RTR1
RTR3
s2.1=10.17.0.3/24

interface Serial2
no ip address RTR4
encapsulation frame-relay s2.1=10.17.0.4/24
!
interface Serial2.2 multipoint
ip address 10.17.0.1 255.255.255.0
bandwidth 64
frame-relay map ip 10.17.0.2 120
broadcast
frame-relay map ip 10.17.0.3 130
broadcast
frame-relay map ip 10.17.0.4 140
broadcast
© 2002, Cisco Systems, Inc. All rights reserved.
 OSPF Overview

© 2000, Cisco Systems, Inc. www.cisco.com 4-562

 What Is OSPF?

– Has fast convergence

– Supports VLSM
– Processes updates efficiently
– Selects paths based on bandwidth
– Supports equal-cost multipath
 OSPF in IP Packets
89 - OSPF
6 - TCP
17 - UDP

Frame Payload
C
Frame
IP Protocol R
Header Packet Payload
Header Number C

• OSPF is a link-state routing protocol

– Relies on IP packets for delivery of routing
information
– Uses protocol number 89
 OSPF Terminology

© 2000, Cisco Systems, Inc. www.cisco.com 4-565

 OSPF Terminology

Interfaces

Token
Ring
 OSPF Terminology

Neighbors
Interfaces

Token
Ring
 OSPF Terminology

Neighbors
Interfaces
Cost = 10

Token
Ring
Cost = 1785 Cost = 6
 OSPF Terminology

Neighbors
Interfaces
Area 1 Cost = 10
Area 0
Token
Ring
Cost = 1785 Cost = 6
 OSPF Terminology
Autonomous System

Neighbors
Interfaces
Area 1 Cost = 10
Area 0
Token
Ring
Cost = 1785 Cost = 6
 OSPF Terminology
Autonomous System

Neighbors
Interfaces
Area 1 Cost = 10
Area 0
Token
Ring
Cost = 1785 Cost = 6

Neighborship
Database
Lists Neighbors
 OSPF Terminology
Autonomous System

Neighbors
Interfaces
Area 1 Cost = 10
Area 0
Token
Ring
Cost = 1785 Cost = 6

Neighborship Topology
Database Database
Lists Neighbors Lists All Routes
 OSPF Terminology
Autonomous System

Neighbors
Interfaces
Area 1 Cost = 10
Area 0
Token
Ring
Cost = 1785 Cost = 6

Neighborship Topology Routing

Database Database Table
Lists Neighbors Lists All Routes Lists Best Routes
 OSPF Operation

© 2000, Cisco Systems, Inc. www.cisco.com 4-574

 OSPF Topologies

Broadcast
Multiaccess

Point-to-Point

NBMA X.25
Frame Relay
 OSPF Operation in a
Broadcast Multiaccess
Topology

© 2000, Cisco Systems, Inc. www.cisco.com 4-576

 Neighborship
D E

Hello

B A C
Router ID
afadjfjorqpoeru
39547439070713 Neighbors
*
Hello/dead intervals

Area-ID*
Router priority
Hello DR IP address
BDR IP address
Authentication password *
*
Stub area flag

* Entry must match on neighboring routers

 Neighborship (cont.)
D E

Hello

B A C
Router ID
afadjfjorqpoeru
39547439070713 Neighbors
*
Hello/dead intervals

Area-ID*
Router priority
Hello DR IP address
BDR IP address
Authentication password *
*
Stub area flag

* Entry must match on neighboring routers

 DR and BDR

DR BDR

– Hellos elect DR and BDR to represent segment

– Each router then forms adjacency with DR and
BDR
Electing the DR and BDR
P=3 P=2

DR BDR

Hello

P=1 P=1 P=0

– Hello packets exchanged via IP multicast

– Router with highest OSPF priority elected
Exchange Process
172.16.5.1/24 172.16.5.2/24
A E0 E1 B
Down State
 Exchange Process
172.16.5.1/24 172.16.5.2/24
A E0 E1 B
Down State
I am router ID 172.16.5.1 and I see no one.

Init State

Router B
Neighbors List
172.16.5.1/24, int E1
 Exchange Process
172.16.5.1/24 172.16.5.2/24
A E0 E1 B
Down State
I am router ID 172.16.5.1 and I see no one.

Init State

Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.
 Exchange Process
172.16.5.1/24 172.16.5.2/24
A E0 E1 B
Down State
I am router ID 172.16.5.1 and I see no one.

Init State

Router B
Neighbors List
172.16.5.1/24, int E1
I am router ID 172.16.5.2, and I see 172.16.5.1.

Router A
Neighbors List
172.16.5.2/24, int E0
Two-Way State
 Discovering Routes
DR
E0 E0
172.16.5.1 172.16.5.3
afadjfjorqpoeru
Exstart State
39547439070713

Hello I will start exchange because I have router ID 172.16.5.1.

afadjfjorqpoeru
39547439070713

No, I will start exchange because I have a

higher router ID. Hello
 Discovering Routes
DR
E0 E0
172.16.5.1 172.16.5.3
afadjfjorqpoeru
Exstart State
39547439070713

Hello I will start exchange because I have router ID 172.16.5.1.

afadjfjorqpoeru
39547439070713

No, I will start exchange because I have a

higher router ID. Hello

Exchange State afadjfjorqpoeru

39547439070713

Here is a summary of my link-state database.

DBD
afadjfjorqpoeru
39547439070713

DBD Here is a summary of my link-state database.

 Discovering Routes (cont.)
DR
E0 E0
172.16.5.1 172.16.5.3
afadjfjorqpoeru
39547439070713
afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

LSAck
 Discovering Routes (cont.)
DR
E0 E0
172.16.5.1 172.16.5.3
afadjfjorqpoeru
39547439070713
afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

LSAck

afadjfjorqpoeru
39547439070713
Loading State

LSR I need the complete entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713

Here is the entry for network 172.16.6.0/24. LSU

afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

 Discovering Routes (cont.)
DR
E0 E0
172.16.5.1 172.16.5.3
afadjfjorqpoeru
39547439070713
afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

LSAck

afadjfjorqpoeru
39547439070713
Loading State

LSR I need the complete entry for network 172.16.6.0/24.

afadjfjorqpoeru
39547439070713

Here is the entry for network 172.16.6.0/24. LSU

afadjfjorqpoeru
39547439070713

LSAck Thanks for the information!

Full State
 Choosing Routes
10.1.1.0/24 10.2.2.0/24 10.3.3.0/24
Token
A Ring B FDDI C
Cost=6
Cost=1

Cost=10
10.4.4.0/24

Topology Table
Net Cost Out Interface
10.2.2.0 6 To0
10.3.3.0 7 To0 This is the best route to 10.3.3.0.
10.3.3.0 10 E0
Maintaining Routing Information
Link-State Change
DR

1 LSU

x A
B

• Router A tells all OSPF DRs on 224.0.0.6

Maintaining Routing Information
2
Link-State Change
DR
LSU

1 LSU

x A
B

• Router A tells all OSPF DRs on 224.0.0.6

• DR tells others on 224.0.0.5
Maintaining Routing Information
2
Link-State Change
DR
LSU

1 LSU
3
x A
B
LSU

• Router A tells all OSPF DRs on 224.0.0.6

• DR tells others on 224.0.0.5
Maintaining Routing Information
2
Link-State Change
DR
LSU

4 I need to update
my routing table.
1 LSU
3
x A
B
LSU

• Router A tells all OSPF DRs on 224.0.0.6

• DR tells others on 224.0.0.5
Maintaining Routing Information
(cont.)
LSU
Is entry in
LSA link-state
database?

No
Add to database

Send LSAck
to DR

Flood LSA

Run SPF to calculate

new routing table

End
Maintaining Routing Information
(cont.)
LSU
Is entry in Is seq. #
LSA link-state Ignore LSA
database? the same?
Yes Yes

No
Add to database

Send LSAck
to DR

Flood LSA

Run SPF to calculate

new routing table

End
Maintaining Routing Information
(cont.)
LSU
Is entry in Is seq. #
LSA link-state Ignore LSA
database? the same?
Yes Yes

No
No
Add to database
Is seq. #
higher?
Send LSAck
to DR No

Flood LSA Send LSU

with newer
information to
Run SPF to calculate
source
new routing table

End End
Maintaining Routing Information
(cont.)
LSU
Is entry in Is seq. #
LSA link-state Ignore LSA
database? the same?
Yes Yes

No
No
A Add to database Go
Is seq. #
to
higher? Yes A
Send LSAck
to DR No

Flood LSA Send LSU

with newer
information to
Run SPF to calculate
source
new routing table

End End
 OSPF Operation in a
Point-to-Point Topology

© 2000, Cisco Systems, Inc. www.cisco.com 4-599

 Point-to-Point Neighborship

– Router dynamically detects its neighboring router

using the Hello protocol
– No election: Adjacency is automatic as soon as
the two routers can communicate
– OSPF packets are always sent as multicast
224.0.0.5
 Configuring OSPF
in a Single Area
© 2000, Cisco Systems, Inc. www.cisco.com 4-601
 Configuring OSPF on Internal
Routers
Broadcast Network Point-to-Point Network
E0 10.64.0.2 S0
10.2.1.2 10. 2.1.1
A 10.64.0.1 E0 B C
S1

<Output Omitted> <Output Omitted>

interface Ethernet0
interface Ethernet0
ip address 10.64.0.2 255.255.255.0
ip address 10.64.0.1 255.255.255.0
!
!
<Output Omitted> interface Serial0

router ospf 1
ip address 10.2.1.2 255.255.255.0
<Output Omitted>
network 10.0.0.0 0.255.255.255 area 0
router ospf 50
network 10.2.1.2 0.0.0.0 area 0
network 10.64.0.2 0.0.0.0 area 0

Can Assign Network or

Interface Address.
 Configuring Optional
Commands
Unadvertised Loopback Address Advertised Loopback Address
Ex: 192.168.255.254 Ex: 172.16.17.5
• Not in OSPF table • In OSPF table
• Saves address space • Uses address space
• Cannot use ping • Can use ping

Network
172.16.0.0

•Router ID:
– Number by which the router is known to OSPF
– Default: The highest IP address on an active interface at the
moment of OSPF process startup
– Can be overridden by a loopback interface: Highest IP address of
any active loopback interface
 Configuring Optional
Commands (cont.)
Traffic
Token
Ring
Cisco Non-Cisco
Router(config-if)#
ip ospf cost cost

– Assigns a cost to an outgoing interface

– May be required for interoperability
– Use default cost between Cisco devices
 Verifying OSPF
Operation
© 2000, Cisco Systems, Inc. www.cisco.com 4-605
 Verifying OSPF Operation
Router#
show ip protocols

• Verifies that OSPF is configured

Router#

show ip route

• Displays all the routes learned by the router

Router#
show ip ospf interface

• Displays area ID and adjacency information

Verifying OSPF Operation (cont.)
Router#

show ip ospf

• Displays
Router# OSPF timers and statistics
show ip ospf neighbor detail

• Displays information about DR, BDR

and neighbors
Router#

show ip ospf database

• Displays the link-state database

Verifying OSPF Operation (cont.)
Router#

clear ip route *

• Allows you to clear the IP routing table

Router#

debug ip ospf option

• Displays router interaction during the

hello, exchange, and flooding processes
 show ip ospf interface

R2#sh ip ospf int e0

Ethernet0 is up, line protocol is up
Internet Address 192.168.0.12/24, Area 0
Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST,
Cost: 10
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 192.168.0.11, Interface address
192.168.0.11
Backup Designated router (ID) 192.168.0.13, Interface address
192.168.0.13
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:04
Neighbor Count is 3, Adjacent neighbor count is 2
Adjacent with neighbor 192.168.0.13 (Backup Designated Router)
Adjacent with neighbor 192.168.0.11 (Designated Router)
Suppress hello for 0 neighbor(s)
 show ip ospf neighbor—
Multiaccess and Point-to-
Point
Neighbor ID Pri State Dead Time Address Interface
192.168.0.13 1 2WAY/DROTHER 00:00:31 192.168.0.13 Ethernet0
192.168.0.14 1 FULL/BDR 00:00:38 192.168.0.14 Ethernet0
192.168.0.11 1 2WAY/DROTHER 00:00:36 192.168.0.11 Ethernet0
192.168.0.12 1 FULL/DR 00:00:38 192.168.0.12 Ethernet0

OSPF over Ethernet - Multiaccess Network

Neighbor ID Pri State Dead Time Address Interface

192.168.0.11 1 FULL/ - 00:00:39 10.1.1.2 Serial1

OSPF over HDLC - Point-to-Point Network

 show ip ospf database

R2#show ip ospf database

OSPF Router with ID (192.168.0.12) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

192.168.0.10 192.168.0.10 817 0x80000003 0xFF56 1
192.168.0.11 192.168.0.11 817 0x80000003 0xFD55 1
192.168.0.12 192.168.0.12 816 0x80000003 0xFB54 1
192.168.0.13 192.168.0.13 816 0x80000003 0xF953 1
192.168.0.14 192.168.0.14 817 0x80000003 0xD990 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

192.168.0.14 192.168.0.14 812 0x80000002 0x4AC8
 debug ip ospf adj
192.168.0.14 on Ethernet0, state 2WAY
OSPF: end of Wait on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.14
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id) BDR: 192.168.0.14 (Id)
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32
state EXSTART
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52
OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92
state EXCHANGE
OSPF: Exchange Done with 192.168.0.14 on Ethernet0
OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32
OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULL
OSPF: Build router LSA for area 0, router ID 192.168.0.11
OSPF: Neighbor change Event on interface Ethernet0
OSPF: DR/BDR election on Ethernet0
OSPF: Elect BDR 192.168.0.13
OSPF: Elect DR 192.168.0.14
DR: 192.168.0.14 (Id) BDR: 192.168.0.13 (Id)
© 2002, Cisco Systems, Inc. All rights reserved.
 NAT
(NETWORK ADDRESS
TRANSLATION)
 Private Addresses

• Class A – 10.0.0.0 to 10.255.255.255

• Class B – 172.16.0.0 to 172.31.255.255
• Class C – 192.168.0.0 to 192.168.255.255
 WHY WE NEED NAT ?
• Organizations use Private Addresses in their
internal networks.
• These addresses will never appear in the
global routing table on any public network.
• But if these address are not routable on
public networks how hosts from these internal
networks are able to communicate across the
internet?
 WHY WE NEED NAT ?
• NAT is a concept which translates layer
three addresses, so it is implemented on
layer three devices.
• NAT is used to translate these private
addresses into public addresses.
 NAT

• NAT is used when a packet is traversing

from one network to another and when the
source address on the transmitting
network is not legal or valid on the
destination network i.e, when a source
corresponds to a private address.
 USE NAT IF

–You need to connect to the Internet and

your hosts do not have globally unique IP
addresses
–You change over to a new ISP that requires
you to renumber your network
–Hide intranet addressing information from
outside world.
 NAT Operation

Inside

10.1.1.1 Internet

10.1.1.2
Inside Local Inside Global
NAT table IP Address IP Address

10.1.1.1 192.168.2.2
10.1.1.2 192.168.2.3
 Addresses used in NAT

• Inside local – Address of a host on

the private side of the network.
• Inside Global – Public address into
which the inside local address will be
translated.
 Addresses used in NAT

• Outside Global – Address of a host

that resides on the public network and
a routable IP address.
• Outside Local – Address used to
translate an outside global IP
address. This may or may not be a
registered IP address, but it must be
routable on the inside network.
 TYPES OF NAT

• STATIC NAT
• DYNAMIC NAT
• DYNAMIC NAT WITH OVERLOAD (PAT-
Port Address Translation)
 Translating Inside Local
Addresses
Inside
(Static NAT)
4
DA
192.168.2.2

10.1.1.3 5 3 Host B
DA SA
172.20.7.3
10.1.1.1 192.168.2.2

10.1.1.2 Internet

10.1.1.2

SA
10.1.1.1 1 2 NAT table
Inside Local Inside Global
10.1.1.1 IP Address IP Address
10.1.1.3 192.168.2.4
10.1.1.2 192.168.2.3
10.1.1.1 192.168.2.2
 Overloading Inside Global
Inside
Addresses (PAT)
4
DA
192.168.2.2

Host B
10.1.1.3 5 3 172.20.7.3
DA
10.1.1.1
SA
192.168.2.2
4
Internet DA
192.168.2.2

Host C
10.1.1.2 172.21.7.3
1 2 NAT table
SA
10.1.1.1
Protocol Inside Local IP Inside Global IP Outside Global
Address Address: Port IP Address: Port
10.1.1.1 TCP 10.1.1.3 192.168.2.2:1492 172.21.7.3:23
TCP 10.1.1.2 192.168.2.2:1723 172.21.7.3:23
TCP 10.1.1.1 192.168.2.2:1024 172.20.7.3:23
Static NAT Configuration
Example
ip nat inside source static 10.1.1.1 192.168.2.2
!
interface Ethernet0 This interface
ip address 10.1.1.10 255.255.255.0 connected to
ip nat inside the inside
! network.
interface Serial0
This
ip address 172.16.2.1 255.255.255.0 interface
ip nat outside connected to
! the outside
world.

Maps the inside local address to the inside global address.

Dynamic NAT Configuration
ip nat pool test 192.168.2.1 192.168.2.254
netmask 255.255.255.0
ip nat inside source list 1 pool test
!
interface Ethernet0
This interface
ip address 10.1.1.10 255.255.255.0 connected to
ip nat inside the inside
! network.
interface Serial0
ip address 172.16.2.1 255.255.255.0 This interface
connected to
ip nat outside the outside
! world.
access-list 1 permit 10.1.1.0 0.0.0.255
!

Translate between inside hosts addressed from 10.1.1.0/24 to

the globally unique 192.168.2.0/24 network.
 Configuring Inside Global
Address Overloading
ip nat pool test 192.168.2.1 192.168.2.2
netmask 255.255.255.0
ip nat inside source list 1 pool test overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 172.16.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
© 2002, Cisco Systems, Inc. All rights reserved.
 ISDN
(INTEGRATED SERVICES
DIGITAL NETWORK)
 What is ISDN?

Small office
Digital
PBX

Provider Telecommuter
network
Home office

Central site

Voice, data, video, and special services

 ISDN Standards

Issue Protocol Key Examples

Telephone E.163—International Telephone

Network and E-Series Numbering Plan
ISDN E.164—International ISDN Addressing

ISDN Concepts, I.100 Series—Concepts, Structures,

I-Series Terminology
Aspects, and
I.400—User-Network Interfaces (UNIs)
Interfaces
Q.921—LAPD (Link Access Procedure
Switching and Q-Series on the D channel)
Signaling Q.931—ISDN Network Layer between
Terminal and Switch

Standards from the ITU (formerly CCITT)

 ISDN Access Options
Channel Capacity Mostly Used for
B 64 kbps Circuit-switched data (HDLC, PPP)
D 16/64 kbps Signaling information (LAPD)

NT1
BRI
Service
D 2B provider
network

PRI CSU/DSU

D 23 or 30B

• BRI and PRI are used globally for ISDN

 BRI Call Processing

ISDN
1 service provider 3
4
ISDN ISDN
Switch Switch
2 SS7

B channel(s)
D channel/SS7 signaling
 ISDN Functions and
Reference Points
Local
loop
TE1 S NT2 T NT1 Service
U provider
network
ISDN Terminal

TE2 R TA
• Functions are devices or
Terminal
Existing Adapter hardware
Terminal • Reference points are
demarcations or interfaces
 Cisco ISDN BRI Interfaces
Native ISDN interface—int bri 0
Service
provider
bri 0 network
TE1 NT1
S/T

bri 0
R S/T
TE1 U TE2 TA NT1
S0
NT1 Nonnative ISDN interface—int serial 0
(EIA/TIA-232, V.35, X.21)
 ISDN Switch Types

S S S S
S S S S S
CO S S S S CO

• Many providers and switch types

• Services vary by regions and countries

 Configuring ISDN BRI
Step 1: Specify the ISDN switch type
Router(config)#isdn switch-type switch-type

Router(config-if)#isdn switch-type switch-type

• Specifies the type of ISDN switch with

which the router communicates
• Other configuration requirements vary for specific
providers
Configuring ISDN BRI (cont.)
Step 2: (Optional) Setting SPIDs

Router(config-if)#isdn spid1 spid-number [ ldn ]

• Sets a B channel SPID required by many service

providers

Router(config-if)#isdn spid2 spid-number [ ldn ]

• Sets a SPID for the second B channel

 What Is Dial-on-Demand
Routing?
Corporate Dallas

PSTN
Chicago
ISDN
I need to send
data to Dallas.

• Connect when needed

• Disconnect when finished
• ISDN or PSTN
 When to Use DDR

Telecommuter

Headquarters

Vendor
• Periodic connections
• Small amounts of data
 Generic DDR Operation
“Interesting”
packet arrives

DCE

1. Route to destination is determined

 Generic DDR Operation
“Interesting”
packet arrives

DCE

1. Route to destination is determined

2. Interesting packets dictate DDR call
 Generic DDR Operation
“Interesting”
packet arrives
Dial connection

DCE ISDN or
Basic
Service

1. Route to destination is determined

2. Interesting packets dictate DDR call
3. Dialer information is looked up
 Generic DDR Operation
“Interesting”
packet arrives
Dial connection

DCE ISDN or
Basic
Service

1. Route to destination is determined

2. Interesting packets dictate DDR call
3. Dialer information is looked up
4. Traffic is transmitted
5. Call is terminated
 Configuring Legacy DDR
“Interesting”
packet arrives

DCE

1 Define static routes—What route do I use?

 Configuring Legacy DDR
“Interesting”
packet arrives

DCE

1 Define static routes—What route do I use?

2 Specify interesting traffic—What traffic
enables the link?
 Configuring Legacy DDR
“Interesting”
packet arrives
Dial connection

DCE ISDN or
Basic
Service

1 Define static routes—What route do I use?

2 Specify interesting traffic—What traffic
enables the link?
3 Configure the dialer information—What
number do I call?
 Task 1: Defining Static Routes
(Route to Destination)

Subnet 10.1.0.1 10.1.0.2 Subnets

10.40.0.0 10.10.0.0
Home ISDN Central 10.20.0.0
bri 0 bri 0
5551000 5552000

ip route 10.40.0.0 255.255.0.0 10.1.0.1

Specify address of
next hop router
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2

Network prefix
and prefix mask
Task 2: Specifying Interesting Traffic
(What Enables the Connection?)
• Without Access Lists
dialer-list 1 protocol ip permit

Any IP traffic will initiate the link

• With Access Lists (for better control)

dialer-list 1 protocol ip list 101

access-list 101 deny tcp any any eq ftp Deny FTP

access-list 101 deny tcp any any eq telnet Deny Telnet
access-list 101 permit ip any any

Any IP traffic, except FTP and Telnet, will initiate the link
 Task 3: Configuring the
Dialer Information
hostname Home
! • Applies rules
isdn switch-type basic-5ess
! defined by dialer-
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
list to individual
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
interfaces
dialer-group 1
no fair-queue
ppp authentication chap
!
router rip
network 10.0.0.0 Both values
!
no ip classless must match
ip route 10.10.0.0 255.255.0.0 10.1.0.2
ip route 10.20.0.0 255.255.0.0 10.1.0.2
!
dialer-list 1 protocol ip permit
 Task 3: Configuring the
Dialer Information (cont.)
How do I get to
subnetwork 10.10.0.0?

10.1.0.1 10.1.0.2 Subnets

10.10.0.0
Home ISDN Central 10.20.0.0
bri 0 bri 0
5551000 5552000

interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
Number to dial
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
dialer-group 1 Remote host name
no fair-queue Used for PPP CHAP
ppp authentication chap
Legacy DDR Configuration
Tasks Summarized
hostname Home
!
isdn switch-type basic-5ess
!
interface BRI0
ip address 10.1.0.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 180
dialer map ip 10.1.0.2 name Central 5552000
3 dialer-group 1
no fair-queue
ppp authentication chap
!
router rip
network 10.0.0.0
!
no ip classless
ip route 10.10.0.0 255.255.0.0 10.1.0.2
1 ip route 10.20.0.0 255.255.0.0 10.1.0.2
2 dialer-list 1 protocol ip permit
!
 Optional Legacy DDR
Commands
Router(config-if)#dialer load-threshold load
[ outbound | inbound | either ]

• Establishes the amount of traffic on link before

a second link is enabled
Router(config-if)#dialer idle-timeout seconds

• Establishes the idle time before disconnect

 Legacy DDR Using ACLs
Configuration Example
Access list defining
access-list 101 permit tcp any any eq smtp interesting packets
access-list 101 permit tcp any any eq telnet on Cisco A
dialer-list 1 list 101
!
ip route 192.168.12.0 255.255.255.0 10.108.126.2 Static routes to
ip route 192.168.14.0 255.255.255.0 10.108.126.2 reach destination
!
interface bri 0
Interface
ip address 10.108.126.1 255.255.255.0 configuration for
dialer-group 1 DDR
dialer map ip 10.108.126.2 name B 5551234
!
Time to wait
dialer idle-timeout 300 before dropping
call

10.108.126.1 10.108.126.2 Subnets

192.168.12.0
A ISDN B 192.168.14.0
 Verifying Legacy DDR and
ISDN Operation
Router#ping or telnet • Triggers a link (assuming it is part
of interesting traffic)

Router#show dialer
• Displays current status of link, including
amount of time link is connected

Router#show isdn active

• When using ISDN, displays call
status while call is in progress

Router#show isdn status

• Displays the status of an ISDN
connection

Router#show ip route • Displays all routes, including static

routes
 Verifying Legacy DDR and
ISDN Operation (cont.)
Router#debug isdn q921 • Shows ISDN layer 2 messages

Router#debug isdn q931 • Shows ISDN call setup and

teardown activity

Router#debug dialer • Shows call setup and teardown

activity

Router(config-if)#shutdown • Clears currently established

connections from the interface
© 2002, Cisco Systems, Inc. All rights reserved.
Understanding LAN
Switching
 What is Switching ?
• It breaks the Collision Domain
• It takes the packet and forwards to destined
port without any modification.
• Network still remains in one large Broadcast
Domain.
• It increases bandwidth of the network.
• Multiple devices can be connected to each
interface.
 Collision Domain
• All the computers which are physically
connected together and can collide with each
other are part of a single Collision Domain.
• To reduce collision increase collision domain
• Reducing Collision Domain will increase
collision.
 Switching Technology
• To understand Switching Technology we
need to understand the following :
– Layer 2 Switching
– Address Learning
– Forward/Filtering Decisions
– Loop Avoidance
– Spanning-Tree Protocol
– LAN Switch Types
 Hubs Addressed Many of
These Problems
Ethernet 10 Hub

All nodes share 10 Mbps

• Ethernet concentrator
One device sending at a time • “Self-contained” Ethernet
LAN in a box
• Works at physical layer 1
 Collisions: Telltale Signs

CRASH • “I could have walked to

Finance by now.”

Hub • “I knew I should have

stayed home.”
• “File transfers take
forever.”
• Sluggish network response • “I’m waiting all the time.”
• Increasing user complaints
 Hub-Based LANs
• Shared resources
• Desktop connections wired to
centralized closets
10BaseT
• Poor security within shared
Hub segments
• Routers provide scalability
• Adds, moves, and changes
10BaseT
Hub are easier than without hubs,
but still a hassle
• Groups of users determined
by
physical location
 Switches—Layer 2

Switched Ethernet 10 Ethernet Backbone

Switch

Each Node has

10 Mbps
Multiple devices sending at the same time
 Switches versus Hubs
Hub Ethernet 10

One device
sending at
a time
All nodes share 10 Mbps

Ethernet
Backbone Switched Ethernet 10
Switch
Multiple
devices
sending at the
same time
Each node has 10 Mbps
 Today’s LANs

• Mostly switched
resources; few
10-Mbps
10/100
Switch Hub shared
• Routers provide
scalability
10/100
Switch
• Groups of users
determined by
physical location
 LAN Switching Basics

© 1999, Cisco Systems, Inc. www.cisco.com

 Layer 2 Switching
• This is hardware based switching
• It uses MAC address to filter the network.
• To build Filter Table, it uses ASICs (Application-
specific Integrated Circuits)
• It is like Multiport bridge.
• Layer 2 switches do not look at the Network layer
header and hence faster.
• Based on hardware address it decides whether to
forward the packet or drop it.
 Layer 2 Switching

• Layer 2 Switching provides the following:

– Hardware-based bridging (MAC)

– Wire speed
• Layer 2 switch is considered faster because no
modification in the packet.
– Low Latency
• Because the switching is faster
– Low cost
 LAN Switching Basics

• Enables dedicated
access
• Eliminates collisions
and increases
capacity
• Supports multiple
conversations at the
same time
 Functions of Switch
at Layer 2

• There are three main functions at Layer2

– Address Learning

– Forward / Filter Decisions

– Loop Avoidance
 Address Learning
• Switches and Bridges remember the source address of each frame
received on an interface and enter this information into MAC
database.
– Whenever switch receives a packet it makes an entry of the
source address and sends a broadcast for destination.
- The destination machine then responds to broadcast and switch
receives a packet from destination.
– Switch again makes entry for the destination machine’s
hardware address.
– Using this method Switch maintains a table stating that which
hardware address is available at which port.
 Forward / Filter Decisions

• When a frame is received on an interface, the

switch looks at the destination hardware address
and finds the exit interface in the MAC database.
– When a frame is reached to the switch the destination
port is checked in MAC database to find out the exit
interface.
• If found the packet will be forwarded to the mentioned port
• If not found the Broadcast is sent on all the ports and the exit
port for this particular address is determined.
 Broadcast / Unicast

• When packets are sent to a specific

machine that is called Unicast.
– It always knows the destination address
• When packets are sent to all that is called
Broadcast.
– It the destination address will be all 1s.
 Loop Avoidance
• If multiple connections between switches are
created for redundancy, network loops can occur.
– Most commonly networks are implemented with
redundant links for fault tolerance purpose.
– These multiple links may cause loops and broadcast
storm
– In a switched network some scheme should be
implemented to avoid these loops.
– The Spanning-Tree Protocol (STP) is used to stop
network loops and allow redundancy.
 LAN Switch Operation
• Forwards packets based 10 Mbps
on a forwarding table
– Forwards based on the MAC
(Layer 2) address
• Operates at OSI Layer 2 A C
2
• Learns a station’s location 3 1
by examining source Data from A to B 10 Mbps
address 4
– Sends out all ports when
B
destination address is
broadcast, or unknown address Interface
– Forwards when destination is 1 2 3 4
Stations

located on different interface

 LAN Switch Operation
• Forwards packets based 10 Mbps
on a forwarding table
– Forwards based on the MAC
(Layer 2) address
• Operates at OSI Layer 2 A C
2
• Learns a station’s location 3 1
by examining source 10 Mbps
address 4
– Sends out all ports when
B
destination address is
broadcast,or unknown address Interface
– Forwards when destination is 1 2 3 4
Stations

located on different interface A X

 LAN Switch Operation
• Forwards packets based 10 Mbps
on a forwarding table

Data from A to B
– Forwards based on the MAC
(Layer 2) address
• Operates at OSI Layer 2 A C
2
• Learns a station’s location 3 1
by examining source Data from
10AMbps
to B

address

Data from A to B
4
– Sends out all ports when
B
destination address is
broadcast, or unknown address Interface
– Forwards when destination is 1 2 3 4
Stations

located on different interface A X

 LAN Switch Operation
• Forwards packets based 10 Mbps
on a forwarding table
– Forwards based on the MAC
(Layer 2) address
• Operates at OSI Layer 2 A C
2
• Learns a station’s location 3 1
by examining source 10 Mbps
address 4

Data from B to A
– Sends out all ports when
B
destination address is
broadcast,or unknown address Interface
– Forwards when destination is 1 2 3 4
Stations

located on different interface A X

B X
 LAN Switch Operation
• Forwards packets based 10 Mbps
on a forwarding table
– Forwards based on the MAC
(Layer 2) address
• Operates at OSI Layer 2 A C
2
• Learns a station’s location 3 1
by examining source Data from B to A 10 Mbps
address 4
– Sends out all ports when
B
destination address is
broadcast,or unknown address Interface
– Forwards when destination is 1 2 3 4
Stations

located on different interface A X

B X
 LAN Switch Types
• Switching type basically effects the Latency and the reliability of your
network.

• There are three Switching Types:

– Store and Forward

– Cut-through

– FragmentFree
 Store and Forward

• It is default in Routers & Bridges

• In this method the entire data is first stored,
processed for errors, if it is found error free, it
is forwarded otherwise returned.
• Uses CRC for error checking.
• Latency is high in this case but it is extremely
reliable.
– Latency : Time involved in sending the data from
one node to another.
•
Cut-Through (Real Time)
Cut-Through switching is the fastest one, because it
does not check for errors.
• It does not store data and process for error.
• It just reads the destination address and forwards it.
• It begins to forward the frame as soon as it reads the
destination address and determines the outgoing
interface.
• It has Lowest Latency and not reliable.
• Hence it is also called Wire Speed Switching.
 FragmentFree (Modified Cut-
Through)
• It provides us both Low latency as well as Speed.
• It is a modified form of Cut Through switching.
• It reads the first 64 bytes and then forwards.
– It checks 64 bytes because most of the errors occur in these
bytes only. If first 64 bytes are error free FragmentFree Switching
considers entire data error free.
• If there is any error in first 64 bytes the packet will be dropped or
else forwarded.
• It provides better reliability than the Cut-through with almost same
Latency as in Cut through.
 Understanding
Spanning-tree
protocol(802.1d)
 The Need for Spanning Tree
• Problems with large switched networks
– Local multicast, broadcast, and unknown single-destination
event “storms” become global events

Station A

Segment A

1/1 2/1
Switch 1 Switch 2
1/2 2/2 Segment B

Station B
How does Loop occur
 Loop Occuring
• In this scenario if no loop avoidance scheme is implemented
the switch will generate a broadcast storm.
• A device can receive multiple copy of same frames.
• The MAC address table will be continuously updated and the
table itself will be confused, because frames will be received
from more than one link. This is called “thrashing” MAC Table.
• This is how loops within other loop will be generated and no
switching will be performed in the network.
Note : Spanning Tree Protocol is designed to solve this
problem.
 Spanning-Tree Protocol
• The main function of STP is to maintain a loop free
network.

– Originally STP was created by DEC (Now Compaq)

– It was modified by IEEE and was published in 802.1d

specification.

– DEC and IEEE 802.1d are not compatible

– All CISCO switches run on IEEE802.1d version of STP

 Bridge Protocol Data Units
• Switches and Bridges running STP exchange information
with something called BPDUs.

• BPDUs send Broadcast messages using multicast frames.

• Bridge ID of each device is sent to other device using

BPDUs.
 How STP Works
• STP continuously monitors the network for a failure or addition
of a link, switch or bridge.
• Whenever there is a change in topology, it reconfigures switch
or bridge to avoid a total loss of connectivity or creation of new
loops.
• STP is by-default enabled in Catalyst switches.
• STP provides a loop-free network by followin:
– Electing a Root Bridge
– Root Port for a Non-root Bridge
– Designated port for Each Segment
 Bridge ID
•Bridge ID is used to determine the Root Bridge and Root Port.
•The Bridge ID is 8 bytes long.
•Bridge ID includes the priority and the MAC Address of the
device.
•All devices running IEEE STP version has 32,768 as priority
value.
•To Determine Bridge ID the Priorities and MAC address are
combined.
– If two switches / Bridges have the same priority then MAC Address
is used to determine Bridge ID.
Eg. If switch A with MAC ID 0000.0c00.1111.1111 and switch B with
MAC IS 0000.0c00.2222.2222 have the same priority then switch
A will become the Root Bridge.
 Electing Root Bridge

• In one Broadcast Domain only one Bridge is designated as

Root Bridge.
• All Ports on the Root Bridge are in Forwarding State and are
called Designated Port
• All ports in forwarding state can send and receive traffic.
• Bridge ID is used to determine the Root Bridge and Root Port.
• Bridge ID includes the priority and the MAC Address of the
device.
 Root Port for a Non-root Bridge
• The Root Port is the lowest cost path from a
Non-Root Bridge to the Root Bridge.
– Spanning Tree Path Cost is an accumulated cost
based on bandwidth.
• More Bandwidth - Less Cost
• In the event that the cost is the same then the deciding
factor would be the lowest port no.
• Root Ports are in forwarding state.
 Designated Port
• There will be only one Designated Port in one
Segment.
• Designated Port is selected on the bridge that has
the lowest cost path to Root Bridge.
• Designated Port is in the forwarding state.
• Responsible for forwarding traffic for the
segmentation
– Nondesignated Ports are normally in the blocking
state to break the loop topology. That means the
Spanning Tree is preventing it from forwarding
traffic.
 Spanning Tree Port State
• There are four different states for ports on Switch / Bridge
running STP.

• Blocking : Won’t forward frames; listens to BPDUs. All

ports are in blocking state by default when the switch is
powered up.

• Listening : Listens to BPDUs to make sure no loops occur

on the network before passing data frames.

• Learning : Learns MAC addresses and builds a filter table

but does not forward frames.

• Forwarding : Sends and receives all data on the bridged

port.
 Spanning Tree Path Cost
• Spanning Tree Path Cost is an accumulated total path cost
based on the bandwidth of all the links in the path. Table
shows some of the path costs specified in IEEE 802.1d
specification

Link Speed Cost (Revised IEEE Cost (Previous IEEE

Specification) Specification)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
 Convegence
• Covergence occurs when bridges and switches have
transitioned to either the forwarding or blocking states.
• No data is forwarded during this time.
• Convergence is important to make sure all devices have the
same database.
– Before data can be forwarded, all devices must be updated.
– The problem with convergence is the time it takes for these
devices to update.
– It usually takes 50 seconds to got from Blocking to forwarding
state.
– Forward delay is the time it takes to transition a port from listening
to learning state or from learning to forwarding state.
 Spanning Tree Timers
Timer Primary Function Default Setting

Hello Time Time between sending of configuration 2 seconds

BPDUs by the root Bridge

Forward Delay Duration of listening and learning states 30 seconds

Max Age Time BPDU stored 20 seconds

• It is not recommended that you change the default

STP Timers, but the timers can be adjusted if
necessary.
 Spanning Tree Example
Switch Z
MAC 0c0011110000
Default Priority 32768
Port 0
Switch X
MAC 0c0011111100 100BaseT
Default Priority 32768 Port 0 Port 0
Switch Y
MAC 0c0011111111
Default Priority 32768
Port 1 Port 1
100BaseT

Find out the following:

• What is the Root Bridge?
• What are the Designated, Nondesignated and Root Ports?
• What are the Forwarding and Blocking Ports?
•
Lets verify the answers
Root Bridge: Switch Z, Because it has the lowest bridge ID (priority and
MAC address)
• Root Port: Port 0 of Switches X and Y because it is the lowest-cost path to
the root.
• Designated Port: Port 0 of Switch Z. All ports on the root are designated
ports. Port 1 of Switch X is a designated port. Because both Switch X and
SwitchY have the same path cost to the Root Bridge, the designated port is
selected to be on switch X because it has a lower bridge ID than Switch Y.
• Blocking: Port 1 of Switch Y. The nondesignated port on the segment.
• Forwarding: All designated ports and root ports are in the forwarding state.
 802.1d Spanning-Tree
Protocol (STP)
• Allows redundancy by using parallel links
• Shuts down redundant links to eliminate
loops
• Switches communicate with each other
using BPDUs (Bridge Protocol Data Units)
• Takes 30–60 seconds to converge
• Cisco refinements:
– PortFast
– UplinkFast
© 2002, Cisco Systems, Inc. All rights reserved.
Understanding
Virtual LANs
 Virtual LANs
VLAN 1
VLAN 2
VLAN 3 • One broadcast domain
within a switch
Server Farm
• VLANs help manage
broadcast domain
• Can be defined on
port groups, users, or
protocols
• LAN switches and
network management
software provide a
mechanism to create
VLANs
 VLAN Definition

• VLAN is defined as logical grouping of

network resources & User connected to
predefined ports on a Switch, defined by
Administrator.
 VLAN

• VLANs are used to create smaller broadcast

domain within a switch.

• A Single VLAN is treated as a separate

subnet or broadcast domain.
•In layer 2 switched network, broadcast packet transmitted
arrives at every device on the network , whether intended or
not for that device
 Drawback of Layer 2 Switched
Network.
• Larger the number of Devices and Users, the
more broadcasts and packets are to be handle
by each device
• Lack of Security, the only security is assigning
passwords on the Servers and other devices.

The Solution is VLAN

 Remove the Physical
Boundaries
Engineering Marketing Acctg.

Floor 3

Floor 2

Floor 1

• Group users by department, team, or application

• Routers provide communication between VLANs
 VLAN Benefits
• Reduced administrative costs
– Simplify moves, adds, and changes
• Efficient bandwidth utilization
– Better control of broadcasts
• Improved network security
– Separate VLAN group for high-security users
– Relocate servers into secured locations
• Scalability and performance
– Microsegment with scalability
– Distribute traffic load
 Advantages of VLAN
• Broadcast Control: Multimedia applications use
broadcasts and multicast heavily, moreover,
faulty equipment, inadequate segmentation and
poorly designed Firewalls can be major players
for the above problem.
• Switches forwards broadcasts to all segments
and hence called as Flat Network because it is
one Broadcast Domain
Solution :
• It is the job of the Administrator to properly do
the segmentation of the network to avoid
problem from propagating throughout the
Network.
• Devices in a particular VLAN are members of
same Broadcast Domain and so they receive all
broadcast .
Note: Routers are used along with Switches to
provide connection between VLANs which stops
broadcast from propagating throughout the
entire internetwork.
Security : can be implemented by
connecting hubs and Switches along with
routers.But,
• Anyone connecting to the Physical network can
gain access to the network resources.
• Plugging a network Analyzer could have
displayed entire traffic of that network to an
intruder.
• Joining a workgroup was as easy as plugging
the intruder’s workstation into existing Hub.
Solution :
• Creation of VLANs and multiple broadcast
groups, empowers the Administrator to have
control over each port and user.
• Groups are created based on users requirement
for network resources.
• If configured, unauthorized access of the
network resources will be reported to the
network management station by Switches.
 Contd..
• In case of Inter-VLAN communication, restriction
are implemented on the router.

• Restriction can also be placed on the Hardware

address, Protocols and Application
 Flexibility and Scalability
• Layer 2 Switches only read Frames for filtering, which
causes it to forward all Broadcasts.
So, creating VLAN, means creating more
Broadcast Domains.
• Assigning Switch ports or users to VLAN groups on a
switch or switch fabric, you have the option to add
selected users in the broadcast domain.
This stops Broadcast Storms caused by faulty
Network Interface Card (NIC) or applications.
• VLAN can be kept on multiplying in order to efficiently
utilize the bandwidth.
 Functioning of VLANs
• Scenario: A collapsed Backbone.
 Contd..
• With reference to the figure, each network is
attached to the router having its own logical
network number.
• Each node attached to a particular network must
match that network number in order to
communicate on the internetwork.
 Contd..
• With reference to the figure, Switches
removes the physical boundaries, creating
greater flexibility and scalability than
router.
• You can group users into communities,
which are known as VLAN Organization.
 Contd..
• With reference to the figure there are four
VLANs or broadcast domain. Node within a
particular VLAN can communicate with each
other, but not with any other VLAN or node in
other VLAN.
So, communication between VLAN is only
possible through a Layer 3 device.
 VLAN Membership
• Administrator are responsible for creating
VLANs, which are further assigned to
Switch ports.
Vlan Membership can be configured as
Static or Dynamic.
 Static VLAN
• This is the basic and most secure type for
creating VLAN.
• Port assignment associated with a VLAN is
maintained until and unless modified by the
Administrator.
• This type of VLAN configuration is easy to Setup
and Monitor.
 Dynamic VLAN
• Using intelligent management software, you can
enable MAC address, Protocols or even
Application to create Dynamic VLANs.
• For e.g. MAC address might be fed into a
centralized VLAN management application, Now
if a node is attached to an unassigned port, the
VLAN management database will lookup the
MAC address and assign and configure the
Switch port to correct VLAN. Again, if the user
moves, the Switch will automatically assign them
to correct VLAN.
 VLAN Identification
• VLAN can span multiple connected switches.
• Switches must keep a track of Frames and
which VLAN, these Frame belong to.
Frame Tagging performs this function.
Establishing VLAN Membership
Approaches Can Vary Performance
• Port driven Port-Based
• MAC address driven
• Network address
Layer 3-Based
driven VLAN 1

VLAN 2
• Application type driven VLAN 3

MAC-Based Subnet Subnet

198.21.xx 198.22.xx

VLAN 1 VLAN 2

MAC MAC
Addresses Addresses

VLAN 1 VLAN 2
 Membership by Port
Maximizes Forwarding Performance
VLAN 3

• Users assigned by port association

VLAN 1 VLAN 2 • Requires no lookup if
done in ASICs
• Easily administered via GUIs
• Maximizes security between VLANs
• Packets do not “leak” into
other domains
• Easily controlled across network
 Communicating Between
VLANs
Two Physical Topology Approaches
Logical
Communication
• Layer 3 links
VLANs 1, 2, 3 VLANs together
• Adds additional security
and management
Cisco Internetworking • Logical links conserve
Software
physical ports
Physical Link • Multimode, depending
per VLAN on protocol
VLAN 3 • Controls access by VLAN
VLAN 2 • Up to 255 VLANs per router
VLAN 1
 VLAN Technologies

© 1999, Cisco Systems, Inc. www.cisco.com

 Inter-Switch Link

• Interconnects multiple switches

and maintains VLAN information
as traffic goes between switches
Inter-Switch Link
VLAN Tag Added (ISL) Carries • Establishes membership
at Incoming Port VLAN Identifier
through ASICs
• Labels each packet as received
(“packet tagging”)
• Eliminates lookups and tables
• Transports multiple VLANs
across links
VLAN Tag Stripped • Protocol, endstation-independent
by Forwarding Port • 802.10
• ISL • Easily managed
• 802.1Q
• LANE
 VLAN Standardization
Packet Tagging as Common VLAN Exchange
Level-1 Explicit Tagging
DES SRC FCS DES SRC FCS
DES SRC FCS

SRC DES

Data
VLAN ID

• Wide vendor endorsement for 802.1Q tagging standard

• Cisco supports across Fast Ethernet, Gigabit uplinks
• Cisco maps ISL to 802.1Q dynamically with VTP
 VLAN Standard
Implementation
Typical Environment
Cisco Vendor X
Domain Domain
• Cisco environment
uses ISL 802.1Q

• Vendor environment uses Si Si

an existing, yet different

packet tagging method
• Interdomain communication
based on 802.1Q standard ISL ?

Company ABC
 Types of Links in Switched
environment
Access Links :
• These are part of only one VLAN and are known
as Native VLAN of the port.
• Device attached to these link are unaware of
VLAN membership.
• VLAN information from the frame are remove
before it is set to an access link device.
• Access link devices are not capable of
communicating to device outside the VLAN
unless the packet is routed thru a router.
Trunk Links :
• Capable of carrying multiple VLANs
• Used to connect Switches to other
Switches or to Routers or even Servers
• Supported on Fast or Gigabit ether net
only.
 VLAN identification modes
• TO identify which frames belongs to
which VLAN, VLAN identification is
used.The multiple types of trunking
methods are:
 Inter-Switch Link (ISL)
• Proprietary to Cisco Switches
• Used for Fast Ethernet and Gigabit
ethernet links only
• Used on a Switch port, Router interfaces
and Server Interface Cards to trunk a
server.
 IEEE 802.1q
• Created by IEEE as standard method for Frame
Tagging.
• It inserts a field into Frame to identify the VLAN.
• When trunking between Cisco Switches link and
different brand of Switch, it is mandatory to use
802.1q for the trunk to work.
Inter-Switch Link (ISL) Protocol
• ISL is an external tagging process, which
means the original frame is not altered but
encapsulated with a new 26 byte ISL
header.
• It also adds a second 4 byte FCS field at
the end of the frame.
 DrawBack
• As the frame is encapsulated with information,
only ISL devices can read it.
• Also, the frame can be up to 1522 bytes long,
devices that receive an ISL frame may record
this as giant frame, as it is over the maximum of
1518 bytes allowed on an ethernet segment.
 TRUNKING
• Trunk Links are 100-1000 Mbps point-to-point
links between two Switches, between a Switch
and Router or between Switch and Server.
• Trunk Links carry the traffic of multiple VLANs,
from 1 to 1005 at a time
• Cannot run Trunk Links on 10 Mbps.
 Virtual Trunk Protocol (VTP)
• VLAN administration and configuration protocol
– Reduces VLAN setup and administration
VLAN 1
– Eliminates configuration errors
– Decreases network manager’s
time adding and managing VLAN 2
VLANs
ISL ISL
– Maps VLANs across different backbones
(FDDI, Fast Ethernet, ATM)
– Maps between ISL and 802.1q
LANE LANE
– Maintains security between VLANs
ATM
Fabric

LANE

802.1Q
 VLAN Trunking Protocol
(VTP)

• VTP is created by Cisco, to allow

Administrator to add, delete, and rename
VLAN, which are further propagated to all
Switches
 Benefits of VTP
• Consistent VLAN configuration across all
switches in the network.
• Allowing VLANs to be Trunked over mixed
networks, like Ethernet to ATM LANE or FDDI.
• Accurate tracking and Monitoring of VLANs.
• Dynamic reporting of adding VLAN to all
Switches.
• Plug and Play VLAN adding.
 VTP Modes

Server Mode Client Mode Transparent Mode

Sends/Forwards Sends/Forwards Forwards VTP
VTP advertisements VTP advertisements advertisements
Syn VLAN Syn VLAN Does not Syn VLAN
configuration configuration configuration
information with information with information with
other switches other switches other switches
VLAN configurations VLAN configurations VLAN configurations
are saved on are not saved on are saved on
NVRAM NVRAM NVRAM
 VTP Modes
Catalyst Switch can Catalyst Switch Catalyst Switch can
create VLANs cannot create create VLANs
VLANs

Catalyst Switch can Catalyst Switch Catalyst Switch can

modify VLANs cannot modify modify VLANs
VLANs

Catalyst Switch can Catalyst Switch Catalyst Switch can

delete VLANs cannot delete delete VLANs
VLANs
Configuration Revision Number

• The revision number is most important

piece in VTP advertisement
• With Reference to the figure e.g. shows
how revision number is used in an
advertisement.
 Contd..

• Figure shows a configuration revision number

as “N”. As the database is modified, the VTP
server increments the revision number by 1.
• The VTP server then advertises the database
with the new configuration revision number.
When Switch receives an advertisement that
has a higher revision number, it overwrites
the database in NVRAM with the new
database being advertised.
 VTP Pruning
• Pruning is defined as preserving bandwidth by
configuring the VTP to reduce the amount of
broadcast, multicast and other unicast packets
• VTP Pruning only sends broadcast to Trunk
• Links that must have the information, any Trunk
Link that does not need the broadcast will not
receive them.
• VTP Pruning is disabled by default on all
Switches.
 Several Facts to remember
before configuring VLAN
• The maximum number of VLANs is Switch-
dependent.The 2950 switch supports 1005 VLANs
with a Spanning Tree support.
• VLAN1 is one of the factory default VLANs.
• CDP and VTP advertisements are sent on VLAN1.
• The 2950 switch IP address is in the VLAN1
broadcast domain.
• The Switch must be in VTP server mode or
transparent mode to create,add, or delete VLANs
 VTP Configuration Guidelines
• The default VTP configuration parameters for
the 2950 Switch are as foolws:
• VTP domain name: None
• VTP mode: Server
• VTP password: None
• VTP pruning: Disabled
 Vlan Commands
Use the vlan global configuration command to configure a VLAN with a
number & name. Use the no vlan command to delete a VLAN or to negate the
configuration of a translational bridge VLAN.
vlan vlan [name vlan-name]
no vlan vlan
Syntax Description
vlan Unique ISL VLAN identifier between 1 and
1005.
vlan-name Unique VLAN name between 1 and 32
alphanumeric characters.
 Command Mode

Global configuration
Example
This example shows how to configure VLAN 2 with the name
Engineering:
hostname(config)# vlan 2 name engineering
 show (vlan)

Use the show vlan privileged Exec command to display the settings of VLAN
configuration parameters.
show vlan [vlan]

Syntax Description
vlan Number from 1 to 1005.

Default
This command has no default value.

Command Mode
Privileged Exec
 Usage Guidelines

If you do not specify vlan, the system displays all VLAN configuration parameters.
Example
This example shows how to display the settings of the VLAN configuration parameters:
hostname# show vlan
VLAN Name Status Ports
---- -------------------------------- ---------
1 default active 1-15
2 VLAN0002 active 16-18
3 VLAN0003 active
4 VLAN0004 active
5 VLAN0005 active
 Vlan-membership

vlan-membership
Use the vlan-membership interface configuration command to assign a port to
a VLAN. Use the no vlan-membership command to remove a port from a
VLAN.
vlan-membership {static {vlan} | dynamic}
no vlan-membership
Syntax Description

static Sets VLAN membership type as static.

vlan Static VLAN number from 1 to 1005.
dynamic Sets VLAN membership type as dynamic.
 Vlan-membership
Default
All nontrunk ports belong to a default VLAN. ISL VLAN ID 1 is the
default VLAN for Ethernet VLANs. The membership type of all
nontrunk ports is static.
Command Mode
Interface configuration
Usage Guidelines
If you want to know the VLAN membership of a port that has been set to
dynanmic but is static by default, query the VLAN Membership Policy
Server (VMPS).
 Vlan-membership

Example

This example shows how to configure the interface as a dynamic

VLAN port:
hostname(config)# interface ethernet 0/6
hostname(config-if)# vlan-membership dynamic
 show (Vlan-membership)

Use the show vlan-membership privileged Exec command to display

the VLAN assignment and membership type for all switch ports.
show vlan-membership

Syntax Description
This command has no additional arguments or keywords.

Default
This command has no default value.
 Command Mode

Privileged Exec

Usage Guidelines
This command is not functional when bridge groups are enabled.

Example
This example shows how to display the VLAN assignment and
membership type for all switch ports:
hostname# show vlan-membership
 VTP

Use the vtp global configuration command to specify the operating

mode, domain name, generation of traps, and pruning capabilities of
VLAN Trunk Protocol (VTP). Also use this command to set a password
for the VTP domain.

vtp [server | transparent] [domain domain-name] [trap {enable |

disable}] [password password] [pruning {enable | disable}]
 Syntax Description

server VTP server operating mode.

If selected, switch updates its VLAN configuration from configurations reported by
other trunked VTP devices and allows configuration to be modified locally. Any
changes are distributed through VTP messages.
transparent VTP transparent operating mode.
If selected, switch allows configuration to be modified locally but configuration
changes are not advertised by VTP messages. VTP messages received are forwarded to
trunks without being processed.
domain-name VTP management domain name from 1 to 32
alphanumeric characters.
enable Enable generation of VTP traps such as Configuration
Revision Error Trap, Configuration Digest Error Trap,
and MTU Too Big Trap. Enable pruning.
disable Disable generation of VTP traps/pruning.
password Password between 8 and 64 alphanumeric characters.
Password is case insensitive.
 VTP CONFIGURATION

Default
The default VTP mode is server, and the default trap-generation is
enabled. The default VTP pruning mode is enabled.

Usage Guidelines
If you create a VTP password, it generates a secret value. This value is
used in the calculation of the MD5 digest of a VTP advertisement. The
MD5 digest ensures the validity of VTP advertisements.
 show (vtp)

Use the show vtp privileged Exec command to display Vlan Trunking Protocol
(VTP) statistics.

Syntax Description
This command has no additional arguments or keywords.

Default
This command has no default value.

Command Mode
Privileged Exec
 Usage Guidelines
Example
This example shows how to display VTP statistics:
hostname# show vtp
VTP version: 1
Configuration revision : 3
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name : Zorro
VTP password : vtp_server
VTP operating mode : Server
VTP pruning mode : Enabled
VTP traps generation : Enabled
Configuration last modified by: 0.0.0.0 at
00-00-0000 00:00:00
 Trunk

Use the trunk interface configuration command to set a Fast Ethernet

port to trunk mode with the Dynamic Inter-Switch Link (DISL) protocol.
trunk [on | off | desirable | auto | nonegotiate]
 Syntax Description

on Configures the port into permanent Inter-Switch Link (ISL) trunk

mode and negotiates with the connected device to convert the link to
trunk mode. The port converts to trunk mode even if the other end of the
link does not.
off Disables port trunk mode and negotiates with the connected
device to convert the link to nontrunk. The port converts to nontrunk
even if the other end of the link does not. Use this state when an ISL port
is connected to another ISL port that does not support the DISL protocol.

desirable Triggers the port to negotiate the link from nontrunking to

trunk mode. The port negotiates to a trunk port if the connected device is
either in the On, Desirable, or Auto state. Otherwise, the port becomes a
nontrunk port.
 Syntax Description

auto Enables a port to become a trunk only if the connected device has
the state set to On or Desirable.
nonegotiate Configures port to permanent ISL trunk mode and no
negotiation takes place with the partner.
 Trunk

Default
The default DISL configuration state for a Fast Ethernet port is
off.
Command Mode
Interface configuration
Usage Guidelines
This command applies only to one Fast Ethernet port. If you use
this command for a Fast Ethernet port that is an aggregate port
group member, the newly configured value also applies to all
other aggregate port group members.
 Trunk

Example

This example shows how to set the Fast Ethernet port to trunk
mode:
hostname(config)# interface fastethernet
0/26
hostname(config-if)# trunk on
© 2002, Cisco Systems, Inc. All rights reserved.