ccna command guide - giaiphapmangh3t
TRANSCRIPT
CCNACommandGuide
RoutingandSwitchingCommandGuidewithExamples
IntroductionTheCCNACertification is a good foundation forothernetworking certificationsshouldyoumaywanttopursueinthefuture.CiscoRoutersandSwitchestakeupa huge chunk of the exam. The CCNA will test how much you know of Ciscohardwareandsoftware.
CCNACommandGuide:RoutingandSwitchingCommandGuidewithExamplesisdesignedtohelpyoupasstheCCNACertificationexam.Thebookisfilledwiththefollowing:
Illustrations:ThebookisfilledwithdiagramsandpicturesthatwillhelpyouunderstandtheconceptsandfunctionsofCiscoRoutersandSwitches.
CommandGuides:EachchapterincludesseveralcommandguidesthatwillhelpyouimproveyourRoutingandSwitchingManagementskills.
OutlinedConcepts:Thisbookcontainsagoodoutlineoftopics,technicaltermsandinformation.Thisshouldhelpyouunderstandandremembertermsthataresuretocomeoutinthecertificationexam.
WhilethemaingoalofthisbookistohelpyoupasstheCCNAexamination,mostoftheinformationfoundinthisbookhaspracticalapplicationsthatyouwillfindusefulwhenperformingyourjobasanITprofessional.
Thisbookisdividedintotwoparts:
PartOne:RoutingwithCiscoRouters
PartTwo:SwitchingwithCiscoSwitches
Atthispoint,youshouldunderstandthattheconceptofRoutingandSwitchingisverysimilarexceptfromthenetworklayertheyoperateon.Mostofthecommandsare the same but the command protocols are different. Much of this will bediscussedindetailinthelatterportionsofeachpart.
Unlikeotherbooksthatyoucandownloadfromtheinternet,thisbookisveryeasyto use because of the special formatting it uses. Important concepts are inboldface, italics orboth. Since this is book is a command guide, the samplecommand lines that you can use to configure Cisco Routers and Switches arehighlightedbyusingaspecialfont.
TableofContents
Introduction
TableofContents
Part1.RoutingwithCISCORouters
Chapter1.Layer3Routers
Layer3(NetworkLayer)
FunctionsofLayer3Router
TypesofProtocol
RouterFunctions
Chapter2.RouterManagement
CiscoRouters
UsingtheCiscoRouters
LocalConnection
ConfiguringaCISCORouter
CiscoIOSSetupModeCommands
PasswordConfiguration
VTYPassword
Setting-UpaRouterBanners
AuxiliaryPassword
PrivilegedPassword
PasswordEncryption
RecoveringALostPassword
Chapter3.NetworkRouting
TypesofNetworkRoutes
RoutingProtocols
RoutedProtocols
RoutingMethods
Chapter4.EnhancedInteriorGatewayRoutingProtocol(EIGRP)
CharacteristicsofEIGRP
ComponentsofEIGRP
RoutingTables
EIGRPPacketTypes
Convergence
DiffusingUpdateAlgorithm(DUAL)
Classfulvs.ClasslessRouting
ConfiguringEIGRP
ManagingEIGRPOperation
OtherEIGRP-relatedTerms
Chapter5.OpenShortestPathFirst(OSPF)Protocol
CharacteristicsofOSPF
Convergence
CostMetric
OSPFHierarchy
SelectingaDesignatedRouter(DR)
RouterID(RID)
ConfiguringtheOSPF
OSPFProtocolConfiguration
PertinentCommands
Part2.SwitchingwithCISCOSwitches
Chapter6.Layer2Switches
Hubs
Bridges
Switches
Hubsvs.Bridgesvs.Switches
SwitchFunctions
GlossaryofTerms(Switching)
Chapter7.SwitchManagement
HandlingMethodsforCiscoSwitches
ConsolePort
AuxiliaryPorts
Chapter8.NetworkTrafficManagement
SwitchingModes
Chapter9.SpanningTreeProtocol(STP)
ProblemscausedbyTransmissionLoops:
SpanningTreeProtocol
AssigningSTPPortTypes
RootPorts
DesignatedPorts
ChoosingDesignatedPortsbasedonSTPPathCost
ChoosingDesignatedPortsbasedonBridgeID
STPConvergence
BridgeProtocolDataUnits(BPDUs)
STPPortStates
ExclusiveCiscoSTPOptions
Chapter10.VirtualLocalAreaNetwork(VLAN)
BenefitsofVLANs
CreatingVLANs
KindsofVLAN
VLANTrunking
EtherChannel
ConfiguringEtherChannel
TypesofSwitchPorts
Chapter11.VoiceoverIP(VoIP)
QualityofService(QOS)
CiscoIPPhone
CiscoDiscoveryProtocol(CDP)
EnablingQoSintheUpstreamSwitch
Chapter12.TroubleshootingSwitches
GatheringInformation
TroubleshootingSwitchConnectivity
Conclusion
Part1
RoutingwithCISCORouters
Chapter1.Layer3Routers
The network layer in both TCP/IP and Open Systems Interconnection networkmodels is calledLayer 3. Network layer protocols and devices are in charge oftransferringdatathatarestoredinpacketsfromonehosttoanother.Thismethodofdata transfer is calledrouting.Thesehosts canbeadjacent toeachotherbuttheycanalsobeseveralmilesapart.
ThedifferencebetweenLayer2 (discussedinPart3,Chapter14)andLayer3 isthattheformerroutesdatapacketsbetweendevicesthatbelongtothesameLANwhilethelatterroutesdataframesbetweendevicesthatbelongtodifferentLAN.ThisiswhereLayer2gotisname,datalinklayer.
Layer3(NetworkLayer)Logical addresses or more popularly known as IP addresses are assigned byNetworkLayer toall thedevices connected to thenetwork.Theseaddressesareused to identify hosts (source and destination) and the specific network wheredatapacketsarebeingrouted.TakenotethatIPaddressesorlogicaladdressesareassignedtonetworkprotocolsandnottophysicaldevices(modem,networkcard).Forphysicaldevices,physicaladdressesareassigned.
Thefunctionsofnetworklayerinclude:
1. Acceptanceofdatapiecestransportedfromtransitionslayerwithinthetransferhost.
2. Assemblingofdatapiecesintodatapackets.Ineachdatapacket,thenetworklayerwritesIPaddressesofsourceanddestinationhostsfortracking.
3. Directing the data packets to the specific data link layer. The data link layer(Layer2)willthensendthedatapacketsthroughtheLANconnection.
OncethedatapacketshavebeensenttoLayer2,itwillthenperformthefollowingfunctions:
1. Acceptanceofdatapacketsfromthenetworklayer.
2. Assemblingofthedatapieces,storedindatapackets,inadataframe.Layer2writes thephysicalMACaddressesof thesourceanddestinationhostsof thedeviceineachassembleddataframe.
3. DirectingthedataframetothephysicaldevicedisplayingthecorrectphysicalMACaddress.Thedevice thendecodes thedata frame to readable optical orelectricalsignal.
FunctionsofLayer3RouterTheLayer2switchisdesignedtooverseethecreationofasingleimpactdomainperportandtheforwardingofdataframesonexittransferportsthatmanagedtogettotheframe’sdestination.
Usingthesnailmailanalogy,Layer2switchactsasthemailmanwhodeliversthemailtospecificaddressesinscribedintheenvelope.Routersactasthelocalpostofficethatorganizesthelettersbystreetbeforeithandsthemailtothemailman.
Routers are usually slower than their Layer 2 counterpart is. This is becauseroutershavetofirstcheckfordatapacketswithinthenetworklayerwhereasLayer2 only checks datalink frames to check for the physical address of each datapacket.
NetworkLayers(comp4net.com)
The above figure shows how data packets are sent, processed and read by anintermediarydevice.Inthiscase,theintermediarydeviceisarouter.Theflowofthedatapacketsfromsourcetodestinationhosts(sendertoreceiver)inthefiguredescribeshowdataisbeingprocessedbytwodifferentLANs.Therouterinspectsthedatapacketsfirstinthenetworklayerbeforeitsendsittothedata-linkframelayer in the form of data frames. These data frames are then sent to specificphysicaldevices.
While the main function of the router is to transfer data packets through thesourceanddestinationhostsofeachnetwork,itisalsoresponsiblefor:
1. InspectionoftheIPwrittenineachpassingdatapacket.
2. ExtractionofthelogicalIPaddressofthedestinationhost.
3. Inspectionof the extracted IPaddress todecode thenetworkwhere thedatapacketmustbesent.
4. Sending of thedatapacket to the correct destinationnetwork. (This is if therouterrecognizesthedestinationnetwork.)
Iftherouterisunabletorecognizethedestinationnetwork,itwilljusttransferthedatapackettoitsownexitgatewayforoutboundtransfer.
TypesofProtocolAt the network layer, there are two types of recognized protocols: routingprotocolsandroutedprotocols.
1. Routing Protocols: These protocols are used to transfer route updatepackets from one host to another. Information about new routes and newnetworksarestoredwithintherouteupdatepackets.Thesepacketsaresentbyrouters to each other whenever a new route is opened or a new network isestablished.
Among the more prominent routing protocols are Routing InformationProtocol (RIP; Chapter 11), Enhanced Interior Gateway Routing Protocol(EIGRP; Chapter 12), and Open Shortest Path First (OSPF) Protocol(Chapter13).
These routing protocols employ varying systematic metrics to determinewhichroutesandnetworksarebettercomparedtoothers.
2.RoutedProtocols:Theseprotocolsareusedtotransferdatapacketsaswellastoidentifyhostsfromnetworksintheglobalenvironment.Routedprotocolsassignauniquelogicaladdressforeachhostinthenetwork.
GoodexamplesofroutedprotocolsareAppleTalk,SNA,IPXandIPv6.
RouterFunctionsThefourbasicfunctionsperformedbyaLayer3routerare:
1. Maintainingroutingprotocols;
2. Establishingroutingtablesbymeansofroutingprotocols;
3. Keepingtabofroutingtables;and
4. Routingdatapackets.
KeepinmindthatlogicalIPaddressfollowsahierarchy.Theyhavenumbersthatcorrespondtothenameofthenetworkandnumbersthatcorrespondtothehostdevice.
ConsidertheIPaddressofthenetworkis192.168.45.0forexample.HostswithinthenetworkmusthaveanIPaddressthatbeginswith192.168.45.Consequently,hosts within the network described by an IP address 192.168.62.0 should havehosts whose IP address begins with 192.168.62. In the two examples, the firstthreenumbersareusedto identifythenetworkwhilethe lastnumber isusedtoidentifythehost.
RoutingProtocols
Before two networks are able to send data packets to and from each other, theroutersneedtosetupaconsistentroutingprotocol.Thedifferentstagesofsettingupaconsistentroutingprotocolare:
1. Settinguptheroutingprotocolforeachrouter;
2. Accessingtheinterfaceofeachrouter;and
3. Customizingtheoptionsforroutingprotocols.
Unlesstherouter isprogrammedtonegotiateroutingprotocolswitheachother,youhavetoexecuteeachstagetomanageroutingprotocols.
RoutingTables
While routing protocols contain specific instructions on how the router shouldexchange information in forms of data packets within networks, routing tablesmanage the changes within the network, the paths for each network and themetrics for each path. Aside from that, routing tables also keep track of thefollowing:
1. Listofnetworksrememberedandforgottenbyeachrouter
2. Datastoredwithintherouterinterface
3. Metricsrelatedtoeachpath.
Chapter2.RouterManagement
TheCiscoInternetworkOperatingSystem(CiscoIOS)isresponsibleformanagingCiscorouters.ManagingCiscoroutersandmanagingCiscoswitchesissimilar.Forbothroutersandswitches,onlytheoutputdiffers—theIOScommandsareverysimilar.Infact,thegraphicaluserinterfaceusedformanagingbothCiscoroutersandswitchesisthesameexceptforsomedifferences.Forinstance,CiscoRouterandSecurityDeviceManager(SDM)isobviouslyonlyavailableforCiscoRouters(andnotforCiscoSwitches.)
CiscoRoutersThethreeclassificationsofCiscoRoutersareasfollows:
CiscoRouter BestSuitedfor
Entry-levelRouter Access Layer and DistributionLayer
MidrangeRouter Access Layer and DistributionLayer
Top-of-the-lineRouter Core Layer and DistributionLayer
Top-of-the-lineCiscoroutersaredesignedtoperformthefollowingtheroutersintheirrespectivenetworks:
WANgatewayconnectivity
Inter-VLANrouting
OpenShortestPathFist(OSPF)backupdesignatedrouter(BDR)
OPSFdesignatedrouter(DR)
UsingtheCiscoRoutersLikealmostall routerbrands,Ciscodoesnotallowuser interaction,at leastnotdirectly.ManagingthecontrolsofaCiscoroutercanbedonebyconnectingittoacomputer host either remotely or locally. Once the router is connected to thecomputer host, users can now open the user interface in the computer host toengagewiththeCiscoRouter.
LocalConnection
Atypicalciscorouterhasseveralportsthatwherelineplugscanbeinsertedtoconnecttothehostcomputerorothersimilarnetwork-enableddevices.
Other ports, typically bearing different colors from the rest, serve otherfunctions other than ensuring connectivity to network layers. These portsare:
AuxiliaryPort
This port is used to connect a router to themain computer frame bymeansofarollovercable.Themodemconnectedtotheauxiliaryportoftherouter isconnectedviaa telephone line toasimilarmodemthat isconnectedtothemaincomputerframe.
In theory, auxiliary ports are really designedwith remote connections.Theonlydifferenceisthatsettingupremoteconnectionswiththeaidofauxiliaryportrequiresamodemtobelocallyconnectedtotherouterviatheauxiliaryport.
Auxiliaryports(cisco.com)
ConsolePort
Similar toAuxiliaryPorts,Consoleportsaredesigned to connectmaincomputer frametorouter througharollovercable.Thisport isusedtolinktheroutertotheconsolelocally.
The Cisco Operating System has a console facility that aids user
interaction through prompts, status updates, error warnings, anddiagnosticmessages.Theconsolefacilitycanbeaccessedbyconnectingtherouter through itsconsoleport to thecomputerhostusingrollovercables.
Afterconnectingthecomputertotherouterusingaphysicalconnection,theterminal emulationprogrammustbeaccessed in the computer toopentheterminalsettingintherouter.Examplesofterminalemulationprogramsare:
HyperTerminal
SecureCRT
TeraTerm
RemoteConnection
Usingaremotemanagementcomputerhost,CISCO’sterminalwindowandrouter console can be accessed remotely. Remote access to CISCO routerscanbesetupusing:
ConsoleTerminalServercanbeusedtodeterminetheIPaddressoftheconsole.Infact,ConsoleTerminalServerscanbeprogrammedtoassignrouterconsolefacilitytospecificTCP/IPportserialaswellasspecificIPaddressesinthenetwork.Usinganyoftheterminalemulationprograms,IP:portcanbeconnectedtotheConsoleTerminalServer.
TelnetApplicationscanalsobeusedtoaccesstherouter’snetworkIPaddress.TherouterisalreadyassignedwithaspecificnetworkIPaddress,whichassiststhenetworktodetecttherouter.
AuxiliaryPorts,asexplainedintheprevioussection,canbeusedtoconnecttheroutertotheremotemanagementcomputerhost.
ConfiguringaCISCORouter
Ifyoudon’tunderstandhowtoconfigureaCISCOrouter,itisunlikelythatyou’llpass the CCNA certification exam. Aside from just getting the CISCO routerhookedup,thissectionwillalsoteachyouhowtodealwithstartupandrunningstructurecontrols.
CISCOroutersalwayscomewiththefollowingitems:
ACpowercord
RolloverCable
MountingBrackets
RouterandSecurityDeviceManagerCD
RouterDocumentationCD
FreshlyunboxedCiscoroutersarenotyetconfiguredwithanysetting.Thelackofastartupconfigurationrequiresyoutocreateone.Whennostartupconfigurationsettings are stored within the NVRAM, Cisco Routes return to setup mode inpreparationforinitialrouterconfiguration.Thishappenswhenthe:
deviceisbeingusedforthefirsttime;orwhen
initialrouterconfigurationhasbeenwipedoff.
ThetwowaystobuildtheinitialconfigurationofanewCiscoRouterare:
ConnectingtoCiscoIOSsetupmodecommands
AccessingtheInitialConfigurationDialogBox
CiscoIOSSetupModeCommands
1.NamingtheRouter
In theCisco IOS command, you can specify aname for the routerusing ahostname.Tonametherouter,justrunthefollowingcode:
Router>en
Router#configt
Router(config)#hostnameSampleName
RT01(config)#exit
RT01#disable
RT01>
2.SettingupthemanagementIPaddressconfiguration
TheCisco IOS commandsipdefault-gateway andipaddress, youcannowestablishtheIPgatewayandIPaddressoftherouter.Thisletsyouuse HTTP or Telnet to establish a connection to the router from distantlocations.
To customize the current default gateway andmanagement IP address ontherouter,youcanimplementthefollowingcommands:
Router>en
Router#configt
Router(config)#intfe0/0
RT01(config)#ipdefault0gateway192.168.72.2
RT01(config)#exit
RT01(config-if)#ipaddress192.168.72.30255.255.255.255.0
RT01(config-if)#noshutdown
RT01(config-if)#exit
RT01#disable
RT01>
Thefirsttwolines:
Router>en
Router#configt
canbeusedinterchangeablywith:
Router>enable
Router#configureterminal
ThesetwolinesenabletheprivilegedglobalconfigurationmodeintheCiscoIOS.Thisconfigurationmodeallowsyoutoimplementcommandsthatcantweak the settings of the global router or simply the settings of the entirerouter.
Thisline:
Router(config)#intfe0/0
canbeusedinterchangeablywith:
Router(config)#interfacefastethernet0/0
Thiscommandallowsyoutochoosewhichcommandinterfacetoworkon.
Intheexampleprovidedinthepreviouspage,thisline:
RT1(config-if)#ipaddress192.168.72.30255.255.255.255.0
sets both the IP address (192.168.72.30) and the subnet mask(255.255.255.255.0).
Tostartacommandinterface,youfirstselectitbeforeimplementing:RT1(config-if)#noshutdown
Toexitacommandinterface,youselectitagainbeforeimplementing:RT1(config-if)#noshutdown
TheIOSpromptshowsyouwhatconfigurationmodeyouareinwhilekeyingintheIOScommands.Herearethedifferentconfigurationmodes:
Global ConfigurationMode
(config)
This mode allows you to change the settings byimplementingcommandscodesforthewholerouter(globalrouter).
Interface ConfigurationMode
(config-if)
After choosing the interface to work with, this mode isactivated.Thismodeallowsyoutochangethesettingsoftherouterinterface.
Interface RangeConfigurationMode
(config-if-range)
By implementing the interface range command code, youcan select the interface range to work with. This modeallowsyoutoimplementsystemcodestochangethesettingofallinterfaceswithintheselectedrange.
PasswordConfiguration
Router credentials can be changed by configuring Cisco IOS commands byenteringcredentialvaluestopasswordandloginvariables.Ciscoroutersdon’thaveapre-programmedpassword.
Ciscofeaturesroutersthatsupplyinformationtothenetworkandthedevicesonitbasedon the kindof access enabledby a specific password.Cisco routers allowfourkindsofaccess:
ConsolePassword This password grants access to theRouterconsoleviatheConsoleTerminalServerortheconsoleport.
AuxiliaryPassword
This password grants access to theRouter console via the auxiliary port intherouter.
VTY LinesPassword
This password grants access to Telnetand Security Shell (SSH) to the VirtualTypeTerminal (VTY).TheVTY is calledsuch because it does not require anyphysicalconnectionfromtheterminaltothe router. This remote connectionusesthe IP address of the router to connectthe computer host directly to thenetwork.
PrivilegedPassword
This password grants access for selectuserswhohaveasecurityclearancethatallowsthemtoconfiguretheoperationofthe management computer host. Theseusers are able to implement special IOScommand.
By default, both the auxiliary port and console port are enabled regardless if apassword isaconfigured foreachof them.Thisposesasecurityvulnerability tothe router network thus Cisco recommends that, at the very least, a consolepasswordmustbeconfigured.
Also by default, the VTY lines are disabled. Enabling VTY require theconfigurationofVTYpassword.TosetthepasswordfortheCiscorouter,theCiscoIOSinterfacecanbeinstructedtopreparetherouterforauthentication.IntheIOSinterface,implementthefollowingcommandstosettheconsolepassword:
router001>en
router001#configuret
router001(config)#linecons0)
router001(config-line)#passwordx1dmv4
router001(config-line)#login
router001(config-line)#exit
router001(config)#exit
router001#disable
router001>
Theselinescanbeusedinterchangeably:
router001>en
router001>enable
Thesamegoesforthisline:
router001#configt
router001#configureterminal
ThesetwolinesenabletheprivilegedglobalconfigurationmodeintheCiscoIOS.Thisconfigurationmodeallowsyoutoimplementcommandsthatcantweakthesettingsoftheglobalrouterorsimplythesettingsoftheentirerouter.Also:
line console0
This IOS command chooses the consoleline.AllCiscodevices(routersorrouters)only have one kind of console line:console0
Passwordx1dmv4
This IOS command sets the password tox1dmv4ontheaccesslineoftheconsole.
VTYPassword
ThefollowingcommandscanbeimplementedintheCiscoIOSinterface:
router001>en
router001#configt
router001(config)#linevty0?
14lastlinenumber
router001(config-line)#linevty0-12
router001(config-line)#passwordnewx1dmv4
router001(config-line)#login
router001(config-line)#exit
router001(config)#exit
router001#disable
router001>
Tohaveagoodunderstandingofhoweachblockoflineisused:
#linevty0? This command poses a querythat determines thenumber ofVTYlinesfree.
0-12lastlinenumber
This is the response of theCiscoIOSsayingthatlines0to12(or13lines)availablefortherouter. This means there areexactly 13 Telnet sessions thatcan be simultaneously openedforthisrouter.
#linevty0-15 Thiscommandselectsallthe0-12 VTY access lines available.OlderversionsofCisco routersonly use four VTY lines butnewerimplementationshaveatleast 1,180 VTY lines. This iswhy the previous commandshad topose first an inquiryonhow many VTY lines areavailable.
#passwordnewx1dmv4
This IOS command sets thepassword to x1dmv4 on theVTY lines chosen in thepreviouscommandline.
CiscodeviceshaveseveralVTYaccesslinesbecauseoftwomajorreasons:
1. SeveralVTYaccesslinesallowmultipleuserstomanagetherouter:Large router networks grants access to more than one router manager. By
using SSH or Telnet, routermanagers can access the router through remoteconnection.
2. AVTYaccesslineallowsausertoconnecttoadifferentdevicealsoconnectedtotherouter.Inthiscase,twoVTYlinesarerequired.Onethatconnectsthecomputerunittotherouterandanotherthatconnectstheroutertotheotherdevice.
Setting-UpaRouterBanners
Routerbannersarebriefmessagesthattherouterdisplaytoaterminalconnectedto it.This iscommonwithroutersthatarebeingaccessedbymultiplecomputerterminals. It can even display which router a user is using including theconfigurationlimitsandconnectionguidelines.
Companiesandorganizationscanalsoconfigureasecuritywarninginthebannermessage to ward off potential unauthorized access to the router. This gives acompany to exercise legal action should an illegal access be detected by thesystem.
ThefourdifferenttypesofbannersthatCiscorouterscandisplayare:
1. EXECprocesscreationbanner:This typeofbanner isconfigured in thescreenduringthecreationofEXECprocesses.
2. Message of the Day (MOTD) banner: This banner displays a messageevery time a user establishes a connectionwith the router. Regardless if theconnectionisremoteorlocal,therouterwilldisplaythismessagewhenthereisanattempttologintotherouternetwork.TheMOTDbannerisusuallyusedtowardoffusersattemptinganillegalconnectiontotherouter.
3. Incoming terminal connectionbanner: This banner is often displayedaftertheMOTDbanner.ThisbannerisusedtogiveadditionalinformationforuserswhoareconnectingusingVTYorreverseTTYcomputerterminals.
4. Login banner: This banner is displayed to give information to the usersabout the router. This may also contain additional guidelines on how theconnectionshouldbeused.
ThefollowingcommandcanbeimplementedtosetupanMOTDbanneroneveryrouterconnection:
router001>en
router001#configt
router001(config)#bannermotd/
EnterTEXTmessage.Endwithcharacter‘-’.
$Thisrouterisownedbyexample.com.Shouldthesystemdetectanyunauthorizedaccesstotherouternetwork,thesecuritysystemwilltracetheuserlogintodisplaysecuritycredentialsfromaccesspoint.Ifyouarenotfromexample.com,noraclientnorabusinesspartner,pleasedisconnectimmediately.
-
router001(config)#
Thecommand#bannermotd/opensthetexteditorinterface.Thedelimitingcharacter set in this command is ”/”, which means that the IOS interface willprocessthetextinputonlyuntilitdetectsa”/.”
ThedelimitingcharactercanbeanycharacterthatcouldnotbefoundonthetextoftheMOTDbanner.
ResettingaCiscoRouter
WhenevertherouterdetectsthatthereisnoinitialconfigurationactivatedintheNVRAM, it automatically implements Express Setupmode. This happenswhentherouterhas justbeenbroughtoutof itsboxor if the initial configurationhasbeendeletedfromtheNVRAM.
Relieving the Cisco router of its current configuration is usually a last-resorttroubleshootingattempttofixconnectionproblems.Aftertherouterisreset,thefollowinginformationwillalsolosetheirconfiguredvalue:
IPaddress
Telnetpassword
Hostname
Consolepassword
Subnetmask
Defaultgateway
To reset the settings of the router and delete any configuration stored in theNVRAM:
1. Press theModebutton andheld it for a few seconds.Hold theModebuttonuntiltheLEDindicatorsintherouterbeginblinking.
2. WaitfortheLEDindicatorstostopblinkingbeforeyoustopholdingtheModebutton. After all the LED has stopped blinking, the router should reboot byitself.
3. ReleasetheModebutton
The Cisco bootstrap program allows router managers to tweak the bootingprocedureofanyCiscorouterconnectedtothecomputerhost.Thebootcommanddoesthefollowing:
ManagetheloadedCiscoIOSimagefile
EnabletheCtrl+Breaksystemkeywhiletherouterisbooting
Selectwhichinitialconfigurationshouldbeused
Enablemanualbooting
FormatthesizeoftheNVRAM.
The following command block instructs the IOS interface to show the availableoptionsforthebootcommand:
router001>
router001>en
Password:x1dmv4
router001#configt
router001(config)#
router001(config)#boot?
system
SystemImage
manual
ManualBoot
boothlpr
bootstheHelperSystemImage
private-config-file
PrivateConfigurationFile
Buffersize
Determinesthesizeforfilesystem-simulatedNVRAM
helper-config-file
HelperConfigurationFile
config-file
ConfigurationFile
Helper
HelperImage
enable-break
EnablestheBreakprocesswhilebooting
router001(config)#exit
router001#disable
router001>
Thefollowingaretheglobalconfigurationsettingsthatcanbeexecutedusingthebootcommand:
booth1pr While this is not usually touched uponin the CCNA test, this commandaccesses the image file that helps thebootsystem.
buffersize This allows the user to determine thememorysizeoftheNVRAM.Shouldtheuser desire to add extra Cisco IOSimages to the flashmemory, the sizeoftheNVRAmustbeincreased.
config-file This allows the user to determine theparticular configuration file that shouldbeusingas therouterbootsup.This isusedwhenever the user needs to checkon other alternatives to the initialconfigurationfile.
enable-break If this option is enabled, the user candisrupt thebootingprocessbypressingCtrl+Breakshortcutkeys.
helper These options are also not included inthecoverageoftheCCNAtest.
helper-config-file
manual This option allows the user to boot therouter manually without impairing thesystemnor any configuration setting inplace.
private-config-file
Thisoptionallowstheusertodeterminetheprivate configuration file that couldbeloadedwhiletherouterisbootingup.
Private configuration files are designedto safeguard highly-securedconfiguration information likeencryptionkeysforSSH.
system This option allows the user to load aspecific image file in the IOS interfaceforchecking.
ThefollowingcommandblockisusedtoconfiguretheroutertoaccessaparticularIOSimagefilethatisstoredwithintheflashmemory:
router001>
router001>en
Password:x1dmv4
router001#conft
router001(config)#
router001(config)#bootsystemflash:/c1440-example.com-mz.120-32.EY
router001(config)#exit
router001#disable
router001>
Theabovecodeallowsaccesstotheimagefilebearinganaddressof:
flash:/c1440-example.com-mz.120-32.EY
Inorder toverify theoptionsencodedon thesaid image file, theIOScommandshowbootcanbeusedasintheexamplebelow:
router001>
router001>en
Password:x1dmv4
router001#conft
router001showboot
BOOTpath-list :flash:/c1440-example.com-mz.120-32.EY
Configfile :flash:/configuration.txt
Private-Configfile:flash:/private-configuration.txt
HELPERpath-list :
Autoupgrade :yes
Autoupgradepath :yes
EnableBreak :no
ManualBoot :no
NVRAM/Configfile
buffersize:62642
router001#disable
router001>
Theshowbootcommanddisplaysthecurrentsettingsofthebootresourcesoftherouter.
CiscoRouterFileSystems
ThethreemaindirectoriesthatareusedbytheCiscorouterare:
Nvram This is where private-config and startup-configisstored.
System Thisdirectory that is found in theRAM iswhere therunning-configfileisstored.
Flash Thisdirectoryreferstotheflashmemory.Thiswherethe Cisco IOS system image, which the bootstrapprogramloads,duringthesystembootprocess.
AuxiliaryPassword
Most Cisco routers have auxiliary ports. These ports can be protected byintegrating a password specifically for auxiliary ports. To setup a password forauxiliaryports,thefollowingcommandlinescanbeimplementedinthesystem:
router001>en
router001#configt
router001(config)#lineaux0
router001(config-line)#passwordaux1dan4
router001(config-line)#login
router001(config-line)#exit
router001(config)#exit
router001#disable
router001>
Thesetwolinescanbeusedinterchangeably:
router001>en
router001>enable
Thesamegoesforthisline:
router001#configt
router001#confter
router001#configureterminal
ThesetwolinesenabletheprivilegedglobalconfigurationmodeintheCiscoIOS.Thisconfigurationmodeallowsyoutoimplementcommandsthatcantweakthesettingsoftheglobalrouterorsimplythesettingsoftheentirerouter.Also:
lineaux0 This IOS command chooses theauxiliary line.AllCiscodevices (routersor routers) only have one kind ofauxiliaryline:aux0
passwordaux1dmv4
ThisIOScommandsetsthepasswordtoaux1dmv4 on the access line of theconsole.
PrivilegedPassword
ThereareIOScommandsthatshouldonlybeconfiguredbyspecificusersasthesecommands are crucial to the overall functionality of the router. The twocommandsusedtosetupaprivilegedpasswordare:
enable passwordprivx1dan14
This command sets the stringprivx1dan14 as the privilegedpassword.Inotherwords,beforea user can access the functionsthat are restricted for privilegedusers, they must key inprivx1dan14 in the IOSinterface.
enable secretcryptx1dan14
This command setscryptx1dan14astheprivilegedpassword. Compared to thecommand line above, thispassword is encrypted. Alsounlike the above command line,this command is supported onlyby newer IOS interfaces that arecompatible with the newerimplementations of Ciscorouters.
Beforeyousettheprivilegedpassword,youmustfirstenablethisoptionbykeyinginthefollowingcommands:
enablepassword
This enables password protection foradministrative privileges. The password isstoredinanunencryptedformat.
enablesecret Thesameas theabovecommand lineexceptfromthefactthatthepasswordisstoredinanencryptedformat.
Privileged passwords are stored in a server called Terminal Access ControllerAccess Control Sytem (TACACS). This server is often used by larger networkscomposed of multiple routers that allow the administrators to configure theprivilegedpasswordonlyonceforallroutersinthenetworkasopposedtosettingupthepasswordsoneachoftherouters.
router001>en
router001#configt)
router001(config)#enablesecretcryptx1dan14
router001(config)#exit
router001#disable
router001>
PasswordEncryption
Passwordsare saved inplain text formatbydefault in the startupconfigurationfileinNVRAMandrunningconfigurationintheRAM.Byimplementingtheshowstart-upconfig commandand theshowrunning-config command, thepasswordswillbedisplayedinsimpletext.Thisposesasecurityriskespeciallyiftheroutersholdconfidentialdataresourcesinthesystem.Thisiswhyitisadvisedthatpasswordsmustbeencryptedinthesystem.
Otherpasswordsliketheconsolepassword,auxiliarypassword,andVTYpasswordare not encrypted regardless if the command enable secret is used toconfigureanyof thethreepasswords.Toencryptthesepasswords, theservicepassword-encryptioncommandmustbeused.Considerthecommandblockbelow:
router001>en
router001#configt
router001(config)#servicepassword-encryption
router001(config)#exit
router001#disable
router001>
RecoveringALostPassword
Passwordcanonlyberecoveredifthepassword-recoveryfeatureisenabledinthe system before the password is lost. This can be done while the routerundergoes the boot process. To recover the lost password, the following stepsmustbefollowed:
1. Usinganyof themethodsenumerated inoneof theprevioussections in thischapter,interrupttheregularbootprocess.
2. Accesstheflashfilesystemmanually.
3. PreventtheCiscoIOSinterfacefromaccessingthestartupconfigurationfilebyhidingit.
4. StarttheroutermanuallyuntiltheIOShasfinishedloadingintheRAM.
5. Reactivatethestartupconfigurationfile.
6. TransfertheconfigurationfiletoRAMfromNVRAM.
7. Changethepassword.
8. Storetherunningconfiguration.
9. Resetthebootprocesstoitsoriginalsettings.
10. Restarttherouter.
Chapter3.NetworkRouting
Themainroleofroutersistotransmitdatapacketsfromonenetworktoanother.Asidefromthis,theroutersareresponsibleforthefollowing:
Transmitpackagesbasedonroutingtablesandroutingprotocols
Maintainroutingprotocols
Organizeroutinginformationintoroutingtables
Manageroutingtables
Data transmission paths that extend through different networks are called a
network route. Each route joins two end nodes, each representing a networkdevice that is capableofbeingassignedwith IPaddress.Examplesofwhicharesmartphones,tablets,gamingconsoles,camerainterface,andcomputerhosts.
It ispossibletohavemorethanonerouteinbetweennodes.Thisisbecausetherouter employs a special algorithm that computes for the best route availablebeforeadatapacketissentfromonepoint(source)toanother(destination).Thealgorithm takes into consideration routemetrics, which include the cost of theresources,andthetimeittakestosendthedatapackets.
Withinthedatatransmissionpath,thereshouldatleastbetworouterspositionedanywhere in between the source and destination nodes. For example, whensending amessage via a chatmodule installed in your computer, the computersendspacketsofdata containing themessageyou intend to send toa computeruser elsewhere. These data packets pass through the home router. The homerouterthentransmitsthesedatapacketstotheInternetServiceprovider(ISP)viathe outbound gateway. The Internet Service Provider’s outbound gateway thentransmitsthepacketsthroughcablesandcablesofintegratednetworkchainuntilitreachesthenetwork/serveroftherecipientuser.Datapacketswillbereceivedby the router of the receiving host computer at lightning speed. Notice that,dependingonthelocationoftherecipient,datapacketstraveledthroughatleastfourrouters:
Homerouterofthesender
OutboundGateway(ISP)ofthesender
InboundGateway(ISP)oftherecipient
Homerouteroftherecipient
TypesofNetworkRoutesTherearethreetypesofnetworkroutesnamely:
1. Staticroutes
Perfectforsmallernetworks,suchashomenetworks,staticroutesareroutesthataremanuallyconfiguredontherouter.Asidefromhomenetworks,LANconnectionscanalsobemanagedbystaticroutesbecausetheseconnectionsseldomchange.Ifforanyreasontheconnectionchanged,theroutermustbemanuallyconfiguredtoindicatethenewtransmissionpaths.
Static routes are useful to home and LAN connections because of thefollowing:
a. EfficientRouting:Routingprotocolsaredisabledwheneverstaticroutesareconfigured. Since routing protocols use bandwidth, static routes savebandwidth consumption. On the flipside, routing protocols are enabledwhenever dynamic routing procedures are used. Routing protocols usebandwidthbecauseupdatepacketsarebeingsentbetweentworouters.
b. Security: Configuring static routes allows the user to manage thetransmissionpathsusedwhensendingdatapackets.Thisisusefulforroutersthathavebeentransmittinghighly-criticalandhighly-confidentialinformation.Regularlyupdatingstaticroutesprovideanextralayerofinformationsecurityandfoilanyattemptstohackintothenetworksystemandphishfordata.Also:
Firewallscanbeintroducedtostaticroutestofilterroutingdatawithinthenetworkborder.
Regardlessoftheroute,VirtualPrivateNetworking(VPN)safeguardsthedatasendingmechanismregardlessoftheroutewherethedatatravels.
Inotherwords, security risks canbemanagedbybuildinga firewall orbyusingVPN.
However, while static routes have many upsides, they also have a fewdownsideslike:
a. Management Overhead: Maintenance can be tricky because everytimethedatatransmissionpathschange,therouterconfigurationmustbeupdated.
b. Scalability: Static routes are impractical when managing largernetworks.Wide-scale networks are composed of thousands of routes toreach other areas of the network. A good example of these networks iscommercial internet connections provided by the Internet ServiceProvider.Housesareconnectedtoasinglenetworkmanagedbyaserver.Even so, it is impractical (and almost impossible) to configure all theroutes to be static. Also, should any of the routes change, all the staticroutesinthenetworkmustalsobechanged.Thisisthereasonwhystaticnetworksareperfectonlyforsmall-scalenetworks.
c. Accuracy:If the network routes change andno configurationsweremade on the static network, the router will not have an accurateunderstandingof thenetwork.Asa result,data transmissionsareeitherdelayedorlostcompletely.
Static routes can be configured by using theCisco interface by enteringthefollowingcommand:
iproutedest-ipsubnet{next-hop_ip|interface}
2.Defaultroutes
Wheneverdatapacketsaresenttoanewdestinationnetwork,packetsfollowadifferentkindofstaticroutes.Newdestinationnetworksarenot likely tohaveanentryintheroutingtablessoanewrouteisassignedtothem.Thisroute is calleddefault routes. It isnotuncommon fora router to receiveadatapacketaddressedtoanewnetworkthatithasnoinformationof;inthiscase,theroutertransmitsthedatapacketthroughthedefaultroute.
Networkmanagersalwaysmakesurethatadefaultrouteisconfiguredintherouter in case data packets addressed to newer unrecognized networks is
received by the default outbound gateway. Default routes transmit datapacketsviathedefaultgatewayconfiguredinthenetwork.
Configuringdefaultroutes
Configuringdefaultroutesissimilartoconfiguringaregularrouteusingtheglobalconfigurationmode.ByusingCiscoIOSinterface,defaultroutescanbeconfiguredmanuallybyfollowingtheexamplesprovidedbelow:
Assuming thatboth thesubnetmaskand theIPaddressof thedestinationnetworkare255.255.255.255,runthecodebelowtoconfigurethedefaultroute:
RT10-1>en
RT10-1#configt
RT10-1(config)#iproute255.255.255.255255.255.255.255serial0/0
RT10-1(config)#exit
RT10-1#disable
RT10-1>
3.Dynamicroutes
Theserouteschangeonaregularbasis.Thedynamicsofdynamicroutesarebeing managed by routing protocols. They are responsible for updatingrouterconfigurationwheneverchangessuchasthefollowinghappen:
Link-statelandscape
Availablebandwidth
Updatesinnetworktraffic
Updatesinnetworktopology
Usingdynamicrouteshavethefollowingadvantages:
a.Lowmaintenance:Unlikestaticroutesthatrequireconstantlyupdatingtherouting configuration whenever the network landscape changes, dynamicroutesrequirenosuchlaborioustask.Dynamicroutingimmediatelyrecognizeschanges in data transmission paths. In response, router settings areimmediately configured to complement changes in the network. This task ismanagedbyroutingprotocolswhoexchangeinformationwithotherroutersonaregularbasis.
b.Accuracy:Dynamicroutesuseroutingprotocolstogatherinformationaboutotherrouters.Thisexchangeofinformationbetweenroutersisdonebysendingback and forth update packets so the routing protocols can immediatelyconfigureroutersettings.
c. Scalability:Unlikestaticroutes thatarebest-suited forsmallernetworks,dynamicnetworksareperfect for largernetworks.Routingprotocolsmanagehundredsorpossiblythousandsofroutes in large-scalenetworks.Thisseemstobealogisticalnightmareforstaticroutes.Fordynamicrouteshowever,thisis just another day in the office. Routing protocols minimizemiscommunication among routers by constantly communicating with routeswithintheirnetwork
Dynamic routes only have one known disadvantage: network overheads.Since routing protocols facilitate a constant exchange of information withother routers, dynamic routes consume more bandwidth causing networkoverheads.
RoutingProtocols
Themainfunctionofroutingprotocolsistoexchangeroutes,networkandmetricinformation in formsofdatapackets todetermine thebest routeavailable.Thisinformation is used to build a routing table that contains all the pertinentinformationaboutroutesandthecorrespondingmetricsassociatedtoit.
Thereareseveralroutingprotocolsbutyouonlyneedtoknowthreeofthem:
RoutingInformationProtocol(RIP)
EnhancedInteriorGatewayRoutingProtocol(EIGRP);and
OpenShortestPathFirst(OSPF)
RoutedProtocolsThe source and destination address of each data packet is assigned by routedprotocol. The address tagged in the data packet is a unique combination ofnumbersthatcorrespondtotheaddressofthesourceanddestinationnode.Themostcommonly-usedroutedprotocolsare:
NovellNetwareInternetworkPacketExchange(IPX)
AppleTalk
InternetProtocolver.4(IPv4)
InternetProtocolver.6(IPv6)
Depending on the results of the evaluations made by the routing protocol, therouterschooseadestinationforadatapacketbasedondecisioncriteria.Routingtables build an inventory list of all the networks, paths, routes and metricsassociatedwithallthenodesithastouchedbaseswithbefore.Decisionsmadebytheroutingprotocolsarebasedontheinformationstoredintheroutingtable.
Routingprotocolsbasetheirdecisionsontwoaspects:
1. Administrative/Virtualdistance:This aspectmeasures the reliability ofthe information integrated in the data packets about the destination node.Routersgatherinformationaboutthenetworkroutesthroughthefollowing:
Directconnectiontothenetwork:Routersdonotuseintermediariestogatherinformationabouttheroutes.Updatesintheformofdatapacketaresenttodifferentroutersforinformation-gatheringpurpose.
Indirectconnectiontothenetwork(viaotherrouters):Piecesofinformationaboutothernetworknotwithinrangearegatheredfromwhatinformationotherroutershavegathered.
StaticRouteconnectiontothenetwork:Therouterisnotdirectlyintouchwithanetworkbutitisinformedofitsexistencebythestaticroute.
Routerscomputeforthereliabilityoftheinformationbasedonthesource.It follows a hierarchy that favors routers nearest it. Cisco measures
administrativedistancebyassigningdistancevalues:
Sourceof
Information
AdministrativeDistanceValues
DirectConnection
0
Staticroute
1
InternalEIGRP
90
OSPF
110
RIP(ver.1andver.2)
120
ExternalEIGRP
170
Routerspreferinformationwithloweradministrativedistancevalues.
2. RoutingProtocolMetrics:Thiscomputesthecostsassociatedwitheachroute. Examples of weighted costs are as follows: link state, availablebandwidthandtraffic.
Thevariousroutingprotocoldiffersonhowtheycalculatetheefficiencyofeach of the router hence it is understandable that each of the routingprotocolsmayhavedifferentpreferredroutescomparedtotherest.Whenroutingprotocolsdisagreewitheachother,routersselectthebestroutebycomputingforadministrativedistancesinstead.
Herearesomeofthemetricsusedinrouteselection:
a. Bandwidth:Thisrefers to thecapacityof informationthatcanbeheldbyaroute to reach the destination. Bandwidth is measured in terms of bits persecond (bps). Routes with higher bandwidth are preferred by most routingprotocolsbecausedatapacketstendtoreachthedestinationpointfasterwithalargerbandwidth.ThismetricisgivenmoreweightbyEIGRP.
b. HopCount:Thisreferstothenumberofroutersbetweenthesourcenodeand thedestinationnode.Routerprotocols tend topick routeswith lesshopcountstominimizedelay.RIPisnotoriousforusingthismetricondeterminingwhichroutetopick.
c.Cost:Thisreferstothevaluecomputedbasedonthebandwidthofanetworkroute.The figure ismeasureby 108 / bandwidth.OSPFuses this routemoreheavilythanitdoesotherroutingprotocolmetric.
d.MaximumTransmissionUnit(MTU):Thisreferstothesizeofeachdatapacket.MTUismeasuredintermsofbytes.Thebiggerthesize,thebiggertheamount of data that can be transferred at any given time.EIGRPusesMTUheavily,preferringhigherMTUvalues.
e.Load:Thisreferstothebandwidthpresentlyconsumedbythedatatrafficatanygivenroute.Itiscomputedbygettingthedifferencebetweentheavailableunusedbandwidthandthetotalbandwidthoftheroute.EIGRPpicksnetworkrouteswithlowerload.
f.Reliability:Thisreferstothehowmuchtimeisavailableinaspecificroute.EIGRPselectsroutewithhigherreliabilityvalues.
g.Delay:Thisreferstotheaverageamountoftimeadatapackettakestoreachthedestinationhost.Thisiscomputebasedonthefollowingmetric:
Propagationdelay:Thisreferstothetimetakenbythesignaltospreadthroughoutallthetransmissionpaths.
Transmissiondelay:Thisreferstothetimetakenbydatapacketsinbetweenhops.
Queuingdelay:Thisreferstothetimeapacketspendsinqueuebeforeitisreleasedtoanoutboundport.
Processingdelay:Thisreferstothetimespendbytheroutertoinspecttheencodeddestinationaddress.
RoutingMethods
Routersusethedifferentstandardsthroughwhichroutingprotocolscomputeforthe most viable route. Before they even measure the efficiency of each route,routing protocols initiate a progressive trade of information between routers tobuildareliableroutingtable.Thisexchangeofinformationisdonethroughmanydifferentmethods.Theseare:
1. DistanceVectorRouting:Routers,who are using protocols thatmeasuredistancebetweennodes,completetheirroutingtablebytheinformationtakenfromtheirowndirectconnectionandfromneighboringrouters.
Thisisaroutingprocedurewhererouterstrusttheinformationsenttothembyneighborrouters.Theinformationsentbyneighborroutersisalsosenttoadifferentneighbor routerwhomightnothavedirect connectionwith theoriginalrouterthatsenttheinformation.Rumorroutingisanothernamefordistancerouting.
Distancevectorroutingemploysthefollowingspecialmechanismstoavoidincurringroutingloops:
Triggeredupdate:Thisfeatureletsdifferentroutersshareupdateswitheachotheroncearouterbecomesfunctionalorwhensomethinghaschangedwithinthenetwork.
Poisonreverse:Thisfeaturesendsamessagetoallneighborroutersthataspecificnetworkisdownandthereforemustnotbeusedasarouteforadatapacket.
Splithorizon:Thisfeaturehindersthepromotionoftheroutebacktoitsoriginalpromoter.
Hold-downtimer:Thisfeaturehinderstheacceptanceofnewupdatesonspecificroutesforapresetperiodiftherouteisdeemedunavailable.Thispreventsthere-advertisementofroutesthatarenotfunctionalasthismay
eventuallyleadtoroutingloops.
Routepoisoning:Similartopoisonreverse,thisfeaturesetsthenumberofhopstothemaximumnumberofhopsplus1.Thisautomaticallygivesneighboringroutersinformationthatsuchrouteisnolongerreachable.
Maximumhopcount:Thisfeaturemakessurethatthedatapacketdoesnotfollowaroutethatrequiresmorehopsthanthepredeterminedmaximumhopcount.
Routing
Protocol
Maximum
HopCount
RIP 15
OSPF 255 (subject to userconfiguration)
EIGRP Unlimited
Routingloopseventuallyleadtoaroutefailing.Thisoftentakestimebeforealltheconcernedroutersareinformed.
The twoprotocols thatusedistancevector routingproceduresareRIPandIGRP(nottobeconfusedwithEIGRP).
2. Link-State Routing: Routing protocols that follow link-state routingproceduresbuildroutingtablesusinginformationexclusivelyfromtheupdatesgatheredfromneighborrouters.Insteadofjustpoolingtheinformationfoundin the neighbor’s routing table, link-state protocol gets a good view of thenetworktopologyandrouteswithinandbeyondneighboringrouters.
Link-stateprotocolsarecharacterizedbythefollowing:
Comparedtodistancevectorprotocolthatsendsandreceivesrouteupdatesonaregularbasis,link-stateprotocolonlysendsandreceivesupdatewhenchangehasbeendetectedinanyoftheimmediateroutes.
Asidefromroutingtables,link-stateprotocolalsomanagestopologyandneighbortables.
Updatessendbyneighborroutersonlycontaininformationaboutroutesthechanged.
Routersunderlink-stateprotocolsexchange“hello”packetstogetagoodunderstandingofneighborrouters.
Link-stateroutingisprominentlyconfiguredintheOpenShortestPathFirst(OSPF).
3.HybridRouting
Protocols thatemployhybridroutingcombinesthepropertiesofboth link-stateanddistancevectorsincluding:
Similarwithdistancevectorprotocols,hybridroutingprotocolsuseadministrativedistancemetrictodetermineroutequality.
Similarwithlink-stateprotocols,hybridroutingprotocolsuseMTU,load,reliability,delayandavailablebandwidthtodetermineroutequality.
Cisco-proprietaryEnhanceIGRP(EIGRP)useshybridroutingprocedures.
Convergence:Thisreferstothefirstexchangeofinformationmadebytherouterstoeachotherastheyattempttoconnecttothenetwork.
Chapter4.EnhancedInteriorGatewayRoutingProtocol(EIGRP)
Unique to Cisco routers, Enhanced InteriorGatewayRouting Protocol (EIGRP)hasplentyofupsidescomparedtothatoftheInteriorGatewayRoutingProtocol(IGRP) and its successor Routing Information Protocol (RIP). Both IGRP andEIGRPareknowntobeadistancevectorprotocol.Theonlydifferenceisthatthelatterofthetwohasabettersetofdistancevectorandresponsealgorithm.Thisalgorithm is responsible fordetermining thebestdatapath towardsaparticulardestination. Also, it employs an advanced loop mitigation system compared tothatofbothIGRPandRIPmakingitperfectforlink-stateprotocols.
Asidefromtheonesmentionedabove,CiscodesignedEIGRPtosupersedeIGRP’slimitations.ComparedtoIGRPandRIP,EIGRP:
SupportsbothVLSMandCIDR
Congregatesquickly
HasaHopcountlimitationis255withthedefaultsetat100
UtilizestheDiffuseUpdateAlgorithm(DUAL)tocheckthevalueoftheroutes
Maintainsroutesincludingthosethatarealready-managedbydifferentroutingprotocols
IsattunedwiththepresentIGRPimplementation
CanrouteNovellNetwareInternetworkPacketExchange(IPX),AppleTalk,InternetProtocol(IP)andotherroutedprotocols.
CharacteristicsofEIGRPEIGRP is widely-acknowledged as more of a distance vector protocol, but bydefinition, it is also ahybrid routingprotocol because it has advanced featuresusually found only in link-state protocols. Here are the characteristics of theEIGRP:
1. EIGRPevaluatestheefficiencyoftheroutesbyusingthesemetrics:
DefaultMetrics:DelayandBandwidth
OptionalMetrics:MTU,load,Reliability
DiffusingUpdateAlgorithm:Routeefficiency.
2. Aswiththerestoflink-stateroutingprotocols,OSPFandEIGRPdirecttheupdatesaboutroutesonlyifitdetectsdeviationswithinthenetwork.
3.EIGRPisonlyexclusivetoCiscorouters.
4.EIGRPperformsitsfunctionsusingtwomaindirectorialdistancefigures:
170–routesfromotherprotocols
90–routesfromEIGRP
ComponentsofEIGRPThisrouterprotocolcomprisesfourcomponents:
1. Protocol-dependentModules:Theseareindependentmodulesutilizedbyspecific protocols when sending and receiving data packets within the OSInetworklayer.
2. Reliable Transport Protocol (RTP): This protocol guarantees adependable delivery system that transports the EIGRP unicast or multicastdatapacketstoroutersnearby.
3. Neighbor Discovery/ Recovery: EIGRP employs a smart system thatdeterminestheexistenceofthenearestrouterswithinthelocalnetwork.
4. Dualfinite-statemachine:Inordertoestimateanddetermineroutesthatare free fromloops,EIGRPusesaroutingalgorithmthatrecognizesametricthatselectsroutesbasedonthefeasibilityofeachroutingsuccessors.
RoutingTablesEIGRPcollectsdataaboutnearbyroutersand the landscapeof thenetworkandthen stores it to a sequence of tables called routing tables. The three kinds ofroutingtablesusedbytheEIGRPare:
1. Neighbor Table: This stores information using the local network orcomputer systems directly connected to each other. The information is thenorganizedinatablethatcontainsaddressingandinterfacefigures.EachCiscoroutersusesitsownEIGRP;hence:
Eachrouterisgivenaclearmapofalltheneighborrouterswithinthesamenetwork.
Eachrouterisgivenaninventoryofdetailsofeachpeerrouter.
2. Topology Table: This summarizes all network destinations that areroutablethroughEIGRPandestimationsusingametricthatdetectswhetheradestinationisinanactiveorpassivestatus.EachCiscorouteralsorunsOPSFtomanageaseparatelink-statetable;hence:
Eachrouterhasaclearmapofnetworktopologynotjustofitsownnetworkbutthenetworksinsurroundingnetworkareasofneighborrouters.
Eachroutergetsadeeperunderstandingofthenetworktopologybyusinglink-stateandneighbortable.Itgetsaclearpictureofhowthetopologywithintherouter’sanditsneighboringrouter’ssurroundingnetworkvicinitywork.
Thetopologytablemanagesthefollowingineachofthenetworkdestinations:
SuccessorRoute:ThisisthemostefficientroutetothedestinationpointasdeterminedbyDUAL.
FeasibleSuccessorRoute:Thisisthesecondbestroutetothedestinationpoint,alsodeterminedbyDUAL.
3. RoutingTable:Thisisacollectionofalldestinationroutesmappeddownusing the information obtained from all the entries in the topology table. Ifboth the link-stateandneighbor tablescount thenumberofavailableroutes,theroutingtabledescribeseachroute.
EIGRPPacketTypes1. ACKs/Hello:(Unicast)Thispacket isusedwhen initiating initialdiscovery
or recovery process of neighboring router locations. ACKs are packetscontainingunicast addressedwitha specificnon-zeronumbers exchangedasanacknowledgementreceiptsbetweenrouters.
2. Updates: (Unicast) These packets have routing procedures accepted bynearby devices to help create and manage a routing table for the overallnetworktopology.
3. Queries:(Multicast)Thesepacketsthatcontaincodedqueriesaresentwhenadestinationpointisactivated.
4. Replies: (Unicast) These packets are sent as a response to the queries sentfromtheoriginpoint.
5. Requests: (Unicast, Multicast) These packets are used to obtain pertinentinformationfromnearbynetworkdevices.
ConvergenceAsmentionedearlierEIGRPhas fasterconvergence than thatofbothIGRPandRIP because routers in the same local network merely exchange ACK packetsinstead of the usually distance vector protocols. With EIGRP, routers becomemore familiar with each other while undergoing the convergence procedure byexchangingnetworkparameterstoeachoftheirneighbortables.
Routersareonlyconsideredas“nearby”or“neighboring”routersifthefollowingconditionsaresatisfied:
RoutershavesuccessfullytransmittedandreceivedACK/Hellopacketswitheachother.
Theyhavethesameindependentsystemthathasthesameinterfacewithsimilarroutingdesigns.
EachoftheirACK/Hellotimerissettothecorrectvalueespeciallyforthefollowingmetrics:
a. Network frequency at which each routers exchange ACK/ Hellopacketswitheachother
b. Farthest distance before the routers consider a router out ofcoveragenetwork
DiffusingUpdateAlgorithm(DUAL)DUALisaCisco-proprietaryalgorithmthatassesseseachoftheroutesmanagedbytheEIGRP.ThisalgorithmisresponsibleforimprovingtheperformanceoftheEIGRPcomparetoIGRPbycircumventingloopingroutes.
DUALcalculatesthesuccessorrouteandthefeasiblesuccessorrouteforthedestinationnetworks.
DUALallowsEIGRPtouseroutesacrossdifferentnetworksusingvaryingsubnetsbymeansofvariablelengthsubnetmasking(VLSM)
DUALprovidesotherfeasiblesuccessorroutesshouldthebestroutebeunavailable.
Classfulvs.ClasslessRoutingThetwotypesofroutingprotocolsupportedbyEIGRPareclassfulandclasslessrouting. If used in their default settings, both the IGRP, RIP (version 1) andEIGRPare allclassful routing protocols.By implementing ano auto-summarycommand in the Cisco IOS interface, the router can be configured to supportclasslessrouting.Thedifferencesbetweenthetworoutingprotocolsareasfollows:
ClassfulRoutingProtocol ClasslessRoutingProtocol
When sending route updates,thisprotocoldoesnot transmitsubnetdata.
When sending route updates,this protocol transmits subnetdata.
Based on the class of IPaddress, this protocol providesasummaryofrouteswithintheboundariesofthenetwork.
This does not provide asummary of routes within thenetwork unless manuallycommandedtousingtherouterinterface.
DiscontiguousNetworks are networks that have a number of subnets thatcontain varying classes of IP address. They are required when implementingclasslessroutingprotocol.
ConfiguringEIGRPSimilar to how RIP is configured in a Cisco router, EIGRP is configured byfollowingthesesteps:
1. RuntheEIGRPoneachCiscorouter
IntheIOSinterface,runthefollowingcodeinglobalconfigurationmode:
routereigrpas_id
The as_id is the routing domain identification otherwise known as theautonomoussystem(AS)number.TheASnumbermustbethesameforallroutersthatwillbesharingEIGRProutinginformation.Thisnumbershouldbewithintherangeof1to65535.
RoutingConfigurationoftheEIGRP(cisco.com)
2.EnableEIGRP
Asinthepreviousstep,usingtheIOSinterfacerunthefollowingcodetoenabletheEIGRP:
Networkint_IP
The int_IP in the command is simply the IP address that will identifywhichinterfacewillsupporttheOSPFinthenetwork.
RunthefollowingcodeswhenconfiguringtheEIGRP:
ForRouter51-1
R51-1>en
R51-1#configt
R51-1(config)#routereigrp1
R51-1(config-router)#network192.168.25.2
R51-1(config-router)#network51.10.0.2
R51-1(config-router)#noauto-summary
R51-1(config-router)#exit
R51-1(config)#exit
R51-1#disable
R51-1>
ForRouter251:
R2551>en
R2551#configt
R2551(config)#routereigrp1
R2551(config-router)#network192.168.25.2
R2551(config-router)#network51.10.0.2
R2551(config-router)#noauto-summary
R2551(config-router)#exit
R2551(config)#exit
R2551#disable
R2551>
ManagingEIGRPOperationUsing the IOS Interface for Cisco routers, the elements of EIGRP can bemonitoredandverified toensure that the routersareavailable todetermine thebestroutes.
Totakeagoodlookattheroutingtables,thefollowingcodecanberunintheIOSinterface:
showiproute
Thiscommandwillthendisplaythefollowinginformation:
Subnetsavailable
InformationontheNetworkInternetProtocol
Routesthatarerecognizedandsavedintheroutingtable
Foreachroute,theinterfacedisplaysthefollowingdata:
DestinationnetworkthatcanbereachedbytherouteasdeterminedbytheIPaddress
Iftherouterandthedestinationnetworkofarouteisdirectlylinkedtoeachother.
Thegateway’sIPaddressiftherouterisnotdirectlylinkedtothedesireddestinationnetworkofaroute.
OtherEIGRP-relatedTermsHereareotherEIGRPtermsthatyouneedtocommittomemoryinpreparationfortheCCNACertificationExams:
1. PassiveDestinationNetworks:Theseareconvergednetworkswhereboththebest(successor)andsecondbest(feasiblesuccessor)routesareconvergedinthenetworks.Allroutersareawareoftheserouteswithouthavingtoshareupdateswitheachother.
2. ActiveDestinationNetworks: These networks have not been convergedyet.Routers are still on theprocess of exchanging routing informationwitcheachother.
3. SmoothRound-TripTimer(SRTT):Theamountof timespentbyadatapackettoreachtheneighboringrouterandthenbacktotheoriginrouter.Thisdeterminestheamountoftimerouterstypicallywaitforresponsesfromnearbyrouters.
4. RetransmissionTimeout(RTO):Thevaluedisplayedhere is theamountof time the router spends before it resends a data packet without notice ofreceiptfromtheneighboringrouter.
5. QueueCount(QCnt):Thevaluedisplayedhererepresentshowmanydatapacketsarelinedupforsending.SomecausesofhighQCntvaluesare:(a)toomuch information sent to neighboring routers, (b) neighboring router isoutdated hence not fast enough to receive data, and (c) error in the linkbetweentheoriginandthedestinationrouters.
Chapter5.OpenShortestPathFirst(OSPF)Protocol
JustlikeEIGRP,OpenShortestPathFirst(OSPF)isalink-stateroutingprotocol.Unlike EIGRP however, OSPF is not just supported by Cisco but also by otherroutermanufacturers.Whendealingwithawide-scalenetworkenvironment,theOSPFusesaprotocolcalledIGPshortforinteriorgatewayprotocol.IGPcreatesandmanagesroutesonlywithinasingularroutingdomain.
Alreadymentioned in theprevious chapter, a singular routingdomain is simplyautonomous system (AS). The AS is simply routers and network addressesgrouped together that are within the same routing network system. It can beinferred then that any network that has OSPF integrated in all the connectedroutersisoperatingundertheAS.
Another example of an autonomous system is the Intermediate System-to-Intermediate System (IS-IS) routing protocol. This routing protocol is used forlarge networks like that of an internet service provider. The Border GatewayProtocol(BGP) is another good example of an autonomous system.TheBGP ismeanttolinkotherautonomoussystemandlargenetworksmanagedbyinternetserviceproviders.
OSPFRoutingTables
Similar to theEIGRP,OSPFmanagesaneighbortableandarouting table.TheonlydifferenceisthatEIGRPhasatopologytablewhereastheOSPFhasa link-statetable.
Link-StateTable:Thistablemanagestheconnectionsbetweentherouterand neighboring router by measuring the stability of each of theseconnections.Simply,itobservesthequalityofroutestoneighboringrouters.
CharacteristicsofOSPF1. AsinEIGRP,routeupdatesareonlytransmittedwhenOSPFhasdetectedany
changeintheroutes.
2. WhentheOSPFdoesdetectchanges,therouterautomaticallytransmitsalink-stateadvertisement(LSA)inoneoftherouteswhosepropertiesarestoredintheroutingtable.Only informationabout thechanges inoneof theroutes iscontainedintheLSA.
LSApacketsleavealmostnonetworkfootprintortrace.
LSAtrafficiskeptataminimumbecauseOSPFkeepsaninventoryofroutes.
LSAtrafficisorganizedinsuchawaythatLSApacketsreachthedestinationrouterimmediately.
3. Routers sharesCKA/Hellomessageswitheachotheras theyestablish thevalues in each of their neighbor tables while undergoing the convergenceprocess.
4. UnlikeEIGRP,which isaCisco-proprietaryprotocol,OSPFissupportedbyotherroutermanufacturers.
5.OSPFconvergesfastcomparedtootherprotocols(exceptEIGRP).
6. OSPFworksefficientlybecause itdivides the system(routingdomain) intodifferentsectorsofcontrol.
7.LimitlessamountofnetworkhopsaresupportedbytheOSPF.
8.Variable-lengthsubnetmasking(VLSM)issupportedbytheOSPF.
9.OSPForganizesandreadsroutersinahierarchicalformat.
ConvergenceDuring the convergence process, the routers exchange pleasantries by sharingnetworkparametersbeforestoringreceiveddatatoeachof theirneighbortable.There is no need to discuss in great detail how routers recognize each other asneighbors since convergence in OSPF is exactly the same with convergence inEIGRP.
CostMetricTo measure the value of the connections established by each route, the OSPFemploysacostmetric.
Route cost is a metric that determines the value of each connection by itsbandwidth.Bydividingthedefault100Mbpsorroughly,amillionbitspersecond)bandwidthwiththemeasuredbandwidthoftheconnection.
Forexample,iftheroutermeasuredtheactualbandwidthas:
10Gbps
(10,000,000,000bps)
100,000,000bps
10,000,000,000bps
0.01
1Gbps
(1,000,000,000bps)
100,000,000bps
1,000,000,000bps
0.1
100Mbps
(100,000,000bps)
100,000,000bps
100,000,000bps
1
10Mbps
(10,000,000bps)
100,000,000bps
10,000,000bps
10
1Mbps
(10,000,000bps)
100,000,000bps
1,000,000bps
100
The faster the bandwidth of the connection, the lower the route cost. OSPF isdesignedtocomputeforleastcostanduseitforsendingpackets.
Intheaboveexample,thedefaultreferencebandwidthispeggedat100Mbpsbutusing theCisco IOS interface, you can change this reference valuebyusing thiscode:
auto-costreferencebandwidth
This ishandywhenusinghigh-poweredmachines that transmitdatapackets inhigh-speeds.Insteadofusing100Mbpsasreference,youcansetitto10Gbpsby
implementingthefollowingcommandcodes:
RT51-2>en
RT51-2#configt
RT51-2(config)#auto-costreference-bandwidth10000000000
RT51-2(config)#exit
RT51-2#disable
RT51-2>
OSPFHierarchyTheOSPFemploysaspecialroutingalgorithmthatdeterminestheshortestpathbetweentheoriginpoint(router)andthedestinationpoint(neighborrouter).ThisspecialalgorithmiscalledtheDjikstraroutingalgorithm.
The Djikstra algorithm in a router sees the origin router as a root router. Thealgorithmassignsareaswherethereisatasingledesignatedrouter(DR).Ideallyhowever,abackupdesignatedrouter(BDR)isalsoassigned.Photo:OSPFCredit:routerprotocol.net
Refertothefigureontheleft.SinceDR-10Routerisnearervis-à-visotherrouters,itisdesignatedasthedesignatedrouterforArea10.ThesamecanbesaidforDR-20router,whichisthedesignatedrouterforArea20.Inotherwords,iftherootrouterintendstosendadatapackettoRouter10-1,itwillfirstassessiftheshorterroute(DR-10)isavailable.Ifitis,thenitsendsthedatapacketthroughDR-10enroutetoDR10-1.
SelectingaDesignatedRouter(DR)ThecomputationsmadebytheOSPFpriorityalgorithmdeterminethedesignatedrouter. The algorithm produces a value within the range of 0 ANS 225 isintegratedtotheIOSinterfacebyrunning:
ipospfpriorityvalue
The default value of theOSPF is 1. The router assignedwith the highest OSPFpriority value becomes the designated router. In the remote instance that tworoutersareassignedwiththesameOPSFpriorityvalue,thetiewillbebrokenbyusingtherouterID(RID).
Usingthefollowingmethods,userscanchoosewhichroutershouldbeassignedasadesignatedrouterby:
OSPFPriority:Setthehighestpriorityvalueforboththeinterfaceandtherouter.
LookbackInterfaces:Ineachrouter,theusercancreateaneffectivelookbackinterfaceandsetthehighestIPaddresstooneoftheroutersintendedtobedesignatedrouter.
RouterID(RID)ThisistheIPaddressgeneratedtoserveasanidentifieroftherouter.Itissetbyemployingthefollowingmethods:
Usingthecommandrouter-idintheCiscoIOSinterface
Manuallyby:
AssigningahighIPaddresstotherouter’sloopbackinterface
AssigningahighIPaddressintherouter’sactiveinterface
ConfiguringtheOSPFThestepstoconfiguretheOSPFonanyCiscoRoutersareverysimilartohowbothEIGRPandRIPcanbeconfigured.Itisaccomplishedby:
1. StartinguptheOSPF
Intheglobalconfigurationmode,thiscommandcanberunintheCiscoIOSinterface:
routerospfpro_id
Thevariablepro_idisassignedanumberwithintherangeof1and65536.This number serves as an identifier of the protocol’s routing process thatexchangesinformationwithotherroutersthroughtheOSPF.
2.EnableOSPFontheinterface
Using the Cisco IOS interface, OSPF is enabled by implementing thiscommandcode:
networkidt_IPIP_maskareaarea_idt
idt_IP This assigns the IP address that willserve as the main identifier of thesystem interface where OSPF will beenabled.
IP_mask This portion determines which of theIPaddresses listedon theneighboringtablesbelongtothenetwork.
areaarea_idt
This defines the extent by with theOSPFcanoperate.
TheIPmaskorwildcardmaskare inessencesimplybitmasks.Abitmask isacombinationofnumbers1or0andishence,followingthebinarysystem.IntheOSPF,bitmaskshavethefollowingsignificance:
1 Any number can be assigned to thematchingbitintheIPaddress.
0 ExactnumbershouldbethesameasthatofthematchingbitintheIPaddress.
Consider the IPaddress in itsentirety. It isdivided into fournumbersor into4byteswitheachbyte containing8bits.Thewildcards canbe set asanynumberwithintherangeof0.0.0.0and255.255.255.255.Thesedecimalnumbershavethefollowingsignificance:
255 Any number can be assigned to thematching bit in the IP address. Whenconverted to the binary system, 255 isequivalenttoaseriesofeight0s.
0 Exactnumbershouldbethesameasthatof the matching bit in the IP address.When converted to the binary system,255isequivalenttoaseriesofeight1s.
Iflet’ssaythecommandcodeimplementedintheCiscoIOSinterfacebeginswiththefollowingIPaddresscombination:192.167.25.00.0.0.0thenonlyrouterswithIPaddress 192.167.25.0areexposed. If,however, the IPaddress combination is192.167.25.0–0.0.0.255thenalltheroutersthatbeginwith192.167.25asanIPaddresswillbeexposed.
HereisthecorrespondingIPaddressforeachoftheCiscorouter:
Router10-1 172.10.78.0
Router10-2 172.10.77.0
RouterDR-10 172.10.75.0
RouterBDR-10 172.10.76.0
ConsiderthefollowingcommandconfigurationforRouter10-1:
R10-1>en
R10-1#configt
R10-1(config)#routerospf1
R10-1(config-router)#network172.10.78.00.0.0.255area20
R10-1(config-router)#network172.10.78.00.0.15.255area10
R10-1(config-router)#exit
R10-1(config)#exit
R10-1#disable
R10-1>
The above command configuration of router 10-1 affects the interface for botharea20andarea10by:
Area20 Router 10-1 exposes to all routers withinarea 20 any routers assigned with the IPspace172.10.78withinthenetworkwiththesameIPaddress172.10.78
Area10 Router 10-1 exposes to all routers withinarea 10 any routers whose IP begins with172.10.7only.Simply,theIPaddresscanbe172.10.75to172.10.78.
OSPFProtocolConfigurationTodisplaythecurrentsettingsoftheIProutingprotocols,thefollowingcommandcanbekeyedintotheIOSinterface:
showipprotocols
Theinterfacewilldisplaythefollowinginformation:
OSPFprocessidentification
Whetherornotinboundupdateresponsefilterisfixed
Whetherornotoutboundupdateresponsefilterisfixed
RouterIdentification(RID)
Currentvirtualdistancebetweenrouters
SourcesofLSAsockets
Numberofactiveareasreachedbytheimplementedcommand
Referencebandwidth(fordeterminingtheroutecosts)
ListofOSPFandIPnetworkareaslistedforroutingOSPF.
PertinentCommandsWhenreviewingfortheCCNAcertification,youwillfindthefollowingcommands(notalreadymentionedintheprevioussectionofthischapter)handy:
show ip ospfinterface
This is used to inspect thecurrent IP configuration of theOSPFprotocol.
Ifthecommandisimplementedinaspecificinterface,theinterfacewillonlydisplayinformationpertainingtothesaidinterface.
Ifthisisnotthecase,thenthecommandwilldisplayacomprehensivelistofinformationpertainingtoeachinterfacepoweredbyOSPF.
ipospfneighbor ThisdisplaysinformationaboutOSPF information of neighborrouters.
show ip ospfdatabase
This inspects the data held bythe routing tables of theOSPFprotocol. The command notonlydisplaysinformationaboutrouters within the samenetwork, it also displays thestatus of each connection fromtherootrouter.
debugipospf This command code is use totroubleshoot any noticeableroutingmalfunctions.
nodebugipospf This command disables thedebuggingcapabilitiesofOSPF.
Part2SwitchingwithCISCOSwitches
Chapter6.Layer2Switches
If Layer 3 is the network layer, were routers transmit data packets to otherrouters,Layer2isthedatalinklayerinnetworksthatfollowtheTCP/IPorOpenSystemsInterconnection(OSI)model.
Layer2isresponsibleforsendingdatatophysicaldevices.Eachdeviceisassignedwith its own physical address recognized by the network to route data packetsfrom one device to another. Otherwise called as Media Access Control (MAC)addresses, the physical addresses act as a unique identifier to specific networkdevices.
Thefeaturesofthedatalinklayerareasfollows:
1. Communicateswiththenetworklayertoliaisethereceiptofdatapacketsfromthesourcehost
2. Assembles the received packets inside a data frame with the MAC address(localroutinginformation).
3. Transmitsthepackageddataframetothephysicallayer,whichwillthenbreakdownthecodetospecificopticalandelectricalsignal.
Thephysicallayer(comprisedmainlybythephysicaldevice)transmitsthecodesinsidethedataframethroughwiredconnectionorwirelesssending.
Withinthereceivingmodule,Layer2initiatesthefollowing:
1. Opensthedataframe
2. Acquiresthedatapacketfromthedataframe
3. Transmitsthedatapackettothenetworklayer
Fordatalinkprocedures,theTCP/IP(Ethernet)protocolisusedatthedatalinklayer. According to the standards prescribed by the IEEE802.X, the EthernetmanagestheTCP/IPoperationsinLayer2.
ThemainroleofthedatalinklayeristomanagethetransmissionofdataframeslocallybetweentwophysicaldevicesboundtogetherbytheLocalAccessNetwork(LAN).
For a better understanding about how Layer 2 switches work, consider thefollowing:
EarlierLANimplementationsusedacoaxialcabletoconnectcomputerstogether.
Thebandwidthisspreadandsharedwithinthedifferentdevicesconnectedto
theLAN.
Duetothesharedbandwidth,alldatapacketsaresharedtoalldevicesconnectedtotheLANinstead.
For example, there are four computer users — Matt, Mark, Joe, and Lucas —connected toanetwork. Ifadatapacket is sent toMatt, theotherusers see thepacket too.Not only does this undermine privacy of the content of said packet,Mark,JoeandLucasneedtodeletethedatapacketbecauseitisnotaddressedtothem.Everytimeatleastoneofthemreceivesadatapacket,therestwouldhaveto delete the packet on a regular basis. Not only is this bothersome; it is alsoinefficient.
HubsHaving realized this problem,hubswere later introduced to integrate computerdevices together using a single cable per device. Instead of coaxial cables,computerhubsusetwisted-paircables.RJ-45connectorsareusedatendofcablestosimplifyconnection.
RJ45(rj-group.com)
Whendata framesare sent toahub, theyare transmitted toallhost computersconnected to the hub with the exception of the source device. Simply, themechanismofthehubsendsthedatatoallinboundportsexceptfromwherethedataframeoriginated.
Sincethedataframesarebeingsenttodifferentinboundportswhileatthesametime share the same bandwidth, there is a high possibility for data frames tocollide. To completely devoid the network hub of data frame collisions, theEthernet employs a special mechanism called Carrier Sense Multiple AccessCollisionDetect(CSMA/CD).
TheCSMA/CFusesanalgorithmthatmanagesthetransmissionofdatapacketstothe rest of the connected devices so that none of the transmitted packets willcollide. This, however, consumes almost half of the bandwidth that could havebeenusedforfasterdatatransmission.
Hub(cisco.com)
Theonlywaytocircumventtheproblemistomakethecollisiondomainaslittleaspossible.ThisiswhereLayer2bridgesandswitchescomein.
BridgesBridgesandhubsarebothaninterrelatedcomputerdevicesconnectedinaLANbymeansofawiredconnectionbetweeneachdevice.Theonlydifferencebetweenbridges and hubs is that the formerwas able to keep the collision domain at aminimum.
Bridges and switches both create a single collision domain for every port. Thiscauses data frames to be sent only through exit ports towards the framedestination.
SwitchesSwitchesareanetworkdevicethatcreatesasinglecollisiondomainforeachport.Thisdevicetransmitsdataframesviaexitportstoreachthedestinationportofthecomputer hostwhere the frames are intended to reach.Other characteristics ofswitchesareasfollows:
Switchesarefasterthanrouters.Sinceswitchesoperateatthedatalinklayer(Layer2),theydon’thavetocheckthepacketheaderatthenetworklayer(Layer3).SwitchesonlyrequireinformationabouttheMACaddressofboththesourceanddestinationofeachdataframe.
Switchesarefasterthanbridges.ThisisbecauseswitchesuseApplication-specificIntegratedCircuits(ASICs)hardwarewhilebridgesusesoftwaretofulfilltheirfunctions.
Usingaswitchednetworkhasseveraladvantages:
Switchesprovideamoreefficientmeanstoconnectdifferenthosts.Thisshortensthetraveltimefromsourcehosttodestinationshost.
Switchespreventdataframecollisionbymakingsurethateachofthehostshasitsowncollisiondomain.
SwitcheschecktheMACaddressconfiguredinadataframebeforesendingitthroughtheoutboundpartconnectedtotheinboundportofthedestinationhost.Thismakessurethatdataframeisfloodedtoallthecomputerdevicesconnectedtotheswitchednetwork.
Hubsvs.Bridgesvs.Switches
Features
Technology Duplex SpeedVLANSupport
CollisionDomain
BroadcastDomain
Hubs Portmultiplexing
Half Turtle No Wholehub
WholeHub
Bridges SoftwareSwitching
Half Deer No 1perport WholeBridge
Switches ASICSwitching
Full/Half
Cheetah Yes 1perVLAN
1perVLAN
SwitchFunctionsThethree(3)functionsthatCiscoSwitchesmustaccomplishare:
1. ListdowntheMACaddressesofeachofthecomputerdevicesconnectedtotheswitched network. This is accomplished by Layer 2 switches through thefollowing:
a. The switch examines every data frame received by the switched network. Ittakesnoteof thenumberof theentryportandtheMACaddress inscribed inthedataframe.ThesepiecesofinformationarethenstoredintheMACaddresstable.
b. The switch gradually forms a comprehensiveMAC address table thatwill beusedasreferenceforfuturedataframetransmissions.
2.Manage thedata frames fromeachof the outboundports (sourcehost) orsourceswitchestotheinboundport(destinationhost)ordestinationswitches.Layer2switchesdecidewheretosendthedata framesbydeterminingwhichinboundporttosendthedataframe.ThisisofcoursedependentontheMACaddress information that came with the received data frame. Switches thenaccesstheMACaddresstabletodothefollowing:
a. Theswitchexaminesthedataframeuponenteringthenetwork’sinboundport.It checks theMACaddress of the source anddestinationhost carriedby thedataframe.
b. Using the information gathered from the data frame, it then looks at all theentriesintheMACaddresstable.
IftheinformationfromthedataframechecksoutwithanyoftheentriesintheMACaddresstable,theswitchcascadesthedataframetotheinboundportofthedestinationhostbearingthesameMACaddressinscribedinthedataframe.
Iftheinformationdoesnotcheckout,itcascadesthedataframetoalloutboundportofthenetworkwiththeexceptionoftheportwherethedataframecamein.
3.Makesurethatnoloopsarecreatedwithintheswitchednetwork.Data-linkframes do not cease to exist until the frames find their correspondingdestinationhost.Inotherwords,ifaframeissentbutcodedwithanunknownMACaddress,theframecanspringfromoneporttoanother,non-stopwithinthe network. This is not good because bandwidth consumption is also non-stop.Inordertoavoidthis,aprotocolcalledSpanningTreeProtocol(STP)isusedinthesystem.
GlossaryofTerms(Switching)1. AddressLearning:ThisphaseiswhentheLayer2switchgatherstheMACaddressofthereceivingportofeachcomputerhost.TheswitchformsaMACaddress table consisting of the list of all the port numbers and theircorrespondingMACaddress.
2. Forwarding:ThisphaseiswhentheLayer2switchdecidestotransmitthedataframetoaninboundportofoneofthecomputerhostwithintheswitchednetworkprovidedthattheMACaddressofthecomputerhostmatchtheMACaddresscontainedinthedataframe.
3. Filtering:ThisphaseiswhentheLayer2switchdecidestodiscardthedataframeandallofitscontentswithoutsendingittoanyoftheoutboundports.
4. Flooding:ThisphaseiswhentheLayer2switchdecidestotransmitthedata frame to all outboundports except from the portwhere the data framecamein.
5. Loop Avoidance: By using the Spanning Tree Protocol, redundanttransmissionloopsarediscarded.
6. MACAddressTableThrashing:Thesearedifferentportsbearingthesame MAC Address. When this happens, the switch doesn’t know whichinboundportthedataframeshouldbesent.
7. Broadcast Storm: This happens when the data frame contains the MACaddressofanunknownport.Thedataframeisthensentacrossinterconnectedswitcheswastingthebandwidthandthus,crashingtheMACaddresstable.
8. UnicastTransmission:Thisinvolvesadevicetransmittingadataframetoasingulardestinationdevice.
9. MulticastTransmission:This involves a device transmitting a dataframetomultipledestinationdevices.
10. BroadcastTransmission:This involves a device transmitting a dataframetoalldeviceswithinthelocalnetwork.
Chapter7.SwitchManagement
SincemostGUItoolsandIOScommandsarethesameforbothCiscoroutersandCiscoswitches,handlingCiscoswitchesisverymuchalikehandlingCiscorouters.OneoftheonlynoticeabledifferencesbetweenhandlingsaidCiscodevicesissometools exclusive for routers and some tools exclusive for switches. For example,CiscoDeviceManagerisonlyavailableformanagingCiscoswitches.
HandlingMethodsforCiscoSwitchesSince thedata-link layer is divided to three sublayers: core layer,access layerand the distribution layer, it will always come in handy to remember whichswitchesareaperfectfitforwhichlayer.
CiscoSwitch BestSuitedfor
Entry-levelSwitch Access Layer and DistributionLayer
MidrangeSwitch Access Layer and DistributionLayer
Top-of-the-lineSwitch Core Layer and DistributionLayer
NoticethatifwegobacktothechapterthattalksaboutRouterManagement(Part2, Chapter 9), you’ll notice that the hierarchy of switches is the same as thehierarchyofrouters.
Highly-specificfunctionsarehandledbytop-of-the-lineswitches.Thesefunctionsinclude:
LANgatewayconnectivity
Inter-VLANrouting
VLANTrunkingProtocol(VTP)domaincontrol
VLAMMembershipPolicyServer(VMPS)
STProotbridgerole
Since the above functions are crucial in the network, these functions must bemanagedbyaveryefficientswitchdevice.
ConnectingtoaCiscoSwitch
SimilartoCiscoRouters,Ciscodoesnothaveaspecializedhardwarethatallowsdirectusercontact.CiscoswitchescanbeleveragedtoacomputerpanelwheretheCisco Switch interface is setup. This way, Cisco switches can bemaintained byeither connecting remotely or connecting locally from a computer host to theswitch.
LocalConnection:
Ciscoswitchesaretypicallybuiltwithmultipleportsusedtolinknetworkdevicesorcomputerhosts.Twooftheseportsarecoloreddifferentlythantherest.Thesetwo ports are console and auxiliary ports. Both of these ports serve a differentpurposeotherthanensuringastablenetworkconnection.
ConsolePortUsingarollovercable,thisportisusedtolinktheswitchandthecomputerhosttogether. The console port is used when establishing a local connection to theswitchdevice.HavingaConsolefacilityiscommontoallCiscodevicescontrolledby Ciscio IOS. This facility acts as an interface that displays user prompts,diagnosticmessages,errormessagesandstatusmessages.
Themanagementcomputerrequiresterminalemulationsoftwareinstalledbeforethe computer and the switch can communicate with each other. Terminalemulationissupportedbythefollowingapplications:
HyperTerminal
SecureCRT
TeraTerm
Cisco switches need the following serial parameters setup in the Cisco Switch’sconnectionprofile:
Databits:8
Stopbits:1
Flowcontrol:none
Parity:none
Baudrate:9600
TheaboveparameterscontrolserialcommunicationsbetweenswitchesbyusingcommunicationportslikeCOM1,COM2,andCOM3.
AuxiliaryPortsTheseareportswhosemainroleistoconnecttheswitchtothemanagementhostthroughtherollovercablelikethatoftheconsoleport.Theonlydifferenceisthatthis port is used to establish a local connection between the modem and thecomputer. The next step is to tweak the settings of the modem so that it canreceivecallscomingfromthehostcomputerthroughthetelephonecable.
EstablishingaRemoteConnection
Thecommonnetworkenvironmentofteninvolvesmorethanoneswitches.Moreoftenthannot,theseswitchesarelocatedindifferentareas.Anetworkset-uplikethis requires remote connection to the switches. The remotemanagement hostallows a working connection between a computer and the switch console. Thisremoteconnectionisestablishedviaanyofthefollowing:
Modemconnectionviatheswitch’sauxiliaryport
UsingasecuredTelnetsoftwarethatconnectionstheswitch’snetworkIPaddress.
UsingaConsoleTerminalServerthatconnectstheswitch’sconsoleIPaddress
ConsoleTerminalServer(cisco.com)
SwitchStartupProcedure
Regardless of configured setting, the Cisco switch always performs the sameprocesswhenturnedon:
1. TheCisco switchexecutes thePower-onSelf-Test (POST). Stored intheCiscoSwitch’sROM,thePOSTisamicroprogramthatdetermineswhethertheswitchisinmintconditionandcanthusperformbasicfunctionsrequiredoftheswitch’shardware.
2. Theswitch thenexecutes theboot loader software (alsootherwise
known as the bootstrap program). The boot loader is anothermicroprogram stored in the switch’s ROM that is designed to transition theswitch to regular operationmode by accessing the IOS interface in the flashmemory. If the IOS interface isnot in the flashmemory, theboot loaderwillattempttoloadtheinterfacefromthe
ROM
TFTPServer
3.TheCiscoSwitchinterfacestartsintotheRAM.Thebootstrapprogramstarts topowerup theRX-boot image from theROM.TheRX-boot image isnecessarytojumpstartthebootprocess.
4. Beginthestartupconfiguration.AftertheswitchinterfacegatheredenoughinformationfromtheRAM,theIOSthenpreparesthedevicetobeginthe configuration process in the NVRAM. Once the configuration processstarted in RAM, the configuration process is now called the runningconfiguration.ThisconfigurationprocessadaptstothenetworksettingswhiletheCiscoswitchisrunning.
TheIOSconfigurationinterfaceallowstheusertochangethefollowingsettingsintheswitches:
IPaddress
Telnetpassword
Hostname
Consolepassword
Subnetmask
Defaultgateway
CiscoSwitchConfiguration
AllCiscoswitchpackagescontainthefollowingitems:
SwitchDevice
ACpowercable
RolloverCable
GettingStartedcompactdisc
Mountingbrackets
ThereisnodefaultconfigurationintegratedinthenewCiscoswitch.Itishoweverdesigned to connect to the computer host via local connection even without adefaultconfiguration.
Startup configurations are only required when the switch is connected to adifferentswitchortoanetworkgatewaytoestablishremoteconnectionwithothernetwork.
Cisco switches turns into setupmodewhen itdoesnotdetect any configurationstored in the NVRAM. The switch runs Setup mode during any of these twooccasions:
Theswitchispoweredonforthefirsttimeaftertakingitoutfromthebox.
TheinitialconfigurationiserasedfromtheNVRAM.ThetwowaystodeletetheconfigurationisbypressingtheModebuttonfortensecondstoinitiatetheresetprocessintheswitchorbysimplydeletingtheconfigurationfromtheIOSinterface.
Anewconfigurationsetupcanbecreatedthroughanyofthefollowingmethods:
CiscoIOSinterfacecommands
InitialConfigurationdialog
SwitchtoAuto-installsetting
ExpressSetupWebform
ExpressSetupMode
OnlyfoundinCiscoswitches,theExpressSetuputilityletsuserstoconfiguretheswitch.Itwillrequirethesupplicationofthefollowingsettings:
IPaddress
Telnetpassword
Hostname
Consolepassword
Subnetmask
Defaultgateway
To setup theExpressSetupmodemanually through the switch,press theModebuttonandholditfor3to5secondsoruntilalltheLEDindicatorsturnedgreen.UsingtheIOSinterface,locatetheIPaddressoftheswitch.
If the switchdoesnot have a startup configuration, setupmode canbe avoidedthroughanyofthefollowingmethods:
Abortthesetupmodebyusingtheshortcutkeyforpaste:Ctrl+C
Ifthesetupdialogboxinquiresifyoudesiretochangethesettingoftheswitch,click“No”.
Ifthesetupdialogboxinquiresifyouwanttosavetheconfiguration,click“No”.
NamingtheSwitch
TheswitchcanbenamedusingtheCiscoIOScommand:hostname.Thenamesof the switchesmustbe changed to avoid confusionwhenmanually configuringonlyaselectof theswitches inoperation.Thishelps identifywhichswitchesarewhich.
ThefollowingcommandscanbeimplementedintheIOSinterface:
Switch>en
Switch#configt
Switch(config)#hostnameswitch001
switch001(config)#exit
switch001#disable
switch001>
SettingtheMainIPAddressfortheSwitch
SimilartohowthemainIPaddressissetinarouter,theCiscoIOScommandsipdefault-gateway andipaddress are used to build the IP gateway and IPaddressoftheswitch.ThismethodestablishesaremoteconnectiontotheswitchusingbothHTTPandTelnet.ToadjustthecurrentsettingsofthemanagementIPand default gateway of the switch, the following command code can beimplemented:
switch001>en
switch001#configt
switch001(config)#intvlan2
switch001(config-if)#ipaddress192.168.71.22255.255.255.255.0
switch001(config-if)#noshutdown
switch001(config)#ipdefault0gateway192.168.71.12
switch001(config)#exit
switch001(config-if)#exit
switch001#disable
switch001>
PasswordConfiguration
Switch credentials can be changed by configuring Cisco IOS commands byentering credential values to password and login variables. The concept ofpassword configuration is similar for both Cisco routers and switches. Forinstance,Ciscoswitchescanalsosetthreekindsofpassword:
ConsolePassword
AuxiliaryPassword
VTYLinesPassword
PrivilegedPassword
Checktheirdefinitionsonpage14(RouterManagement).
Evenifthereisnopasswordconfiguredforbothconsoleandauxiliaryports,theyareenabledbydefault.AsinCiscorouters,thelackofpasswordconfiguredforthetwo ports is a threat to the security of the Cisco switches and all bits ofinformationthatpassthroughit.
ThefollowingcommandisalsousedtoconfiguretheSwitchpassword:
switch001>en
switch001#configuret
switch001(config)#linecons0)
switch001(config-line)#passwordy1csco
switch001(config-line)#login
switch001(config-line)#exit
switch001(config)#exit
switch001#disable
switch001>
Simply, the above command block sets the password of the Cisco switch toy1csco.Thissectionwillnotdiscuss indetaileachportionof thecodeblockastheyarealreadydiscussedinRouterManagement(page15)
Setting-UpSwitchBanners
Switchbannersarea short textdisplay that isprojected in thecomputer screenwheneverthehosthasjustloggedintotheSwitchnetwork.Setting-upbannersinCisco switches are similar with setting-up banners in Cisco routers. The fourdifferenttypesofbannersthatCiscocanlikewisedisplayare:
EXECprocesscreationbanner
MessageoftheDay(MOTD)banner
Incomingterminalconnectionbanner
Loginbanner
ThedescriptionisthesameasitisinCiscorouters.(Seepage16)
ThefollowingcommandcanbeimplementedtosetupanMOTDbanneroneveryrouterconnections:
switch001>en
switch001#configt
switch001(config)#bannermotd/
EnterTEXTmessage.Endwithcharacter‘&’.
$Thisswitchisownedandmanagedbyenterprise.info.Ifyouarenotconnectedtosaidcompany,pleaselogoffthenetwork
&
sitch001(config)#
AsinCiscorouters,Ciscoswitchesconsidersthetextbetweenthe“$”andthe“&”.
ResettingCiscoSwitches
Again,similartoCiscoRouters,switchesactivatesetupmodeifitsprocessordoesnotdetectaninitialconfiguration.Thishappenswhenthesettingsoftheswitchisreset.Todeletethecurrentconfiguration,performthefollowingfunctions:
1. PressandholdtheModebuttonintheswitchforafewseconds.ReleaseonlywhenalltheLEDstopsblinking.
2. BythetimetheLEDstopsblinking,therouterisreadytorebootitssystem.
Ifyouneedtoaccessaspecificconfiguration(IOSimage)filethatisstoredintheflash memory (instead of the device’s NVRAM), implement the followingcommandlines:
switch001>en
Password:y1csco
switch001#configter
switch001(config)#
switch001(config)#bootsystemflash:/c1440-
enterprise.info-mz.121-32.ES
switch001(config)#exit
switch001#disable
switch001>
Theabovecommandsletyouaccesstheimagefilestoredinthisaddress:
flash:/c1440-enterprise.info-mz.121-32.ES
AuxiliaryPassword
Ciscoswitchersandroutersalikehaveauxiliaryports.Toconfigureapasswordforauxiliaryports,thefollowingcommandlinescanbeimplementedinthesystem:
switch001>en
switch001#configt
switch001(config)#lineaux1
switch001(config-line)#passwordauxycsco1
switch001(config-line)#login
switch001(config-line)#exit
switch001(config)#exit
switch001#disable
switch001>
PrivilegedPassword
PasswordscanonlybesetsothatonlyspecificuserscanaccessspecificfunctionsdisposedofbyaCiscoswitch.
switch001>en
switch001#configt)
switch001(config)#enablesecretcryptycssco1
switch001(config)#exit
switch001#disable
switch001>
RecoveringLostPassword
As in Cisco routers, Cisco’s password-recovery feature should have beenenabled before the password can be retrieved. If the feature is enabled, thefollowingstepscanbeused:
1. Whentheswitchbeginstoreboot,attempttointerferewiththesystemthroughanyofthemeansenumeratedintheprevioussections.
2. UsingtheCiscoIOSInterface,accessthefilemanually.
3. Hide the default configuration file to prevent the switch processors fromaccessingit.
4.Manuallyreboottheswitch.
5. Unhidethedefaultconfigurationfile.
6.RelocatetheconfigurationfilefromNVRAMtotheflashmemory.
7. Changethepassword.
8. Savethecurrentconfigurationfile.
9.Restarttheswitch.
Chapter8.NetworkTrafficManagement
CiscoSwitchesmanagesthetrafficwithinthelocal-areanetwork.Thehostdevicestasked to sendadatapacket communicates firstwith the switch and the routerbefore they transmit frame to a target computer device connected to a remotenetwork. Most of the time, data transmission involves devices that are notconnectedonthesame localnetwork.Evenbefore thedatapacket issent to thedestinationnetwork,itshouldfirstbetransmittedtotheLANgateway.TheLANgateway then chooses then transmits the data packet to the wide-area network(WAN)untilthepacketreachesthedestinationlocalnetwork.
Sending data packets in the same LAN: The MAC address of thedestinationhostdeviceisconfiguredasthedestinationMACaddressofthedatapacket.
Sendingdatapackets to adifferentnetwork:TheMAC address oftheLANgateway isconfiguredas thedestinationMACaddressof thedataframe.TheLANgatewayroutesthedatapackettotheWAN.
SwitchingModesUpon receipt of data frames, the switch decideswhatmust be done to the datapackets inside the frame. The three things that most Cisco switches do to theframetheyreceiveare:
Transmittheframetothedestinationport
Transmittheframetoalltheports(withthatexceptionoftheporttheframeusedtogetin)
Discardsorfilterstheframe
ThethreeswitchingmodessupportedbyLayer2switchesare:
1. Store-and-forward:Thisswitchingmodeperformsthesesteps:1.1.1. The entire data frame is stored inside the switch’s temporary
memory.
2.1.2. Theswitchimplementstheframechecksequence(FMS)tomakesurethatthecontentsoftheframeisvalid.
3.1.3.TheswitchcheckstheMACaddressofthesourceanddestinationofthedataframe.
4.1.4. TheswitchrememberstheMACaddressofthesourceofthedataframeinthesamerowastheincomingport.This informationisthenstoredintheMACaddresstable.
5.1.5.IndeterminingthedestinationMACaddress,theswitchthencheckstheMACaddresstable:
IftheMACaddresstablecontainsthedestinationMACaddress,theswitchtransmitsthedataframeonlyontheoutboundportdescribedintheMACaddresstable.
IftheMACaddresstabledoesnotcontainthedestinationMACaddress,theswitchsendsthedataframeonalloutboundportswiththeexceptionofwherethedataframewentin.
2.Cut-Through:Thisswitchingmodeisseveraltimesfasterthanthepreviousmode.Theswitchdoesnotsavethewholeframewithinitsbuffermemory.Thismodemanagesthedataframeimmediatelyuponreceiptofthefirstsixbytesofthedatapacket:
2.1. Theswitchimmediatelychecksthefirst6bytesofthedestinationMACaddress.
2.2. Theswitchthencomparesthe6bytestothedataentrylistedintheMACaddresstabletocomposealistofpossiblematches.
2.3.OnceitfindsacompatiblematchamongtheentrieslistedintheMACaddress table, the switch automatically sends the data frame to theappropriateoutboundevenbeforethedataframehasfinishedloadingupintheinboundportoftheswitch.
This switchingmethoddoesnotcompute for theFCSbefore itproceeds totransmitthedataframe.Theonlydownsideofthisswitchingmethodisthattheswitchdoesnotfilterthedataframetodeterminewhethertheframeisvalidornot.Thismightcausetrafficcongestioninthenetwork.
3.Fragment-Free:This switchingmode is like a hybrid of the two previousswitchingmodes.Itcombinesthebestfeaturesofbothswitchingmodes.Thismodeknows thatvalid frameshaveasizeofat least64bytes.Fragment-freemodechecksbitsizeanddeemsalldataframesthathaveatleast64bytesasavalidframe.Inthismode,theswitchdoesthefollowing:
3.1.Uponreceiptoftheframe,thisdevicesavestheinitial64bytesofthedataframeintheswitch’stemporarymemorymodule.
3.2. Theswitch inspects theMACaddressofboth thesourceand thedestinationoftheMACaddressinscribedinthereceivedframe.
3.3. The switch then records theMACaddressof the source and thecorrespondinginboundportwherethedataframecameintotheMACaddresstable.
3.4.TheswitchcountercheckstheMACaddressofthedestinationtotheentriesintheMACaddresstable.
IftheMACaddresstablecontainsthedestinationMACaddress,theswitchtransmitsthedataframeonlyontheoutboundportdescribedintheMACaddresstable.
IftheMACaddresstabledoesnotcontainthedestinationMACaddress,theswitchsendsthedataframeonalloutboundportswiththeexceptionofwherethedataframewentin.
Thisswitchingmodetransmit the frameassoonas ithasreceivedthe first64bytesofthedataframehasbeenreceived.Justlikecut-through,fragmentfree switching mode does not compute for the FCS. Just like store-and-forward switching mode, fragment free mode prevents the switch fromtransmittinginvaliddataframes.
Store-and-forwardisslowerbecauseitcalculatesfortheFCSbutitisreliablebecauseitcalculatestheFCS.
Cut-throughisfasterbecauseitdoesnotneedtoholdthewholedataframeandcalculatetheFCSbutitislessreliablebecauseforwardsallframeregardlessiftheyarevalidornot.
Fragment-freeisnotasfastascut-throughswitchingmodebutitisfasterthanstore-and-forwardbecausefragment-freeswitchingmodeonlychecksthefirst64bytes.ItalsodoesnotcalculatetheFCS.
Invalidfamesaretypicallysmallerthantheusual64bytes.
Fragment-freeswitchingmodesonlyconsiderthefirst64bytes,makingitfasterandmoreefficientthanstore-and-forward.
Chapter9.SpanningTreeProtocol(STP)
Switches are often interconnected with each other through self-repeating linksthathelp ensure the integrityof inter-switch connections.Theonlydownsideoftheseself-repeatinglinksisthattheyoftenleadtodangeroustransmissionloopsthattrashesthetablecontainingMACaddressesandcausesbroadcasterrors.Dueto this, switches must find a way to avoid transmission loops. This is whereSpanningTreeProtocol(STP)comesintoplay.
Self-repeatinglinksthatconnectsdata-linkswitchestogethercausesdataframestobesentrepeatedlythroughtheLayer2switches.SimilartodataframesinLayer3 networks, data-link frames does not die on its ownwhen they are configuredwithaMACaddressofaninexistentswitch.Withoutswitchingprotocolsinplace,frames like these just tend to bounce forever from one switch to another. Thisleadstobandwidthwastage.
ProblemscausedbyTransmissionLoops:Transmissionloopsinthedata-linklayeroftenleadtothefollowing:
1. Thrashingof theMACAddressTable:The integrity of the informationreported and organized in theMAC address table is compromisedwhenevertransmission loops occur. This is caused by different ports bundled togetherwithsimilarMACaddress.Thiscausesconfusionbecausetheswitchisunabletodeterminewhichexitporttoaccess.
2. BroadcastErrors:Otherwiseknownasbroadcaststorms,broadcasterrorshappenwhenframesbouncenon-stoptointerconnectedswitch.
SpanningTreeProtocolSpanning Tree Protocol closely monitors the network and organizes everyestablished connection, especially self-repeating links.After compiling pertinentinformation about the switching network, STP disables self-repeating links,establishingoptimizedconnectionsin-betweenswitches.
Undernormalsituations,optimizedconnectionsareenabled.
Ifanyoftheoptimizedconnectionsfail,STPpicksrandomlyoneoftheless-preferredself-repeatinglinksandenablesit.
STPperformstheabovestepsbyassigningarootbridgeoraswitchthatwilltaketheroleofthedecisionmakerforthenetwork.TherootbridgealsocommunicateswithnonrootbridgesorotherswitchesconnectedtotheLAN.
Rootbridge:Thisswitchdiscriminateswhichroutesshouldbeusedandwhichroutesshouldn’tbeused.
Nonrootbridge:Thisswitchassiststherootbridgeindeterminingwhichroutesbetweentherootandnonrootbridgesarepreferredandwhichroutesarenotpreferred.
The Spanning Tree Protocol implements three main operations to maintain astableLANconnection:
1. PickingtheSTPRootBridge:Therootbridge isselectedbydeterminingwhichamongtheswitchconnectedintheLANhasthelowestbridgeID.
2. AllocatingrolesforSTPporttypes:PorttypesdefinethebehaviorortherolesplayedbytheportsfoundinalltheswitchesconnectedintheLAN.STPallocates specific roles for each of the ports in the switch for smoothconnectivity.
3. Attaining STP convergence: The proper assignment of port types oftenleads to STP convergence. Once the ports are all properly set-up, the STPachievesasteadyandloop-freenetworkconnectivity.
AssigningSTPPortTypesSTP organizes ports based on the roles assigned to the ports during the initialconfigurationoftheSTP.RoleassignmentsarebasedontheEthernetbandwidthcost computed by the distance from the root switch to any of the immediatenonrootswitches.
Asmentionedinthepreviouschapter,switchesuseself-repeatinglinksthataddstothebandwidthlimitofaparticularpath.Theselinksprovideadditionaloptions,if in case a single connection fails. These links are lumped together to a clustercalledconnectionpath.Eachof thesepaths isassociatedwithabandwidthcost,computed by the STP before it chooses which path it will use to transmit dataframes.Thelistofcostisasfollows:
Bandwidth STPCostFactor
10Gbps 2
1Gbps 4
100Mbps 19
10Mbps 100
As youmayhavenoticed, fasterbandwidthsare assignedwith smallerSTPcostfactor when STP computes for path cost. This is because STP prefers fasterbandwidths.A10Gbpspathisobviouslyfasterthana1Gbps,STPhencedeemsitefficientfordataframestotravelat10Gbpsthan1Gbpsbecauseitsavestimeby1/10ofasecond.
Spanning Root Protocol then reassigns 1 Gbps path as simply a root port or asecondary connection to the preferred path. Consequently, it also reassigns 100MBpsand10Mbpspathsasadesignatedportandablockingportrespectively.
RootPortsOncetheSTPhascomputedforandassignedarootbridgeorthemainpath,theswitchwillusewhensendingdataframeswithinthedata-linklayer,theSTPwillthenselect the second least costas therootport.Thisportprovides connectionbetween the switch and the STP-designated root bridge. The characteristicsrequiredofarootportare:
AportthatincurstheleastSTPcostenroutetotherootbridge
Aportthatconnectstherootbridgeandthenonrootswitchdirectly.
Switchesuse theSTPtocommunicateamongeachotherwhileat thesametimecalculating thecost inbetweeneachpathnear therootbridge.Theotherswitchadds the costmeasured by their neighbor to comeupwith the total cost of thepathoptionsbetweenthenonrootswitchesandtherootbridge.
RootPorts(cisco.com)
DesignatedPortsAfter the STP has assigned the root port for the switch, the other portswill beassignedtoeitheractasadesignatedportorablockingport.
STPDesignatedPort:Thisporttransmitsreceiveddata-linkframesinandoutoftheLAN.
STPBlockingPort:Thisportdoesnottransmitanyofthedata-linkframes.
DesignatedandBlockingPorts(cisco.com)
Choosing Designated Ports based on STP PathCostTheSpanningRouteProtocolcomputesforthepathcostbetweenrootbridgesandnonrootswitches.Intheabovediagram,whenSW1istaskedtosendadataframetoSW2,itispresentedwithtwochoices:direct(fa0/1)andindirectpath(fa0/2).Considerthatthedirectpathonlycosts19toconnecttoSW2whereastheindirectpathcosts 19 toget fromSW1 toSW3,and thenanother 19 toget fromSW3toSW2.Thetotalcostforthedirectpathisjust19incontrasttothetotalcostoftheindirectpathas38(orasumof19and19).Inthiscase,SW1willchoosethedirectpathtowardsSW2.
TakenotethattakingthedirectpathautomaticallymeanslestcomputedSTPpathcost.Iflet’ssaythepathcosttogetfromSW1toSW3isjust2andthecostfromSW3 to SW2 is just 10 for a total of 12, then the indirect path now costs lesscomparedtothedirectpathwhichcosts19.
ChoosingDesignatedPortsbasedonBridgeIDIf theSTPpathcost is thesameacrossallports, thepathwith lowestBridgeIDassumestheroleofthedesignatedportortherootport.
STPConvergenceOncealltheportshavebeenassignedwithaspecificrole(forwardingorblocking)in theswitchnetworks, theLANisridof loops.Bybuildingacatalogueofportsand their roles, theSTP is able to stabilize thenetworkdespite the existence ofloopinglinks.Astabilizednetworkisoftenreferredtoastheconvergednetwork.
BridgeProtocolDataUnits(BPDUs)BPDUsareuniquedataframessentbyswitchestoeachotherevery2seconds.TheinformationstoredintheBPDUincludesparametersthataidswitchestochoosearoot bridge and decide which port will be assigned as either designated orblocking.TheseparametersincludeportIDs,bridgeIDsandSTPpathcosts.
ForwardDelay
HelloTime
MaximumAge
MessageAge
PortIdentification
BridgeIdentification Priority
BPDU(stpcomputer.com)
STPPortStatesSTPmanagestheportsofswitchesbylettingthemassumeanyofthesestates:
Blocking Blockingportsareportsthatarenotallowed to forwarddata-link framesin the network. This port merelylistens to the LAN. Blocking portscan receive and process BPDUs butit can transmit processed BPDU.Ports that are set to blocking stateprevent the existence oftransmission loops while STPconvergestheswitch.
A designated port can temporarilyassumeblockingstatewhentheSTPdetects a network topology statenotification (TCN) BPDU sent byneighboring routers. This preventsthe creation of self-repeating linksthatcanharmthenetwork.TheSTPconverges
Duration:20secondsMaxAgeTimer
Disabled These ports have been manuallydisabled by the switch manager.These ports have no participation,direct or indirect, in the networkactivities. They are not part of thestabilizing process that STPperforms to converge the network;thus, theseportsunable to transmitorreceivedataframes.
Duration:Foraslongastheswitch-administratorwillsittobedisabled.
Forwarding When a port dispenses forwardingfunction,ithasbecomeeitherarootportoradesignatedport.Itcan’tbeablockingportforthereasonthataport ina forwardingstateshouldbeable to transmit information. Allports currently in the forwardingstate should be able to transmit orreceivedataframes.
Duration:Foreveraslongastheportisenabled.
Listening Ports often undergo the listening
Duration:15secondsForwardDelayTimer(Phase1)
phase in preparation fortransmitting frames to other ports.This listening phase is named suchbecauseitlistenstotheBPDUs.Noteverypieceofinformationalisteningport gets from listening to thenetwork go to the MAC addresstable.
Theforwarddelaytimerismadeupof both the listening time (phase 1)andthelearningtime(phase1).Thisalsoreferstotheamountoftimetheport takes before it forwards a dataframetoadifferentport.
Learning The information gathered from thelisteningstateisthenrecordedtotheMAC address table. This phase iscalled the learning phase. Theseports gather all pertinentinformation to help the switchdispenseitsfunctionseffectivelyandefficiently. A port in the learningphase is not yet ready to forwarddatatootherports.
Duration:15secondsForwardDelayTimer(Phase2)
ExclusiveCiscoSTPOptions
Forsomepeople,50secondsisstilltoolongbeforetheSTPisabletoconvergetheswitchnetworks.Cisco,however,offersasolutionforthisconcern.Thefollowingconfiguration can only be applied to Cisco routers to diminish dramatically thedelaytimebeforeSTPconvergence:
1. PortFast:
ThisconfigurationoptioncanbeappliedonportswhoseparticipationisnotarequirementoftheSTP.Theseportsarenotpartoftheinterconnectionofhubs,bridgesorswitches.Forinstance,thesingularlinkfromtheswitchtothehostdeviceisunlikelytocauseaswitchingloop;therefore,thislinkisnotrequiredtotakepartintheconvergingprocessbytheSTP.
PortFastoptionsturnoff theSTPprotocol for thesaid linksothat the linkbecomesactiveevenbeforetheSTPconvergenceprocessiscomplete.
To set the hypothetical interface fa0/1 interface using PostFastconfiguration,thefollowingcommandscanbeimplemented:
switch001>en
switch001>configt
switch001(config)>intfa0/1
switch001(config-if-range)>spanning-treeportfast
2.BPDUGuard
This configuration option is used alongside the PortFast option whenrunningtheswitchesontheaccess layer.Whentheaccess layer isenabled,thePostFastoptioncancausepotentialharm to thenetwork if it suddenlyenabledlinksthatinterconnectswitchestogether.RememberthattheroleofPostFastconfigurationistodisableSTPonportsthatareunlikelytocreateswitchingloops.Shouldalinkbeturnedoffaccidentally,theexactoppositewillbeachieved:moreloopswillbecreatedinsteadofavoided.
The BPDU guard prevents this by turning the port into an error-disabledphase.TheguardwillthenevaluateifPostFastoptionwascorrecttodisabletheSTPofaparticularlink.IfBPDUfeelsthatPostFasterredindisposingofitsfunctions,theconcernedportswillgenerateanerrormessagetoalerttheswitchadministratorofthemistake.
To set the hypothetical interface fa0/1 interface using the BPDUGuardconfiguration,thefollowingcommandscanbeimplemented:
switch001>en
switch001>configt
switch001(config)>intfa0/1
switch001(config-if-range)>spanning-treebpduguardenable
3.BPDUFilter
This option bars BPDU frames from getting through a port that has beendeterminedbyPostFasttobeincapableofmakingtransmissionloops.IftheBPDUFilter is disabled, the port will still receive BPDU frames incurringextradelaytime.BPDUframescanonlybeusedwhenSTPisenabledhenceitisnotpracticaltostillsupplyBPDUframestoportswhereSTPisalreadydisabled.
To set the hypothetical interface fa0/1 interface with the BPDUFilterconfiguration,thefollowingcommandscanbeimplemented:
switch001>en
switch001>configt
switch001(config)>intfa0/1
switch001(config-if-range)>spanning-treebpdugfilterenable
4.UplinkFast
ThisoptiondecreasesthetimeittakesfortheSTPconvergencetofinishbyassigning a temporary backup root portwithin the switch. This allows theswitchtoswitchportsimmediatelyjustincasethemainrootportfails.
To use UpLinkFast configuration, the following commands can beimplemented:
switch001>en
switch001>configt
switch001(config)>spanning-treeuplinkfast
5.BackboneFast
ThisCiscooption lets the switch to automatically spot errors on links thatarenotdirectlyconnected to theswitch.Thiserror-detectionconfigurationspeedsupSTPconvergence.
TouseBackboneFast,thefollowingcommandscanbeimplemented:
switch001>en
switch001>configt
switch001(config)>spanning-treebackbonefast
Note that in bothUpLinkFast and BackboneFast, the option is configurednot on the particular link but on a specific switch. The above commandsconfiguredbothconfigurationstoswitch001.
Chapter10.VirtualLocalAreaNetwork(VLAN)
AVirtualLocalAreaNetwork(VLAN)isacollectionofhostdevicesandnetworkresourcesdependingoneithertheMACaddressesofthehostsortheroleassignedbytheportsinthesystem.AsingleVLANcanincludemorethanoneswitchforaslongastheybelongtothesamenetwork.
BenefitsofVLANsThemanyupsidesofcreatingaVLANinclude:
1. Upgradesecurity:ComputerhostsoruserscanbeassignedtomanageeachVLANforclosemonitoring.
2. Upgrade network flexibility and management capability: VLANmembershipcanbemanagedfromasingularlocationeveniftheswitchesarelocatedelsewhereiftheyareconnectedtothesamenetwork.Inter-VLANandVLAN Trunking Protocol (VTP) allows switchmanagers tomanage networkresourceswithminimaleffort.
3. Upgrade Network Efficiency and Usage: VLAN allows networkmanagerstosetwhichnetworkresourcesareavailabletospecificVLAN.Thisallowsthenetworktoconservenetworkresources.
4. Set a limit on the broadcast domain size: Probably the mostimportant use of VLAN is to minimize the size of the broadcast domain.SubdividingtheLANintosmallerlogicalVLANwillonlyrequireframestobebroadcastedonspecificVLANsinsteadofthewholeLAN.
CreatingVLANsTocreateaVLANforaCiscoswitch, the IOScommandvlanmustbeused.Thecommand should also assign a number to the VLAN. This number must bebetween2and4094.UsuallytheVLANiscreatedbasedonthefunctionitserves.Considertheblockofcodebelow:
Switch001>en
Switch001>configt
Switch001(config)>vlan2
Switch001(config-vlan)>nameFinance
Switch001(config-vlan)>exit
Switch001(config)>
TheabovecodecreatesaVLANcalled“Finance.”
KindsofVLANStaticVLAN:UsingtheCiscoIOScommandswitchportaccessvlan,aspecificportwillbeassignedtoaspecificVLAN.ThiscreatesastaticVLAN.Otherwisecalledastheport-basedVLAN,staticVLANsarebasedontheports,whichthecomputerhostslatchontoestablishaconnectionwiththeswitch.Thisisperfectforsmall-scalenetworks.ThiskindofVLANmayneedconsistentmanualportintervention,makingithardforwide-scalenetworkstoadoptastaticVLANmembership.
DynamicVLAN:TheVLANMembershipPolicyServer(VMPS)isenabledwheneverdynamicVLANisused.TheVMPSmaintainstheMACaddressesofalllinkeddevicesandliststhemdowninatable.EachMACaddressescanthenbeassignedtoaspecificVLAN.Regardlessofhowyourdevicesareconnectedinthenetwork,thedevicewillalwaysbeallocatedtotherightVLAN.
VLANTrunkingThis process lets the switches transmit VLAN data through various interswitchconnectionsconnectedviaa trunkports.TrunkportsenableVLANtoextend itsreachtomorethanjustoneswitch.
EtherChannelWhenusingRTP,switchmanagersarealwaysadvisedtoenableEtherChannelforrepeatinginterswitchconnections.Thisprocessclustersredundantportsintoonevirtual trunk.Since this includesgroupingseveralports together, thisprocess isalsocalledporttrunking.Thisprocessiscalledlinkaggregation.
Asmuchaseightportscanbegrouped together through theEtherChannel.ThebenefitsofEtherChannelare:
1. Managefaults:EtherChannel isbuilt tohavea fault tolerancemechanisminfusedtoit.Shouldalinkorportstarttoshowsignsoffailing,EtherChannelwillresenddatatraffictootheroperationalports.
2. Distributeload:Etherchannelisbuiltwithaload-balancingalgorithmsthatdistributes network traffic through other ports instead of concentrating on asinglepor.
3. RaiseBandwidth:When Etherchannel bundled up eight redundant portstogethertoasinglevirtualport,thebandwidthisincreasedbyasmuchasthetotalbandwidthofeachoftheeightbundledupports.
WhenCiscodeveloped theEtherChannel, at least twoprotocolsareput inplaceandtheseare:
LinkAggregationControlProtocol(LACP):ThisprotocolusesIEEE8023.3adtocontroltheEtherChannel.LACPisnotexclusivetojustCiscoswitches.Infact,otherbrandscanuseLACPfortheirswitches.
PortAggregationProtocol(PAgP):UnlikeLACP,PAgPisCisco-owned.ThisprotocolcanonlymanageEtherChannelwithinCiscoswitches.
ConfiguringEtherChannel
ThestepsbelowcansettheportstofulfillthefunctionofbothVLANporttrunkandEtherChannelporttrunk:
1. EstablishanEtherChannelporttrunk:1.1.1. Create theport trunkby implementing theCisco IOScommand:
interfaceport-channel.
2.1.2. ChoosewhichphysicalinterfacetoassigntheEtherChanneltrunkthe previous step created. For this step, implement this Cisco IOScommand:interfacerange.
3.1.3. Assign the chosen interface to the EtherChannel trunk byimplementingchannel-group.
2. SettheVLANtrunktothelogicalporttrunk:1.2.1. Select theEtherChannelportandthenimplementtheChiscoIOS
command:interfaceport-channel.
2.2.2. Set the selected EtherChannel port as the trunk port byimplementingtheCiscoIOScommand:switchportmodetrunk.
TypesofSwitchPortsThe two types of Switch ports can be either access ports or trunk ports. Thesetypes can be manually assigned to a switch port by using the IOS command:switchportmode. Aside from this Cisco command, Dynamic Trunking Protocol(DTP)canbeusedtomanageswitchportsincludingassigningitstypeandthus,itsfunctioninthenetwork.
1. AccessPorts:Switchportsare,bydefault,settofunctionasaccessports.Iftheportisdirectlylinkedtoanotherswitch,DTPconvertstheswitchporttoatrunkport.
2. Trunk Ports: Switch ports must be manually configured before theyassumetheresponsibilitiesofbeingatrunkports.IftheportisconnectedtoahostdeviceorenddevicelikeIPtelephoneorcomputerhost,DTPconvertstheswitchporttoanaccessport.
Chapter11.VoiceoverIP(VoIP)
Voice over IP protocols convert voice input, from the handset microphoneconnected to an IP phone, to digital signals. These protocols break down theconverted digital signals into smaller bits wrapped inside data packets or IPpackets.TheseIPpacketsarethentransmittedoverthenetworkuntiltheyreachthedestinationIPtelephonygateway.OncetheIPpacketsarrive,theIPtelephoneimmediately begins extracting the digital signals and converts them to analogsounds.
QualityofService(QOS)TheQOSisaspecialconfigurationforVoIPtoimprovethequalityofaudioinputandoutput.This involves fulloptimizationof theconversionprocessso that thedigitalsignalderivedfromtheaudiorecordingisproperlyconverted,wrappedandsenttothedestinationwithouthitch.
The lack ofQoS configuration inmost VoIP leads to IP packets lagging behindotherdataframessentthroughthenetwork.Thisdelayleadstothesoundbeingdelayed,brokenorcutoffcompletely.
VoIPimplementsQoSattwoOSIlevels:
Layer2(DataLinkLayer):Classofservice(CoS)
Layer3(NetworkLayer):IPpriority
By default, the VoIP values in both layers are 0 (least priority). With QoSconfigured,VoIPgetsapriorityvalueof5(highpriority).
CiscoIPPhoneThe Cisco IP phone is a device specifically configured for VoIP. This device isconnectedtooneof theswitchaccessports.TheIPphonealsoactsasaLayer2switch.Ithasthreeports:
InternalConnection:ThisisaportfoundinsidetheIPphone.ThisportestablishesaconnectionwiththeprocessoroftheIPphone.
PC(10/100PC):Oftenusedtoconnectthephonetothecomputerhost,thisportisthesinglemostimportantportfoundinatypicalCiscoIPPhone.
Uplink(10/100SW):Thisportiscreatedspecificallyforestablishingastableconnectionbetweentheswitchaccessport(network)andtheupstream
CiscoDiscoveryProtocol(CDP)ObviouslyaCisco-proprietaryprotocol,theCDPiscreatedtofindallthedevicesdirectlyconnectedtotheport.ThisprotocolisenabledinCiscoswitchesandCiscoIPphonesbydefault.CDPletstheupstreamswitchto locatetheCiscoIPphoneandconveytheneededinteractionnumbersthatarebestforVoIP.
Theswitchcan interactwith the IPphone through theCDP toconfigure thePCporttoeither:
TrustingPCport:ThisporttruststheCoSandIPpriorityvaluesconfiguredonalloftheinboundIPpackets.
NontrustingPCport:ThisportdoesnottrusttheCoSandIPpriorityvaluesconfiguredonalloftheinboundIPpackets.ItwillthenkeepthevaluesforbothIPpriorityandCoSat3(intermediatepriority).
EnablingQoSintheUpstreamSwitchToconfiguretheupstreamswitchtosupportVoIP,QoSmustfirstbeturnedonintheswitch’sIOSinterface.EnablingtheQoSrequirestheCiscoIOScommandmls.Considerthecommandblockbelow:
switch001>en
switch001>configt
switch001>mlsqos
ThenextstepistoadjustthesettingsoftheaccessportstotrusttheCoSandIPpriority values of inbound IP packets sent by the Cisco IP phone. To do this,implementthecommandblockbelow:
switch001>en
switch001>configt
switch001(config)>interface
switch001(config-if)>switchportpriorityextendtrust
switch001(config-if)>mlsqostrustcos
TheabovecommandssettheaccessporttoatrustingPCportandonthelastlineitconfiguredtheswitchtoalsotrustCoSvalues.
Chapter12.TroubleshootingSwitches
In a typical problem-solving scenario, the first step is to gather pertinentinformation about the switch. Before proceeding to fix the problem, it alwayshelps to have an idea of what the possible problems are. The IOS interface isalwaysagoodplacetostartwhentryingtofindoutwhatcouldhavepossiblygonewrong.
GatheringInformation1. IOSVersion
Even before you type in troubleshooting commands, it is important toknowtheversionofCiscoIOSyouareworkingon.ThefourwaystofindoutwhattheIOSversionisareasfollows:
GUIdisplay
CiscoIOScommand:showversion
IOSimagefile
OutputMessageoftheBootProcess
2.MemoryContentsandSwitchConfiguration
Anotherthingthatmustbedeterminedbeforetroubleshootingtheswitchis to know the configuration of the switch includingwhichmemory theswitch is stored. The differentways to inspect switch configuration andmemorycontentsare:
CiscoIOSFileSystem(IFS)commandstocheckontheconfigurationoftheflashcontent,RAMandNVRAM.
CiscoIOScommands:
show tech-support
This command checks everypossible technical metricsusedbytheswitch.
show startup-config
This command checks theinitialconfigurationstoredintheNVRAM
show running-config
This command checks thepresent configuration storedintheRAM
Showflash This command inspects thecontentsoftheflashmemory.
3.SystemMessagesandCiscoSwitchLogs
Aside from the intrinsic properties of switches, log files and systemmessages provide themost useful troubleshooting information.Most oftheerrorsandcausesoferrorsarelistedinthelogfiles.Theinformation
from log files often offers a descriptive analysis of what could haveprobablygonewrongbasedonaself-checkthedevicehasundertaken.
Thetwowaystochecktheselogfilesarethroughthefollowing:
CiscoNetworkAssistant(CAN)
CiscoIOScommand:showlogging
Thelogginglevelsareasfollows:
SyslogType Description Severity Level
LOG_EMERG Theswitchisnolongerusable.
0 Emergencies
LOG_ALERT Theswitchneedstobecheckedimmediately.
1 Alerts
LOG_CRITICAL Theswitchhasa“seriouscondition”.
2 Critical
LOG_ERROR Theswitchhasan“error-filledcondition”.
3 Errors
LOG_WARNING Theswitchhasa“warningcondition”.
4 Warnings
LOG_NOTICE Theswitchhasa“significantcondition”.
5 Notifications
LOG_INFO Informationmessage
6 Informational
LOG_DEBUG Debuggingmessage
7 Debugging
Takenotethat0inseveritymeansthattheswitchisnotfunctional(zerofunctionality)and7meansthattheswitchisfullyfunctional.
Aside from the above information, the system can also provide thefollowinginformation:
Logbuffer Thisshowstheextentoftheinternallogbuffer
Traplogging
ThisshowsthelogginginformationwithrespecttotheSyslogservers.
Filelogging
Thisshowsthepropertiesofeveryfileinthememory.
Countandtimestamplogging
Thisshowsthenumberof logmessagesrecorded by the switch processors andthetimelogmessagesarecreated.
Exceptionlogging
This shows the extent of the exceptionconfiguredintheinternallogbuffer.
Bufferlogging
Thisshowstheinternalconfigurationoftheloggingbuffer.
Monitorlogging
Thisshows the loggingconfigurationoftheVTL(SSHandTelNet).
Consolelogging
Thisshows the loggingconfigurationoftheconsole.
Sysloglogging
ThisshowstheloggingconfigurationfortheentireCiscoswitch.
TroubleshootingSwitchConnectivityTorepairtheconnectivityoftheswitchtothenetwork,performthefollowingsteps:
1. Checkthepatchpanelsandcables.
Makesurethattheyarenotdamaged.
Makesurethatthecontactpinsarelatchedtightlytotheswitchports.
Makesurethatthecorrectcableisusedintheconnection
MakesurethatthelinkdoesnotsurpasstheextentofthedistancesupportedbyEthernetconnection.
2.Checktheportintegrityoftheswitch.
CheckthestatusoftheportsbyimplementingthefollowingCiscoIOScommands:
showlogging
showvlan
showinterfacestrunk
showinterfacesswitchports
showinterfacesstatus
showinterfacesstatuserr-disabled
3.UsetheCiscoIOScommands:tracerouteandping.
ThePingtoolisacommandthatsendsemptyIPpacketstoaspecificIPaddresstomeasuretheconnectionbetweenthetwoports.
1. StarttheCNA.
2. Usinglevel_15_acess,logontotheswitch
3. ClicktheTroubleshootingtab.
4.ClickPingandTrace.
5. WithinthePingandTracedialoguebox,choosePingtool.
6.InserttheIPaddressoftheDestination.
7. ClickStart.
IntheIOSinterface,implementthefollowingcommand:
switch001>ping192.168.72.00
TheTraceroutetoolisacommandthattreadstheIProutebetweenthesourceanddestinationnodeswithintheTCP/IPnetwork.
1. StarttheCNA.
2. Usinglevel_15_acess,logontotheswitch
3. ClicktheTroubleshootingtab.
4.ClickPingandTrace.
5. WithinthePingandTracedialoguebox,chooseLayer3tracetool.
6.InserttheIPaddressoftheDestination.
7.ClickStart.
Conclusion
Thankyouagainforpurchasingthisbook.
IhopethisbookwasabletogiveyoucomprehensiveinformationonCCNAroutingandswitching.Usingthisbookasaguide,youcouldbecomeanetworkengineerwithasolidfoundationalknowledgeofthemechanismsofCisconetworks.
Finally,ifyouenjoyedthisbook,thenI’dliketoaskyouforafavor.WouldyoubekindenoughtoleaveareviewforthisbookonAmazon?It’dbegreatlyappreciated!