cisco ccna certification noteshome.wtnet.de/~sbuelow/ccna.pdf · cisco ccna certification notes by...
TRANSCRIPT
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 2 von 121
0. Table of Contents
0. Table of Contents _______________________________________2
1. IOS Basics ____________________________________________10
CLI – Command Line Interface__________________________________10 Exec Modes ___________________________________________________ 10
Syslog & Debug _____________________________________________11 Overview______________________________________________________ 11
Configuration processes & configuration files_______________________12
Cisco Discovery Protocol (CDP)_________________________________12
IOS Images_________________________________________________12 Boot system command ___________________________________________ 13 Password recovery ______________________________________________ 14 Memory types & function _________________________________________ 14
2. OSI reference modell ___________________________________15
Osi Layers, roles and examples _________________________________15
Encapsulation _______________________________________________15
PDU – Protocol Data Unit ______________________________________15
TCP/IP, Novell Netware and OSI in comparison ____________________15
Connection-oriented vs. connectionless ___________________________16
Error detection ≠ error recovery _________________________________16
Flow controll ________________________________________________16 Buffering ______________________________________________________ 16 Congestion avoidance ___________________________________________ 16 Windowing ____________________________________________________ 16
OSI Data Link layer functions ___________________________________17
OSI Network layer function _____________________________________17
routing notes________________________________________________17 routed protocol _________________________________________________ 17 routing protocol _________________________________________________ 17 routing table ___________________________________________________ 17
3. Bridges, switches and LAN design ________________________18
LAN types __________________________________________________18 Ethernet ______________________________________________________ 18 Token Ring ____________________________________________________ 18 FDDI _________________________________________________________ 18
LAN Adressing ______________________________________________18
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 3 von 121
MAC address __________________________________________________ 18 Most significant bit __________________________________________________ 18 Unicast address ____________________________________________________ 18 Broadcast Address __________________________________________________ 18 Multicast Address ___________________________________________________ 18 Functional MAC Address _____________________________________________ 18 Broadcast bit_______________________________________________________ 18 local/universal bit ___________________________________________________ 19
LAN framing ________________________________________________19
LAN standards ______________________________________________19
Bridging, Switching and Spanning Tree Protocol ____________________20 Transparent Bridging ____________________________________________ 20 Lan Switching __________________________________________________ 20
Broadcast and collision domain _________________________________20
Switching Methods ___________________________________________21 Store and forward switching _______________________________________ 21 Cut Through switching ___________________________________________ 21 Fragment free switching __________________________________________ 21
Comparison of bridging, switching an routing _______________________21
Spanning Tree Protocol (STP) __________________________________22 Explanation: ___________________________________________________ 23 Summary______________________________________________________ 23 How STP works ________________________________________________ 24
Goal _____________________________________________________________ 24 Way _____________________________________________________________ 24
Root bridge election _____________________________________________ 25 Network topology changes ________________________________________ 25
Timers in CBPDUs __________________________________________________ 25 Change type one – no CBPDUs received on any port for MaxAge _____________ 26 Change type two – CBPDUs received on some ports (no CBPDUs on root port) __ 26
STP graphics __________________________________________________ 27 Root bridge election _________________________________________________ 27
VLAN – Virtual Local Area Network ______________________________28 Definition______________________________________________________ 28 Advantages____________________________________________________ 28 VLAN tagging (ISL Inter Switch Link) ________________________________ 28 VLAN summary_________________________________________________ 28
VTP – VLAN Trunking Protocol _________________________________29 Definition______________________________________________________ 29 Graphics ______________________________________________________ 29 VTP notes _____________________________________________________ 29 VTP operation modes ____________________________________________ 30 VTP pruning ___________________________________________________ 30
LAN switch configuration ______________________________________30 Configuration by default (1900 series) _______________________________ 30
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 4 von 121
Port numbering _________________________________________________ 30 Basic IP configuration ____________________________________________ 30 MAC address table entry types_____________________________________ 31 Port security ___________________________________________________ 31
Port security commands ______________________________________________ 31 Basic VLAN configuration _________________________________________ 31
Information ________________________________________________________ 31
4. TCP/IP Protocols _______________________________________32
TCP – Transmission Control Protocol_____________________________32 Features ______________________________________________________ 32
- Ordered Data Transfer ___________________________________________ 32 - Multiplexing____________________________________________________ 32 - Error Recovery (reliability) ________________________________________ 32 - Flow control (windowing) _________________________________________ 32 - Connection establishment and termination____________________________ 33
TCP Summary _________________________________________________ 33
UDP – User Datagramm Protocol________________________________33 Features ______________________________________________________ 33
- Data Transfer __________________________________________________ 33 - Multiplexing____________________________________________________ 33
ARP – Adress resolution protocol & Inverse ARP ___________________34 Features __________________________________________________________ 34
ICMP – Internet control message protocol _________________________34
ICMP – Internet control message protocol _________________________35 Features ______________________________________________________ 35 ICMP messages overview ________________________________________ 35 ICMP messages in detail _________________________________________ 36
Destination unreachable messages _____________________________________ 36 Time exceeded messages ____________________________________________ 36 ICMP echo request and reply __________________________________________ 36
ICMP summary _________________________________________________ 37
FTP and TFTP in comparison___________________________________37
IP addressing _______________________________________________37
Network classes _____________________________________________37
Network numbers ____________________________________________37
Network masks ______________________________________________38
Subnetting__________________________________________________38
Address format concepts summary ______________________________38
IP Grouping Concepts and Subnetting ____________________________39 Needs for subnetting_____________________________________________ 39 Graphical comparison of subnetted and not subnetted networks___________ 40 Subnetting overview _____________________________________________ 41
Subnet math algorithms _______________________________________42
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 5 von 121
Given an IP Address and Mask, What Is the Network/Subnet Number? _____ 42 Decimal Algorithm for Deriving the Network Number, No Subnetting in Use ______ 42 Binary Algorithm for Deriving the Network Number, No Subnetting in Use _______ 42 Boolean AND Operation ______________________________________________ 42 Decimal Algorithm for Deriving the Subnet Number, Basic Subnetting __________ 43 Binary Algorithm for Deriving the Subnet Number, Basic Subnetting____________ 43 Binary Algorithm for Deriving the Subnet Number, Difficult Subnetting __________ 43 Typical difficult mask values ___________________________________________ 44 Decimal Algorithm for Deriving the Subnet Number, Difficult Subnetting_________ 44
Definition of network/subnet number and broadcast address___________45 Given an IP Address and Mask, What Is the Network/Subnet Broadcast Address?______________________________________________________ 45
Decimal Algorithm for Deriving the Broadcast Address, No Subnetting or Basic Subnetting ________________________________________________________ 45 Binary Algorithm for Deriving the Broadcast Address _______________________ 45 Decimal Algorithm for Deriving the Broadcast Address, Difficult Subnetting ______ 46
Given an IP Address and Mask, What Are the Assignable IP Addresses in That Network/Subnet? _______________________________________________ 46 Given a Network Number and a Static Subnet Mask, What Are the Valid Subnet Numbers? _____________________________________________________ 47
Decimal Algorithm for Deriving the Valid Subnets with Basic Subnetting ________ 47 Binary Algorithm for Deriving the Valid Subnets with Basic and Difficult Subnetting 47 Decimal Algorithm for Deriving the Valid Subnets with Basic and Difficult Subnetting_________________________________________________________________ 48
Given a Network Number and a Static Subnet Mask, How Many Hosts per Subnet, and How Many Subnets? __________________________________ 48 Zero Subnet and Broadcast subnet _________________________________ 49
CIDR, Private Addressing, and NAT______________________________49 Reasons for the usage of registered network numbers __________________ 49 CIDR – Classless Inter Domain Routing______________________________ 49
Graphically ________________________________________________________ 50 Private addressing ______________________________________________ 51
Adress ranges _____________________________________________________ 51 NAT – Network Address Translation_________________________________ 52
NAT functionality graphics ____________________________________________ 52
Using secondary addresses ____________________________________52
MTU ______________________________________________________53
Fragmentation_______________________________________________53
IP naming commands and telnet ________________________________53 Telnet suspend and resume commands______________________________ 53
Default routes and the “ip classless” command _____________________53
IPX addressing and routing ____________________________________54
Some facts about IPX _________________________________________54 Feature table___________________________________________________ 54
IPX routing algorithm _________________________________________55
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 6 von 121
Internal networks and encapsulation types_________________________56 Ethernet Encapsulation___________________________________________ 56
Encapsulation names ________________________________________________ 56 Encapsulation structure ______________________________________________ 57
Token Ring & FDDI______________________________________________ 58 Encapsulation names ________________________________________________ 58 Encapsulation structure ______________________________________________ 59
General Encapsulation notes ______________________________________ 59
IPX configuration hints ________________________________________59
5. Routing_______________________________________________60
Generell goals of routing_______________________________________60
Protocol types_______________________________________________60
Assignment of routing algorithms and protocols _____________________61
Distance Vector Routing behaviour ______________________________61 Problems that can occur in multiple path networks _____________________ 62 Split horizon ___________________________________________________ 63 Split horizon with poison reverse ___________________________________ 63 Route poisoning ________________________________________________ 63 Holddown timer_________________________________________________ 63 Triggered Updates ______________________________________________ 63
RIP and IGRP behaviour ______________________________________63 Comparison of RIP and IGRP Features ______________________________ 63 Metric issues___________________________________________________ 64
RIP ______________________________________________________________ 64 IGRP_____________________________________________________________ 64
Distance Vector Routing Protocol Summary___________________________ 64
Configuration of RIP and IGRP__________________________________64 The “network” command__________________________________________ 64 The “passive-interface” Command __________________________________ 64
RIP-1 and IGRP—No Subnet Masks _____________________________65
RIP Version 2 _______________________________________________65 Features ______________________________________________________ 65 RIP Version migration____________________________________________ 66
Auto Summary and Route Aggregation ___________________________66
Multiple routes to the same subnet_______________________________67
Administrative distance________________________________________67
IPX RIP____________________________________________________68 IP RIP and IPX RIP in comparison __________________________________ 68 IPX RIP Metric _________________________________________________ 68
Service Advertisement Protocol – SAP____________________________68 Brief SAP Description ____________________________________________ 68 SAP Process___________________________________________________ 68
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 7 von 121
IPX logon procedure __________________________________________69 Graphically ____________________________________________________ 70
IPX configuration ____________________________________________71
Tunneling __________________________________________________71 Description ____________________________________________________ 71 Important terms_________________________________________________ 71 Reasons for tunneling____________________________________________ 72 Tunneling for VPNs______________________________________________ 73 Tunneling configuration___________________________________________ 74
Integrated Multiprotocol Routing_________________________________75 Integrated multiprotocol routing process______________________________ 75
Separate Multiprotocol Routing ↔ Integrated Multiprotocol Routing _____75
Routing Command Summary ___________________________________76
6. Access list security_____________________________________77
Filtering IP Traffic ____________________________________________77 Where Filtering can be done_______________________________________ 77 Graphically ____________________________________________________ 77 IP access list commands _________________________________________ 78 Access list logic_________________________________________________ 78 Standard IP access lists __________________________________________ 79
Functionality _______________________________________________________ 79 Examples _________________________________________________________ 79
Extended IP access lists__________________________________________ 79 Functionality _______________________________________________________ 79 Matching options graphically __________________________________________ 80 Matching options overview ____________________________________________ 80 Examples _________________________________________________________ 80
Named IP access lists____________________________________________ 81 Differences between numbered and named ACL’s _________________________ 81 Comparison of named and numbered ACL’s ______________________________ 81 Notes about deleting parts of named access lists __________________________ 82
IP access list summary ___________________________________________ 83
Filtering IPX Traffic and SAPs __________________________________84 ACL numbers __________________________________________________ 84 IPX ACL commands _____________________________________________ 84 Standard IPX ACL’S _____________________________________________ 84 Extended IPX ACL’s _____________________________________________ 85
Can filter by: _______________________________________________________ 85 Graphically:________________________________________________________ 85
SAP Filters ____________________________________________________ 86 How SAP packets flow _______________________________________________ 86 Filtering without forwarding____________________________________________ 86 Function __________________________________________________________ 86 Graphically ________________________________________________________ 87 Reasons for filtering SAP Packets ______________________________________ 87 SAP filtering matching fields___________________________________________ 88
Named IPX ACL’s_______________________________________________ 88
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 8 von 121
Comparison of named and numbered IPX ACL’s / Commands ____________ 88
Overview IPX ACL configuration commands _______________________90
7. WAN Protocols and Design ______________________________91
Point to point leased lines______________________________________91 Terms and Definitions____________________________________________ 91 Protocol used on point to point links _________________________________ 92
Overview__________________________________________________________ 92 Functions _________________________________________________________ 92 Framing __________________________________________________________ 92
How to differentiate the 3 protocols _________________________________ 92 Point-to-Point Data Link Protocol Attributes ___________________________ 93
Note: Architected type field____________________________________________ 93 Configuration commands _________________________________________ 93 Changing encapsulation types _____________________________________ 94 PPP special features_____________________________________________ 94
PPP LCP Features ___________________________________________95 Error Detection _________________________________________________ 95 Looped Link Detection ___________________________________________ 96 Compression___________________________________________________ 96
Compression goal & price ____________________________________________ 96 What happens with compression _______________________________________ 96 Reasons for using compression ________________________________________ 96 Compession algorithms ______________________________________________ 96 Assignment of compression algorithm and protocol_________________________ 97
WAN cabling standards _______________________________________97 Connector examples_____________________________________________ 97 Connector details _______________________________________________ 97 Further Connector notes__________________________________________ 98
Frame Relay Protocols ________________________________________98 Frame Relay Definition ___________________________________________ 98 Frame Relay Features and Terminology _____________________________ 99
Terms and concepts _________________________________________________ 99 LMI and encapsulation types _____________________________________ 101
Definition_________________________________________________________ 101 LMI _____________________________________________________________ 101 Encapsulation_____________________________________________________ 101 Frame View ______________________________________________________ 102
DLCI and Frame Relay Switching__________________________________ 103 DLCI Global Addressing_____________________________________________ 104 Global Addressing Summary _________________________________________ 104 Global Addressing Advantages _______________________________________ 105
Network layers and Frame Relay __________________________________ 106 Layer 3 addressing_________________________________________________ 106
Full Mesh ____________________________________________________________ 106 Partial Mesh __________________________________________________________ 107 Hybrid _______________________________________________________________ 108
Broadcast Handling ________________________________________________ 108 Split Horizon ______________________________________________________ 109
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 9 von 121
How Address Mapping Works_____________________________________ 110 Shortcut _________________________________________________________ 110 Definition_________________________________________________________ 110
Review: Frame Relay initialization _________________________________ 111 Graphically _______________________________________________________ 112
Compression__________________________________________________ 112 Shortcut _________________________________________________________ 112 Payload compression _______________________________________________ 112
STAC compression_____________________________________________________ 112 FRF.9 compression_____________________________________________________ 113
TCP header compression____________________________________________ 113 Frame Relay Configuration_______________________________________ 113
Frame Relay Configuration commands _________________________________ 113 Guideline whether to use subinterfaces _________________________________ 114 Correlating DLCIs to subinterfaces_____________________________________ 114
ISDN protocols and design ____________________________________115 ISDN Channels ________________________________________________ 115
B channels _______________________________________________________ 115 D channels _______________________________________________________ 115
ISDN protocol overview _________________________________________ 115 ISDN ↔ OSI comparison ____________________________________________ 115
ISDN Function Groups and Reference Points _____________________116 Inexact Definition (but familiar) ________________________________________ 116 Facts to reminder __________________________________________________ 116
Typical use of ISDN _________________________________________117
PAP & Chap _______________________________________________117 Login description_______________________________________________ 117
Multilink PPP_______________________________________________117 Enabling commands ____________________________________________ 117
Dial-on-Demand Routing and ISDN Configuration __________________118 Some Notes __________________________________________________ 118 Example configuration __________________________________________ 118 Configuring the dialing itself / needed information _____________________ 119
WAN options – strength and weakness __________________________120
Enterprise Networks and their hardware__________________________121
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 10 von 121
1. IOS Basics
CLI – Command Line Interface Access from
- console port - auxiliary (e.g. modem connection) - telnet
Last 2 need password to be set before usage
Exec Modes User Exec Mode
- shows only basic information (mainly viewing of settings) Enable or Privileged Exec Mode
- allows full controll of the device
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 11 von 121
Syslog & Debug
Overview
Created messages are sent to console and named syslog “debug” command enables monitoring points / parameters and create additional messages describing what the IOS is doing and seeing ! Debug command can crash the machine when messages are too much ! use with caution !
“no debug all” disables debugging syslog is only sent to console by default
“terminal monitor” enables syslog to telnet (vty) or aux “logging host” sents messages to an external server “snmp-server enable trap” messages are sent as SNMP traps (SNMP already has to be configured
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 12 von 121
Configuration processes & configuration files
- enter config mode from priv exec mode (conf t) - startup configuration file NVRAM (Non Volatile RAM) - active configuration file RAM / DRAM - copying into RAM does same things like typing them manually - copying into NVRAM or tftp replaces (if same file name) - no startup-config in NVRAM causes the device to enter setup mode after
rebooting for entering basic configuration info
Cisco Discovery Protocol (CDP)
- discovers basic information about neighboring routers & switches - Device Identifier - Address lis (mostly hostname) - Port identifier (Interface) - Capabilities list (what does the discovered device do ?) - Platform (modell and OS Level)
- enabled by default
- disable: “no cdp run”
- can run on specific interface only
int subcmd: “cdp enable”
- “show cdp <params>” shows cdp information
IOS Images Ios files are stored in flash memory Images can only come from or go to tfp server
“copy tftp flash” ROM stores a limited IOS image Several IOS images can be saved in flash
“boot system” command allows to choose which one to boot
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 13 von 121
Boot system command
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 14 von 121
Password recovery Refer to page 52 following / table 2-7 for detailed process steps Shortcut: ROM Monitor / RomMon ! Password recovery overwrites NVRAM !
Memory types & function Memory Function RAM / DRAM Working memory (running-config) Flash IOS images ROM Limited IOS image NVRAM Startup-config
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 15 von 121
2. OSI reference modell Osi Layers, roles and examples Alle Application User interface /
HTTP Priester Presentation How data is
presented ASCII / JPEG
Saufen Session Keeping data seperated from different application
Tee Transport Reliable or unreliable connection TCP / UDP
Nach Network Logical addressing IP / IPX
Der Data Link IEEE 802.3 / 802.5 Predigt Physical
Layer
V.35 / RJ-45
Encapsulation - concept of placing data after headers and/or before trailers - is done in each layer (except physical)
PDU – Protocol Data Unit Layer Unit L1 Bits L2 Frame L3 Packet or datagramm L4 segment
TCP/IP, Novell Netware and OSI in comparison OSI TCP/IP NetWare Application Presentation Session
Application SAP , NCP
Transport Transport IPX SPX Network Internet IPX
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 16 von 121
Data Link Physical
Network (Interface) MAC Protocols
Connection-oriented vs. connectionless Connection-oriented Connectionless Establishes connection between 2 endpoints before transfer beginns
Transfer begins immediately
Error detection ≠ error recovery Error detection means that protocol is able to detect an error and discards the PDU Error recovery means that a protocol is able to react on the lost data due to an error and causes the transmission to be repeated
Flow controll Flow control means that a sender can control his sending data rate to decrease the amount of lost data due to slower systems “on the way”
Buffering Receiving device has a receive buffer whi9ch holds the received data until processed Sending data rate isn’t affected
Congestion avoidance Receiving device notices that buffers are filling and notifies the sender to stop or slow down transmission When buffers are free again the sender is noticed to start or speed up transmission
e.g. ICMP “Source Squench” slows the sender down step by step until no Source Quench messages are received by sender anymore
Windowing A window is the maximum amount of data a sender can send without acknowledgement
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 17 von 121
OSI Data Link layer functions Function Ethernet Token Ring HDLC Frame Relay Arbitration CSMA/CD Token passing --- --- Addressing Source and
destination MAC address
Source and destination MAC address
Single 1 byte Address Unimportant on point to point links
DLCI to identify virtual circuits
Error Detection FCS (Filed Correction Sum) in trailer Identify data contents
802.2 DSAP, SNAP or Ethertype as needed
802.2 DSAP or SNAP header as needed
Proprietary type field
L2/L3 protocol ID’s or SNAP header
OSI Network layer function
- routing and logical addressing o logical adresses can be grouped
TCP/IP = Subnet IPX = Network Appletalk = Cable Range
- refer to page 108 / table 3-10
routing notes
routed protocol - the one being routed - IP - IPX - OSI - DECnet - …
routing protocol - the information to perform routing process as quickly as possible - RIP - IGRP - OSPF - …
routing table - where the routing information is stored
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 18 von 121
3. Bridges, switches and LAN design
LAN types
Ethernet
Token Ring
FDDI
LAN Adressing
MAC address - consists of two 24 bit parts (=48 bit)
o vendor part o card part
Most significant bit - Ethernet: most significant bit is last - FDDI & Token Ring: most significant bit is first
Unicast address An individual LAN interface card
Broadcast Address All devices in a LAN
Multicast Address A subset of devices in Ethernet or FDDI
Functional MAC Address Device with specific funktion on a Token Ring
Broadcast bit The most significant bit in the first byte unicast address when bit is 0
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 19 von 121
broadcast, multicast or functional address when bit is 1
local/universal bit The second most significant bit in the first byte =0 when burned in MAC is used =1 when locally administered address is in use
LAN framing Refer to tables 4-2 and 4-5 on page 140
LAN standards Name MAC sublayer
Spec LLC Sublayer Spec
Comments
Ethernet Version 2 (DIX Ethernet)
Ethernet Not applicable Spec owned by Digital, Intel and Xerox
IEEE Ethernet IEEE 802.3 IEEE802.2 Other name: 802.3 Ethernet
Token Ring IEEE 802.5 IEEE 802.2 IBM developed IEEE took over
FDDI ANSI X3T9.5 IEEE 802.2 --- Standard MAC Sublayer
Spec Max. cable length
Cable Type Pairs needed
10Base5 802.3 500m entire
bus 50Ohm thick coaxial
---
10Base2 802.3 185m entire bus
50Ohm thin coaxial
---
10BaseT 802.3 100m entire bus
CAT3,4, or 5 UTP
4
10BaseFL 802.3 2000m from device to hub/switch
Fiber 1
100BaseTx 802.3u 100m from device to hub/switch
CAT5 UTP 2
100BaseT4 802.3u 100m from device to hub/switch
CAT3 UTP 4
Standard MAC Sublayer Spec
Max. cable length
Cable Type Pairs needed
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 20 von 121
100BaseT2 802.3u 100m from
device to hub/switch
CAT3,4 or 5 UTP
2
100baseFx 802.3u 400/2000m (half/full duplex)
Multimode fiber 1
100BaseFx 802.3u 10.000m Singlemode fiber
1
1000BaseSx 802.3z 220-550m Multimode fiber 1000BaseLx 802.3z 3000m Single or
multimode fiber 1
1000BaseCx 802.3z 25m Shielded copper
2
1000BaseT 802.3ab 100m CAT5 UTP 2
Bridging, Switching and Spanning Tree Protocol
Transparent Bridging Endpoints do not need to know wheter there is a bridge or not. Key Functions:
- Learning MAC Address by examining source MAC addresses of received frames
- Forward or filter frames based on destination MAC address - Loop free environment created by Spanning tree protocol STP
Lan Switching Switches decide where to forward frames to (which port(s)) based on the destination MAC address (multiport bridge).
Broadcast and collision domain BD is a set of NICs which all receive a broadcast by other NICs in same BD CD is a set of NICs which could cause a collision in same CD. ! All devices in the same BD will be in the same subnet / network !
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 21 von 121
Switching Methods
Store and forward switching Receives entirely frame (store) and forwards it after that Allows to check FCS (Filed correction sum) in trailer
Cut Through switching Receiver destination address of the frame and forwards it immediately Disallows FCS checks
Fragment free switching Almost like cut through switching but waits for the first 64 bytes of a frame before forwarding it. A collision has to be detected within the first 64 bytes of a frame so that fragmented packets due to a collision aren’t forwarded.
Comparison of bridging, switching an routing Feature Bridging Switching Routing Forward LAN broadcasts
Yes Yes No
Forward LAN multicasts
Yes Yes; can be optimized by using CGMP
No (if not configured, but not the original frame is forwarded)
OSI layer used to make forward decision
Layer 2 Layer 2 Layer 3
Internal processing variants
Store and forward Store and forward cut through fragment free
Store and forward
Fragmentation allowed ?
No No Yes
Multiple concurrent equal-cost paths to same destination allowed ?
No No Yes
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 22 von 121
Feature Bridging Switching Routing Greater cabling distances allowed
Yes Yes Yes
Dcrease in collisions, assuming equal traffic loads
Yes Yes Yes
Decreased adverse impact of broadcasts
Yes No Yes
Decreased adverse impact of multicasts
No Yes (with CGMP) Yes
Increase in bandwidth
Yes Yes Yes
Filtering on Layer 2 header allowed
Yes Yes Yes
Filtering on Layer 3 header allowed
No No Yes
Spanning Tree Protocol (STP) STP creates a network where only one active path exists between any pair of LAN segments. STP enabled Switches and bridges have dynamic blocking or forwarding ports.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 23 von 121
Explanation:
Ethernet
Ethernet
Ethernet
IBM-kompatibelIBM-kompatibel
Bridge
Bridge Bridge
IBM-kompatibel
One broadcast domain Broadcasts will be forwarded infinitely
Summary - physical redundancy is allowed and be used when other paths fail - bridging logic gets confused by multiple ways to the same MAC address. STP
avoids confusion by creating only one active way - Loops in the bridget network are avoided
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 24 von 121
How STP works
Goal Creation of a physical redundant network with only one active path to avoid loop and network congestion.
Way • All interfaces are either in forwarding or blocking state • The forwarding interfaces are part of the spanning tree • One bridge is the root bridge and has all interfaces in forwarding mode • Each bridge receives CBPDUs (Configuration Bridge Protocol Data Units)
from the root bridge. • The interface on which CBPDUs are received is called root port and is in
forwarding state • The bridge in evere segment with the lowest cost path to the root bridge is
called designated bridge and has the port on that segment forwarding. • All other interfaces are in blocking state. • Every “HelloTime” seconds the root bridge sends a CBPDU to say that no
network change has occurred. • If a bridge doesn’t receive CBPDUs for a “MaxAge” time it z beginns the
process of spanning tree change. This process varies from topology to topology.
• One or more bridges decide to change blocking into forwarding ports or vice versa.
o In the first case thy first switch the port to listening state for a “ForwardDelayTimer” period of time , then switch to learning state after a second “Forward DelayTimer” time and finally switch the port to forwarding.
• These delays are necessary to prevent temporary loops.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 25 von 121
Root bridge election
1. each bridge beginns claiming to be the root bridge by sending out CBPDUs of following contents
a. root bridges ID (they want to be root thereselves so they say they are root. the ID is normally a MAC adress of an interface on that bridge
b. the cost between these bridge and the root bridge set to 0 because they all want to be root
c. the sending bridges bridge ID (=root bridge ID first) 2. root bridge with the lowest priority value (set by administrator) wins the elction
a. on a tie the bridge with the lowest bridge ID wins 3. if a bridge hears a CBPDU of a better candidate for root bridge (see step 2) it
stops claiming to be root and starts forwarding the CBPDUs of the better candidate on all ports except the one these CBPDU are received
4. before forwarding these CBPDUs the bridge increments the costs of these CBPDUs by the costs of the receiving interface
a. cost values are set by administrator 5. at the end of the process one bridge is elected being root 6. The ports where the CBPDUs with the lowest costs to root are received is
called the root port and placed in forwarding state. a. On root ports no CBPDUs are forwarded
7. For every segment of the LAN there is one bridge sending CBPDUs with the least costs to root. These bridges are called designated bridges and have the interface on that segment placed in forwarding state.
8. All other ports go into blocking state.
Network topology changes
Timers in CBPDUs Every CBPDU contains 3 timers: - HelloTime The time between 2 CBPDUs sent by root bridge to say that nothing
has changed. - MaxAge: The time any bridge should wait before deciding that topology has
changed. - ForwardDelay: The time a bridge waits during a topology change before changing a
blocking port into a listening port and a listening port into a learning port.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 26 von 121
Change type one – no CBPDUs received on any port for MaxAge Result: the bridge starts claiming to be the root bridge
Change type two – CBPDUs received on some ports (no CBPDUs on root port) Result:
- the port with the lowest cost to root gets the new root port - one or more bridges being not a designated bridge before reacts to the lack of
CBPDUs from the bridge with the new root port (no CBPDUs on root ports!) sets its blocked port to listening and cleares its address table
- These bridge sends a message CBPDU out of the root port to indicate that a topology change is being made
- After forward delay timer expired the listening port is changed to learning port and to forwarding port after a second forward delay timer expiration
- Root bridge sends a CBPDU to indicate all bridges the topology change - All bridges clear their address tables and start learning MAC addresses (and
the paths) again
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 27 von 121
STP graphics
Root bridge election
B1
B5
B4
B3
B2
E1E0
E0
E0
E0 E0
E1
E1
E1
E1
ID is 0200.1111.1111Priority 1Root is 0200.1111.1111Cost is 0
ID is 0200.2222.2222Priority 1Root is 0200.1111.1111Cost is 100
ID is 0200.3333.3333Priority 1Root is 0200.1111.1111Cost is 200
ID is 0200.4444.4444Priority 1Root is 0200.1111.1111Cost is 110 ID is 0200.5555.5555
Priority 1Root is 0200.1111.1111Cost is 10
root port
root port
root port
root port
highest prioritylow est ID= root bridge
blocking
desi
gnat
ed b
ridge
designated bridge
designated bridge
root bridge electedinterface states set
spanning treecreated
topology change
link to B5 broken
B1
B5
B4
B3
B2
E1E0
E0
E0
E0 E0
E1
E1
E1
E1
ID is 0200.1111.1111Priority 1Root is 0200.1111.1111Cost is 0
ID is 0200.2222.2222Priority 1Root is 0200.1111.1111Cost is 100
ID is 0200.3333.3333Priority 1Root is 0200.1111.1111Cost is 200
ID is 0200.4444.4444Priority 1Root is 0200.1111.1111Cost is 210 ID is 0200.5555.5555
Priority 1Root is 0200.1111.1111Cost is 10
root port
root port root port
highest prioritylow est ID= root bridge
listening ->learning ->forwarding
desi
gnat
ed b
ridge
new root port
B4/E -> B5/E1broken
B3/E1 forwarding
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 28 von 121
VLAN – Virtual Local Area Network
Definition A VLAN is a broadcast domain created by one or more switches. The VLAN is created via configuration in the switch or an external server (VLAN membership Policy Server [VMPS])
Advantages VLANs allow easy moves, additions and changes. One switch can offer many different VLANs. Routers are needed to route between the different VLANs.
VLAN tagging (ISL Inter Switch Link) ISL is used to minimize broadcast effects. ISL is not an IEEE thing. IEEE uses 802.1q as Ethernet VLAN protocol. ISL encapsulates the original frame and puts a VLAN-ID in the ISL header.
VLAN summary - VLANs make moves, additions and changes to device connections easier - By forcing a Layer 3 device to route between VLANs greater administrative
control can be used (accounting, access lists…..) - Unnecessary LAN bandwidth consumption is reduced compared to a single
broadcast domain - Unnecessary CPU usage is reduced by resulting reduction in broadcast
forwarding
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 29 von 121
VTP – VLAN Trunking Protocol
Definition VTP is a layer 2 messaging protocol that maintains VLAN configuration consistency throughout an administration domain by managing VLAN config changes throughout the network.. Onfigurations made on to a single switch (the so called VTP server) are propagated through the network using trunk links to all switches in the same VTP domain.
Graphics
VTP notes o VTP advertisements are flooded every 5 minutes throughout the management
domain or
o When a VLAN configuration change has been done o In an VTP advertisement is included
o Configuration revision number o VLAN names and numbers o Information about witch switches have ports assigned to each VLAN
VTPserver
VTPclient
VTPclient
1. Add new VLAN2. Rev 3 --> Rev 4
3. Send VTPadvertisement
3. Send VTPadvertisement
4. Rev 3 --> Rev 45. Sync new VLAN info
4. Rev 3 --> Rev 45. Sync new VLAN info
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 30 von 121
VTP operation modes o Transparent mode
o Used when a Switch does not need or want to participiate in VTP but willing to pass VTP advertisements to other switches
o VLAN configuration changes affect only the VTP trasparent switch o Server mode
o A VTP server can create, modify or delete VLANs and other configuration parameters for the entire VTP domain
o VTP servers save VLAN configuration in NVRAM o VTP messages are transmitted out of all trunk connection
o Client mode o A VTP client cannot create, modify or change VTP configuration o Clients do not store VLAN configuration in NVRAM
VTP pruning VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. VTP version notes VTP version 1 only supports Ethernet VTP Version 2 supports Ethernet and Token Ring.
LAN switch configuration
Configuration by default (1900 series) - IP address: 0.0.0.0 - CDP: enabled - Switching method: fragment free - 100BaseT Port(s): auto-negotiate duplex mode - 10BaseT port(s): half duplex - Spanning Tree: enabled - Console password: none
Port numbering 10BaseT: e0/1 to e0/12 or e0/1 to e0/24 AUI port: e0/25 100BaseTUplink ports : fa0/26 and fa0/27
Basic IP configuration On switches the IP address is valid for the whole switch due to the fact that the IP address is only used for management purposes but not needed for the normal switching job to run!
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 31 von 121
MAC address table entry types There are 3 types of MAC address table entries:
- dynamic addresses which are entered by normal switching activity and deleted when the whole table is cleared (expiration time)
o use for normal hosts - permanent MAC addresses are associated with a specific port and don’t have
an expiration date o use for popular servers
- restricted-static entries are entries where a MAC address is associated with a specific port and frames destined for these MAC address have to come in from a particular set of ports
o use for hosts only specific machines shall communicate with
Port security Port security limits the number of MAC addresses associated with a port. The number of devices with the specified MAC address to these ports is limited.
Port security commands “show mac-address-table” “show mac-address-table security” “port secure-max-mac-count x” “adress-violation {suspend|disable|ignore}”
Basic VLAN configuration
Information - max number of VLANs is switch dependent (1900 series = 64 VLANs) - VLAN1 is factory default - CDP and VTP advertisements are sent on VLAN1 - Switch IP address is in VLAN1 broadcast domain - Switch must be in VTP server mode for creation, adding or deletion of VLANs
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 32 von 121
4. TCP/IP Protocols
TCP – Transmission Control Protocol
Features
- Error Recovery (reliability) - Data Transfer - Multiplexing - Flow control (windowing) - Connection establishment and termination
- Ordered Data Transfer TCP provides its functions to the upper layers. The TCP/IP modell only provides the application layer as last upper layer so you can say that TCP provides data transfer from one application to another. Port number, destination IP address and the name of the transport layer protocol (TCP) form a socket. Applications use TCP services by opening a socket and TCP manages the delivery of the data to the toher sides socket.
- Multiplexing TCPs multiplexing task is to decide which application layer process to give the data to after the data is received. So multiplexing enables data delivery to different applications over “one single link”.
- Error Recovery (reliability) To accomplish reliablity data bytes are numbered using the sequence and acknowledgment fields in the TCP header.
- Flow control (windowing) TCP implements flow control by taking advantage of the sequence and acknowledgment fields in the TCP header along with the so-called window field. This window field implies the maximum number of unacknowldged bytes outstanding instant in time.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 33 von 121
The windows starts small and grows until errors occur. The windows then starts varying in size based on the network performance. In other words the window field is used by the receiver to tell the sender how much data can be sent before the next acknowledgment.
- Connection establishment and termination The connection establishment is called three way handshake and takes place before data transfer begins. The connection termination is four way and interesting is that TCP notifies the application that connection is coming down before the third flow in termination sequence takes places (in other words before the connection is really down) and waits for the application to acknowledge the connection closure.
TCP Summary Function Descripition Data Trasfer Continous stream of ordered data Multiplexing Allowing the receiving host to decide the
correct application for which the data is destined, based on the port number
Error recovery (reliability) Process of numbering and acknowledging header fields.
Flow control (windowing) Process of using windows fields to protect buffer space and routing devices
Connection establishment and termination
Process used to initialize port numbers, sequence and acknowledgment fields.
UDP – User Datagramm Protocol
Features
- Data Transfer
- Multiplexing Multiplexing is the same thing TCP does. Data Transfer is just reliable for message delivery but does not order, window or proove data receiving. No recording or recovery is accomplished, discarded frames are discarded! The big advantage of UDP is the much smaller header due to less fields (smaller protocol overhead) and the data rate isn’t artificially slowed by an acknowledgment process.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 34 von 121
If your IP is 1.1.1.1 pleasereply !
OK, my MAC is0200.1234.5678
1. ARP request
2. ARP reply
Hey, who is MAC0200.1234.5678 ?
Here I am. IP is 1.1.1.1
1. inverse ARP request
2. inverse ARP reply
ARP – Adress resolution protocol & Inverse ARP
Features ARP is the method to resolve the Layer 3 (IP, IPX…) address to a known layer 2 (MAC) address. Inverse ARP handles resolution of MAC to IP addresses.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 35 von 121
ICMP – Internet control message protocol
Features ICMP helps control and manage the work of IP and therefore is consideres to be part of TCP/IP’s network layer.
ICMP messages overview Message Purpose Destination unreachable This tells the source that there is problem
delivering a packet Time exceeded The time it takes delivering a packet has
exceeded; packet discarded Source Quench The source is sending date faster than it
can be forwarded; requests the sender to slow down
Redirect The router sending this message has received some packet for qhich another oruter has a better toute; tells the sender to use the better router
Echo Used by ping command to verify connectivity
Parameter problem Used to identify an incorrect paramater Timestamp Measures roundtrip time to particular
hosts Address mask Request/reply Used to inquire about and learn the
correct subnet mask to be used Router advertisement and selection Used to dynamically learn the IP
addresses of the routers on same subnet.• black items most likely on exam
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 36 von 121
ICMP messages in detail
Destination unreachable messages There are five separate unreachable functions: Unreachable code When used Typically sent by Network unreachable No routing table match for
the packets destination. Router
Host unreachable Packet routed to a router in destination subnet, but host is not responding
Router
Can’t fragment Packet has “Don’t fragment bit” but a router must fragment to forward the packet
Router
Protocol unreachable Packet was delivered to host but the used transport layer protocol is not available there
Endpoint host
Port unreachable Packet was delivered to host, but the destination port has not been opened by an application.
Endpoint host
Time exceeded messages Every IP header contains a Time to live field (TTL) to make sure that packets aren’t crusing through network infinetly. Every router on the packets way will decrease the TTL field by one. When TTL decreased to 0 the packet will be discarded. The ICMP time exceeded message indicates that the TTL field was decreased to 0.
ICMP echo request and reply The ping command sends an ICMP echo request and the host replys to this message with an ICMP echo reply. Whatever data is sent in the request is sent back in the reply.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 37 von 121
ICMP summary ICMP defines several message types and subtypes (called codes) to indicate that there is a network or host problem.
FTP and TFTP in comparison (Trivial) File Transfer Protocol FTP TFTP Uses TCP Uses UDP Robust control commands Simple control commands Sends data over a separate TCP connection from control commands
No connection, due to UDP
Requires more memory and programming effort
Requires less memory and programming effort
No support as application from IOS Supported by IOS as application
IP addressing
Network classes Any network of this class
Network Bytes (Bits)
Host bytes (bits) Number of addresses per network
A 1 (8) 3 (24) 224 minus 2 special B 2 (16) 2 (16) 216 minus 2 special C 3 (24) 1 (8) 28 minus 2 special
Network numbers Class First Octet
Range Valid Network Numbers
Total number of This class of network
Number of hosts per network
A 1 to 126 1.0.0.0 to
126.0.0.0 27 minus 2 special
224 minus 2 special
B 128 to 191 128.1.0.0 to 191.254.0.0
214 minus 2 special
216 minus 2 special
C 192 to 223 192.0.1.0 to 223.255.254.0
221 minus 2 special
28 minus 2 special
Network numbers represent the group of all IP addresses in the network.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 38 von 121
A network number is build with a nonzero value in te network part but with all 0s in the host part of the network number.
Network masks Network masks key purpose is to define the number of host bits in an address. Computers use the network(subnet) mask to calculate the network or subnet number of which the address is a member.
Subnetting When subnetting, a third part of an IP address appears—namely, the subnet part of the address.This field is created by “stealing” bits from the host part of the address. Three portions of the address now exist: network, subnet, and host. The network part size is determined by the class (A, B, or C). The host part is determined by the subnet mask in use, the number of bits of value 0 in the subnet mask define the number of host bits. The remaining bits define the size of the subnet part of the address.
Address format concepts summary
• Two unique IP addresses in the same network have identical values in the network part of their address and have different values in their host parts.
• Two unique IP addresses in the same subnet have identical values in the
network part of their address, identical values in the subnet part of their address, and different values in their host parts.
• Two unique IP addresses in different subnets of the same Class A, B, or C
network have identical values in the network part of their address and have different values in the subnet part of their address.
• Without subnetting, the network number, the network broadcast address, and
all
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 39 von 121
• assignable IP addresses in the network have the same value in the network part of their addresses.
• With subnetting, the subnet number, the subnet broadcast address, and all
assignable IP addresses in the subnet have the same value in the network and subnet parts of their addresses.
• Most people treat the combined network and subnet parts of addresses as one
part of the address and call it the subnet part of the address, or simply the subnet.
IP Grouping Concepts and Subnetting
Needs for subnetting - all organisations connected to the internet (and not using IP address
translation) are required to use IP networks registered with the NIC - IP protocols enforce the following grouping concept: All hosts in the same
group must not be seperated by an IP router - Hosts separated by an IP router must be in separate groups - Without subnetting the smallest group is a single entire Class A , B or C
network number - Without subnetting the NIC would be short of assignable networks - With subnetting the NIC can assign one or a few network numbers to an
organization and the organization can subdivide those network(s) into subnets of more usuable sizes.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 40 von 121
Graphical comparison of subnetted and not subnetted networks
Frame Relay150.5.0.0
150.1.0.0 150.2.0.0
150.3.0.0150.4.0.0
150.6.0.0
Network using 6 entire Class Bnetworks
Network using 1 Class B network &6 subnets
Frame Relay150.150.5.0
150.150.1.0 150.150.2.0
150.150.3.0150.150.4.0
150.150.6.0
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 41 von 121
As seen above the left network topology contains 6 different entire Class B networks. Many addresses and network numbers are wasted due to the fact that they aren’t needed. The right network topology contains only one Class B network which is subnetted into 6 different subnets. 5 Class B network and its IP addresses are saved for other usage.
Subnetting overview A review of some basic concepts relating to networks without subnetting can be used as a comparison to networks with subnetting. When not subnetting, the default mask defines the number of host bits. The mask accomplishes this by simply using binary 0 for each bit position in the mask that corresponds to the host part of the address in question. For example, the mask 255.255.0.0 (Class B) has a value of all binary 0s in the last 16 bits. This implies 16 host bits at the end of the address. The following list summarizes basic concepts when not using subnetting:
- The mask defines the number of host bits in the host part of an address. - Class A, B, and C rules define the number of network bits in the network part
of the - address. - Without subnetting, these two fields (network and host) compose the entire
32-bit address. - Each host address in the network has the same value in the network part of
the address. - Each host address in the network has a unique value in the host part of the
address. (For example, 130.1.1.1 and 130.1.1.2 are in the same network but can be assigned to two different network interfaces.)
Subnetting creates a third part of the address, called the subnet field or subnet part. For example, using network 150.150.0.0 again, assume that you want a third field called the subnet field. Several assertions are true in this case:
- The Class A, B, and C network field sizes cannot be changed; they remain as 8, 16, and 24 bits, respectively.
- The IP address must still be 32 bits in length. - Therefore, to create a third field called the subnet part of the address, some of
the bits previously in the host part of the address are used. - The subnet part of an address identifies the different subdivisions of this
network. An address with a different value in the subnet field, as compared with a second address, is considered to be in a different subnet.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 42 von 121
Subnet math algorithms
Given an IP Address and Mask, What Is the Network/Subnet Number? Both people and computers need to think about the question, “Which network is a particular address a member of?” Humans care because it is useful in troubleshooting, planning, and address assignment; computers need to know because the answer is a vital part of routing.
Decimal Algorithm for Deriving the Network Number, No Subnetting in Use When no subnetting is in use, the decimal algorithm is as follows:
1. Write down the IP address in decimal. 2. Copy below the IP address either the first one, two, or three dotted
decimal numbers of the address, based on whether the address is a Class A, B, or C address, respectively.
3. For the remaining dotted decimal numbers, record decimal value 0.
Binary Algorithm for Deriving the Network Number, No Subnetting in Use When a computer needs to answer this same question, it performs a Boolean math operation called AND between the address in question and the mask. The result of the AND operation is that the host bits are masked out—that is, changed to binary 0s. The binary process, with no subnetting, is as follows:
1. Write down the IP address in binary. 2. Write down the default mask appropriate for the class of address,
in binary, beneath the binary IP address from Step 1. 3. Record the results of the Boolean AND below the two numbers. 4. Convert the result of Step 3 back into decimal, 8 bits at a time.
Boolean AND Operation To perform the Boolean AND, each bit is examined in the address and is compared to the corresponding bit in the mask. The AND operation results in a binary 1 if both the address and the mask bits are also 1; otherwise, the result is 0.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 43 von 121
Decimal Algorithm for Deriving the Subnet Number, Basic Subnetting The decimal algorithm, when basic subnetting is in use, is as follows:
1. Write down the IP address in decimal. 2. Copy below the IP address either the first one, two, or three dotted
decimal numbers of the address, based on whether the subnet mask is 255.0.0.0, 255.255.0.0, or 255.255.255.0, respectively.
3. For the remaining dotted decimal numbers, record decimal value 0. This algorithm is very similar to the algorithm that is used when there is no subnetting. The only difference is in Step 2. In fact, this later version of the algorithm would work fine when there is no subnetting in use.
Binary Algorithm for Deriving the Subnet Number, Basic Subnetting The binary algorithm to determine the subnet number, when using basic subnetting, is practically identical to the algorithm used when there is no subnetting. Again, the key is in knowing what subnet mask is in use. The binary process, with basic subnetting, is as follows:
1. Write down the IP address in binary. 2. Write down the subnet mask used in this network, in binary,
beneath the binary IP address from Step 1. 3. Record the results of the Boolean AND below the two numbers. 4. Convert the result of Step 3 back into decimal, 8 bits at a time.
Binary Algorithm for Deriving the Subnet Number, Difficult Subnetting Difficult subnetting is a term used in this book to denote subnetting when the mask is not all 255s and 0s. The decimal algorithm for calculating the subnet, when basic subnetting is in use, is more challenging. In fact, several math tricks come in handy so that the result can be calculated without thinking about binary math. However, starting with the binary algorithm is helpful.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 44 von 121
Typical difficult mask values Decimal Binary 0 0000 0000 128 1000 0000 192 1100 0000 224 1110 0000 240 1111 0000 248 1111 1000 252 1111 1100 254 1111 1110 255 1111 1111 The binary algorithm to determine the subnet number, when using difficult subnetting, is identical to the algorithm used when there is no subnetting or basic subnetting. Again, the key is in knowing what subnet mask is in use. The binary algorithm is as follows:
1. Write down the IP address in binary. 2. Write down the subnet mask used in this network, in binary,
beneath the binary IP address from Step 1. 3. Record the results of the Boolean AND below the two numbers. 4. Convert the result of Step 3 back into decimal, 8 bits at a time.
Decimal Algorithm for Deriving the Subnet Number, Difficult Subnetting The decimal algorithm that I like best for difficult subnetting works well. However, this algorithm is not very helpful for understanding subnetting. So, if you understand subnetting and are willing to use the more time-consuming binary algorithm on the exam for the difficult cases, you may want to skip this section to avoid getting confused. The algorithm is as follows:
1. Write down the IP address in decimal. 2. Write down the mask in decimal. 3. Examine the mask. One of the four octets will have a value besides
255 or 0; otherwise, this would not be considered to be a difficult case. The octet with the non-255, non-0 value is considered to be the “interesting” octet. The other three are considered “boring.” Write down the number (1, 2, 3, or 4) of the interesting octet. (For example, mask 255.255.240.0 has an interesting third octet.)
4. Subtract the mask’s interesting octet value from 256. Call that value the multiplier. Write it down.
5. For any boring octets to the left of the interesting octet, copy those octets’ values onto your paper, leaving space for the remaining octets. This will be where you record your subnet number.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 45 von 121
6. For any boring octets to the right of the interesting octet, record a value 0 in your subnet number. One of the four octets should still be empty—the interesting octet.
7. Examine the interesting octet of the original IP address. Discover the multiple of the multiplier closest to this number, but less than the number. Write down this interesting multiple of the multiplier into the interesting octet of the subnet number.
Definition of network/subnet number and broadcast address The network/subnet number is the lowest value numerically in that network/subnet. The broadcast address is the largest value numerically in that network/subnet. The valid, assignable addresses in that network are the numbers between the network/subnet number and the broadcast address.
Given an IP Address and Mask, What Is the Network/Subnet Broadcast Address?
Decimal Algorithm for Deriving the Broadcast Address, No Subnetting or Basic Subnetting
1. Write down the IP address in decimal. 2. Copy below the IP address either the first one, two, or three dotted
decimal numbers of the address, based on whether the subnet mask is 255.0.0.0, 255.255.0.0, or 255.255.255.0, respectively.
3. For the remaining dotted decimal numbers, record decimal value 255.
Binary Algorithm for Deriving the Broadcast Address
1. Write down the IP address in binary. 2. Write down the subnet mask used in this network, in binary, beneath the
binary IP address from Step 1. 3. Record the results of the Boolean AND below the two numbers. (This is the
subnet number.) 4. Copy down the network and subnet bits of the subnet number onto the next
line. This is the beginning of the broadcast address.
5. Fill in the host bit values with all binary 1s. This is the broadcast address. 6. Convert the result of Step 5 back into decimal, 8 bits at a time.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 46 von 121
Decimal Algorithm for Deriving the Broadcast Address, Difficult Subnetting
1. Write down the IP address in decimal. 2. Write down the mask in decimal. 3. Examine the mask. One of the four octets will have a value besides
255 or 0; otherwise, this would not be considered to be a “difficult” case. The octet with the non-255, non-0 value is considered to be the “interesting” octet. The other three are considered “boring.” Write down the number (1, 2, 3, or 4) of the interesting octet. (For example, mask 255.255.240.0 has an interesting third octet.)
4. Subtract the mask’s interesting octet’s value from 256. Call that value the multiplier. Write it down.
5. For any boring octets to the left of the interesting octet, copy those octets from the subnet onto a new line on your paper, leaving space for the remaining octets. This line will be where you record the broadcast address.
6. For any boring octets to the right of the interesting octet, record a value of 255 in the broadcast address (the same number as in Step 5.) One of the four octets should still be empty—the interesting octet.
7. Examine the interesting octet of the original IP address. Discover the multiple of the multiplier closest to this number but greater than the number. Subtract 1 from this multiple. Write down this value (1 less than the integer multiple of the multiplier) in the interesting octet of the broadcast address.
Given an IP Address and Mask, What Are the Assignable IP Addresses in That Network/Subnet? All IP addresses between the network/subnet number and the broadcast address are valid IP addresses for this specific network/subnet. (Also when the IP address would be x.x.x.0 or y.y.y.255 [if these addresses lay between upper mentioned numbers])
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 47 von 121
Given a Network Number and a Static Subnet Mask, What Are the Valid Subnet Numbers?
Decimal Algorithm for Deriving the Valid Subnets with Basic Subnetting
1. Write down the 1 or 2 bytes of the network number. 2. Leave a space immediately to the right to add a value in the next octet. 3. Write down two octets (in the case of Class A) or one octet (in the
case of Class B) of 0 after the one-octet space left in Step 2, leaving a number with three octets written and an open space in the subnet part of the number.
4. Write down a 1 in the open octet. 5. Repeat Steps 1 through 4, but in Step 4 add 1 to the number. Continue repeating these steps until you reach 254.
Binary Algorithm for Deriving the Valid Subnets with Basic and Difficult Subnetting
1. Reserve space to record a series of 32-bit numbers, one over the other. Also leave space between each nibble and byte on each line for better readability.
2. Write down the 8, 16, or 24 bits of the network part of the address, in binary, on each line.
3. Write down binary 0s in the host field on each line. This should result in a long list of binary numbers, with the subnet bits unrecorded at this point.
4. Write down all binary 0s in the subnet bit positions of the first number in the list. This is the first subnet number, in binary. This is also the zero subnet.
5. Add binary 1 to the subnet field in the previous line, and record the result in the subnet field of the next line.
6. Repeat Step 5 until the subnet field is all binary 1s. That is the last subnet number, which is also the broadcast subnet.
7. Convert any of these 32-bit numbers back to decimal, 8 bits at a time. IGNORE THE BOUNDARIES BETWEEN THE SUBNET AND HOST FIELDS—do the conversion 8 bits at a time.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 48 von 121
Decimal Algorithm for Deriving the Valid Subnets with Basic and Difficult Subnetting
1. Based on the network number and mask, all subnet bits are in 1 byte. (Having all subnet bits in 1 byte is an assumption used for this algorithm.) This is the “interesting” byte. Write down which byte is the interesting byte. The other 3 octets/bytes are considered “boring.”
2. Find the number of host bits in the interesting octet, and call that number N. 2N is called the increment. Record that number.
3. Create a list, one entry above the other, that contains repeated copies of the decimal network number. However, leave the interesting octet blank. This will become the list of subnet numbers.
4. In the first number in the list, in the interesting octet, write a decimal 0. This is the first (zero) subnet.
5. For each successive entry in your list of subnets, add the increment to the previous entry’s interesting octet value, and record that value in the interesting octet.
6. When 256 is the value to be recorded in Step 5, you have completed the list of subnet numbers.
Given a Network Number and a Static Subnet Mask, How Many Hosts per Subnet, and How Many Subnets? The number of hosts per subnet is defined as: 2number of host bits –2 The number of host bits in an address is equal to the number of binary 0s in the subnet mask. The number of subnets is defined as: 2number of subnet bits
The number of subnet bits is based on the mask and class of address. The number of subnet bits is: 32 – (number of network bits) – (number of host bits)
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 49 von 121
Zero Subnet and Broadcast subnet Two previously reserved cases, 150.150.0.0 and 150.150.255.0, were not used in the example. The first of these, which is called the zero subnet because the subnet value is all binary 0s, is usable only if the “ip subnet-zero” global command is configured. The other subnet, called the broadcast subnet because it looks like a typical broadcast address, is usable without any special configuration.
CIDR, Private Addressing, and NAT
Reasons for the usage of registered network numbers With registered numbers no IP address conflicts in the internet will occur. Because there are not much registered but not assigned to a company left so that IPv6 –with larger addresses- is being planned for future use. 3 other functions already available in IPv4 where invented to reduce the need for registered network numbers.
CIDR – Classless Inter Domain Routing CIDR is a convention, defined in RFC 1817 (www.ietf.org/rfc/rfc1817.txt), that calls for aggregating multiple network numbers into a single routing entity. CIDR was actually created to help the scalability of Internet routers—imagine a router in the Internet with a route to every Class A, B, and C network on the planet! By aggregating the routes, fewer routes would need to exist in the routing table.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 50 von 121
Graphically
ISP #1198.0.0.0 -
198.255.255.0
ISP #2
ISP #3
ISP #4
Customer #1198.8.3.0/24
Customer #2198.4.2.0/24198.4.3.0/24
Customer #3198.1.0.0
Class C networks 198.0.0.0 through 198.255.255.0 (they may look funny, but they are valid Class C network numbers) are registered networks for an ISP. All other ISPs’ routing tables would have a separate route to each of the 216
networks without CIDR. However, as seen above, now the other ISPs’ routers will have a single route to 198.0.0.0/8—in other words, a route to all hosts whose IP address begins with 198. More than 2 million Class C networks alone exist, but CIDR has helped Internet routers reduce their routing tables to a more manageable size, in the range of 70,000 routes at the end of 1999. By using a routing protocol that exchanges the mask as well as the subnet/network number, a “classless” view of the number can be attained. In other words, treat the grouping as a math problem, ignoring the bourgeois Class A, B, and C rules. For instance, 198.0.0.0/8 (198.0.0.0, mask 255.0.0.0) defines a set of addresses whose first 8 bits are equal. This route is advertised by ISP #1 to the other ISPs, who need a route only to 198.0.0.0/8. In its routers, ISP #1 knows which Class C networks are at which customer sites. This is how CIDR gives Internet routers a much more scalable routing table, by reducing the number of entries in the tables.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 51 von 121
Historically speaking, ISPs then found ways to use CIDR to allow better use of the IP Version 4 address space. Imagine that Customer #1 and Customer #3 need 10 and 20 IP addresses—ever. Each customer has only a router and a single Ethernet. Each customer could register its own Class C network, but if both did so, it would not be in the range already registered to the ISP. So, to help CIDR work in the Internet, ISP #1 wants its customers to use IP addresses in the 198.x.x.x range. As a service, the ISP suggests to Customer #1 something like this: Use IP subnet 198.8.3.16/28, with assignable addresses 198.8.17 to 198.8.30. To Customer #3, who needs 20 addresses, ISP #1 suggests 198.8.3.32/27, with 30 assignable addresses (198.8.3.33 to 198.8.3.62). The need for registered IP network numbers is reduced through CIDR. Instead of the two customers consuming two whole Class C networks, each consumes a small portion of a single network. The ISP gets customers to use its IP addresses in a convenient range of values, so CIDR works well and enables the Internet to grow.
Private addressing When designing a network that is not and will be routed to the internet you can use every IP address you’d like. But remember that you to switch to registered IP addresses, if you ever should decide to connect the network to the internet. For such cases there are 3 ranges of IP addresses reserved for private use. These address ranges will not be routed by internet routers (but can be routed by Inhouse LAN routers).
Adress ranges Range of IP addresses Network class Number of networks 10.0.0.0 to 10.255.255.255 A 1 172.16.0.0 to 172.31.255.255 B 16 192.168.0.0 to 192.168.255.255
C 256
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 52 von 121
NAT – Network Address Translation The problem that private addresses (or registered IP addresses assigned to another organisation) can’t communicate through the internet (due to conflicts or the character of private addresses) can be bypassed by using NAT. NAT achieves the goal of routing these addresses through the internet by using a correctly assigned and registered IP address to represent the invalid ones mentioned above.
NAT functionality graphics
NAT
Private Internet
Client192.168.0.1
www.sascha-b.de81.88.35.42
Source 192.168.0.1 Dest 81.88.35.52 Source 164.168.0.1 Dest 81.88.35.52
Source 81.88.35.52 Dest 192.168.0.1 Source 192.168.0.1 Dest 164.168.0.1
1 2
34
1. The client sends the request with its source and the servers destination. 2. The NAT router replaces the clients source with a valid registered IP
address 3. The server replies to the valid registered IP address 4. The NAT router replaces the valid registered IP address destination
with the clients private IP address Because of the amount of processing power needed to perform NAT (for example for marking the packets origin so the replies can be sent to the right origin) it is not recommended to use NAT for a larger amount of hosts.
Using secondary addresses If you run out of IP addresses in a specific subnet you can use a secondary subnet on the same data link. For routing both subnets you have to set the secondary address on the used routers interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 53 von 121
MTU The maximum transmission unit labels the largest layer 3 packet that can be forwarded out an interface. The MTUs values is based on the used data link layer protocol. Default value is 1500 bytes.
Fragmentation If an interface MTU is smaller than a packet that has to be forwarded the packet will be fragmented (as long as the “Don’t fragment” bit isn’t set). Fragmentation simply means the breaking up of a packet into smaller packets with a smaller or equal size of the interfaces MTU.
IP naming commands and telnet Names are not important for routing of IP packets, but most human users prefer using names instead of IP addresses. Names can be set statically or be acquired through DNS (Domain Name Service). The telnet server is run by IOS automatically. The IOSs telnet client can suspend conection, so that you can hold more than connection.
Telnet suspend and resume commands
- Suspend a telnet session CTRL+Shift+6 followed by an x
- “show sessions” shows all active and supended telnet sessions - “resume ‘x’ ” resumes telnet session ‘x’ (number can be found with show
sessions command)
Default routes and the “ip classless” command The default out is the route a packet is routed to when the router has no match of the packets destination address and ist routing table. Without any default routes the packet would have been discarded without a default route. The default route is defined as a static ip route with destination and mask 0.0.0.0
“ip route 0.0.0.0 0.0.0.0 192.168.0.10” (with 192.168.0.10 being the router where the packets should go by default route) If there is more than one default route available to the router (configured by admin or learned by a routing protocol) the active default route is called “gateway of last resort”.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 54 von 121
When “ip classless” is added to a router the router changes ist routing strategy from “best match in the same network as the destination of the packet” to “best match in the entire routing table”, which means that the router ignores class rules when routing.
!It is recommended to use “ip classless” if using any default routes!
IPX addressing and routing
Some facts about IPX - Internetwork Packet Exchange - Network Layer equivalent protocol - 80 bit address structure
o 32 bit network part o 48 bit node part
Feature table Feature Description Size of a group IPX addresses use a 48-bit node part of
the address, giving 248 possible addresses per network (minus a few reserved values), which should be big enough.
Unique Addresses IPX calls for the LAN MAC address to be used as the node part of the IPX address. This allows for easy assignment and little chance of duplication. Ensuring that no duplicates of the network numbers are made is the biggest concern because the network numbers are configured.
Grouping The grouping concept is identical to IP, with all interfaces attached to the same medium using the same network number. There is no equivalent of IP subnetting.
Dynamic address assignment Client IPX addresses are dynamically assigned as part of the protocol specifications. Servers and routers are configured with the network number(s) on their physical interfaces. Servers can choose to automatically generate an internal network number at installation time.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 55 von 121
IPX routing algorithm
Packetarrives
Am I configured toroute IPX packets ?
Branch to bridginglogic
No
Compare the destinationnetwork number in the
destination address of thepacket with the IPX
routing table
Yes
The destinationnetwork
is NOT found inthe IPX
routing table. Isthere a
default route?
Discard packet
No
The destinationnetwork
IS found in theIPX
routing table
Build the data linkheader
appropriate for theoutgoing interface
Yes
Forward the frameout
that interface
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 56 von 121
Internal networks and encapsulation types
- Netware Servers use internal network numbers - Clients, servers and routers have to use correct encapsulation - Routers have to keep the internal network numbers in their routing tables
because the internal addresses are used as destination address of the packets
- Encapsulation is the Cisco term for describing which data link header is used o “Data link encapsulation defines the details of data link headers and
trailers created by arouter and placed around a packet, before completing the routing process by forwardingthe frame out an interface.”
- There are four different styles of Ethernet headers that can be used: o ARPA o Novell-ether o SAP o SNAP
Ethernet Encapsulation
Encapsulation names Novell’s Name Cisco IOS’s Name Hints for remembering
names and meanings Ethernet_II ARPA One way to help correlate
the two names is to remember that ARPA was the original agency that created TCP/IP and that Ethernet_II is the older version of Ethernet; remember that the “old” names go together.
Ethernet_802.3 Novell-ether Novell’s name refers to the final header before the IPX header, in this case. There are no suggestions on easier ways to recall the IOS name Novell-ether. This setting is Novell’s default on NetWare 3.11 and prior releases.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 57 von 121
Novell’s Name Cisco IOS’s Name Hints for remembering
names and meanings Ethernet_802.2 SAP Novell’s name refers to the
final header before the IPX header, in this case. Novell’s name refers to the committee and complete header that defines the SAP field; Cisco’s name refers to the SAP part of the 802.2 header. (The SAP field denotes that an IPX packet follows the 802.2 header.) This setting is Novell’s default on NetWare 3.12 and later releases.
Ethernet_SNAP SNAP Novell’s name refers to the final header before the IPX header, in this case. Cisco’s name refers to this same header.
Encapsulation structure
Ethernet IPX Data
802.3 IPX Data
802.3 802.2 IPX Data
802.3 802.2 SNAP IPX Data
ARPA
Novell-ether
SAP
SNAP
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 58 von 121
Token Ring & FDDI
Encapsulation names Novell’s Name Cisco IOS’s Name Hints for remembering FDDI_Raw Novell-fddi The IPX packet follow
directly after the FDDI header. No type field is used.
FDDI_802.2 SAP The IPX packet follows the 802.2 header. Novell’s name refers to the committee and complete header that defines the SAP field; Cisco’s name refers to the SAP part of the 802.2 header.
FDDI_SNAP SNAP Novell’s name refers to the final header before the IPX header, in this case. Cisco’s name refers to this same header.
Token-Ring SAP The IPX packet follows the 802.2 header. Novell’s name refers to the committee and complete header that defines the SAP field; Cisco’s name refers to the SAP part of the 802.2 header.
Token-RING_SNAP SNAP Novell’s name refers to the final header before the IPX header. Cisco’s name refers to this same header.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 59 von 121
Encapsulation structure
FDDI IPX Data
802.2 IPX Data
FDDI SNAP IPX Data
802.2 SAP IPX Data
FDDI_RAW
FDDI_802.2
FDDI_SNAP
Token-Ring
802.2 SNAP IPX DataToken -Ring_SNAP
General Encapsulation notes
- on or more encapsulations needed per Ethernet interface - if more than one encapsulation is used on same interface, more than one
encapsulation is possible and allowed on one interface - for each encapsulation type another network number has to be used - two configuration methods:
o IPX secondary addresses o Subinterfaces (allow NLSP as routing protocol)
IPX configuration hints Enabling IPX routing globally as well as on each interface is all that is required to route IPX in a Cisco router. The ipx routing command enables IPX in this router and initializes the RIP and SAP processes. The individual ipx network commands on each interface enable IPX routing into and out of each interface and enable RIP and SAP on each interface, respectively. The IPX addresses are not completely defined, however. Only the network number is configured. The full IPX network number is created by adding the MAC address of each interface to the configured IPX network number. For non-LAN interfaces, the MAC address of a LAN interface is used by default. However, for easier troubleshooting, a MAC address to be used as the node part of the IPX address on non-LAN interfaces can be configured. Several nuances are involved in how the node parts of the addresses are assigned. The first is that if the node part of the IPX address on WAN interfaces is derived from the MAC of a LAN interface, and if there is more than one LAN interface, then the IOS must choose one MAC address to use. The algorithm uses the MAC address of the “first” Ethernet interface—or the first Token Ring interface, if no Ethernet exists, or the first FDDI interface, if no Ethernet or Token Ring exists. The lowest numbered interface number is considered to be “first.” The next nuance is that if no LAN interfaces exist, the node parameter on the ipx routing command must
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 60 von 121
be configured, or IPX routing will not work on a WAN interface. The final nuance is that the node part of IPX addresses on router LAN interfaces ignores the node parameter of the ipx routing command, and uses its specific MAC address as the node part of the address.
5. Routing
Generell goals of routing
- To dynamically learn and fill the routing table with a route to all subnets in the network.
- If more than one route to a subnet is available, to place the best route in the routing table.
- To notice when routes in the table are no longer valid, and to remove those routes from the routing table.
- If a route is removed from the routing table and another route through another neighboring router is available, to add the route to the routing table. (Many people view this goal and the previous one as a single goal.)
- To add new routes, or to replace lost routes with the best currently available route, as
- quickly as possible. The time between losing the route and finding a working replacement route is called convergence time.
- To prevent routing loops.
Protocol types
- interior routing protocols for routing inside one organization o RIP Version 1 and 2 o (E)IGRP o OSPF
- CCNA exam focusses on interior routing protocols - Exterior routing protocols for routing between organizations
o BGP – Border Gateway Protocol o EGP – Exterior Gateway Protocol
- Routing protocol ↔ routing algorithms ↔ type of routing protocol o Link-state
Topological database on each router describing • Each router • Each routers attached links • Each routers neighboring routers
Complete Map of the network Dijkstra shortest path first(SPF) algorithm for choosing the best
routes to add to the routing table. This detailed topology information along with the Dijkstra algorithm helps link-state protocols avoid loops and converge quickly.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 61 von 121
o Balanced hybrid mixture of link state and distance vector topological database Diffusing Update Algorithm (DUAL) Less intensive math operations
o Distance Vector Refer to next passage
Assignment of routing algorithms and protocols Routing protocol Protocol type Loop prevention by Mask sent in
Updates? RIP-1 Distance Vector Holddown timer,
split horizon No
RIP-2 Distance Vector Holddown timer, split horizon
Yes
IGRP Distance Vector Holddown timer, split horizon
No
EIGRP Balanced Hybrid DUAL and feasible successors
Yes
OSPF Link-State Dijkstra SPF algorithm and full topology knowledge
Yes
Distance Vector Routing behaviour
Directly connected subnets are already known by the router; these routes are advertised to neighboring routers.
Routing updates are broadcast (or multicast, in many cases). This is so that all neighboring routers can learn routes via the single broadcast or multicast update.
Routing updates are listened for so that this router can learn new routes. A metric describes each route in the update. The metric describes how good
the route is; if multiple routes to the same subnet are learned, the lower metric route is used.
Topology information in routing updates includes, at a minimum, the subnet and metric information.
Periodic updates are expected to be received from neighboring routers at a specified
interval. Failure to receive updates from a neighbor in a timely manner results in the
removal of the routes previously learned from that neighbor. A route learned from a neighboring router is assumed to be through that
router. A failed route is advertised for a time, with a metric that implies that the
network is
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 62 von 121
“infinite” distance. This route is considered unusable. Infinity is defined by each routing protocol to be some very large metric value. For instance, RIP’s infinite metric is 16 because RIP’s maximum valid hop count is 15.
Problems that can occur in multiple path networks (with distance vector routing protocols) Possible Problem Possible Solution(s) Multiple routes to same subnet with equal metric
Implementation options involve either using the first route learned or putting multiple routes to the same subnet in the routing table.
Routing loops occurring due to updates passing each other over a single link
Split horizon—The routing protocol advertises routes out an interface only if they were not learned from updates entering that interface. Split horizon with poison reverse—The routing protocol advertises all routes out an interface, but those learned from earlier updates coming in that interface are marked with infinite distance metrics.
Routing loops occurring due to updates passing each other over alternate paths
Route poisoning—When a route to a subnet fails, the subnet is advertised with an infinite distance metric.
Counting to infinity Holddown timer—After knowing that a route to a subnet has failed, a router waits a certain period of time before believing any other routing information about that subnet. Triggered updates—An update is sent immediately rather than waiting on the update timer to expire when a route has failed. Used in conjunction with route poisoning, this ensures that all routers know of failed routes before any holddown timers can expire.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 63 von 121
Split horizon The routing protocol advertises routes out an interface only if they were not learned from updates entering that interface
Split horizon with poison reverse The routing protocol advertises all routes out an interface, but those learned from earlier updates coming in that interface are marked with infinite distance metrics
Route poisoning When a route to a subnet fails, the subnet is advertised with an infinite distance metric.
Holddown timer After knowing that a route to a subnet has failed, a router waits a certain period of time before believing any other routing information about that subnet
Triggered Updates An update is sent immediately rather than waiting on the update timer to expire when a route has failed. Used in conjunction with route poisoning, this ensures that all routers know of failed routes before any holddown timers can expire.
RIP and IGRP behaviour
Comparison of RIP and IGRP Features Feature RIP IGRP Update Timer 30 seconds 90 seconds Metric Hop Count Function of bandwith and
delay(default); can include reliability, load and MTU
Holddown timer 180 280 Flash / triggered updates Yes Yes Mask sent in update RIP Version 1: No
RIP Version 2: Yes No
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 64 von 121
Infinite Metric Value 16 4.294.967.295
Metric issues
RIP RIP’s hop count metric signifies the number of routers between the router receiving an update and the updated subnet. Before sending an update the router increments the metric of each route by 1.
IGRP The IGRP metric considering bandwith and delay on the update receiving interface is more robust than the RIP metric. The metric gets more meaningful, because longer hop routes on faster links can be considered better routes. ( better 30 hops in 2 seconds than 1 hop in 4 seconds ☺) IGRP uses a composite metric. This metric is calculated as a function of bandwidth, delay, load, and reliability. By default, only the bandwidth and delay are considered; the other parameters are considered only if enabled via configuration. Delay and bandwidth are not measured values but are set via the delay and bandwidth interface subcommands. (The same formula is used for calculating the metric for EIGRP, but with a scaling factor so that the actual metric values are larger, allowing more granularity in the metric.)
Distance Vector Routing Protocol Summary Distance vector routing protocols learn and advertise routes. The routes placed in the routing table should be loop-free and should be the best known working route. Metrics are used to choose the best route. Mechanisms such as split horizon and holddown timers are used to prevent routing loops.
Configuration of RIP and IGRP
The “network” command The network command causes implementation of the following three functions:
Routing updates are broadcast or multicast out an interface. Routing updates are processed if they enter that same interface. The subnet directly connected to that interface is advertised.
The “passive-interface” Command The passive-interface command can be used to cause the router to listen for RIP/IGRP and advertise about the connected subnet, but not to send RIP/IGRP updates on the interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 65 von 121
RIP-1 and IGRP—No Subnet Masks Several subtle actions are taken in light of the lack of mask information in the update:
Updates sent out an interface in network X, when containing routes about subnets of
network X, contain the subnet numbers of the subnets of network X but not the corresponding masks. Updates sent out an interface in network X, when containing routes about
subnets of network Y, are summarized into one route about the entire network Y. When receiving a routing update containing routes referencing subnets of
network X, the receiving router assumes that the mask in use is the same mask it uses on an interface with an address in network X.
When receiving an update about network X, if the receiving router has no interfaces in network X, it treats the route as a route to the entire Class A, B, or C network X.
RIP Version 2
Features Feature Description Transmits subnet masks with route This feature allows VLSM by passing the
mask along with each route so that the subnet is exactly defined.
Provides authentication Both clear text (RFC-defined) and MD5 encryption (Ciscoadded feature) can be used to authenticate the source of a routing update.
Includes a next-hop router IP address in its routing update
A router can advertise a route but direct any listeners to a different router on that same subnet. This is done only when the other router has a better route.
Uses external route tags RIP can pass information about routes learned from an external source and redistributed into RIP.
Provides multicast routing updates Instead of sending updates to 255.255.255.255, the destination IP address is 224.0.0.9, an IP multicast address. This reduces the amount of processing required on non-RIP-speaking hosts on a common subnet.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 66 von 121
RIP Version migration Migration from RIP-1 to RIP-2 requires some planning. RIP-1 sends updates to the broadcast address, whereas RIP-2 uses a multicast. A RIP-1 only router and a RIP-2 only router will not succeed in exchanging routing information. To migrate to RIP-2, one option is to migrate all routers at the same time. This might not be a reasonable political or administrative option, however. If not, then some coexistence between RIP-1 and RIP-2 is required. The ip rip send version command can be used to overcome the problem. Essentially, the configuration tells the router whether to send RIP-1 style updates, RIP-2 style updates, or both for each interface.
Auto Summary and Route Aggregation It is typically true that any algorithm that searches a list will run more quickly if the list is short, compared to searching a similar list that is long. Auto summary and route aggregation (also known as route summarization) are two IOS features that reduce the size of the IP routing table. Auto summarization is a routing protocol feature that operates by this rule:
When advertised on an interface whose IP address is not in network X, routes about subnets in network X will be summarized and advertised as one route. That route will be for the entire Class A, B, or C network X.
Auto summary is a feature of RIP-1 and IGRP that cannot be disabled. For RIP-2 and EIGRP, auto summary can be enabled or disabled. IP subnet design traditionally has not allowed discontiguous networks. A contiguous network is a single Class A, B, or C network for which all routes to subnets of that network pass through only other subnets of that same single network. Discontiguous networks refer to the concept that, in a single Class A, B, or C network, there is at least one case in which the only routes to one subnet pass through subnets of a different network. Route summarization (also called route aggregation) works like auto summarization, except that there is no requirement to summarize into a Class A, B, or C network. Route aggregation is simply a tool used to tell a routing protocol to advertise a single, larger subnet rather than the individual smaller subnets. EIGRP and OSPF are the only interior IP routing protocols to support route aggregation.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 67 von 121
Routing Protocol Auto summary
enabled Auto summary disabled
Route aggregation
RIP-1 Yes, by default Not allowed No IGRP Yes, by default Not allowed No RIP-2 Yes, by default Allowed via
configuration No
EIGRP Yes, by default Allowed via configuration
Yes
OSPF No, but can do equivalent with aggregation
Yes Yes
Multiple routes to the same subnet
- 4 equal cost paths to same IP subnet allowed by default - “ip maximum-paths x” changes from 1 to 6 - (E)IGRP metrics are most lokely not 100 per cent equal
o “variance multiplier” command defines when not 100 per cent equal routes are threated as equal
o route metric < lowest metric * multiplier = equal route - “traffic share min” all traffic over llowest metric route - “traffic share balanced” traffic proportionally splitted to all routes based on
theire metric (default)
Administrative distance Administrative distance is important only if multiple IP routing protocols are in use in a single router. When this is true, both routing protocols can learn routes to the same subnets. Because their metric values are different (for example, hop count or a function of bandwidth and delay), there is no way to know which routing protocol’s routes are better. So, Cisco supplies a method of defining which routing protocol’s routes are better. The IOS implements this concept using something called administrative distance. Administrative distance is an integer value; a value is assigned to each source of routing information. The lower the administrative distance, the better the source of routing information. IGRP’s default is 100, OSPF’s is 110, RIP’s is 120, and Enhanced IGRP’s is 90. The value 100 in brackets in the show ip route output signifies that the administrative distance used for IGRP routes is 100—in other words, the default value is in use. So, if RIP and IGRP are both used, and if both learn routes to the same subnets, only IGRP’s routing information for those subnets will be added to the routing table. If RIP learns about a subnet that IGRP does not know about, that route will be added to the routing table.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 68 von 121
IPX RIP
IP RIP and IPX RIP in comparison Novell RIP / IPX RIP IP RIP Uses Distance Vector Uses Distance Vector Is based on XNS RIP Is based on XNS RIP 60 seconds update timer (by default) 30 seconds update timer (by default) Uses timer ticks as primary metric, hop count as secondary metric
Uses hop count as only metric
IPX RIP Metric IPX RIP uses two metrics: ticks and hops. Ticks are 1/18 of 1 second; the metric is an integer counter of the number of ticks delay for this route. By default, a Cisco router treats a link as having a certain number of ticks delay. LAN interfaces default to one tick and WAN interfaces default to six ticks. The number of hops is considered only when the number of ticks is a tie. By using ticks as the primary metric, better routes can be chosen instead of just using hop count. For example, a three-hop, three-tick route that uses three Ethernets will be chosen over a twohop, eight-tick route that uses two Ethernets and a serial link.
Service Advertisement Protocol – SAP
Brief SAP Description SAP is used by servers to propagate information that describes their services.
SAP Process - SAP uses a concept similar to split horizon to stop a node from advertising
SAP information it learned on an interface with updates sent out that same interface.
- Each server sends SAP updates by default every 60 seconds that include the IPX address, server name, and service type.
- Every other server and router listens for these updates but does not forward the SAP packet(s). Instead, the SAP information is added to a SAP table in the server or router; then the packets are discarded.
- When that router or server’s SAP timer expires, new SAP broadcasts are sent. As with IPX RIP for routing information, IPX SAP propagates service information until all servers and routers have learned about all servers.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 69 von 121
IPX logon procedure - The overall goal of Client 1 is to log in to its preferred server, Server 2. - The first step is to connect to some server that has a full SAP table so that the
client can learn the IPX address of its preferred server. (The preferred server name is configured on the client, not the IPX address of the preferred server.)
- The router might know the preferred server’s name and IPX address in its SAP table, but no IPX message defined allows the client to query the router for name resolution. However, an IPX broadcast message asking for any nearby server is defined by IPX: the GNS request.
- The router can supply the IPX address of some nearby server because the router has a SAP table.
- Next, the client needs to learn which router to use to forward packets to the server discovered by its GNS request.
- RIP requests and replies are used by the client to learn the route from any router (or server) on the same LAN.
- As a result, Client 1 knows which router to use to deliver packets to network 1001.
- After connecting to Server 1, the client learns the IPX address of Server 2, its preferred server.
- The client needs to know the best route to the preferred server’s - network; therefore, a RIP request and reply to learn the best next-hop router to
network 1002. - Finally, packets are sent between the client and Server 2 so that the client can
log in; the intervening routers are simply routing the packets. - IPX clients create their own IPX address using the network number in the
source address field of the GNS reply. The GNS reply is always sent by a router or server on the same network as the client. The client examines the source IPX address of the GNS reply to learn its own IPX network number. The complete client IPX address is formed by putting that network number with the MAC address of the client’s LAN interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 70 von 121
Graphically
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 71 von 121
IPX configuration - “ipx routing” command enables IPX RIP and SAP - “ipx network” command implies that RIP and SAP updates should be sent and
listened for on those interfaces. Only one route to each network is allowed in the routing table, by default. If the ipx maximum-paths 2 global command had been configured on Yosemite, both routes would be included. Unlike with IP, when two routes are in the IPX routing table, per-packet load balancing across these paths occurs, even if fast switching is enabled. The default per-packet load balancing used for IPX when multiple routes to the same network are in the routing table may not be desired because packets can arrive out of order. By having the router send all packets to an individual IPX address over the same route every time, those packets should be received in order. The ipx per-host-load-share configuration command disables per-packet balancing and enables balancing based on the destination address. Of course, the penalty is that the traffic will not be completely balanced, based on the numbers of packets to each destination.
Tunneling
Description Tunneling is the process whereby a router encapsulates one Layer 3 protocol inside another protocol (typically IP) for transport across a network to another router. The receiving router de-encapsulates the packet, leaving the original protocol. Each intermediate router that is used between the endpoints of the tunnel is unaware of the protocol being encapsulated.
Important terms Three important terms are used to describe the three parts of the entity that is sent between the two tunneling routers:
- Passenger protocol—This is the protocol being encapsulated. In Figure 6-16, IPX is the passenger protocol.
- Encapsulation protocol—To identify the passenger protocol, an additional header is used. You can think of this additional header as another place to include a field such as the data link layer’s type, DSAP, or protocol field. The IP header defines that one of these encapsulating protocol headers follows IP, and the encapsulation protocol identifies the type of Layer 3 passenger protocol that follows it.
- Transport protocol—The transport protocol delivers the passenger protocol across the network. IP is the only choice in the IOS.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 72 von 121
Reasons for tunneling - To allow multiple protocols to flow over a single-protocol backbone - To overcome discontiguous network problems - To allow virtual private networks (VPNs) - To overcome the shortcoming of some routing protocols with low maximum
metric limitations - To reduce the amount of overhead of routing protocols
The reduction of overhead and the capability to have an IP-only backbone are the two most compelling reasons to use tunneling.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 73 von 121
Tunneling for VPNs
Token-Ring
Token-Ring
VPN Provider
Ethernet
Ethernet
B1 B2
A2A1
Routers A1 and A2 are owned by Company A, and Routers B1 and B2 are owned by Company B. The two companies do not want their traffic intermingled. If the service provider simply set up routing protocols to each company’s sites and advertised all the routes into the service provider network, a couple of undesirable situations will occur. First, route filtering would be required to keep Company A from learning routes to Company B, and vice versa. Also, if either company wanted to use private IP addresses, then the intermingling of IP routes would be disastrous. For instance, if both Company A and Company B decided to use network 10.0.0.0, subnets would overlap and only some of the traffic would be delivered correctly. The benefit of tunneling for VPNs is that the service provider network does not learn routes about Company A or Company B. The tunnels use addresses in the service provider network. The routing protocol on Routers A1 and A2 send updates to each other over the tunnel, so these two routers think they are logically adjacent. Likewise, Routers B1 and B2 send updates to each other; these updates do not need to be processed by the service provider routers. Also, because the customer routes are not learned by the service provider, there is no need for route redistribution or route filtering.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 74 von 121
Tunneling configuration Tunneling configuration is not very complicated if you remember the framing with the transport, encapsulation, and passenger protocols. A tunnel interface is created on each router at the ends of the tunnel. To accommodate the transport protocol, an IP address is used at the endpoints of the tunnel; these IP addresses are used as the source and destination IP addresses of the encapsulated packets. The type of encapsulation protocol is configured; there are six alternatives. Finally, the tunnel interface is configured just like any other interface to enable the desired passenger protocols. The configuration is simplified if you concentrate on the transport, encapsulation, and passenger protocols. First IP is enabled on all interfaces except the tunnel interface. However, the tunnel source command implies the IP address to be used on the interface; this IP address is used as the source for all packets sent out the tunnel interface. Likewise, the tunnel destination IP address is used as the destination address for packets sent out each tunnel interface. IP is enabled by default. The encapsulation protocol in this case has defaulted to generic route encapsulation (GRE). If another protocol were desired, the tunnel mode interface subcommand would be used to set the protocol. The passenger protocol is enabled on the tunnel interface, just as it would be for any other interface. IPX routing is enabled globally, and the ipx network command is used on both the Ethernet interface and the tunnel interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 75 von 121
Integrated Multiprotocol Routing So far only separate Multiprotocol Routing was discussed. That means, that for every possible Layer 3 Protocol an own routing protocol is defined. Integrated multiprotocol routing means that a routing protocol is able to decide the best route for every Layer 3 protocol.
Integrated multiprotocol routing process IP Packet
IPX PacketAppleTalk Packet
Type of packet ?
IP routing table IPX routing table AppleTalk routingtable
route it route it route it
compare
com
pare
compare
Separate Multiprotocol Routing ↔ Integrated Multiprotocol Routing Separate Multiprotocol Routing Integrated Multiprotocol Routing Multiple routing tables, one each for IP, IPX, and AppleTalk
Multiple routing tables, one each for IP, IPX, and AppleTalk
Multiple routing updates, one per routing protocol.
One routing update combined for all three routed protocols.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 76 von 121
Routing Command Summary Command Information supplied Show ip protocol Provides information on IP routing
protocols running, IP addresses of neighboring routers using the routing protocol, and timers.
Show ip route Lists IP routes, including subnet, next-hop router, and outgoing interface. Also identifies the source of routing information.
Show ipx route Lists IPX routes, including subnet, next-hop router, and outgoing interface. Also identifies the source of routing information.
Show ipx servers Lists contents of the SAP table, including server name, address, and SAP type.
Debug ip rip Lists detailed contents of both sent and received IP RIP updates.
Debug ip igrp transactions Lists detailed contents of both sent and received IGRP updates.
Debug ip igrp event Lists summary of contents of both sent and received IGRP updates.
Debug ip rip activity Lists detailed contents of both sent and received IPX RIP updates.
Debug ipx sap activity Lists detailed contents of both sent and received SAP updates.
Router rip Enables RIP as routing protocol Router igrp process-id Enables IGRP with process-id Network net-number Includes net-number in Routing Protocol
updates Passive-interface type number Excludes subnets on this interface from
routing protocol advertisements Maximum-paths x Sets the maximum number of equal cost
paths kept in routing table Variance multiplier Determines when 2 nearly equal cost
IGRP paths are threated as really equal Traffic-share balanced/min Determines wheter only lowest cost IGRP
path (min) or all paths are used proportionally to theire costs (balanced)
Show ip route subnet Shows entire routing table or just subnet entry
Show ip protocol Routing protocol parameters and timers
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 77 von 121
6. Access list security Filtering IP Traffic
Where Filtering can be done Packets can be filtered as they enter an interface, before the routing decision.
- Packets can be filtered before they exit an interface, after the routing decision. - “Deny” is the term used in the IOS to imply that the packet will be filtered. - “Permit” is the term used in the IOS to imply that the packet will not be filtered. - The filtering logic is configured in the access list. - At the end of every access list is an implied “deny all traffic” statement.
Therefore, if a - packet does not match any of your access list statements, the packet will be
blocked.
Graphically
IP packet
inboundaccess list
trash
can routing logic
outboundaccess list
Forward
permit
permit
deny
deny
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 78 von 121
IP access list commands Command Function / Purpose access-list {1-99} {permit/deny} source-addr [source-mask] Global command for
standard numbered access lists.
access-list{100-199} {permit/deny}protocolsource-addr[source-mask] [operator operand]destination-addr[destination-mask] [operatoroperand] [established]
Global command for extended numbered access lists.
ip access-group{number/name[in/out] } Interface subcommand to enable access lists
ip access-list{standard/extended}name
Global command for standard and extended named access lists.
deny{source[source-wildcard] /any}[log] Standard named access list subcommand
{Permit/deny}protocol source-addr[sourcemask] [operator operand] destination-addr[destination-mask] [operator operand][established]
Extended named access list subcommand
access-class number/name [in/out] Line subcommand for standard or extended access lists.
show ip interface Includes reference to the access lists enabled on the interface.
show access-list Shows details of configured access lists for all protocols.
show ip access-list[number] Shows IP access lists.
Access list logic - The matching parameters of the first access list statement are compared to
the packet. - If a match is made, the action defined in this access list statement(permit or
deny) is performed. - If a match is not made in Step 2, then Steps 1 and 2 are repeated using the
next sequential access list statement. - If no match is made with an entry in the access list, the deny action is
performed.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 79 von 121
Standard IP access lists
Functionality - Standard access lists can match only by examining the source IP
address field in the packet’s IP header. - Any bit positions in the 32-bit source IP address can be compared to
the access list - Statements. - A wildcard mask defines the subset of the 32 bits in the IP address that
must be matched. - Matching is performed by comparing an access-list command address
parameter and the packet’s source IP address. - Mask bits of value binary 0 imply that the same bit positions must be
compared in the two IP addresses. - Mask bits of value binary 1 are wildcards; the corresponding bit
positions in the addresses are considered to match, regardless of values.
- In other words, binary 1s mean that these bit positions already match—hence the name wildcard.
Examples - Access List entry 0.0.0.0 All bits have to match - Access List entry 255.255.255.255 All bits automatically match regardless
of the address in the packet - Access List entry 0.0.255.255 The first 16 bits of the address have to match - Access List entry 32.48.0.255 All bits except the 3rd, 11th, 12th, and last 8
must match (refer to binary representation of the access list mask).
Extended IP access lists
Functionality Extended IP access lists are almost identical to standard IP access lists in their use. The key difference between the two types is the variety of fields in the packet that can be compared for matching by extended access lists.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 80 von 121
Matching options graphically
Matching options overview
- Source IP address (like a standard access list) - Portions of the source IP address, using a wildcard mask (like a standard
access list) - Destination IP address - Portions of the destination IP address, using a wildcard mask - Protocol type (TCP, UDP, ICMP, IGRP, IGMP, and others) - Source port - Destination port - Established matches all TCP flows except first flow - IP TOS - IP precedence
An access list statement matches when all options in the statement match!
Examples Access list statement What matches ? access-list 101 deny tcp any host 10.1.1.1 eq 23 Packet with any source address;
destination must be 10.1.1.1, with a TCP header, with destination port 23.
access-list 101 deny tcp any host 10.1.1.1 eq telnet Same function as last example; telnet keyword is used instead of port 23.
access-list 101 deny udp 1.0.0.0 0.255.255.255 lt 1023 any Packet with source in network 1.0.0.0 to any destination, using UDP with source port less than 1023..
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 81 von 121
Access list statement What matches ? access-list 101 deny udp 1.0.0.0 0.255.255.255 lt 1023 44.1.2.3 0.0.255.255
Packet with source in network 1.0.0.0 to destinations beginning 44.1, using UDP with source port less than 1023.
access-list 101 deny ip 33.1.2.0 0.0.0.255 44.1.2.3 0.0.255.255
Packet with source in 33.1.2.0/24 to destinations beginning 44.1.
access-list 101 deny icmp 33.1.2.0 0.0.0.255 44.1.2.3 0.0.255.255 echo
Packet with source in 33.1.2.0/24 to destinations beginning 44.1, which are ICMP Echo Requests and Replies.
The keyword any implies that any value is matched. The keyword host, followed by an IP address, implies that exactly that IP address is matched. In other words, the any keyword implies logic like a wildcard mask of 255.255.255.255, and the host keyword implies logic like a wildcard mask of 0.0.0.0.
Named IP access lists
Differences between numbered and named ACL’s - Names are more intuitive reminders of the function of the list. - Names allow for more access lists than 99 standard and 100 extended, which
is the restriction using numbered access lists. - Named access lists allow individual statements to be deleted. Numbered lists
allow for deletion only of the entire list. Insertion of the new statement into a named list requires deletion and re-addition of all statements that should be later in the list than the newly added statement.
- The actual names used must be unique across all named access lists of all protocols and types on an individual router. Names can be duplicated on different routers.
Comparison of named and numbered ACL’s Numbered Named Commands for matching packets: standard IP ACLs
access-list 1-99 permit | deny . . .
ip access-list standard name
Commands for matching packets: extended IP ACLs
access-list 100-199 permit | deny . . .
ip access-list extended name
Commands for enabling ACLs
ip access-group 1-99 in | out ip
access-group name in | out
Commands for enabling ACLs
ip access-group 100-199 in | out
ip access-group name in | out
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 82 von 121
Notes about deleting parts of named access lists You can delete parts of named access lists. So for example just one statement in it. Check the following config log to see how this can be done: First we build us an access list:
conf t Enter configuration commands, one per line. End with Ctrl-Z. Router(config)#ip access-list extended barney Router(config-ext-nacl)#permit tcp host 10.1.1.2 eq www any Router(config-ext-nacl)#deny udp host 10.1.1.1 0.0.0.128 255.255.255.127 Router(config-ext-nacl)#deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 ! The next statement is purposefully wrong so that the process of changing the list can be seen. Router(config-ext-nacl)#deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255 Router(config-ext-nacl)#deny ip host 10.1.1.130 host 10.1.3.2 Router(config-ext-nacl)#deny ip host 10.1.1.28 host 10.1.3.2 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#^Z Router#sh run Building configuration... Current configuration: . . (unimportant statements omitted) . ! ip access-list extended barney permit tcp host 10.1.1.2 eq www any deny udp host 10.1.1.1 0.0.0.128 255.255.255.127 deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255 deny ip host 10.1.1.130 host 10.1.3.2 deny ip host 10.1.1.28 host 10.1.3.2 permit ip any any
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 83 von 121
Then we want to delete an entry:
IP access list summary
- The order of the list is important. - All matching parameters must be true before a statement is “matched.” - An implied “deny all” is at the end of the list.
The philosophy of choosing the location for access lists is covered in more depth in the CCNP exam than in the CCNA exam. However, filtering packets closer to the source of the packet generally is better because the soon-to-be discarded packets will waste less bandwidth than if the packets were allowed to flow over additional links before being denied.Be particularly careful of questions relating to existing lists. In particular, if the question suggests that one more access-list command should be added, simply adding that command will place the statement at the end of the list, but the statement might need to be earlier in the list to accomplish the goal described in the question. Also focus on the differences between named and numbered IP access lists.
Router#conf t Enter configuration commands, one per line. End with Ctrl-Z. Router(config)#ip access-list extended barney Router(config-ext-nacl)#no deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255 Router(config-ext-nacl)#^Z Router#show access-list Extended IP access list barney permit tcp host 10.1.1.2 eq www any deny udp host 10.1.1.1 0.0.0.128 255.255.255.127 deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 deny ip host 10.1.1.130 host 10.1.3.2 deny ip host 10.1.1.28 host 10.1.3.2 permit ip any any Router#conf t Enter configuration commands, one per line. End with Ctrl-Z. Router(config)#ip access-list extended barney Router(config-ext-nacl)#no permit ip any any Router(config-ext-nacl)#no deny ip host 10.1.1.130 host 10.1.3.2 Router(config-ext-nacl)#no deny ip host 10.1.1.28 host 10.1.3.2 Router(config-ext-nacl)#deny ip 10.1.2.0 0.0.0.255 10.1.3.0 0.0.0.255 Router(config-ext-nacl)#deny ip host 10.1.1.130 host 10.1.3.2 Router(config-ext-nacl)#deny ip host 10.1.1.28 host 10.1.3.2 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#^Z Router#sh ip access-list Extended IP access list barney permit tcp host 10.1.1.2 eq www any deny udp host 10.1.1.1 0.0.0.128 255.255.255.127 deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 deny ip 10.1.2.0 0.0.0.255 10.1.3.0 0.0.0.255 deny ip host 10.1.1.130 host 10.1.3.2 deny ip host 10.1.1.28 host 10.1.3.2 permit ip any any
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 84 von 121
Filtering IPX Traffic and SAPs
ACL numbers 800 – 899 Standard IPX ACL 900 – 999 Extended IPX ACL 1000 – 1099 SAP ACL
IPX ACL commands The commands are nearly the same. Additionally the following commands are available:
- ipx access-group {number | name [in | out] } Interface subcommand to enable a named or numbered, standard or extended IPX access list
- ipx output-sap-filter list-number Interface subcommand to enable SAP access lists used for outbound SAP packets
- ipx input-sap-filter list-number Interface subcommand to enable SAP access lists used for inbound SAP packets
- show ipx interface Includes reference to the access lists enabled on the interface
- show access-list number Shows details of all configured access lists for all protocols
- show ipx access-list Shows details of all IPX access lists
Standard IPX ACL’S Can filter by::
- Source network - Source IPX address (network and node) - Source network and portions of the node address, using a node mask - Destination network - Destination IPX address (network and node) - Destination network and portions of the node address, using a node mask
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 85 von 121
Extended IPX ACL’s
Can filter by:
- Source network - Source IPX address (network and node) - Source network and portions of the node address,
using a node mask - Destination network - Destination IPX address (network and node) - Destination network and portions of the node address,
using a node mask
- Portions of entire source IPX address, using a wildcard mask - Portions of entire destination IPX address, using a wildcard mask - Protocol type (NetBios, SPX, SPX+NCP,RIP,SAP) - Source socket - Destination socket
(Socket is the same as an TCP/UDP port)
Graphically: Matching fields can be:
Like
sta
ndar
d IP
X A
CL
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 86 von 121
SAP Filters
How SAP packets flow
1. A router or server decides it is time to send a SAP broadcast on its attached network, based on the expiration of its SAP timer.
2. That router or server creates enough SAP packets to advertise all its SAP information (up to seven services per packet, by default).
3. That router or server sends the SAP packets out into the attached network. 4. Other routers and servers are attached to the same medium; these routers
and servers receive all the SAP packets. 5. The receiving routers and servers examine the information inside the SAP
packets and update their SAP tables as necessary. 6. The receiving routers and servers discard the SAP packets. Every server and
router uses a SAP timer, which is not synchronized with the other servers and routers.
7. When the timer expires, each server and router performs Steps 1 through 3, and their neighboring servers and routers react and perform Steps 4 through 6.
In other words: SAP packets are never forwarded by a router or server!
Filtering without forwarding Due to the fact that packets are only filtered by packet filters when they go through a router SAP packets can’t be filtered, because they don’t go through a router.
distribute lists are used instead
Function SAP filtering provides two functions:
- filtering the services listed in outgoing SAP updates o reduces the information sent to the router’s neighboring IPX servers
and routers. - filtering services listed in received SAP updates.
o limits what a router adds to its SAP table when an update is received. - Unlike packet filters, SAP filters examine the data inside the packet as well.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 87 von 121
Graphically
SAPUpdatePacket
Check SAPInfo Update Sap Table
Sap Table
Check SAPtable
Do not add totable
Do not put entryinto packet Build SAP packets
permitdeny
permitdeny
send SAPUpdates
SAP timerexpires
Reasons for filtering SAP Packets - SAP updates can consume a large amount of bandwidth, particularly in
nonbroadcast multiaccess (NBMA) networks. If clients in one division never need services from servers in another division, there is no need to waste bandwidth advertising the services.
- Sap Filters can accomplish the same task as most IPX packet filters, but with less overhead.
- SAP filtering to disallow certain clients from using certain servers is more efficient than IPX packet filters. SAPs are sent once every 60 seconds, whereas packet filters cause the IOS to examine every IPX packet, a much more frequent task.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 88 von 121
SAP filtering matching fields - Source network - Source IPX address (network and node) - Portions of the source address, using a wildcard mask - Destination network - Destination IPX address (network and node) - Portions of the destination address, using a wildcard mask - Service type - Server name
Named IPX ACL’s - use same configuration logic like standard and extendes IPX ACL’s and SAP
filtering - Some advantages:
o Names are more intuitive reminders of the function of the list. o Names allow more access lists than 100 standard, extended, and SAP
access lists, which is the restriction using numbered access lists. o Named access lists allow individual statements to be deleted.
Numbered lists allow for deletion only of the entire list. Insertion of the new statement into a named list requires deletion and re-addition of all statements that should follow the newly added statement.
o The actual names used must be unique across all named access lists of all protocols and types on an individual router. Names can be duplicated on different routers.
- Matching fields of numbered and named IPX ACL’s and SAP filtering are identical
Comparison of named and numbered IPX ACL’s / Commands Numbered Named Standard Matchin command
access-list 800-899 permit | deny . . .
*ipx access-list standard namepermit | deny . . .
Extended Matching command
access-list 900-999 permit | deny . . .
*ipx access-list extended name permit | deny . . .
SAP matching command access-list 1000-1099 permit | deny . . .
*ipx access-list sap name permit | deny . . .
Standard ACL enabling ipx access-group 800-899 in | out
ipx access-group name in | out
Extended ACL enabling ipx access-group 900-999 in | out
ipx access-group name in | out
SAP filter enabling ipx output-sap-filter 1000- 1099 ipx input-sap-filter 1000-1099
ipx output-sap-filter name ipx input-sap-filter name
*Permit and deny are subcommands of the ipx access-list command name is created by administrator
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 89 von 121
Notes about deleting parts of named access lists You can delete parts of named access lists. So for example just one statement in it. Check the following config log to see how this can be done: First we build us an access list: Then we want to delete an entry:
configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipx access-list sap fred R1(config-ipx-sap-nacl)#deny 2 7 R1(config-ipx-sap-nacl)#deny 3 R1(config-ipx-sap-nacl)#deny 4 7 R1(config-ipx-sap-nacl)#permit -1 R1(config-ipx-sap-nacl)#^Z R1#show ipx access-lists IPX sap access list fred deny 2 7 deny 3 deny 4 7 permit FFFFFFFF
R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipx access-list sap fred R1(config-ipx-sap-nacl)#no deny 4 7 R1(config-ipx-sap-nacl)#^Z R1#show ipx access-lists IPX sap access list fred deny 2 7 deny 3 permit FFFFFFFF
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 90 von 121
Overview IPX ACL configuration commands Command Configuration mode and
purpose access-list {800-899} {permit | deny} sourcenetwork [.source-node [source-node-mask]] [destination-network [.destination-node [destination-node-mask]]]
Global command to create numbered standard IPX access lists
access-list {900-999} {permit | deny} protocol [source-network] [[[.source-node [source-nodemask]] | [.source-node source-networkmask. source-node-mask]] [source-socket] [destination-network] [[[.destination-node [destination-node-mask] | [.destination-node destination-network-mask. Destination-nodemask]] [destination-socket] log
Global command to create numbered extended IPX access lists
access-list {1000-1099} {permit | deny} network [.node] [network-mask.node-mask] [service-type [server-name]]
Global command to create numbered SAP access lists
ipx access-list {standard | extended | sap } name
Global command to begin creation of a named standard, extended, or SAP access list
{permit | deny} source-network [.source-node [source-node-mask]] [destination-network [.destination-node [destination-node-mask]]]
Named access list subcommand for standard access lists
{permit | deny} protocol [source-network] [[[.source-node [source-node-mask]] | [.sourcenode source-network-mask.source-node-mask]] [source-socket] [destination-network] [[[.destination-node [destination-node-mask] | [.destination-node destination-network-mask. Destination-node-mask]] [destination-socket] log
Named access list subcommand for extended access lists
{permit | deny} network [.node] [networkmask. node-mask] [service-type [server-name]]
Named access list subcommand for SAP access lists
ipx access-group {number | name [in | out] } Interface subcommand to enable a named or numbered, standard or extended IPX access list
ipx output-sap-filter list-number Interface subcommand to enable SAP access lists used for outbound SAP packets
ipx input-sap-filter list-number Interface subcommand to enable SAP access lists used for inbound SAP packets
show ipx interface Includes reference to the access lists enabled on the interface
show access-list number Shows details of all configured access lists for all protocols
show ipx access-list Shows details of all IPX access lists
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 91 von 121
7. WAN Protocols and Design Point to point leased lines
Terms and Definitions Term Definition Synchronous The imposition of time ordering on a bit stream. More practically
speaking, a device will try to use the same speed as another on the other end of a serial link. However, by examining transitions between voltage states on the link, the device can notice slight variations in the speed on each end so that it can adjust its speed
Asynchronous The lack of an imposed time ordering on a bit stream. More practically speaking, both sides agree to the same speed, but there is no check or adjustment of the rates if they are slightly different. However, because only 1 byte per transfer is sent, slight differences in clock speed are not an issue. A start bit is used to signal the beginning of a byte.
Clock source The device to which the other devices on the link adjust their speed when using synchronous links.
DSU/CSU Data Services Unit and Channel Services Unit. This is used on digital links as an interface to the telephone company in the United States. Routers typically use a short cable from a serial interface to a DSU/CSU, which is attached to the line from the telco with a similar configuration at the other router on the other end of the link. The routers use their attached DSU/CSU as the clock source.
Telco Telephone company. 4-wire circuit A line from the telco with four wires, comprised of two twisted-pair
wires. Each pair is used to send in one direction, so a 4-wire circuit allows full-duplex communication.
2-wire circuit A line from the telco with two wires, comprised of one twisted-pair wire. The pair is used to send in only one direction at a time, so a 2-wire circuit allows only half-duplex communication.
T/1 A line from the telco that allows transmission of data at 1.544Mbps. This can be used with a T/1 multiplexor.
T/1 mux. A multiplexor that separates the T/1 into 24 different 64kbps channels. In the United States, one of every 8 bits in each channel can be used by the telco so that the channels are effectively 56kbps channels
E/1 Like a T/1, but in Europe. It uses a rate of 2.048Mbps and 32 64kbps channels.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 92 von 121
Protocol used on point to point links
Overview - Link Access Procedure Balanced (LAPB) - High-Level Data Link Control (HDLC) - Point-to-Point Protocol (PPP)
Functions - LAPB, HDLC, and PPP provide for delivery of data across a single point-to-
point serial link. - LAPB, HDLC, and PPP deliver data on synchronous serial links. (PPP
supports asynchronous functions as well.)
Framing Each of these protocols defines framing so that receiving stations know where the beginning of the frame is, what address is in the header, and the point at which the packet begins. By doing so, the router receiving data can distinguish between idle frames and data frames. Synchronous links, rather than asynchronous links, are typically used between routers.
How to differentiate the 3 protocols - Whether the protocol supports synchronous communications, asynchronous
communications, or both. - Whether the protocol provides error recovery. (The LAPB, HDLC, and PPP
protocols all provide error detection.) - Whether an architected Protocol Type field exists. In other words, the protocol
specifications define a field in the header that identifies the type of packet contained in the data portion of the frame.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 93 von 121
Point-to-Point Data Link Protocol Attributes Protocol Error Correction ? Architected
Type Field Other Attributes
Synchronous Data Link Control (SDLC)
Yes None SDLC supports multipoint links; it assumes that the SNA header occurs after the SDLC header.
Link Access Procedure Balanced (LAPB)
Yes None Spec assumes a single configurable protocol after LAPB. LAPB is used mainly with X.25. Cisco uses a proprietary type field to support multiprotocol traffic.
Link Access Procedure on the D channel (LAPD)
No No LAPD is not used between routers, but is used on the D channel from router to ISDN switch for signaling.
High-Level Data Link Control (HDLC)
No No HDLC serves as Cisco’s default on serial links. Cisco uses a proprietary type field to support multiprotocol traffic.
Point-to-Point Protocol (PPP)
Enables the user to choose whether error correction is performed; correction uses LAPB
Yes PPP was meant for multiprotocol interoperability from its inception, unlike all the others. PPP also supports asynchronous communication.
Note: Architected type field A field defined in the protocol itself which defines the type of encapsulated packet inside the WAN data link frame (if more than one type is possible)is called architected (“build in”) HDLC and PPP Configuration
Configuration commands Command Configration mode and purpose encapsulation{hdlc|ppp|lapb} Interface subcommand; defines which protocol to
use compress[Predictor|stac|mppc[ignore-pfc]] Interface subcommand; defines whether and
which compression should be used on the link. show interface Lists statistics and details of interface
configuration, including the encapsulation type.
show compress Lists compression ratios. show process Lists processor and task utilization. Is useful in
watching for increased utilization due to compression.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 94 von 121
Changing encapsulation types Converting back to HDLC (the default) is done with the encapsulation hdlc command, not by using a command such as no encapsulation ppp! Additionally, any other interface subcommands that are pertinent only to PPP are also removed when the encapsulation hdlc command is used..
PPP special features • PPP provides several other features in addition to synchronization and
framing. • Two categories:
o those needed regardless of the Layer 3 protocol sent across the link o those particular to each Layer 3 protocol.
PPP Link Control Protocol (LCP) provides the base features needed regardless of the Layer 3 protocol sent across the link. A series of PPP control protocols, such as IP Control Protocol (IPCP), provide features for a particular Layer 3 protocol to function well across the link. For example, IPCP provides for IP address assignment; this feature is used extensively with Internet dialup connections today. Only one LCP is needed per link, but multiple control protocols are needed. If a router is configured for IPX, AppleTalk, and IP on a PPP serial link, the router configured for PPP encapsulation automatically tries to bring up the appropriate control protocols for each Layer 3 protocol.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 95 von 121
PPP LCP Features Function Name of LCP Feature Description Looped link detection
Magic number Using a magic number, routers send messages to each other with a different magic number. If you ever receive your own magic number, the link is looped. A configuration setting determines whether the link should be taken down when looped.
Error detection Link Quality Monitoring (LQM)
PPP can take down a link based on the percentage of errors on the link. LQM exchanges statistics about lost packets versus sent packets in each direction; when compared to packets and bytes sent, this yields a percentage of errored traffic. The percentage of loss that causes a link to be taken down is enabled and defined by a configuration setting.
Authentication PAP and CHAP Mostly used on dial links, PAP and CHAP can be used to authenticate the device on the other end of the link.
Compression STAC and Predictor This is software compression. Multilink support Multilink PPP Fragments of packets are load-
balanced across multiple links. This feature is more often used with dial.
Error Detection
Looped link detection allows for faster convergence when a link fails because it is looped. (Links are typically looped for testing purposes.) When this occurs, a router continues to receive the looped Cisco proprietary keepalive messages, so the router might not think that the link has failed. For instance, the absence of routing updates from a neighbor for a certain length of time is used to drive convergence. Waiting on such an event when the link is looped increases convergence time. Looped link detection defeats this problem using a PPP feature called magic numbers. The router sends PPP messages instead of keepalives; these messages include a magic number, which is different on each router. If a line is looped, the router receives a message with its own magic number instead of getting a message with the magic number identifying the router on the other end of the link. A router receiving its own magic number knows that the frame it sent has been looped back. If configured to do so, the router can take down the interface, which speeds convergence.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 96 von 121
Looped Link Detection
Error detection (not error recovery) is accomplished by a PPP feature called Link QualityMonitoring (LQM). PPP at each end of the link sends messages describing the number of correctly received packets and bytes. This is compared to the number of packets and bytes sent to calculate a percentage loss. The router can be configured to take down the link after a configured error rate has been exceeded so that future packets are sent over a longer—but hopefully better—path.
Compression Compression can be performed on LAPB, HDLC, and PPP point-to-point serial links.
Compression goal & price The goal of compression is to reduce the number of bytes sent across the link. However, there is a price to pay for compression—CPU cycles and possibly increased latency for the packets.
What happens with compression • More processing is required on the router to compress each frame, as
compared with no compression. • Latency per frame will increase because of the processing required. • Latency per frame will decrease in cases when the uncompressed packets
have waited in the output queue due to link congestion. With the compressed frames, however, the queue is shorter.
• Link utilization will decrease. • Cisco recommends avoiding sustained CPU utilization exceeding between 40
and 65 percent, depending on the platform.
Reasons for using compression
• leased lines and the traffic are expensive • faster line is not available but more data needs to travel across the line
Compession algorithms Compression can be performed in software or in hardware. Any IOS router can perform LAPB,HDLC, and PPP link compression in software; when software compression is used, CPU utilization is impacted. For hardware compression, either a VIP2 card or a Compression Service Adapter (CSA) on a 72xx or 75xx series router is required. When hardware compression is performed, the CPU is not affected. Several compression algorithms are available in the IOS to perform PPP compression: the STAC, Predictor, and Microsoft Point-to-Point Compression algorithm (MPPC).
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 97 von 121
Assignment of compression algorithm and protocol
Encapsulation Possible compression algorithm(s) PPP STAC, Predictor, MPPC LAPB STAC, Predictor HDLC STAC
WAN cabling standards For any of the point-to-point serial links or Frame Relay links mentioned further on, all that is needed on the router is a synchronous serial interface. Traditionally, this interface is a 60-pin D-shell connector. This interface must then be cabled to a DSU/CSU, which in turn is connected to the cable supplied by the service provider.
Connector examples
Connector details
Standard Standards Body Number of Pins EIA/TIA 232 Telecommunications Industry Association 25EIA/TIA 449 Telecommunications Industry Association 37EIA/TIA 530 Telecommunications Industry Association 25V.35 International Telecommunications Union 34X.21 International Telecommunications Union 15
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 98 von 121
Further Connector notes The interface to the service provider is dependent on the type of connection; the connector could be RJ-11, RJ-48, RJ-45, or possibly coax. Some serial interfaces have an integrated DSU/CSU and do not require a cable of the types shown in the figure. Depending on the expected type of line, a variety of physical interfaces are used. These interfaces are the same as those used for external CSU/DSU devices.
Frame Relay Protocols
Frame Relay Definition - delivers variable-sized data frames to multiple WAN-connected sites - relates most closely to OSI layer 2 - Layer 2 protocol - Does not use logical addressing
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 99 von 121
Frame Relay Features and Terminology
- multiaccess network o more than tweo devices can connect to the medium o leases lines are used as the access link component of frame relay
networks
DCE DCE
FrameRelay
Access Link
LMIMessages
LMIMessages
Frame RelayHeader
Layer 3Packet
The Access Link between router and Frame Relay Network is a leased line.
Terms and concepts Virtual circuit (VC) A VC is a logical concept that represents the path
that frames travel between DTEs. VCs are particularly useful when comparing Frame Relay to leased physical circuits.
Permanent virtual circuit (PVC) A PVC is a VC that is predefined. A PVC can be equated to a leased line in concept.
Switched virtual circuit (SVC) An SVC is a VC that is set up dynamically. An SVC can be equated to a dial connection in concept.
Data terminal equipment (DTE) DTEs are also known as data-circuit termination equipment. For example, routers are DTEs when connected to a Frame Relay service from a telecommunication company.
Data communications equipment (DCE) Frame Relay switches are DCE devices. Access link The access link is the leased line between DTE
and DCE.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 100 von 121
Access rate (AR) The access rate is the speed at which the access link is clocked. This choice affects the price of the connection
Committed information rate (CIR) The CIR is the rate at which the DTE can send data for an individual VC, for which the provider commits to deliver that amount of data. The provider will send any data in excess of this rate for this VC if its network has capacity at the time. This choice typically affects the price of each VC.
Burst rate The burst rate is the rate and length of time for which, for a particular VC, the DTE can send faster than the CIR, and the provider agrees to forward the data. This choice typically affects the price of each VC.
Data link connection identifier (DLCI) A DLCI is a Frame Relay address and is used in Frame Relay headers to identify the virtual circuit.
Forward explicit congestion notification (FECN) The FECN is the bit in the Frame Relay header that signals to anyone receiving the frame (switches and DTEs) that congestion is occurring in the same direction as the frame. Switches and DTEs can react by slowing the rate by which data is sent in that direction.
Backward explicit congestion notification (BECN) The BECN is the bit in the Frame Relay header that signals to anyone receiving the frame (switches and DTEs) that congestion is occurring in the opposite (backward) direction as the frame. Switches and DTEs can react by slowing the rate by which data is sent in that direction.
Discard eligibility (DE) The DE is the bit in the Frame Relay header that signals to a switch to, if frames must be discarded, please choose this frame to discard instead of another frame without the DE bit set.
Nonbroadcast multiaccess (NBMA) NBMA refers to a network in which broadcasts are not supported, but more than two devices can be connected
Local Management Interface (LMI) LMI is the protocol used between a DCE and DTE to manage the connection. Signaling messages for SVCs, PVC status messages, and keepalives are all LMI messages.
Link access procedure—frame mode bearer services (LAPF)
LAPF is the basic Frame Relay header and trailer; it includes DLCI, FECN, BECN, and DE bits.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 101 von 121
LMI and encapsulation types
Definition LMI – Local Management Interface:
- definition of messages between DTE (e.g. a router) and DCE (e.g. Frame Relay Switch of Service Provider)
Encapsulation:
- defines the headers used in addition to basic frame relay headers DTE and DCE care about same LMI. DCE does not care about encapsulation.
LMI - 3 LMI protocols available in IOS:
Name Document IOS LMI-type parameter Cisco Propietary Cisco ANSI TI.617 Annex D Ansi ITU Q.933 Annex A q933a
- LMI autosense supported with IOS version greater 11.2 - Configured LMI type diables autosensing feature - One LMI type per serial interface
o Each LMI controlls single physical link connected to single Frame Relay Switch
- Most important LMI message: o LMI status enquiry
Signals whether a PVC is up or down E.g. when PVC is down a routing protocol can react to signal
that routes over that PVC are down
Encapsulation - Frame Relay defines header/trailer with fields to allow switches and DTEs to
deliver the frame across the network
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 102 von 121
Frame View
LAPFheader
Information LAPFtrailer
DLCI (usually 10 bits)
FECN,BECN,DE (1 bit each)
FCS
There is no protocol field defined. If Frame Relay only uses LAPF header then DTEs cannot support multiprotocol traffic because there is no way to identify the type of protocol in the information field. Two solutions to that problem were created:
- Cisco and three other companies created an andditional header o Comes first in information field o 2 byte protocol type field
values matching the same field used for HDLC by Cisco
Ciscos protocol type field
LAPFheader Cisco Packet LAPF
trailer
- Defined in RFC1490 “Multiprotocol Interconnect over Frame Relay” o Written for multivendor interoperability o Includes a protocol type field o And many other options
E.g. bridged frames o ITU and ANSI intercorporated RFC1490 headers into Q.933 Annex E
and T.617 Annex F RFC1490 protocol type field
LAPFheader
RFC1490 Packet LAPF
trailer
Includes DLCI
Later added toQ.933-E andT.617-Fincludes protocoltype field
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 103 von 121
- Because the frames flow from DTE to DTE both of them have to agree to encapsulation used.
- Each VC can use a different encapsulation.
DLCI and Frame Relay Switching - Data Link connection Identifier (DLCI) is the Frame Relay Address - DLCIs are used to address virtual circuits (not DTEs!) - There is just a single DLCI field in the header – not a source and destination
DLCI - Each VC has to use a different DLCI - Frame Relay Switches will swap the DLCI in transit - DLCIs need to be unique only on the local access link - DLCI values are choosen by the service provider
o DLCIs must be unique on each access link. The DLCI used to identify an individual VC on one access link has no bearing on the value that is chosen to identify the VC on the access link at the other end of the VC.
Frame Relay
DLCI 40 DLCI 41
DLCI 40
DLCI 42
VC
VC
As you can see the DLCI just has to be different on each end of the VC.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 104 von 121
DLCI Global Addressing
GlobalDLCI 42
GlobalDLCI 41
GlobalDLCI 40
Frame Relay
DLCI 40
DLCI 41
DLCI 40
DLCI 42
A
B
C The concept of global addressing is the reason that typical Frame Relay networks use a different DLCI value on each end of the VC. Global addressing allows you to think of the Frame Relay network like a LAN in terms of addressing concepts. In the graphic above, think of the DLCI values as an address for the DTE, which is similar to how a unicast MAC address represents a LAN card. On a LAN, if Host B wants to send a frame to Host A, Host B sends a frame with Host A’s MAC address as the destination. Similarly, if Router B wants to send a frame to Router A, then Router B (by the convention of global addressing) sends a frame with Router A’s global DLCI value in the header. Likewise, Router C sends frames with DLCI 40 to reach Router A, by convention. Router A sends frames with DLCI 41 to reach Router B, and with DLCI 42 to reach Router C, again, by the convention of global addressing. Figure 8-9 shows the DLCIs used for global addressing and the actual values placed into the Frame Relay headers for correct delivery across the network.
Global Addressing Summary • Local addressing is how Frame Relay addressing works. However, by
following the convention of global addressing, planning is easier because the addressing appears similar to LAN addressing.
• A global address for one DTE simply means that all other DTEs with a VC to this one DTE use its global address on their local access links.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 105 von 121
Global Addressing Advantages The biggest advantage is that is easier to add new sites.
DLCI 40
DLCI 41 DLCI 42
DLCI 40
DLCI 41 DLCI 42 DLCI 43 DLCI 44
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 106 von 121
Network layers and Frame Relay There are 3 issues relating to layer 3 flows over frame relay:
- Choices for Layer 3 addressing over Frame Relay interfaces - Broadcast handling - Split horizon
Layer 3 addressing There are three possible Frame Relay meshes
- Full mesh - Partial mesh - Hybrid
Full Mesh Full mesh means that every router has a direct connection to every other router as seen in following graphic:
The IPX and IP addresses would be configured as subcommands on the serial interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 107 von 121
Partial Mesh Because all four routers do not have VCs to each other, each VC uses a different set of Layer 3 groups.
The addresses would be configured as subcommands on the serial interface. Subinterfaces allow the Atlanta router to have three IP addresses and three IPX addresses associated with its serial 0 interface. Subinterfaces can treat each VC as though it were a pointto- point serial link. Each of the three subinterfaces of serial 0 on Atlanta would be assigned a different IP address and IPX address.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 108 von 121
Hybrid Hybrid means a mixture of full and partial meshes so that the following topology can occur:
Two options exist for Layer 3 addressing in this case. The first is to treat each VC as a separate Layer 3 group; five subnets and five IPX networks would be needed for the Frame Relay network. However, if Routers A, B, and C are considered alone, they meet the criteria that each can send packets directly to each other, like a full mesh. This would allow Routers A, B, and C to use one subnet and IPX network. The other two VCs—between A and D, and between A and E—are treated as two separate Layer 3 groups. The result is a total of three subnets and three IPX network numbers. To accomplish either style of Layer 3 addressing in this third and final case, subinterfaces are used. Point-to-point subinterfaces are used when a single VC is considered to be all that is in the group. Multipoint subinterfaces are used among Routers A, B, and C.
Broadcast Handling Broadcasts are not supported over a Frame Relay network. In other words, no capability exists for a DTE to send a frame that is replicated and delivered across more than one VC. However, routers need to send broadcasts for several features to work. In particular, routing protocol updates and SAP updates are broadcasts. The solution to the broadcast dilemma for Frame Relay has two parts. First, the IOS sends copies of the broadcasts across each VC that you instruct it to. Of course, if there are only a few VCs, this is not a big problem. However, if hundreds of VCs terminate in one router, then for each broadcast, hundreds of copies could be sent. The IOS can be configured to limit the amount of bandwidth that is used for these replicated broadcasts.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 109 von 121
As the second part of the solution, the router tries to minimize the impact of the first part of the solution. The router places these broadcasts into a different queue than user traffic so that the user does not experience a large spike in delay each time some broadcast is replicated and sent over each VC.
Split Horizon Split horizon is useful for preventing routing loops by preventing a router from advertising a route onto the same interface in which the route was learned. With Split horizon problems occur when multipoint interfaces are used, because if one VC of a Serial interface fails split horizon does not advertise all VCs on that serial interface in routing updates so that either network loops or network unavailabilities occur. For a deeper view on the topic read the whole Cisco CCNA 640-507 certification guide ☺ The solution to the problem is to disable split horizon when not using subinterfaces or when using multipoint subinterfaces. The IOS defaults to disable split horizon on Frame Relay interfaces in all cases except for point-to-point subinterfaces. If the default value for split horizon is not desired, then the ip split horizon interface configuration command can be used to enable split horizon. Similarly, the no ip split horizon interface configuration command disables split horizon on that interface.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 110 von 121
How Address Mapping Works
Shortcut Mapping is required when using some other data links, but not all. For example, with IP, the ARP process dynamically builds a mapping between an IP address and a LAN address.
Definition The information that correlates to the next-hop router’s Layer 3 address, and the Layer 2 address used to reach it, is called mapping. Mapping is needed on multiaccess networks.
Consider the core routing logic. Router A receives an Ethernet frame from some host and strips the Ethernet header (and trailer). It decides to route the packet out serial 0 to the next router, 10.1.2.2 (Router B’s S0 IP address). Router A builds the Frame Relay header/trailer and sends the frame. Although Router A knows the serial interfaces out which to forward the frame, Router A does not know the correct DLCI yet. A mapping is needed in Router A to correlate 10.1.2.2 (Router B) and the DLCI Router A used to reach Router B.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 111 von 121
However, the same IP ARP used on LANs will not work on Frame Relay because there is no support for broadcasts. Therefore, ARP cannot be used to discover that DLCI. Two solutions exist by which Router A can learn the mapping between Router B’s IP address and DLCI. One uses a statically configured mapping, and the other uses a dynamic process called Inverse ARP. Inverse ARP acquires mapping information in a manner opposite of IP ARP, but the information that maps the Layer 3 and Layer 2 addresses is still found. Inverse ARP is basic; after the VC is up, each DTE announces its network layer address to the DTE on the other end of the VC. Inverse ARP is enabled by default if no subinterfaces are in use. Inverse ARP is also on by default for multipoint subinterfaces. However, Inverse ARP is not enabled on point-to-point subinterfaces because point-to-point subinterfaces behave like a true point-to-point line in regard to routing; if the packet needs to be sent out a point-to-point subinterface, then there is only one possible next router and only one DLCI in use. So, Inverse ARP is not needed with point-to-point subinterfaces.
Review: Frame Relay initialization 1. The LMI sends a status enquiry notifying the DTE when the VC is up. 2. Inverse ARP frames are sent by the routers in each direction for each Layer 3
protocol configured for the VC. Packets can be forwarded at this point. 3. Routing protocols will send their initial updates, routes will be learned 4. End user traffic will be able to flow
LMI status messages inform the routers when the PVC first comes up. Because Inverse ARP frames could not be delivered until the VC was up but can be delivered now, the Inverse ARP announcements declare the Layer 3 addresses. Unless keepalives have been turned off, both the switch and the router expect to send and receive periodic status and status enquiry messages, respectively.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 112 von 121
Graphically
B
DLCI 40 DLCI 41
A
Status: DLCI 41 Up Status: DLCI 40 Up
Inverse-ARP: I am 10.1.1.1 (IP)
Inverse-ARP: I am 10.1.1.2 (IP)
Inverse-ARP: I am 10.AAAA.AAAA.AAAA (IPX)
Inverse-ARP: I am 10.BBBB.BBBB.BBBB (IPX)
Status enquiryStatus enquiry
Status Status
Compression
Shortcut Compression can be performed on Frame relay interfaces. Two general compression types exist:
- payload compresion - TCP header compression
Payload compression Payload compression leaves the Frame relay header intact and only compresses the packet (payload) before transmission. Two algorithm are available:
- STAC - FRF.9
STAC compression - historically used - The algorithm did not follow any standard. - Process works fine, but it can run only in software—no support for this
algorithm exists for Frame Relay on the Versatile Interface Processor (VIP) or the Compression Service Adapter (CSA).
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 113 von 121
FRF.9 compression - Frame Relay Forum standard compression - Also uses STAC algorithm but differs in some details from Ciscos original - FRF.9 compression support is added in hardware into Compression Service
Adapter (CSA) and Versatile Interface Processor 2 (VIP2) - use recommended from Cisco
TCP header compression - compression algorithm can be optimized if the data to be compressed is
known o TCP header is known
- 40 byte TCP header can be reduced to an average of 10 bytes - takes little processing works fast with low CPU amount - TCP header compression can rise to impressing 2 to 1 if IP packets are small
(e.g. during a Telnet session) - For larger packets TCP header compression rates decreases
Frame Relay Configuration
Frame Relay Configuration commands Command Configuration Mode Purpose / Function frame-relay map protocol protocol-address dlci [payloadcompress{packet-by-packet | frf9 stac}] [broadcast] [ietf | cisco]
Interface Statically defines a mapping between a network layer address and a DLCI.
keepalive sec Interface Defines whether and how often LMI status enquiry messages are sent and expected.
interface serial num.sub [pointto-point | multipoint]
Global Creates a subinterface, or references a previously created subinterface.
frame-relay interface-dlci dlc[ietf | cisco] Interface Defines a DLCI used for a VC to another DTE.
frame-relay payload-compress {packet-by-packet | frf9 stac}
Interface subcommand Defines payload compression onpoint-to-point subinterfaces.
show interface. Shows physical interface status show frame-relay {pvc | map | lmi } Shows PVC status, mapping
(dynamic and static), and LMI status.
debug frame-relay {lmi | events} Lists messages describing LMI flows (LMI option). The events option lists inverse ARP information. Other options include lapf, informationelements, ppp, and packet.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 114 von 121
Guideline whether to use subinterfaces Use subinterfaces:
- When the network is partially meshed, using point-to-point subinterfaces overcomes split horizon issues by treating each subinterface as a separate interface.
- When the network is partially meshed, using a multipoint subinterface will work.
- When the network is truly fully meshed, a multipoint subinterface can be used to reduce the number of network-layer groups (for example, IP subnets) that are used.
- When the network is truly fully meshed, point-to-point subinterfaces can be used. This is typically chosen to maintain consistency with other Frame Relay networks elsewhere in the network that are not fully meshed. This choice requires a larger number of IP subnets to be used.
- When the network contains some fully meshed portions (for example, when 3 sites have VCs between each other but the other 10 do not), a multipoint subinterface can be used for the fully meshed portion and point-to-point subinterfaces can be used for the rest.
- When the network contains some fully meshed portions (for example, when 3 sites have VCs between each other but the other 10 do not), using only point-to-point subinterfaces is another option. This requires more IP subnets and IPX networks than when using a multipoint subinterface for the fully meshed portion of the network.
- Many sites avoid confusion by always using point-to-point subinterfaces to maintain consistency.
Correlating DLCIs to subinterfaces Correlating the DLCI(s) to their subinterfaces is required when using either type of subinterface. LMI enquiry messages notify the router that PVCs are active; the router then needs to know which subinterface uses the DLCI. An individual DLCI is used by only one subinterface. For a point-to-point subinterface, only one DLCI is used; for multipoint, many DLCIs are used.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 115 von 121
ISDN protocols and design
ISDN Channels Two types of ISDN interfaces are focussed in IOS documentation:
- Basic Rate Interface (BRI) o 2 Bearer (B) Channels (up to 64kbit) o 1 signaling (D) channel (16kbit)
- Primary Rate Interface (PRI) o T/1 (1,544mbit)
23 B Channels (up to 64kbit) 1 D channel (64 kbit)
o E/1 (2,014 mbit) 30 B channels (up to 64kbit) 1 D channel (64 kbit)
B channels - transport data - speed depends on service provider
D channels - used for signaling
ISDN protocol overview Issue Protocol Key examples Telephone network and ISDN E-series E.163: international telephone numbering plan
E.164: international ISDN addressing ISDN concepts, aspects and interfaces
I-series I.100 series: concepts, structures, terminology I.400 series: User-Network Interfaces (UNI)
Switching and signaling Q-series Q.921: LAPD Q.931: ISDN network layer
ISDN ↔ OSI comparison Osi compared Layer
I-Series Equivalent Q-series specification
General purpose
1 ITU-T I.430
ITU-T I.431 Defines connectors, encoding, framing and
reference points 2 ITU-T I.440
ITU-T I.4411 ITU-T Q.920 ITU-T Q.921
Defines the LAPD protocol used on the D channel to encapsulate signaling requests
3 ITU-T I.450 ITU-T I.451
ITU-T Q.930 ITU-T Q.931
Defines signaling messages—for example, call setup and takedown messages
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 116 von 121
ISDN Function Groups and Reference Points
Inexact Definition (but familiar) - Function groups—A set of functions implemented by a device and software. - Reference points—The interface between two function groups; this includes
cabling details.
Facts to reminder - Not all reference points are used in any one topology; in fact, one or two might
never be used in a particular part of the world. - After the equipment is ordered and working, there is no need to think about
function groups and reference points. - The router configuration does not refer to reference points and function
groups, so many people ignore these details. Function Group Akronym Stands for Description TE1 Terminal Equipment 1 ISDN-capable four-wire cable.
Understands signaling, 2B+D. Uses S reference point.
TE2 Terminal Equipment 1 Equipment that does not understand ISDN protocols and specifications (no ISDN awareness). Uses R reference point, typically an RS-232 or V.35 cable, to connect to a TA.
TA Terminal Adapter Equipment that uses R and S reference points. Can be thought of as the TE1 function group on behalf of a TE2.
NT1 Network Termination Type 1 CPE equipment in North America. Connects with U reference point (two-wire) to telco. Connects with T or S reference points to other customer premise equipment.
NT2 Network Termination Type 2 Equipment that uses a T reference point to the telco outside North America, or to an NT1 inside North America. Uses an S reference point to connect to other customer premise equipment.
NT1/NT2 A combined NT1 and NT2 in the same device. This is relatively common in North America.
Reference Group Connection between R TE and TA2 S TE1 or TA and NT2. T NT2 and NT1. U NT1 and telco. S/T TE1 or TA, connected to an NT1, when no NT2 is used.
Alternately, the connection from a TE1 or TA to a combined NT1/NT2.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 117 von 121
Typical use of ISDN - temporary dial connections
o backup o occasional (DDR dial on demand routing)
- permanently dialed lines (cause of nice prices)
PAP & Chap PAP - Password Authentication Protocol CHAP - Challenge Handshake Authentication Protocol
- used to verify that the endpoints of a dial connections are allowed to connect - PAP uses cleartext passwords and is less often used - CHAP MD5 - encodes the passwords and is mostly used today
Login description Both PAP and CHAP require the exchange of messages between devices. The dialed-to router expects to receive a user name and password from the dialing router with both PAP and CHAP. With PAP, the user name and password are sent by the dialing router. With CHAP, the dialed to router sends a message (called a challenge) that asks the dialing router to send its user name and password. The challenge includes a random number, which is part of the input into the MD5 hash algorithm. The dialing router replies with the MD5 hash value, which is a function of its ID (host name), its password, and the random number supplied in the challenge.
Multilink PPP - function that allows multiple links between a router and another device on
which the traffic is balanced - breaks a packet into fragments, sends them over each of the links and puts
them together again on the other end
Enabling commands The two key commands are the PPP multilink and the dialer load-threshold commands. PPP multilink enables multilink PPP; dialer load-threshold xx either tells the router to dial another B channel if the utilization average on the currently used links is more than xx percent for either inbound or outbound utilization.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 118 von 121
Dial-on-Demand Routing and ISDN Configuration
Some Notes DDR can be used to cause the router to dial or to receive a dial on asynchronous serial interfaces, synchronous serial interfaces, and ISDN BRI and PRI interfaces. All examples in this chapter use ISDN BRI. Two ways exist by which to configure DDR. The two styles of DDR configuration are called DDR legacy and DDR dialer profiles. The main difference between the two is that DDR legacy associates dial details with a physical interface, but DDR dialer profiles-style configuration disassociates the dial configuration from a physical interface, allowing a great deal of flexibility.
- DDR will not dial until some traffic is directed (routed) out the dial interface.
o All routable protocols can be configured to trigger the dial. o Of course, routes are not learned over a dial link while the dial link is
down. o Therefore, static routes are configured
- “Is this packet, which is being routed out this dial interface, worthy of causing the dial to occur?” The packets that are worthy of causing the device to dial are called interesting packets by Cisco.
o Interesting can be defined as all packets of one or more Layer 3 protocols (for example, all IP packets).
o The second method is that interesting can be defined as packets permitted by an access list. In this case, if the access list permits the packet, it is considered interesting.
Example configuration
ip route 172.16.3.0 255.255.255.0 172.16.2.1 access-list 101 permit tcp any host 172.16.3.1 eq 80 dialer-list 1 protocol ip permit dialer-list 2 protocol ip list 101 interface bri 0 encapsulation ppp ip address 172.16.2.2 255.255.255.0 !Use this one if all IP is considered interesting ... dialer-group 1 ! OR Use next statement to trigger for Web to Server Lois dialer-group 2
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 119 von 121
Configuring the dialing itself / needed information
1. For non-ISDN interfaces, it is necessary to communicate the dial string to the external dialing device. In-band signaling (dialing) must be enabled on these interfaces using the command dialer in-band. This is not necessary on a BRI interface because it uses the out-of-band D channel for signaling.
2. The phone number to dial The command is dialer string string, where string is the phone number.
If there is more than one number to dial (e.g. if different sites shall be dialed for different routes) then we got a problem. The dilemma now be how to determine which ISDN telephone number to signal. The key is in the ip route commands and the new dialer map command. Of course, there are unique ISDN telephone numbers for both LosAngeles and GothamCity. Because the static routes will direct the router to send the packet to either 172.16.2.1 or 172.16.2.3, all that is needed is a mapping between these next-hop addresses and their respective ISDN telephone numbers. The dialer map command does exactly that. The dialer map commands imply that if the interesting packet were routed to 172.16.2.1, the dial to LosAngeles would occur. Conversely, if the interesting packet were routed to 172.16.2.3, the dial to GothamCity would occur. Broadcast handling is the final configuration element that must be addressed. Just as with any other point-to-point serial link, there is no true data link broadcast. If a broadcast must be sent on the interface, however, it is necessary to issue the broadcast command to tell the interface to forward the packet across the link.
ip route 172.16.3.0 255.255.255.0 172.16.2.1 ip route 172.16.4.0 255.255.255.0 172.16.2.3 ! Added usernames for CHAP support! username LosAngeles password Clark username GothamCity password Bruce access-list 101 permit tcp any host 172.16.3.1 eq 80 ! Added next statement to make The Client’s FTP connection interesting! access-list 101 permit tcp any host 172.16.4.1 eq 21 ! dialer-list 2 protocol ip list 101 ! interface bri 0 ip address 172.16.2.2 255.255.255.0 encapsulation ppp ppp authentication chap dialer map ip 172.16.2.1 broadcast name LosAngeles 14045551234 dialer map ip 172.16.2.3 broadcast name GothamCity 1999999999901 dialer-group 2 !
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 120 von 121
The decision to take the link down is the most intriguing part about what happens while the link is up. Although any type of packets can be routed across the link, only interesting packets are considered worthy of keeping the link up. An idle timer counts the time since the last interesting packet went across the link. If that time expires, the link is brought down. Two idle timers can be set. With the dialer idle-timeout seconds command, the idle time as previously described is set. If interesting traffic that needs to flow to another dial site is occurring, however, another shorter idle timer can be used. The dialer fast-idle seconds command enables you to configure a typically lower number than the idle timer so that when other sites need to be dialed, the link that is currently up but can be brought down earlier in the process of idling out as per the dialer idle-timeout command.
WAN options – strength and weakness Type of WAN service Data Link Protocols Strengths and weaknesses Leased Delivers pervasive availability. Can be expensive for
long circuits. Is more expensive for providers to engineer than are packet services.
PPP Can improve speed of routing protocol convergence. Allows multivendor interoperability. Has available error recovery option.
HDLC Is the IOS default. Requires Cisco router on each end.
LAPD Provides error recovery, but this also can result in throttling (slowing) the data rate.
Packet-switched Allows addition of new sites to be made quickly. Typically involves a lower cost.
Frame Relay Allows bursting past CIR, giving perception of “free” capacity. Is pervasive in the United States.
ATM As a WAN technology, is not as pervasively available as Frame Relay. Has an attractive built-in Quality of Service feature.
X.25 Is available pervasively in some parts of the world. Offers beneficial error-recovery features when links have higher error rates. Typically is the third choice of these three if all are available to all connected sites.
Cisco CCNA certification notes by Sascha Bülow 2003
Seite 121 von 121
Enterprise Networks and their hardware CoreLayer
DistributionLayer
AccessLayer
Switches Traffic to theappropriate Service
Routing, filteringand WAN access
End station,entry point to the network
Layer Features Desired device
characteristics Core Fast transport, often at the
topological center of the network. Packet manipulation is not performed here.
Highest forwarding speed
Distribution Aggregation of access points. Any media translation or security (for instance, access lists) is performed here.
High interface density, high processing capacity per interface for packet manipulation
Access Entry point for end-user devices, both LAN and dial.
High variety of interface types, less processing capacity required (versus distribution).