CCNA

CCNA
The Study Guide

Jambo Jamo
Module 1.
Basic networking..................................................................................6
1.1.1
What is a computer network....................................................................6
1.1.2
Benefits of a computer network...............................................................6
1.1.3
Disadvantages of the computer Network.................................................7
1.1.4
Core Network Devices.............................................................................8
1.1.5
Interpret network diagrams....................................................................11
1.2 Networking models....................................................................................16
1.2.1
The OSI Model.......................................................................................16
1.2.2
The OSI layers in greater detail.............................................................18
1.2.3
Network Applications.............................................................................21
1.2.4
TCP/IP Model........................................................................................25
1.2.5
The Cisco 3 layer hierarchical model.....................................................26
1.2.6
TCP: Transmission Control Protocol.....................................................26
1.2.7
UDP: User Datagram Protocol...............................................................30
1.2.7
Port Numbers and Multiplexing.............................................................31
1.3 Network Topology.....................................................................................31
1.3.1
Differentiate between LAN & WAN......................................................32
1.3.2
Local area network (LAN).....................................................................32
1.3.3
Wide Area Network (WAN)...................................................................34
1.3.4
WAN Encapsulation Protocols...............................................................35
1.3.5
Frame Relay...........................................................................................37
1.3.6
Select the appropriate media, cables, ports and connectors...................38
Module 2.
Switching.............................................................................................43
2.1 Ethernet......................................................................................................43
2.2 Implement a switched network......................................................................44
2.2.1
Explain switch concepts.........................................................................44
2.2.2
Spanning Tree Protocol..........................................................................46
Spanning tree versions.........................................................................................53
Advance STP configuration.................................................................................54
2.3 Switch Configuration.................................................................................56
2.3.1
Switch Management...............................................................................56
2.3.2
Switch security.......................................................................................57
2.3.3
Port Security...........................................................................................57
Module3
3.1
3.2
3.3
3.4
3.5
3.6
IP Addressing and subnets.................................................................59

IP Addressing.............................................................................................59
Binary.........................................................................................................59
Subnets.......................................................................................................61
Variable length subnet masking.................................................................67
IP Classes...................................................................................................69
IPv6............................................................................................................70
Module 4.
Router Management..........................................................................71
4.1 Router Components...................................................................................71
4.2 Connecting to a Router..............................................................................73
4.3 Router Modes.............................................................................................74
4.4 Configuring Passwords..............................................................................79
4.6 Router Interfaces........................................................................................81
4.6
Cisco Discovery Protocol..........................................................................83
Module 5.
Routing................................................................................................85
5.1 Routing overview.......................................................................................85
5.2 Static Routing............................................................................................85
5.3 Dynamic Routing.......................................................................................87
5.4 Classful v Classless....................................................................................87
5.5 Routing information protocol (RIP)..........................................................88
5.6 Enhanced interior gateway routing protocol (EIGRP)..............................90
5.6.1
Packet Formats.......................................................................................90
5.6.2
Configuring EIGRP................................................................................92
5.7 Open shortest path first (OSPF).................................................................94
5.7.1
Areas, Neighbors and Border Routers...................................................95
5.7.2
Building the Adjacency..........................................................................97
5.7.3
OSPF Network types..............................................................................97
5.7.4
OSPF Cost..............................................................................................98
5.7.5
Link-State advertisement Packets..........................................................99
5.7.6
Configuring OSPF..................................................................................99
5.7.7
Passive interfaces.................................................................................100
5.7.8
OSPF Authentication............................................................................100
5.7.9
OSPF Area configuration.....................................................................100
Module 6.
VLANS..............................................................................................102
6.1 Virtual Local Area Networks...................................................................102
6.2 VLAN Trunking Protocol (VTP).............................................................106
6.3 Enabling VTP Pruning.............................................................................108
6.4 VLan Manangement Policy Server..........................................................108
6.5 Load Sharing Using STP.........................................................................109
6.6 Etherchannel............................................................................................109
6.7 Router on a stick - InterVLAN routing....................................................110
Module 7
Wireless Networking........................................................................112
7.1 Fundamentals...........................................................................................112
7.2 Wireless Security.....................................................................................112
Module 8
Frame Relay.....................................................................................114
8.1 Frame Relay.............................................................................................114
8.2 Frame relay Point-to-Point Configuration...............................................116
8.3 Configuring a frame relay switch for lab use...........................................117
Module 9
Troubleshooting...............................................................................118
9.1 Common network client tools..................................................................118
Module 10 Access lists.........................................................................................119
10.1
Standard or Extended Access-lists.......................................................119
10.2
Numbered vs Named Access-lists........................................................121
10.3
ACL Practical uses...............................................................................121
Module 11
Network address translation NAT..................................................122
11.1
Types of Network address translation..................................................122
Module 12
Home lab equipment........................................................................124
Module 13
13.1
13.2
13.3
13.4
13.5
13.6
Labs...................................................................................................125
Basic Labs............................................................................................125
Router and Switch basics.....................................................................125
Switching Labs.....................................................................................125
Routing Labs........................................................................................125
Security Labs........................................................................................126
WAN Labs............................................................................................126
Module 1.
Basic networking.
1.1.1 What is a computer network

A computer network is a collection of devices that are connected together to enable
the sharing of data and resources. In server based networks, clients rely on servers to
provide services to the end user such as file & print, email, database and internet
access.
Server based networks are configured into logical groups called domains. A domain is
a collection of servers, clients, printers, switches, routers etc under a single common
administrative authority. Security is controlled centrally giving access rights to end
users based on role, location and authority.
Server based networks are very scalable allowing them to support large numbers of
users and resources under the administrator of a skilled engineer. However the larger
the network grows the greater the need to control and manage it correctly.
1.1.2 Benefits of a computer network

A network invariably offers more benefits than disadvantages such as data sharing,
resource sharing and collaboration for multiple geographically dispersed users.
Data sharing
One of the big advantages in a computer network is the ability to quickly share data so
any authorised user has the ability to use it. The data si usually stored on a centralised
server called a file share with permissions set on it to prevent unauthorised access.
This centralised storage model allows for quick and easy back up for use in case of an
event such as accidental deletion or server failure.
Certain hardware and operating systems have the ability to replicate the data to
another location
Resource sharing
Resource sharing is also important in a modern network; resource sharing allows the
use of devices such as printers, scanners, applications by multiple users without the
need to purchase individual devices for each user. For example, purchasing a network
printer allows all users to print to a single device reducing costs and support. A single
high speed internet connection can also be provided by the network administrator
allowing simultaneous access for all users.
Centralized Software Management
Centralised software management allows the installation and configuration of
software applications can be carried out using a server based application and then
deployed to multiple end user devices quickly and efficiently with a costly and time
consuming desktop visit. An example of this software is Microsoft System
management Software ( SMS). This software often allows for auditing of devices and
software installations.
Communication and collaboration medium
Computer network can provide powerful tools to end users to increase communication
and collaboration which has a positive impact on productivity. The use of enterprise
instant messaging reduces communication time and allows the quick passing of
information in an informal procedure.
Data Security and Management
Data security and integrity is an important factor to any business today. By taking
advantage of the network and its security applications data can be stored privately and
securely. By using permissions, data can only be accessed by users who have the
necessary authority. It also allows the storage of data in an organised fashion in
reducing the chance of vital files not being backed up.
Speed
Today, networks are very fast, often sharing data at the blink of an eye, this reduces
the time required to locate and open data to work on. This in turn increases
productivity.
Protocols
Modern networks require processes and rules to operate, these rules are called
protocols and they set the standards on hardware and communication.
1.1.3 Disadvantages of the computer Network

Similar to the advantages of a network, there are also some drawbacks to
implementing this technology.
Expensive to Install
In real terms, it is expensive to implement a network from scratch, the initial costs of
installation are generally high with hardware and software costs along with the
services of a trained engineer who has the necessary skills.
Data Security
If a network is installed and maintained correctly by a skilled administrator then the
security risk to your data should be minimized, however in the wrong hands your
network could become a security risk with critical data at risk of theft or destruction.
Failed hardware can cause a complete outage
As the network relies on physical hardware and the finite life of this, it is a possibility
that a failure will occur at some time on the network. This can be mitigated however
with careful network design along with timely upgrades to hardware to ensure the
network is fully supported by any vendors.
Virus Infections and security risks
With modern computer systems comes the threat of computer virus, if a computer is
connected to a network and has become infected then it can spread the threat to other
devices on the network. This poses a threat to the integrity of data on the network.
Modern virus can include key logging to steal usernames and password or to copy
data from your network to an unauthorised remote user. Proper security diligence by
installing and maintaining antivirus software mitigates but does not fully eliminate
this risk. User education is important on a network; users should not open unknown
files etc.
Overcoming Network Disadvantages
Overcoming these disadvantages requires some time, effort and a skilled
administrator. It is important to create a network security process that adheres to
industry standard practices that ensure data security through such processes as regular
back ups, password change routines, and monitoring system logs. It is important to
actively administer leavers and joiners to ensure the correct security access rules are
applied at all stages.
The security of the network should also include Antivirus software, patching of
operating systems and the addition auditing.
Basic network types
Networks are generally broken down into the following types:
Local Area Networks (LAN) a LAN is a local high speed network covering a
limited geographical area such as an office or campus.
Wide Area Networks (WAN) - a WAN is used to connect LANS together over a
geographically dispersed area.
1.1.4 Core Network Devices

Routers and switches can be classified as the core network devices. They ultimately
provide the end to end connectivity required for a network resource to be accessed
and without them the network would simply not exist. It should be mentioned that an
administrator needs to be aware of other network devices that provide similar
services.
Hubs
Hubs are used in networks to connect devices together; they are simple
devices that forward what they hear on any port out every other port they
have. This behaviour makes hubs very inefficient and a bottleneck in a
modern efficient network.
Hubs operate at layer 2 of the OSI model with each port being part of a single
collision and broadcast domain.
Bridge
A bridge is a device used to separate a network into smaller sections. They do this by
sitting between two physical networks and analyzing the destination mac address of
frame ingress its interfaces. This allows the bridge to build a map of network devices
and either blocking or allowing frames to pass through it based on this map. A bridge
will split a network into separate collision domains but still keeps a single broadcast
domain.
Switches
Like hubs, switches are most used to provide connectivity to end devices;
however they are more intelligent and are best described as a multiport
bridge.
A switch is basically an intelligent high port density bridge which allows high speed
connectivity for devices whilst providing a separate collision domain for each port.
Where a hub simply floods all ports with data, a switch sends data out the port
connected to the destination mac-address.
It does this by looking at incoming data and matching the source address and the port
it arrived in. The switch then builds a list of these addresses into the mac-addresstable. The mac-address-table allows the switch to look up an address and forward the
data out a single port rather than forwarding out multiple ports.
By forwarding data direct to the end device, a switch can improve network
performance in many ways. One of the biggest improvements is the way a switch
creates a collision domain for each port which allows full-duplex connectivity on the
port greatly improving speed and reducing collisions. It should be noted that
broadcast traffic is still forwarded out all ports thus flooding the switch with traffic.
The methods a switch uses to switch data will be covered in greater detail in a later
module.
Router
Routers are physical network devices that run an operating system called IOS and are
used to join multiple smaller sub-network sections or segment larger networks. They
operate on the network layer of the OSI model and use the concept of a routing table
to resolve where to send traffic. Routers typically perform the following functions
Segment a network into smaller segments allowing for smaller broadcast domains as
networks grow along with the number of devices a network can experience a growth
in broadcast traffic. By its nature, broadcast traffic tries to send itself to all devices on
the network; this can eventually lead to performance issues on the network. This
performance can be exaggerated if the network design is not correct. A router can help
manage this broadcast traffic by segmenting the network which essentially slices the
larger network into smaller more manageable broadcast domains. By reducing the
network size and the device count it is generally accepted that broadcast traffic will
reduce.
Act as a default gateway for a network segment - By segmenting a network and
creating multiple smaller networks an administrator must be capable of connecting
these together to allow the sharing of data and resources. A default gateway as its
name suggests is the exit point on a segment to other networks. Through a default
gateway a device can use resource or send data to other devices on any other network.
By using a router to perform this task it can learn the topology of the network by
using routes allowing the movement of traffic from segment to segment. A router can
provide this service to multiple segments by connecting different segments to
different ports. Routers use a routing protocol which is different from a routed
protocol to learn the network topology and provide the best path to any destination in
the network. Common routing protocols include RIP, EIGRP, OSPF, BGP, IS-IS.
Routers are intelligent devices which software functions that allow them to carry out
security functions such as Access control lists, Firewall services and Quality of
Service to provide control over inbound and outbound traffic. They also allow for a
Layer 2.5 protocol called MPLS to carry out very fast routing.
A router can have many port types such as Ethernet, Fast Ethernet, Serial, FXS, FXO,
T1, ISDN these will be described in greater detail in a later module.
In the example 1.4.1 below, we can see the role of a router in segmenting a corporate
network and providing firewall secured access to the internet. The router is connected
to 2 network segments, one of which is the internet. This is normally called a Local
Area Network with access to the internet normally provided by a service provider.
Traffic arriving at the router ports will be processed by the router and forwarded
accordingly by a routing protocol. Typically the protocol used on modern networks is
TCP/IP which is a routed protocol.
Of course, many companies have multiple offices each with a LAN that require
communication between each other. This is typically known as a Wide Area Network
(WAN).
Typically, both routers would be configured to connect to a service provider (ISP)
who creates a logical connection between the two company routers. Common
protocols using in a WAN are Frame Relay, PPP and HDLC.
To summarise a router:
Routers are Layer 3 devices they operate at the NETWORK layer of the OSI
model
Routers will not propagate broadcasts, they create separate broadcast domains.
Routers use routing protocols to exchange information about the network
Routers route routed protocols using a routing protocol.
1.1.5 Interpret network diagrams

The ability to read a network diagram is critical to being a successful network
engineer. Without being able to understand what a diagram is telling you then you will
fail in your pursuit of any networking accreditation. Firstly it is important to
understand some critical network terminology.
Network Diagrams icons
The following is a table detailing the commonly used icons and symbols in a network
diagram.
Router
Switch
Firewall
Server
Serial connection
Broadcast Domain
A broadcast domain is a network segment where all devices will receive a broadcast message
All devices in this domain will receive broadcast frames originating from any other device
within the domain. Broadcast domains are typically bordered by a router.
Collision domain
A collision domain is defined as a network segment that shares the transmission media with
all other devices on the segment. It is called a collision domain because if two hosts transmit
at the same time, the data will collide and cause a collision. This forces all devices to stop
transmitting for a period of time before starting again.
Where do collision and broadcast domains affect networks? To help visualise what a collision
and broadcast domain are and how they are managed in a network there are several
examples using common network hardware and topologies below.
Hubs
Hubs operate at Layer1, the physical layer of the OSI model and are not aware of any routed
protocol such as IP. Being a bus based device they are subject to CSMA/CD where every port
is part of a single collision and broadcast domain. Adding additional hubs extends the
broadcast and collision domain.
Bridges
A bridge operates on the data link layer, which is layer 2 on the OSI model and are used to
segment a network into separate collision domains. Bridges are essentially early low port
density switches.
They operate by creating an address table of MAC addresses called the Mac-address-table.
This table is populated by reading the source mac address from a frame and noting which
port it arrived on. This is then stored in the mac-table. Subsequent frames can be compared
to this table to allow forwarding decision to be made. If the port associated with the
destination is not known then the frame will be broadcast (flooded) out all ports.
Switches
Switches continue to improve network performance over hubs and switches by adding higher
density ports. They still operate mainly at Layer 2 which is the Data link layer of the OSI
model although high end switches now have functionality at Layer 3.
Switches make use of hardware ASIC chips to increase the switching speed of the ports
which now provide 100Mbps full duplex as standard. Some switch ports can provide speeds
in excess of 1000Mbps.
Like a bridge, a switch does not control broadcast domains without additional configuration of
VLANs; however they create a separate collision domain on every port
A VLAN is a logical grouping of switch ports that are isolated from other switch ports on a
physical switch. A VLAN creates a broadcast domain boundary on a single switch where
broadcast traffic cannot pass between VLANs. VLANs are covered in greater depth in a
further module.
ROUTERS
Routers operate at layer 3 of the OSI model which is the Network layer, each port on a router
is a separate broadcast and collision domain. Routers are normally connected to switches in
a LAN.
Servers:
The function a network is to provide the provision of resources to a user. This may
include end users access to applications, shared printers or resources as well as
allowing applications to integrate with each other allowing communication such as
financial software.
Some of the major resources that are shared or stored on a network include data,
applications, printers, email, instant messaging and databases
There are many applications can run on a network, in fact most modern software is
network aware and can communicate across a network, some common examples of
these are
Email, MS Outlook is an example of this when it is configured to use Exchange
server
Web browsers, Internet explorer, Firefox, chrome all use networks to allow users to
browse the internet or connect to a web based application.
Instant messaging: Sametime, Communicator are enterprise tools allowing instant
communication across a network, it often provides free/busy status of users
Collaboration: Collaboration tools such as SharePoint allows groups of people to
access shared data and work together irrespective of geographical location.

Database: A Database enables data to be stored in central servers so that users or
applications have an up to date resource that can be easily retrieved them.
File Share: allows users and applications to store information centrally on a server
allowing security controls to be implemented and allow backup.
1.2
Networking models
1.2.1 The OSI Model

Network devices are manufactured by many vendors and often use different types of
programs or code to operate. I the past this place an enormous overhead on network
administrators to research and purchase devices that would communicate correctly
with each other. This was not always the case so the open systems interconnection
(OSI) reference model was developed as a framework for building network protocols
which allowed vendors and developers to understand the process around network
communications.
The main goal of the OSI model is to allow multiple vendors the tools to develop
devices that will communicate with those from other vendors by following a common
set of rules set out to standardise data communications. These rules are commonly
known as protocols.
Some of the benefits of the OSI model include:
Breaking the communication process into smaller, simpler parts or layers which
makes development and standardisation easier
By making smaller layers then it allows changes at a certain layer to be made in
isolation so they do not affect the other layers.
Various types of hardware & software from multiple vendors can communicate with
each other.
The most basic description of the OSI model is it divides the network architecture
into seven layers which, from top to bottom Application, Presentation, Session,
Transport, Network, Datalink and Physical. Therefore it is often referred to as the OSI
Seven Layer Model.
Remembering the order of the layers is critical to understanding the role the model in
the modern network. A common way of remembering it is.
All
People
Seem
To
Need
Data
Processing
Application
Presentation
Session
Transport
Network
Datalink
Physical
This group of layers is commonly known as the stack.

The OSI model works by controlling the flow of data through the layers from a
sending device beginning at the top ( application layer) through all layers to the
bottom (physical) where it is placed on a transmission media across to the receiving
device where it traverses the stack in reverse from Physical through to Application. It
is important to realise that data flows in 2 directions within the stack and is modified
by each layer as it moves up or down.
DOWN the process of the sending device moving data down the stack from
Application to Physical is know as data encapsulation Each OSI layer depends on
the services provided by the layer directly below it. This process adds headers to the
PDU, therefore increasing its size.
UP the process of the receiving device moving data up the stack from Physical to
Application is known as data decapsulation this process removes headers from
PDU as it moves up the stack presenting the next layer with information in their
header.
Depending on where the PDU is at in the OSI model the name of the PDU changes:
Application Layer:
Presentation Layer
Session Layer:
Transport Layer:
Network layer:
Data Link layer:
Physical layer:
DATA
DATA
DATA
SEGMENT
PACKET
FRAME
BIT
Layer.7
Layer.6
Layer.5
Layer.4
Layer.3
Layer.2
Layer.1
Layers 7, 6, and 5 of the OSI, also known as the Application, Presentation and Session
are collectively known as the upper layers and are implemented in software such as a
browser or mail client.
Layers 4 and 3, the Transport and network layers are concerned with routed protocols
such as TCP/IP and are responsible for the delivery of packet to the destination. These
layers are also implemented in software such as the networking stack within an
operating system.
Layers 2 and 1, the data link and physical layers are primarily hardware based and
define the method for transporting the data to a destination.
Presentation
Session
File, Print, Messaging, database. Application

Data encryption, compression and translation
Dialog control
Transport
Network
End to end communication

Routing
Application
Datalink
Physical
Framing
Physical topology
1.2.2 The OSI layers in greater detail

Layer 7: Application
The application layer is the entrance to the network, at this layer various applications such as
e-mail clients, Browsers, FTP start to use the network. The application layer is also
responsible for the identification and establishment of intended communications to another
device. It is important to realise that the application layer is not part of any program but simply
provides an interface for a program to use a network to communicate.
Programs that are utilized at the application layer include
Telnet, FTP, IM, Browsers, Network games
Layer 6: Presentation
The presentation layer is responsible for the presentation or conversion of data for the
application layer. The name comes from the process this layer carries out to manipulate,
encrypt/decrypt, and compress/uncompress data from the lower layers into a useable format
for use in the application layer. In essence, the presentation layer takes user data and
converts it to a machine usable format
For example, mail messages contain various data formats: text, application attachments,
video, audio, and graphical signature. The presentation layer converts this to useable data.
When a device sends data, the presentation layer receives the data payload from the
application layer and processes it for sending towards the session layer.
When a device is receiving data, the presentation layer carries out uncompressing or
decrypting of the data payload to allow it to be passed to the application layer.
Layer 5: Session
The session layers responsibility is create and maintain the session or logical communication
channels between the presentation layers of the sending and receiving devices. The session
layer acts like a pipeline allowing multiple applications to communicate across a single
network connection whilst maintain data integrity. Authentication is also carried out by the
session layer. Communication between the session layer and transport layer is carried out
using sockets and is setup and torn down for each communication.
Layer 4: Transport
The transport layer manages the actual transport of data over the network between sending
and receiving hosts .It essentially slices the data into manageable chunks called segments
that can easily be handles and sent across the network. It provides the end to end
communication between devices and can be either connection oriented using the TCP
protocol or connectionless using the UDP protocol. It allows makes a decision to send the
data reliably or not along with the separation and management of application.
The TCP protocol provides Connection orientated end to end communication channel which
means reliable transport through the following two additional functions:
Flow Control: a mechanism that enables the communicating hosts to negotiate how
much data is transmitted each time with each time slot.
Reliability service: a mechanism that guarantee the delivery of each packet by using
sequence numbers and acknowledgments.
TCP is responsible for slicing the dataflow into segments and attaching a sequence number
to each of them. The segment is then passed to the network layer. When the TCP segments
arrive at a receiving device the segments are reordered and reassembled into a dataflow for
processing by the session layer. TCP will be discussed further in a later module.
Layer 3: Network
The Network layer is responsible for the calculation of the best path to the destination and the
actual routing of the data. The Network layer converts segments received from the Transport
layer into packets which are sent to Layer 2 Data Link.
Logical device addresses are allocated at the network layer of which the IP address is the
most commonly used. This allows any device to be uniquely identified anywhere on the
network.
Examples of Layer 3 protocols include the following routed protocols such as IP, IPX, and
ICMP along with routing protocols such as RIP, BGP, OSPF and EIGRP. These protocols will
be covered in later modules
Layer 2: Datalink
The data link layer consists of the two sub-layers of Link Logic Control ( LLC) and Media
access Control (MAC) and is responsible for taking packets from the Network layer, wrapping
it into a frame suitable for the physical transmission media and then actually sending it across
the wire. The most common device used at layer2 are Switches.
The data link layer is responsible for flow control and error checking.
As mentioned the Data link layer has distinct sub layers that perform independent functions.
When a frame pass passes through a device at this layer, it replaces the source and
destination MAC address; however the IP address does not change.
LLC sub layer
LLC is the upper sub layer of the Data Link layer. It resides immediately below the Network
layer and above the MAC Sub layer. The LLC hides the underlying infrastructure from the
Network layer thus presenting any physical configuration as a preset configuration.
MAC sub layer
The MAC layer is responsible for most things physical such as addressing in the form of a
MAC address and allows the upper layers to access the physical media. It handles the
transformation of frames to bits in preparation of transmission on the physical media.
Some standards on this layer include Frame Relay and Ethernet.
MAC Addressing is also known as the layer2 address is a hexadecimal address that is unique
to each device on the network and is hard-coded to the device.
An example of a MAC address would be 00:01:A5:55:B1:01 where the first 6 digits are
specific to a vendor or manufacturer and the last 6 digits are the unique device address.
Layer 1: Physical
The physical layers responsibility lies with the definition of mechanical, electrical and
functional connection between devices. This involves a type of transmission media such as
twisted copper wire, Fibre optic and any physical connection that they plug into such as ports
or patch panels.
Data is transmitted across the physical layers as either a 1 or 0
The following diagram shows the process of encapsulation through the layers for TCP/IP
communications
Applicatio
n
DATA
TCP
Header
DATA
IP
Header
TCP
Header
DATA
IP
Header
TCP
Header
DATA
Transport
Network
Datalink
Physical
MAC
LLC
FCS
1010111111000100101010101010110101101010101
Devices that operate at Layer 1 include hubs, repeaters and network cards
OSI Layer
Devices
Application
Firewall, Gateway, and

IDS
Presentation
N/A
Session
Transport
Network
N/A
Firewall
Router
Data Link
Bridge, Switch
Physical
Transceiver, Repeater,
Hub, NIC
Applications
SMTP, POP3, DNS, DHCP,
FTP, HTTP, TFTP, SNMP,
VoIP
JPG, JPEG, TIFF, PNG,
GIF, MIME
NFS, ASP, SQL, RPC
TCP, UDP, SPX
IP, IPX, Appletalk
Ethernet, PPP, HDLC,
Frame
Relay, ATM
RJ45, ST/SC, V series
(modem
1.2.3 Network Applications

In modern networks, there are certain applications that are required to help the
network function. These applications work in the background and provide critical
services such as IP address allocation and name resolution. DHCP and DNS are
usually transparent to end devices and are configured by an administrator globally on
the network
DNS The Domain Name Service may is the application that takes
a human readable URL, web link or resource name and
converts it to an IP address. DNS is akin to a telephone
directory in the way it stores an IP address and it domain
name.
A domain name is simply a way of describing an IP address in an easier to read
human format. DNS uses a concept of namespaces which is similar to a tree structure.
This namespace starts at the root ( . ) then has a top level domain such as .com or .net
above it. Immediately above the top level domain is the domain name level this is
where a name is assign or bought by companies or users.
This full address is called a Fully Qualified Domain Name (FQDN). A few examples
are
www.redmountainit.com
www.training.cisco.com
Company host
www
Domain name
redmountainit
Top level domain

com
All FQDN are stored in DNS servers that are available on the internal network and the
internet. DNS works by the DNS server hosting a zone or collection of DNS records
including the FQDN and IP addresses local to the network. Requests are sent to the
DNS server and if it holds an entry it will respond. However, its not always possible
for a DNS server to hold all records especially when an internet address is required. In
this scenario the local DNS server will forward the query to an internet root server
which will either respond with the request or reply with a DNS server known as an
authoritative server which can provide the answer. This is known as a recursive query.
When the original DNS server receives a reply from the root server or authoritative
server it stores the answer in its memory for future use. This is known as DNS
Caching. DNS Caching reduces network bandwidth resulting from DNS queries by
storing any DNS queries for a record.
Configuring DNS lookup on a Cisco router to point to a well known DNS server
Router(config)# ip name-server 4.4.4.4
To disable DNS lookups on an IOS device:
Router(config)# no ip domain-lookup
DHCP Dynamic Host Configuration Protocols function is to automatically provide
network devices an IP address based on its location within a network. DHCP uses
groups of IP address known as a scope that are specific to a segment of the network.
Either a server or routers are configured as a DHCP server that is a device that has
the DHCP service installed and configured with scopes. Every device on the network
must have an IP address, therefore as the network grows it can become time
consuming and chaotic trying to administer IP addresses manually. This is where
DHCP plays an important part of an administrators toolbox.
As previously mentioned a DHCP server can assign IP addresses from a scope or
range of IP addresses configured on it. As part of the scope, DHCP can automatically
assign other important network settings to devices such as the subnet mask, default
gateway, DNS server amongst others. The scope contains a finite number of IP
addresses and if these where allocated indefinitely they it would soon become
exhausted therefore DHCP uses a lease system to avoid exhaustion of the scope. This
sets a time limit on the use of an IP address to a configurable value, typically 8 days.
A mechanism called lease renewal is activated at 50% of the remaining lease time to
request a renewal. If a device does not request a renewal the IP address is
automatically returned to the pool for future use.
DHCP uses the following lease process
A device requests an IP address by broadcasting a DISCOVER DHCP
A DHCP server replies with an OFFER of an address
The device then officially REQUESTS this address
The DHCP server ACKNOWLEDGES this request and assigns the address
You may notice that the initial DHCP discover is a broadcast, we know that a
broadcast stops at the layer3 boundary and will not traverse a router. This causes
issues on large network as its inefficient to have a DHCP server on each segment. A
solution to is to to configure a DHCP relay agent on the gateway device. This agent
listens for DHCP packets and forwards them as a unicast packet direct to a DHCP
server.
Configure a Cisco device to be a DHCP server
Router(config)# ip dhcp pool MY_DHCP_POOL
Router(dhcp-config)# network 172.16.1.0
255.255.255.0
Router(dhcp-config)# excluded-address 172.16.1.1
172.16.1.10
These 3 commands create a DHCP pool called MY_DHCP_POOL then assigns the
range of IP addresses to be allocated by the pool. Finally it excludes the IP range of 110 which could be used as a server range and default gateway
File Transfer Protocols - File Transfer Protocol (FTP) and Trivial File
Transfer Protocol (TFTP) are both provide the ability to transfer files from
device to device however they behave slightly differently.
FTP can almost be called an application in the way it operates, it requires a server,
client and authentication to reliably transfer files.
TFTP requires nothing more than an application to be able to send files. It doesnt
care about a client and is not reliable.
E-mail Protocols
Email is now a critical business application and it is important to understand that mail
has its own protocol. The two main email protocols are Simple Mail Transfer Protocol
(SMTP) and Post Office Protocol (POP3).
SMTP is used as the send protocol between all devices whereas POP3 is used to
receive mail only to an end device. Be aware that incorrectly configured SMTP
servers can be hi-jacked by spammers, when this happens the SMTP server is referred
to as an open relay and will be producing massive quantities of mail which will
quickly consume all the networks bandwidth
Network Management Protocols
Simple Network Management Protocol (SNMP) is another very important Application
layer protocol used to provide monitoring functionality for the network
SNMP uses a Management information base (MIB) that contains a default list of
questions the SNMP protocol can ask devices. The devices can then provide a huge
amount of configuration and information
Internet Protocols
Internet usage is now a way of life and has a huge impact on how people work, live
and play. Its hard to imagine a world without the internet; however it relies on a few
protocols to work. The Hyper Text Transport Protocol (HTTP) and the secure version
(HTTPS) provide the communication between the web servers and end clients using
HTML files. Hyper Text Mark-up Language tells browsers to format the information
provided to the browser displaying what we know as a webpage. HTTP uses port 80
or 8080
Hyper Text Transport Protocol over SSL (HTTPS) uses the same process, but simply
adds security and encryption to the process and uses port 443.
Quality of Service (QoS) and Voice over IP (VOIP) Quality of Service is crucial
when VOIP is running on the network. VOIP is time sensitive and bandwidth
congestion, delay and jitter all combine to destroy VOIP. Quality of service is a
mechanism that allows the categorising and policing of traffic on the network.
Although QoS is out with the CCNA scope it is crucial to know that it does exists and
how it can help to control and police certain protocols.
It is possible to take a protocol such as Kazza or FTP, categorise it and then set a limit
on the amount of bandwidth it is allowed to consume. It is also permissible to also
guarantee protocol or applications a bandwidth limit, this is often used to categorise
UDP Voice traffic.
Be aware of what packet loss, congestion and jitter mean.
Jitter
Congestion
Packet Loss
When packets arrive I the wrong order

When links are operating at 100% capacity or certain
protocols are hogging the bandwidth
When packets are dropped due to congestion or
incorrect routing.
1.2.4 TCP/IP Model

The TCP/IP protocol suite has become the industry standard method of connecting devices
on a network and those networks to the internet. TCP and IP are the two most important
protocols within the TCP/IP suite whose main goal is to standardise the communication and
connection for network devices.
The OSI model as described in the previous lesson provides a seven layer approach to
networking. The TCP/IP model provides a 4 layer model approach to the same networking
tasks. It was created by the US Department of Defence in response to a need for a network to
be survivable under any condition. The four layers in the TCP/IP model roughly align to the
OSI as per the diagram 2.3.1
OSI
Application
TCP/IP
Applications
Application
Telnet, FTP, NNTP,

SMTP
Presentation
Session
Transport
Network
Data Link
Physical
NNTP, POP3, DNS, SSH

TCP
Transport
UDP
Internet
Network
IP, ICMP, ARP

Ethernet, ADSL
Frame Relay, HDLC
As the diagram suggests the layers have names that suggest they have a similar function to
those of the OSI model, but it has to be stress the TCP/IP model is protocol specific (TCP /
IP) whereas the OSI model is protocol independent.
The 4 layers of the TCP/IP model can be described as follows
Application Layer: Similar to the OSI Application, Presentation and Session Layer, its
normally provided by an application or program that wishes to communicate to another
device. this layer is responsible for representation, encoding, and dialog control.
Transport Layer: Aligns to the OSI Session and transport layers where TCP and UDP reside.
The transport layer provides end to end data transfer for multiple simultaneous applications.
Internet Layer: Aligns to the OSI Network layer. IP resides at this layer and provides logical
addressing and routing capabilities.
Network Access Layer: Aligns and combines the functionality of the OSI Datalink and
Physical layers. This layer defines the physical features of the network.
Internet Protocol (IP). Standardised as protocol 5, IP is a connectionless protocol that
provides best effort delivery of packets relying on upper layer protocols to carry out flow
control and retransmission. Logical addressing is a function of IP with IPv4 addresses being
todays standard addressing scheme with the latest version IPv6 started to be utilised due to
its superior address range. IP addressing is covered in greater detail in a later module.
Address Resolution Protocol (ARP)

The address resolution protocol ARP is responsible for converting the higher-level protocol
addresses (IP addresses) to physical network addresses
When a host wants to send an IP datagram to another host, it first has to determine the
Physical network address of that host. To do this it uses the ARP protocol.
The IP protocol on the source host believes all address reside on the same physical network
its sends as ARP broadcast. The default gateway IP routing device will receive this ARP
request and look at its IP routing table to check the next hop to the destination host. If a route
exists, the router will respond with its own address.
Reverse ARP this is the opposite to ARP in which the hardware address is known but the IP
address is not. A device can boot without knowing its IP address, it will send a Reverse ARP
request to a RARP server that will respond with an IP address.
BOOTP the BOOTP protocol was developed to aid diskless workstations to boot with a
minimal networking configuration with enough information to begin the process of contacting a
server to request and download a boot code. BOOTP is also commonly used as a delivery
mechanism for configuration. The most common example of BOOTP is thin clients or
terminals. As BOOTP uses a broadcast mechanism, it cannot traverse layer 3 devices. To
resolve this issue, the BOOTP relay agent can be installed on a gateway device that
retransmits the broadcast to the destination as a unicast.
1.2.6 TCP: Transmission Control Protocol

Transmission Control Protocol (TCP) resides in the transport layer of OSI and TCP/IP
models and the reliable transport protocol in TCP/IP. TCP provides reliable delivery
of packets through the use of sequenced acknowledgment with retransmission of
packets when necessary..
By using sequence numbers and acknowledgment messages, TCP can provide a
sending device information o the status of data delivery. In the event of data loss then
through this acknowledged delivery process TCP can resend the lost data. TCP
Flow control can also be introduced to inform the sending device that it is sending
faster than can be processed. This slows data transfer allowing the receiving device to
process data.
Devices may run many applications that require network services which all contend
for these services. There must be a mechanism to keep each data flow separate from
others to allow the correct delivery of data to the correct application. This is
accomplished by using ports and sockets.
TCP uses the concept of ports to connect to the Network layer; each process or
application that wants to communicate with another device identifies itself by one or
more ports. A port is a 16-bit number used by the host-to-host protocol to identify to
which higher-level protocol or application program (process) it must deliver incoming
messages. There are two types of ports:
Well-known: Well-known ports belong to standard services, and range from 1 to 1024.
Common ports include SMTP:25, POP3:110 FTP:21 RDP:3389 Telnet:23
Upper ports: These ports identified as being numbered above 1024 can be used by
applications on an ad-hoc basis and are not controlled.
TCP also uses sockets to connect upwards to the application layers. A socket is an
application interface commonly known as an API that are designed to act as a go
between that separates the application and the OS networking stack.
The following image gives a graphical representation of ports and sockets
TCP is responsible for breaking a message passed down from the session layer into
multiple segments. It then attaches a sequence number to each segment before passing
to the network layer.
For a connection to be established, the two end stations must synchronize on each
others initial TCP sequence numbers. This initial exchange ensures that lost data can
be recovered.
The following steps are followed in this initial synchronization:
1.
2.
3.
4.
A > B SYN My sequence number is X

A < B ACK Your sequence number is X; I expect X + 1 next
A < B SYN My sequence number is Y
A > B ACK Your sequence number is Y; I expect Y + 1 next
Because step 2 and 3 are combined into one message, it is called a three-way
handshake. The following diagram might better illustrate this process.
TCP will return an acknowledgment to the sender upon receipt of one or more
segments. There is a field called Acknowledgment number in the TCP segment. The
receiving TCP use this field to tell the sending TCP which segment to receiving TCP
expecting to receive next.
In case the sender transmitting too fast, the receiver will implement a TCP flow
control mechanism which will do either
1. Drop the segments: Dropping segments causes TCP to go into
synchronisation, this slows TCP down.
2. Set a smaller window size: Each TCP acknowledgement contains a field
called the Window Size. The window size specifies the number of bytes
that a TCP flow is prepared to receive without sending an
acknowledgement. This window size is normally automatically configured
but an administrator can set this manually thus allowing less data to be
processed before getting acknowledgment from the receiver. The smaller
window size the more acknowledgements the sender must receive, this
means the data transmission is slowed waiting on acknowledgements. If
too many TCP flows drop data a scenario where TCP global
synchronisation can occur where all the TCP transmitters back off causing
poor bandwidth utilisation.
Server 2 acknowledges it is ready to

recive sequence number 1000 along with
a window size of 3000.
Server 1 receives this and forwards the
sequence numbers 3000
Server 2 acknowledges it is ready to
recive sequence number 3000 along with
a window size of 4000.
Server 1 recives this and forwards the
sequence numbers to 7000
TCP Datagram Protocol Header

1
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
Source Port
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Destination Port
Sequence number
Acknowledgement number
Offset
Reserve
Flags
Window
Checksum
Urgent Pointer
Options & Padding
Data Payload
A TCP header contains 10 mandatory fields with 1 optional field. The following list
is a brief explanation of the TCP header fields,
Source port (16 bits)
Destination port (16 bits)
Sequence number (32 bits)
Acknowledgment (32 bits)
Reserved (4 bits)
Flags (8 bits)
Window (16 bits)
Checksum (16 bits)
Urgent pointer (16 bits)
identifies the sending port

identifies the receiving port
used to ensure correct sequencing
next expected TCP segment
set to zero
control flags
specifies windows size
Used for error-checking
Indicates the end of urgent data
1.2.7 UDP: User Datagram Protocol

Residing at the transport layer along side TCP in the OSI model, UDP offers a simple
but unreliable transport protocol thats provides access for the upper layers to use a
3
2
network. Similar to TCP it uses ports to communicate with the session layer allowing
multiple communication streams to occur.
Communication between devices will use UDP headers that include a source and
destination port that identifies an application.
UDP is unreliable, it provides no mechanism for error recovery, flow control however
it is a smaller protocol. UDP is useful when application layer protocols can provide
some of the functionality normally attributed to TCP
Applications that use UDP are DNS, TFTP, VOIP
UDP User Datagram Protocol Header

1 2 3 4 5 6 7 8 9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
Source Port
Destination Port
Length
Checksum
2
8
2
9
3
0
3
1
Data
Source port
Destination port
Length
Checksum
indicates the transmitters port

indicates the receivers port
Indicates datagram size
Header checksum
TCP vs UDP
1.2.7
TCP:
UDP:
Guaranteed delivery
best-effort delivery
Error detection and recovery
No error detection and recovery
Windowing
No windowing
Connection-oriented
Connectionless
Port Numbers and Multiplexing
During the description of the OSI model the idea of port number was introduced. Ports let the
transport layer know which application protocol the segments should use.
3
2
TCP and UDP use port numbers, from 0 to 65,535, which are divided into specific ranges.
The numbers up to 1023 are called well-known port numbers
Port numbers between 1024 and 49,151 are called registered ports, while those between
49,152 and 65,535 are dynamic ports.
Port Number
20
21
22
23
25
80
110
443
3389
Protocol
FTP
FTP
SSH
Telnet
SMTP
HTTP
POP3
HTTPS
RDP
1.2.5 The Cisco 3 layer hierarchical model

Cisco has created a 3 layer physical network model that provides guidance on the
practicalities of building a resilient and scalable network. This consist of a core,
distribution and access layer each with separate functions.
The Core Layer is the backbone of the network, the core layer is characterised by high
speed switching and aggregation of distribution layer switches. Fault tolerance and
speed are critical at this layer. No access-lists or filters should be implemented in the
core.
The distribution layer acts as an aggregation layer between the access and core layers.
It provides functionality of access-lists, firewalling, and filtering and address
translation. It also provides inter access layer VLANs connectivity. The distribution
layer also provides redundancy to the access layer.
The access layer functionality is to provide end device access to the network. These
are typically high port density devices that provide a continuation of security and
access-lists from the distribution layer.
1.3
Network Topology
Network topologies described the way the network is physically connected and how it is
logically configured.
The physical topology of a network refers to the actual way the devices on the network are
physically connected to each other. Visually look at the cabling of the network and how
devices interconnect and this will give you a good understanding of a physical topology.
Physical topology types: there are many physical topologies available but the most common
ones are detailed below
Bus Topology
Bus networks are old technology by todays standards and are little used in a modern
network. A bus network was typically a stretch of co-axial cable with terminators at each end.
Devices would attach to the cable either through vampire tap connectors or BNC Tconnectors. They were slow due to CSMA/CD and collisions. They were also limited by the
length of cable and number of devices.
Star topology
The Star topology was designed so that each device operates independently of each other
but connect to a centralised device such as a switch. This topology has major benefits over
the bus topology that it can provide much faster communication.
Most modern networks use a physical star topology as it is cost effective and reliable.
Ring topology
In the physical ring topology, each device is connected together in a loop, think of a bus
topology where both ends are joined together. These can either be single where devices
share a single cable and data flows one way or dual loops where devices share both loops
and can send data both ways increasing resilience and redundancy. Physical ring topologies
are not implemented often.
Logical topologies define the communication path between devices on the physical network
and disregard the physical attributes of the network.
Logical topologies are determined by the use of the protocol at layer 1 and 2 for example
Ethernet is a logical bus whilst Token Ring as the name suggests is a logical ring. There are
many logical topology types
Mesh Topology
Star
All devices are connected to every other device.

Devices are connected to a common central device
Bus
Ring
Tree
Devices are connected to a backbone cable

Devices connect together in a loop
A hybrid configuration of different topologies
1.3.1 Differentiate between LAN & WAN

1.3.2 Local area network (LAN)
A LAN or local area network is a group of network devices located within a relatively
local geographical location or site and under the same administration control. LANs
can vary in size from small home networks with a PC, laptop and an ADSL Router,
where as in the enterprise a LAN could scale to thousands of devices located in
geographically dispersed.
LANs primarily rely on switches operating at the core of the network to provide high
speed connectivity between devices. The design of the LAN is critical with failure to
follow design principles may result in a poorly performing and unreliable network.
Collision domain. A collision domain is a set of LAN interfaces, commonly
connected to a hub or bus where there is a likelihood of multiple devices transmitted
simultaneously causing a collision.
Broadcast domain. A broadcast domain is a set of LAN interfaces connected at
Layer 2 who can receive a broadcast from any other device. A switch will typically
flood a broadcast message out every port with the exception of the ingress port.
LAN design
LAN design is critical to the smooth operation of the network and to provide the best
performance and redundancy. This is achieved by grouping the network devices into
hierarchies that provide specific functions.
In the Cisco model there are 3 hierarchies
Access :
The access layer has high port density switches that

provide access for end Access control policies are
applied at the access layer
Distribution:
Used to aggregate the access-layer switches and

provide redundancy along with routing and security.
Core:
High speed switching that connects the distribution

layer switches providing redundancy and connectivity
to other Distribution switches.
When connecting switches together there is a risk of creating a loop this is often
created by miscabling and results in multiple connections between switches. The
result of this in called a switching loop. This is a problem when a broadcast message
is sent by a device; remember a broadcast is flooded out every port so when a loop
occurs then the broadcast will continue to cycle around the network. Multiply that by
1000s of broadcast message and your network will quickly grind to a halt. This is
known as a broadcast storm. There is a protocol that prevents switching loops and the
resulting broadcast storm which is known as Spanning tree protocol or STP this will
be discussed in a later module.
LAN Transmission Methods -LAN data transmissions fall into three
classifications:
Unicast - a single packet is sent to a specific device on a network.
Multicast - a single data packet that is copied and sent to a specific subset of
devices on the network that subscribe to a multicast address
Broadcast - a single data packet that is copied and sent to all devices on the
network.
1.3.3 Wide Area Network (WAN)

A LAN is a network that that resides in a relatively small geographical area whereas a
Wide Area Network will span between geographic areas to connect multiple LAN
together. A WAN is provided by a Service Provider who will terminate a connection at
the customer premise. Typically as a business grows they may ad more regional
offices that require access to resources available from a head or centralised office.
There are 3 main types of WAN both of which are normally provided by a Service
provider.
Leased Line. A leased line is a dedicated private connection between two
geographically dispersed LANs with a fixed bandwidth and cost. T1, E1 are
common leased line point to point configurations. Leased lines do not scale to
large numbers of sites due to costs. Leased lines use one of two WAN
protocols such as HDLC or PPP discussed later.
Circuit switched networks is similar to a leased line in that it creates a
dedicated point to point circuit between sites but is only setup during data
transfer. An unused circuit switch link will be torn down by the service
provider to release that bandwidth to another customer. Examples of circuit
switched networks are ISDN BRI & PRI.
Packet switched networks are the most cost effective and configurable
way of creating a WAN. With a packet switched connected a connection is
made to the Service provider and data flow takes the best path through the SP
network. Packet switching allows for multiple sites to have a single physical
connection but multiple logical links to others sites.
Packet switching is shared technology so a SP will share its network bandwidth across
multiple customers although they will provide a guarantee of some sorts. This is
called the committed information Rate which is the guaranteed bandwidth
The most common packet switch technology is Frame relay.
Other types of WAN connections include Digital subscriber Line high speed
connection typically delivered over POTS copper wire.
Physical Parameters A service provider will install a connection to a customer
premise including a network device, typically a router which is called a CPE
(customer premises equipment). This device is also referred to as the DTE and
connects to a service provider router called DCE. The DTC/CPE router will mark the
demarcation point where responsibility will switch from SP to customer. WAN
clocking is provided to the DTE by the DCE.
1.3.4 WAN Encapsulation Protocols

High-level data link control (HDLC) is the default encapsulation type on
Cisco devices providing point-to-point dedicated links and circuit switched
connections.
The High Level Data Link Control (HDLC) protocol, resides at the Data link layer of
the OSI model and its function is to ensure the integrity of any data received whilst
providing flow control. You cannot use HDLC to connect to a non-Cisco device.
Protocol Structure - HDLC: High Level Data Link Control
header.
1 Byte
1-2
Byte
1 Byte
Variable
2 Byte
1 Byte
Flag
Address
Control
Information
FCS
Flag
Flag
Address field
Control field
FCS
The value of the flag is always (0x7E).

Defines the address of the secondary station
serves to identify the type of the frame.
Check sum
HDLC is the default configuration on Cisco WAN links but to configure HDLC on a
WAN link follow these commands
Router(config)# int s0/0
Router(config-if)# encapsulation hdlc
Point-to-Point Protocol (PPP) is a WAN encapsulation protocol is
primarily used on leased lines and is compatible with most routers from different
vendors.
PPP supports several features that HDLC does not, including Authentication,
Compression and error control.
Configuring PPP is straight forward and requires a few simple commands on each
router that participates in the link.
Router(config)# int s0/0
Router(config-if)# encapsulation ppp
Configuring authentication involves using the hostname of the remote router along
with a shared password
Router(config)# hostname London
London(config)# username Glasgow password
PASSWORD
London(config)# int s0/0

London(config-if)# ppp authentication chap
Router(config)# hostname Glasgow
Glasgow(config)# username London password
PASSWORD
Glasgow(config)# int s0/0
Glasgow(config-if)# ppp authentication chap
This set of commands sets the hostname of the routers along with the username and
password combination. Finally it sets the authentication on the interface.
An alternative is to use PAP authentication
Router(config)# hostname London
London(config)# int s0/0
London(config-if)# ppp authentication pap
Router(config)# hostname Glasgow
Glasgow(config)# int s0/0
Glasgow(config-if)# ppp authentication pap
1.3.5 Frame Relay

Frame Relay is the most widely used packet-switched technology; it is cost effective,
reliable however shares bandwidth between users on the service provider switched
network.
Frame-relay service providers over provision or over sell the capacity of their
networks making an assumption that not all customers will use all the bandwidth at
the same time. This must be carefully monitored as customers pay for a specific
amount of bandwidth called the Committed Information Rate. The CIR is an
agreement between the service provider and customer to provide a guaranteed amount
of bandwidth which is measured in bits per second.
This rate is the bandwidth the customer is guaranteed but in the contract their maybe a
clause to allow a customer to burst data. This means a customer can store bandwidth
during a period of inactivity and then send more data for a specified amount of time.
Any data sent at above the CIR is marked by the Service Provider as Discard eligible
that means if the network experiences congestion then this data can be discarded to
provide bandwidth for higher priority traffic.
Frame relay is often presented as a cloud; this cloud is the service providers network
and is transparent to the customer. Connection to the cloud and ultimately to the
remote network is called a virtual circuit (VC) and are either Private (PVC) or (SVC)
A Virtual Circuit is a one way connection from Site to Site.
A PVC is a logical circuit that is in an active state permanently
A SVC is a logical circuit that is only active during data transmission

Frame relay also uses an address convention called Data Link Connection Identifier or
DLCI. DLCIs are locally significant addresses that allow connection to a frame relay
cloud. DLCIs are a numerical value such as 103 or 301.
Often DLCIs have matched names so that given three sites labelled Site R1, R2 or R3
then the DLCIs would read
R1 to R2
R1 to R3
R2 to R1
R3 to R1
DLCI = 102
DLCI = 103
DLCI = 201
DLCI = 301
Being a WAN protocol, Frame relay requires such kind of encapsulation. This
encapsulation can be configured on the WAN ports in either Cisco or IETF standards
Cisco the default, and proprietary, Frame-Relay encapsulation
IETF the standardized Frame-Relay encapsulation.
Frame relay is discussed further in a future module.
VPN Virtual private networks or VPN function is to create a secure tunnel between
two devices over an insecure network. VPNs are usually found connecting 2 devices
together over the internet such as a remote worker to a corporate network or a branch
office to HQ. VPNs are usually encrypted and require authentication through the use
of IPSEC.
IPSEC provides authentication, encryption, and integrity protection for remote access
VPNs to a corporate network. The most commonly used IPSEC device is the RSA
token.
1.3.6 Select the appropriate media, cables, ports and connectors

Types of RJ-45 Cabling
Cisco products use the following common types of cabling:
Straight-through
Crossover
Rolled
RJ-45 to DB9 female
Straight-through Cabling
A straight through cable is the most commonly used cable in networking. The ends of
a straight through cable are identical at both ends.
RJ-45 Straight through pinouts

RJ-45 plug
RJ-45 plug
Signal
Pin
Pin
Signal
Tx+
Tx+
Tx-
Tx-
Rx+
Rx+
not used
not used
not used
not used
Rx-
Rx-
not used
not used
not used
not used
Straight through cables can be used to connect the following devices together. Notice
you cannot connect like to like devices.
PC
to
Switch
Router
to
Switch
Server
to
Switch
Printer
to
Hub
PC
to
Hub
Server
to
Hub
Crossover Cable
In a crossover cable, the first (far left) colour wire at one end of the cable is the third
colour wire at the other end of the cable.
RJ-45 Crossover (Ethernet) Cable Pin-outs

RJ-45 plug
Signal
Pin
RJ-45 plug
Pin
Signal
Tx+
Rx+
Tx-
Rx-
Rx+
Tx+
not used
not used
not used
not used
Rx-
Tx-
not used
not used
not used
not used
Crossover cables are used to connect like to like devices as described in the following
table. It should be note that some modern devices are capable of auto-sensing the type
of cable attached to the port and can automatically reconfigure the ports so
communications can occur.
Switch
to
Switch
Hub
to
Switch
PC
to
PC
PC
to
Router
Router
to
Router
Rolled Cable
In a rolled cable, the colour wires at one end of the cable are in the reverse sequence
of the colour wires at the other end of the cable.
Rolled Cable pin outs

RJ-45 plug
RJ-45 plug
Signal
Pin
Pin
Signal
RJ-45 to DB-9 Female Console cable
Fibre optic A fibre optic cable contains strands of glass called optical fibres which
are sheathed in a plastic covering. Fibre optic cables can contain many individual
fibres allowing for very high data throughput.
As fibre optic cables use light to carry information they have less attenuation than
copper cabling making them practical for long distance communication. Fibre optic
cables are unidirectional which means they require to be installed in pairs.
Today, two modes of fibre optic ar in common use.
Single mode
Multimode
Uses a single wavelegth laser. Used for long distance

Uses multiple wavelength lasers. Used for shorter distance
Module 2.
2.1
Switching
Ethernet
Developed in the 1970s and improved periodically, Ethernet particularly Fast

Ethernet has become the preferred technology in use in almost all corporate networks.
Ethernet uses the CSMA/CD access method and is considered a broadcast medium.
Ethernet has been ratified by the IEEE into 3 main categories
802.3
802.3u
802.3z(ab)
Ethernet
Fast Ethernet
Gig Ethernet
10Mpbs
100Mbps
1000Mbps
A typical copper Ethernet cable has a practical length limit of 100meters.

Ethernet can operate in 3 modes of operation
Half duplex
Half-duplex means that a host can communicate one way at a given time, two hosts
communicating with each other will take turns transmitting. This is the default on
non-switched LANs. An example of half-duplex would be a telephone conversation
where each person takes turns to speak

Full-duplex
In full-duplex communication a host can transmit and receive at the same time
allowing for higher data transmission. This is the default on switched networks.
Auto-negotiate
This mode allows an administrator to ignore duplex modes and allow devices to auto
negotiate the duplex and speed settings.
Twisted-Pair Cabling
Twisted-pair cable contains 4 pairs of wire, which are twisted around each other,
hence the name. This twisting reduces the possibility of a type of electromagnetic
interference called crosstalk. Crosstalk is electrical noise when a magnetic field is
created around a cable. This magnetic interference can cause distortion to other cables
close to it. By twisting the pairs this crosstalk is cancelled out.
2.2 Implement a switched network

2.2.1 Explain switch concepts
Switching by definition is the physical movement of frames from an ingress port to
egress port on a switch. It operates at Layer 2 of the OSI model and is only carried out
on switches or a bridge. Be clear that a hub which is a layer 1 device does not switch.
To describe switching and the functionality it provides we will build a small network
and step through the configuration of it.
Device details
Device
SRV1
SRV2
SRV3
Switch 1
Port
Fa0/1
Fa0/10
Fa0/20
n/a
Mac address
10:00:01:11:11:11
10:00:01:22:22:22
10:00:01:33:33:33
n/a
IP address
192.168.1.1 /24
192.168.1.2 /24
192.168.1.3 /24
n/a
In our example we have a core switch named Switch1 that has three Servers attached
to ports. The devices are located in the 192.168.1.0/24 address space and are
connected by standard UTP cabling.
What is the difference between a hub and a switch?

Ask this question and you will get a variety of answers ranging from a switch is
quicker than a hub to there are no differences. This subject often causes a little
confusion but shouldnt. Its very simple
A Hub is a multiport repeater it repeats every bit it receives on any port back out
every other port. They are single collision and broadcast domain boundaries.
Switching basics
A switches function is to forward frames based on a destination address. It does this
by building an address table known as the MAC table. When a switch is powered on
it starts with an empty MAC table so knows the existence of no devices connected to
it. When a packet is received on a port the switch carries out the following
Reads the source address from the frame and checks if there is an entry for the
device, if there is no entry then the switch places this address along with the
port number into the MAC table.
The switch proceeds to flood the frame out all other ports.
Over time multiple frames will be received which allows the switch to start
populating the MAC table. When a frame arrives the switch will look up the MAC
table, read the destination address and the interface associated with it. It will then send
the frame out the interface where that MAC address is located. This makes a switch
very fast and efficient. It must be stressed that a switch still resides in a single
broadcast domain. If a broadcast frame is received then it will automatically be
forwarded out all interfaces.
MAC Address
Most modern devices connecting to the network use Ethernet with a unique hardware
address to identify who they are. Residing at layer 2 of OSI, this address is known as
the mac-address, hardware-address or physical address. This address is a unique 48bit
number written in hexadecimal form that can identify the device on the network. The
hexadecimal number is written in the format 11:22:33:aa:bb:cc where the first 3 fields
identify the manufacturer and the last 3 indicate a unique address for the device. This
address is normally burned-in to the device such as a network card, switch or router
port however on some devices it is possible to change this address but it is not
recommended.
A switch associates a devices MAC address with the port its connected to and places
an entry into the MAC table.
All of this learning and lookup is carried out in the switch and is transparent to the
devices connected to the switch interfaces. To demonstrate this we will follow an
initial ARP request from a device
The switch receives an ARP request from Server1 on an interface Fa0/1- the switch
reads the source MAC address of 10:00:01:11:11:11 and places it in the MAC table
with a reference to interface Fa0/1
Mac Address Table
----------------------------------------------------------Vlan
Mac Address
Type
Ports
-------------------------------1
10:00:01:11:11:11 DYNAMIC Fa0/1
The switch floods the frame out all other interfaces looking for Server2
Server2 responds to the ARP by sending a frame to the switch
The switch reads the source MAC address of 10:00:01:22:22:22 and as it doesnt
already exist places it in the MAC table with interface Fa0/10
Mac Address Table
----------------------------------------------------------Vlan
Mac Address
Type
Ports
-------------------------------1
10:00:01:11:11:11 DYNAMIC Fa0/1
1
10:00:01:22:22:22 DYNAMIC Fa0/10
Subsequent frames sent between the two hosts will then be sent by unicast between
the Servers.
This sequence continues until all devices MAC address have an entry in the MAC
table
Mac Address Table
----------------------------------------------------------Vlan
Mac Address
Type
Ports
-------------------------------1
10:00:01:11:11:11 DYNAMIC Fa0/1
1
10:00:01:22:22:22 DYNAMIC Fa0/10
1
10:00:01:33.33.33 DYNAMIC Fa0/20
Along with Mac address, type and port number, the mac table also include a VLAN
number. VLANs are Virtual LANs that segment a switch into separate broadcast
domains that prevents hosts communicating between VLANs without a Layer 3
device.
Switches use hardware Asics to carry out switching which provide wire-speed
throughput. There are three ways a switch can process incoming frames.
Cut-through - The switch receives enough of the frame, approx 6bytes to be able
to check the destination address. It then immediately begins forwarding the frame out
the destination interface even before the full frame has been received.
Store and forward - The switch waits until the full frame has been received
and checked for errors before forwarding it to the destination.
Fragment-Free - The switch receives the first 64Bytes of a frame before
forwarding to the destination
Broadcast and Multicast Frames - Broadcast and multicast frames are flooded to all
ports other than the originating port. Broadcast and multicast addresses never appear
as a frames source address, so the switch does not learn these addresses.
2.2.2 Spanning Tree Protocol

As a network grows and further switches are installed to provide additional ports or to
provide redundancy to existing switches then the administration and control of the
network becomes more important. We know by default that switches forward
broadcast frames out all interfaces. If additional switches are connected incorrectly we
can introduce a loop. When a broadcast message is sent it will be continually
forwarded around this loop. As more broadcast messages are sent this looping
eventually starts to hog bandwidth and brings a network to a halt. This is known as a
broadcast storm, and occurs when broadcasts are endlessly forwarded around a
network. The only way to halt a broadcast storm is to resolve the physical cable issue
and restart switches involved.
In the above diagram, when the server sends a broadcast to the network without
Spanning tree this broadcast will loop around the network continuously.
Fortunately a protocol has been designed that prevents looping in a switched network
The Spanning Tree Protocol STP was designed to prevent the creation of loops by
blocking certain links between switches based on criteria.
STP learns a topology of a switched network and places redundant links into a
blocked state, this means that only one path exists to any interface on any port. If a
link goes down STP can quickly reconfigure or converge to unblock a link to provide
a usable path. STP is commonly known as 802.1d and should be configured on all
switches in a network. Of course blocking certain uplinks can be inefficient so STP is
implemented on a per VLANs basis. For each VLAN, an instance of STP can be
configured resulting in better bandwidth and link utilisation. Physically an uplink may
be up but logically it can be up or down on a per VLANs basis. This is beyond the
CCNA level and will be discussed in greater detail in the CCNP:Switch course.
STP uses a special information message called a BPDU ( bridge protocol data unit) to
send messages between each switch that contain information on how to maintain a
loop free network. BPDUs are multicast to one of 17 MAC addresses of
01:80:c2:00:00:00 -> 01:80:c2:00:00:10
This loop free network is accomplished by assigning a single switch as the master
switch called the root bridge. All other switches will use STP to create a path back to
the root bridge. The root bridge is won by election between all switches in the
network participating in STP. The switches gather information about other switches
in the network through an exchange of BPDUs
To elect a root bridge the switches must compare the highest switch priority, followed
by lowest MAC address. The default switch priority is set to 32768 which mean by
default the switch with the lowest MAC address will win the election and become the
root bridge.
This is not always the best means of electing the root bridge due to physical location
or age of switch. The STP root bridge is the logical heart of the network; all devices
must have a path back to the root bridge. Typically an older switch would have a
lower mac address than a new more powerful one. It is important to note that if a
switch with a lower priority than the current root bridge is introduced then an election
will occur and the new switch will become the root bridge forcing a reconvergence of
the network.
Root bridge manipulation can be carried out by changing the switch priority in
increments of 4096.
Additionally setting the priority to 0 removes a switch from the STP process
completely thus making it impossible to become the root bridge.
Switch(config)#spanning-tree vlan 1 priority ?
Configuring a Secondary Root bridge It is possible to configure a backup root
bridge called the Secondary root bridge. This switch can take over the role of root in
the event of a failure in the root bridge. When configuring the secondary the bridge
priority will be set to 16384 which increase the likelihood of the switch being elected
root.
Interfaces connected to other switches are deemed to be part of STP and are classified
accordingly as Root, Designated or blocked ports. These ports are classified according
to where the fit into the network path back to the root bridge.
Root ports are classified on non root bridges and are a connection towards the root
bridge. Designated ports are all ports on the root bridge and ports on a non-root bridge
that connect away from the root bridge. Blocked ports are ports that are redundant
could cause a loop and are blocked as a result
Occasionally more than one path will have an equal cost to the root bridge from the
same switch. In this case a further additional tiebreaker exists which is simplicity at
its best. The port with the lowest Port ID wins. By default a port priority is 128 which
mean the port with the lowest name wins. Fa0/1 would be elected root port before
Fa0/20. An administrator can lower the port priority manually to influence the root
port election.
Remember, STP elects Root and Designated Ports based on the following criteria, and
in this order:
Lowest Path Cost to the Root Bridge
Lowest Bridge ID
Lowest Port ID
Path cost is the major factor in path calculation. Path Cost is based on the bandwidth
of the links. The higher the bandwidth, the lower the Path Cost:
Bandwidth
STP Cost
10Mbs
100Mbs
1,000Mbs
10,000Mbs
100
19
4
2
RSTP Cost
2,000,000
200,000
20,000
2,000
To summarise the STP process to elect a root bridge and maintain a loop free network
An election is held to identify a root bridge
Root ports are identified on the basis of cost
Designated ports are identified
Loops are identified and ports set to blocking
STP Interface States
Switch ports participating in STP progress through five port states:
Blocking The default state of an STP interface when a switch is powered on.
Interfaces also enter the blocking stat if identified as a port that is neither root or
designated Ports that are in blocked state will never forward frames.
Listening A port will progress from a Blocking to a Listening state after a period
of time has elapsed. The port will listen for BPDUs to participate in the election of a
Root Bridge, Root Ports, and Designated Ports. Ports in a listening state will not
forward frames.
Learning After the forward delay timer expires the interface will move from
listening to forwarding and will be elected either a Root Port or Designated Port. Ports
in a learning state listen for BPDUs. As the name suggests the port will learn MAC
addresses to populate the CAM or MAC table but will not forward frames
Forwarding The port will move to the Forwarding state after the expiry of
another Forward Delay. Ports placed in the forwarding state can fully participate in
the network allowing sending and receiving frames. All root ports, designated ports
and access ports are placed in the forwarding state.
Disabled The port in disabled state has been administratively shut down and will
not participate in any network communication including STP
Per VLAN Spanning tree

PVST allows a VLAN to have its own instance of STP. By allowing this, the links
between switches can be utilised more effectively. Each link is physically up but only
allows a specific VLAN to send traffic across it. Any other VLAN will be a port in a
blocked state
STP Timers
Timers are used in STP to ensure switches can converge to ensure a loop free
topology. These timers allow STP enough time to fully converge.
Hello Timer
Forward Delay
Max Age
2s
15s
20s
How often BPDUs are sent

Delay in listening and learning states
Life time of a BPDU
We can see these in the following diagram from the root bridge using the show
spanning-tree command
.
Timers are set only on the root bridge which will propagate these to other switches in
a BPDU.
Spanning tree versions

PVST
PVST+
CSTP
MSTP
Per VLANs spanning tree.

Per VLANs spanning tree plus Enhanced PVST
Common spanning tree
Multiple spanning tree
RSTP
Rapid Spanning tree
STP has a limit of 64 instances so VLANs above 64 will be included in the default
instance; MST overcomes this by grouping VLANs into a STP instance called a
region.
RST
802.3w
Rapid spanning tree
RSTP was designed to reduce the convergence time within the network due to port
state transitions. RSTP operates very much like STP with Root bridges, BPDU and
port states.
RSTP defines 5 ports
Root Port
Alternate Port
Designated Port
Backup Port
Edge Port
Switch port on each switch that has the

best Path Cost to
the Root Bridge
A backup Root Port, that has a less
desirable Path
Non-Root port that represents the best
Path Cost
for each network segment to the Root
Bridge
A backup Designated Port, that has a less
desirable
Path Cost. A Backup Port is placed in a
discarding state
A port connecting a host device, which is
moved to a
Forwarding state immediately.
RSTP port states

STP port state
Blocking
Listening
Learning
Forwarding
Disabled
RSTP port state

Discarding
Discarding
Learning
Forwarding
Discarding
RSTP can converge much quicker than STP as it does not have to rely on the STP
timers expiring. RSTP is discussed in greater depth in the CCNP:switch course
Advance STP configuration

Spanning tree also includes some advanced configuration tools to counter some
common issues with the basic STP implementation. These include
PortFast
BPDUGuard
UplinkFast
LoopGuard
BackboneFast
Root Guard
UDLD
PortFast Portfast allows switch interfaces that are directly connected to an end
device to transition directly from blocking to forwarding without disabling STP. This
allows the interface to bypass the listening and learning states. This configuration
allows devices to boot and access network services such as DHCP much quicker.
SW1(config)#int fast 0/5
SW1(config-if)#spanning-tree portfast
BPDU Guard - BPDUGuard when used in conjunction with Portfast shuts down
an interface that receives a BPDU. This is a prevention mechanism where a switch or
hub is connected to an access port potentially causing a loop. BPDUGuard will place
an interface into a errdisabled state from which recovery is to shut then no shut the
interface
SW1(config)#int fast 0/5
SW1(config-if)#spanning-tree bpduguard enable
UplinkFast UplinkFast allows a switch to have multiple uplinks to another
switch without loops. Without Etherchannel one of these links would induce a loop
which would be closed by STP, however it takes time for the link to become active in
the event of failure of the active link. Uplink Fast allows the redundant link to move
directly to forwarding.
SW2(config)#spanning-tree uplinkfast
BackboneFast Similar in functionality to Uplinkfast, BackboneFast works on
indirectly connected uplinks. Normally if a switch fails it takes the Max age timer to
expire before a convergence is triggered. By implementing Backbonefast, this failure
is noticed immediately allowing the convergence to occur.
Root guard Root guard provides protection against another switch with a lower
bridge priority becoming the root on the network. When configured on an interface it
will set it to root inconsistent if it hears a BPDU advertising a new Root.
Unidirectional Link Detection (UDLD) UDLD was developed to
provide a detection mechanism for errors in the STP bi-directional communication. A
switch may experience bi-directional communication failure due to a faulty fibre

cable or broken twisted pair. UDLD can monitor against this error by default every
15s and take remedial action. UDLD can operate in one of two modes
Normal Mode:
Aggressive Mode:
2.3
Flags an error
Places interface into errdisabled state
Switch Configuration
2.3.1 Switch Management

It is possible to remotely manage switches as well as routers. To be able to carry out
remote administration the switch must be provided with some type of remote access
capability. To do this, the administrator must assign a management IP address to the
switch.
Switch#conf t
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#ip default-gateway 192.168.1.255
VLAN1 is the management interface and is reachable by any port allocated to it, by
default all ports in a switch are allocated to vlan1
Interface status the status of an interface can be displayed using the command
Switch#show ip interface brief
Router#show ip interface brief
This will display an overview of the interface status. This important piece of
information can provide an instant indicator of port and cabling status.
Status is
Protocol is
What it means
Up
Up
Down
Admin Down
Up
Down
Down
Down
Connected and communicating

Connected but not communicating
Not connected and not communicating
Administrator has issued shut down command
2.3.2 Switch security

Every Cisco switch has telnet enabled by default but this can cause security issues as
telnet is sent in clear text. Usernames and Password are vulnerable to packet sniffers.
SSH is a secure communication protocol that allows encrypted communication
channels to a switch. SSH requires a userame, password along with a cryptographic
key and domain to be created before access is allowed
To configure SSH, an administrator can use the following commands, inserting a key
length when prompted.
Switch#conf t
Switch(config)#username Admin password
Secur1ty123
Switch(config)#ip domain-name My_Domain_Name
Switch(config)#crypto key generate RSA
Now SSH is configured, it needs to be enabled on the vty lines to become active
Switch(config)#line vty 0 4
Switch(config-line)#login local
Switch(config-line)#transport input ssh
By specifying transport input ssh we are effectively removing telnet and setting ssh as
the communication mechanism to connect to the switch.
2.3.3 Port Security

Port security is a configuration that applies a set of rules to a switch that can help
secure the network from unauthorised devices being introduced. Port security operates
at Layer 2 has several modes of operation and can be applied to a single interface or
to a range of interfaces.
Switchport mode access - in its basic form, setting a port to access mode
allows it to be placed into a VLAN and prevents trunk links being established
Switchport port-security the on/off switch for turning on features of port
security
Switchport port-security maximum Set the maximum number of

unique MAC addresses that can be registered as connected to a port
Switchport port-security mac-address-sticky Hard codes the first
MAC address it learns
Switchport port-security violation protect When enabled, packets
from unknown source addresses will be dropped until the number of MAC addresses
is reduced below the maximum number.
Switchport port-security violation restrict When enabled, packets
from unknown source addresses will be dropped until the number of MAC addresses
is reduced below the maximum number. The security violation counter is also
incremented.
Switchport port-security violation shutdown places the interface
into a err-disabled state if the above rules are met. To enable a port in err-disabled an
administrator must perform a shut followed by no shut commands.
Port security is a fantastic tool but if you want to further secure the network then
unused ports should be administratively shut down to prevent unauthorised devices
being connected.
Configuring Port Security
To configure port security an administrator can follow these commands
Switch(config)#interface fa0/1
Switch(config-if)# Switchport port-security
Switch(config-if)# Switchport port-security maximum
50
Switch(config-if)# Switchport port-security violation
protect | restrict | shut
These commands set port security on interface fast Ethernet 0/1, applies a MAC
address limit of 50 addresses and sets the interface to err-disabled if it violates the
rule.
Module3 IP Addressing and subnets

3.1
IP Addressing
An IP address is a logical unique identifier for a device on the NETWORK layer of

the OSI model. This layer 3 address is a unique 32 bit binary number written in
human readable dotted decimal notation consisting of 4 octals with 8 bits each.
An few examples of human IP address are
192.168.1.1
10.10.0.221
134.34.22.94
Each octet can occupy a number between 0 and 255 and with the range of IP address
that runs from 0.0.0.1 to 255.255.255.255 gives approx 4.228 billion addresses that
are available.
An IP address written in binary, which is a set of bits that are 0 or 1 - this means the IP
addresses above can also be written as
192.168.1.1
10.10.0.221
134.34.22.94
11000000.10101000.00000001.00000001
00001010.00001010.00000000.11011101
10000110.00100010.00010110.01011110
IP addresses consist of a network number and a host number which are determined by
a subnet mask. The subnet mask is a way of highlighting this network and host
number. The subnet mask is a contiguous string is binary 1s
Given the IP address of 172.16.100.22 and subnet mask 255.255.0.0 provides the
necessary information to determine the network and host values.
Address
Subnet mask
Network
172.16
255.255
Host
100.22
0.0
Example 2 IP address 192.168.1.40 subnet mask 255.255.255.0

Address
Subnet mask
Network
192.168.1
255.255.255
Host
.40
.0
Example 2 IP address 10.0.0.50 subnet mask 255.0.0.0

Address
Subnet mask
3.2
Binary
Network
10
255.
Host
0.0.50
0.0.0
Binary is a way of counting in base2 instead of base10 and is the way computers use
and manipulate data.
In binary, a digit can only every be either a value 0 or 1
To count in binary you need to get over the concept of decimal and think about 2s,
sounds difficult but with some practice can become second nature and must be
mastered by a network administrator.
A quick table to see the comparison between binary and decimal numbers
Decimal
0
1
2
3
4
5
6
7
8
Binary
0000
0001
0010
0011
0100
0101
0110
0111
1000
Using the following grid to convert a number between decimal and binary we carry
out the following
128
64
32
16
1. Place a decimal number (56 in this example) in the left column of the table at
row 1.
2. Look at the decimal number and see where it fits in against the table what is
the biggest number from the top row that can fit into the decimal number. We
can see 32 is the largest number we can fit into 56.
3. Add a 1 to the column under 32 in the row belonging to 56 and then subtract
that number from the decimal.
4. You are now left with a number (24)
5. repeat step 2 until you are left with zero
6. drop the columns into a single row and add 0 to any missing fields
Example 1 Decimal 56 to binary
128 64
32
16
8
56
1
24
1
8
1
0
The resulting string of 111000 is a binary representation of Decimal 56

128
64
32
16
8
153
1
25
1
9
1
1
1
0
0
1
1
1
1
1. By looking at the top row, we find the biggest number that fits into the decimal
number to be converted. In this example we find 128 fits into 153. Place a 1
under 128.
2. Subtract 128 from 153 and write the number in the left column in row 2. The
result is 24
3. follow the steps above to calculate the remaining digits.
128
64
32
16
8
213
1
85
1
21
1
5
1
1
1
0
1
0
1
1
1
1

For conversion of larger numbers then simply extend the numbering as follows
4096
2048
1024
512
256
128
64
32
16
3.3
Subnets
IP networks are normally divided into subnets, which in its
basic form take the IP address and split it into 2 sections. The sections are the network
prefix and host identifier. The subnet mask determines how the IP is split between the
network and host. The subnet mask is a 32bit binary number.
Subnets are not complicated to work with if you fully understand what they are and
how they work. As previously described a subnet is a subsection of a network address.
A subnet mask are normally written in 2 ways
1.
2.
dotted decimal notation 255.255.255.0

CIDR notation /24 or /17
Calculate the maximum number of unique values from a

given number of bits
Every networking student must be able to convert binary to decimal and back. The
first part of learning to do this is to understand the binary values. This is really basic
and should take you a few minutes for it to become second nature. To calculate the
number of values given a bit count is 2 to the power of the number of bits
2bits
Bit count
1 bit
2 bits
3 bits
4 bits
5 bits
6 bits
7 bits
8 bits
9 bits
10 bits
Formula
1
2
22
23
24
25
26
27
28
29
210
Values
2
Usable IP
0
16
14
32
30
64
62
128
126
256
254
512
510
1024
1022
To determine the number of usable hosts given a subnet mask, you can easily use the
formula to find the value and then subtract 2 as they are used for network and
broadcast address.
Converting Binary to decimal. Working example.
To convert binary to decimal create a table similar to the one here and write in the
decimal values
Row
1
2
3
4
5
6
7
8
Decimal value
128
64
32
16
8
4
2
1
Binary number
Total
Given a binary number of 11010101 copy this into the Binary number column with
the leftmost digit in row 1 we now have a table that looks similar to the one below.
Row
1
2
Decimal value
128
64
Binary number
1
1
Total
3
4
5
6
7
8
32
16
8
4
2
1
0
1
0
1
0
1
Now its a simple two stage calculation. Firstly multiply the decimal value by the
binary column. The resulting table should look like
Row
1
2
3
4
5
6
7
8
Decimal value
128
64
32
16
8
4
2
1
Binary number
1
1
0
1
0
1
0
1
Total
128
64
0
16
0
4
0
1
213
Finally add up all the values in the total column this answer is the decimal number
In this case binary 11010101 = decimal 213
Example 2 - Convert Binary 10001011 to decimal
Row
1
2
3
4
5
6
7
8
Decimal value
128
64
32
16
8
4
2
1
Binary number
1
0
0
0
1
0
1
1
Total
128
0
0
0
8
0
2
1
139
In this case binary 10001011 = decimal 139

Example 3 - Convert Binary 1110001011 to decimal
Row
1
2
3
4
5
6
Decimal value
512
256
128
64
32
16
Binary number
1
1
1
0
0
0
Total
512
256
128
0
0
0
7
8
9
10
8
4
2
1
1
0
1
1
8
0
2
1
907
In this example Binary 1110001011 = decimal 907
What is a subnet mask a subnet mask is a number that tells the IP address
what network prefix it belongs to and what is the host identifier. Within a subnet mask
when the bit is 1 = network 0=host
Written in binary a subnet mask will look similar to
IP Address
192.168.1.1
Subnet mask 255.255.255.0
11000000.10101000.00000001.00000001
11111111.11111111.11111111.00000000
As we can see in the example above when the subnet mask bit is set to 1 it indicates
the network portion of the address and when set to 0 indicates the host
Network
Host
192.168.1.0
0.0.0.1
11000000.10101000.00000001 .xxxxxxxx
xxxxxxxx.xxxxxxxx.xxxxxxxx.00000001
A subnet mask can only ever be a contiguous sequence of 1s followed by 0s it can

never be mixed. Here are some examples of Subnet masks
Binary Subnet
11111111.11111111.11111111.00000000
11111111.11111111.00000000.00000000
11111111.11111111.10000000.00000000
11111111.11111111.11111111.11110000
11111111.11111111.11111111.11110001
11111111.11111111.10000001.00000000
Decimal Subnet
255.255.255.0
255.255.0.0
255.255.128.0
255.255.255.240
255.255.255.241
255.255.129.0
Validity
Valid
Valid
Valid
Valid
Invalid
Invalid
There are several ways to explain sub netting most of the certification guides will
have you doing lots of binary maths which is not necessary. You still need to
understand binary but not to that level. Hosts within a subnet will have identical
subnet masks and network address but they must have a unique host address.
Given two addresses and a subnet mask was can work out what network the hosts
reside on, by locating the first IP address and the last usable IP an administrator is
able to identify the usable IP range and the broadcast address. Thats a lot of
information from an IP address and subnet mask, it sounds difficult but it is relatively
easy to work out.
Working example 1
Given the IP address and subnet mask of
IP address
Subnet mask
192.168.1.40
255.255.255.0
Step 1. calculate the network address

Using comparing the subnet mask as previously explained against the IP
address we can see the following
Address
Mask
11000000.10101000.00000001.00010100
11111111.11111111.11111111.00000000
We can calculate the network being.

Address
Mask
11000000.10101000.00000001.xxxxxxxx
11111111.11111111.11111111.xxxxxxxx
We can instantly see the network address

192.168.1.0
We can instantly deduce the first usable IP address
192.168.1.1
We can instantly deduce the broadcast (last IP) address
192.168.1.255
We can instantly deduce the last usable IP address
192.168.1.254
This gives 254 usable IP addresses when 2n-2 where n is the number of subnet bits
What about a trickier example
IP address
Subnet mask
192.168.1.40
255.255.255.224
This may look more complicated but its not. It involves an additional few simple
steps.
Step 1. calculate the subnet step, thats the size of the network
Using the subnet mask of 255.255.255.224 we can see the last octet is 224. We
simply subtract that from 256 to establish the network step of 32
Step 2. We calculate the actual networks. This starts from 0 and increments in steps
In our example the step size is 32 so our networks step up by 32
Network 1
Network 2
Network 3
192.168.1.0 192.168.1.32 192.168.1.64 -
31
63
91
STOP!!!!! Our IP addresses of 192.168.1.40 is within the network range of 32-63 so

we have identified our network as 192.168.1.32 63
Immediately we should be able to see the network address 192.168.1.32

192.168.1.33
192.168.1.63
192.168.1.62
This gives 30 usable IP addresses when 2n-2 where n is the number of subnet bits
What about an even harder example
IP address
Subnet mask
192.168.17.40
255.255.240.0
Again this may look more complicated as the subnet mask sits in the 3rd octet but its
not. It again involves an additional few simple steps.
Step 1. At the moment ignore the 4th octet and calculate the subnet step, thats the size
of the network in the 3rd octet
Using the subnet mask of 255.255.240.0 we can see the third octet is 240. We
simply subtract that from 256 to establish the network step of 16
Step 2. We calculate the actual networks. This starts from 0 and increments in steps
In our example the step size is 16 so our networks step up by 16
Network 1
Network 2
Network 3
192.168.0.0 192.168.16.0 192.168.32.0 -
192.168.15.255
192.168.31.255
192.168.47.255
STOP!!!!! Our IP addresses are in the network range of 16-32 so we have identified
our network.
Immediately we should be able to see the network address 192.168.16.0
192.168.16.1
BUT!!!! And here is the catch. As we are working in the 3rd octet we must add the
4th octet back in. Looking at the networks of
Network 2
Network 3
192.168.16.0
192.168.32.0
We can see the last IP address in Network 2 must include all the IP addresses
up to 192.168.32.0 minus 1 address. This makes the last IP 192.168.31.255
Network 2
192.168.16.0 to 192.168.31.255

192.168.31.255
192.168.31.254
n
This gives 4094 usable IP addresses using 2 -2 where n is the number of subnet bits
How to determine if two network devices are located on the same network. Given two
ip addresses and a sunbnet mask of the following
IP address 1
IP address 2
Subnet mask
192.168.44.23
192.168.44.45
255.255.255.240
Using the workings from example above we can see that given a subnet mask of
255.255.225.240 we can determine our networks to reside at
Network 1
Network 2
Network 3
Network 4
192.168.44.0
192.168.44.16
192.168.44.32
192.168.44.48
Fitting our device IP address into a table with networks we can clearly see that they
are located in different subnets. This would mean they cannot communication without
a router connecting the subnets.
Subnet
192.168.44.0
192.168.44.16
192.168.44.32
192.168.44.48
IP address
192.168.44.23
192.168.44.45
Converting a standard subnet mask to CIDR notation, thats 255.255.255.240 to /28 is

simple binary calculation which we have previously practiced.
Take the mask of 255.255.255.0 we can see the last octet is 0. We subtract this number
from 256 which results in a value of 256. How many bits are required to make 256?
The answer is 8. This can then be subtracted from 32 to give a CIDR of /24
Take the mask of 255.255.255.240 we can see the last octet is 240. we subtract this
number from 256 which results in a value of 16. How many bits are required to make
16. the answer is 4. This can then be subtracted from 32 to give a CIDR of /28
3.4
Variable length subnet masking
Variable Length Subnet Masking or VLSM as it is abbreviated to

gives an administrator the ability to slice a range of addresses into
several distinct subnets. This allows for ip ranges to be used more
efficiently. In the following example a Class C network is required to be split across
4 subnets.
IP network
192.168.1.0
Subnet mask 255.255.255.0 /24
We require the following subnets to be created with provision for the number of hosts
Subnet 1
Subnet 2
Subnet 3
Subnet 4
100 hosts
50 hosts
25 hosts
25 hosts
To facilitate this, we can take a Class C network and divide it using a

variable length subnet mask. This allows a Classful subnet to be
split into smaller chunks.
We do this starting with the subnet with the requirement for the
highest number of hosts; we then assign higher prefixes or larger
subnet masks to divide the range
Subnet 1 100hosts
value of 128
this requires 7 bits which has a maximum
Subnet 1 has a mask of 32-7 = 25bits

11111111.11111111.11111111.10000000
Using the knowledge of subnet masks we can find the network
range and subnet mask size. The range of subnet 1 is 192.168.1.0
to 192.168.1.127 /25
Subnet 2 50hosts
this requires 6 bits which gives a maximum
range of 64. Since subnet 1 has a chunk of this class C network we
must start at the end of its range of 128 and give the network a step
of 64
11111111.11111111.11111111.11000000
The range of Subnet 2 is 192.168.1.128 to 192.168.1.191 /26
Subnet 3 25 hosts
this requires 5 bits giving a maximum range
of 32.
Since subnet 1 and 2 has already allocated a range we must start at
the end of subnet2 range which is located at 192.168.1.191 with a
step of 32
11111111.11111111.11111111.11100000
The range of subnet 3 is 192.168.1.192 to 192.168.1.223 /27
Subnet 4 follows subnet 3 in requiring a mask of 5 bits to be able
to have 25 usable IP address at it must start after the end of
subnet3 range which is 192.168.1.223 and will have a step of 32.

11111111.11111111.11111111.11100000
The range of subnet 4 is 192.168.1.224 to 192.168.1.255
Supernetting
Supernetting is the function of grouping smaller subnets into larger subnets essentially
aggregating or combining them. This involves making the subnet mask smaller. A
Class B subnet with a /15 subnet mask provides for twice as many hosts than a
classful Class B network.
3.5
IP Classes
During the creation of IPv4 it was envisaged that different size of enterprise would
have there own IP address space. This resulted in IPv4 being split into classes A, B, C,
D and E.
The classes were split depending on the value of the first octet where the following
was ratified
Class
first IP
Last IP
First octet
Default mask
Class A
Class B
Class C
Class D
Class E
1.0.0.1
128.0.0.1.
192.168.0.1
224.0.0.0
240.0.0.0
126.255.255.255
191.255.255.255
223.255.255.0255
239.255.255.255
255.255.255.255
0
10
110
1110
11110
255.0.0.0
255.255.0.0
255.255.255.0
Reserved IP addresses.
Looking at the IP class table, there are certain address ranges that are not allocated.
These are reserved ranges and used for specific functions.
The address range of 127.0.0.0 is known as a loopback address and is used for testing
of the TCP/IP stack. The most commonly used IP address is 127.0.0.1 which is always
allocated to the localhost and used for testing IP on a host.
One further range that is in use, the 169.254.0.0 range is known as the autoconfiguration range. This is used especially by Microsoft and their Windows OS and
is called APIPA. Automatic Private IP Addressing is a self service IP addressing
scheme that can be implemented in the event of no DHCP service is available. It uses
the range of 169.254.x.x
The rule of subnetting.
In the above examples we have calculated the number of usable IP addresses on a

network but how did we actually work it out.
There is a single golden rule to subnetting.
The number of usable addresses is equal to 2n-2 where n is the number of host bits in
the subnet mask.
To calculate this, take the subnet mask and count the 0s or host bits in it insert this
number into the equation
Examples
Subnet mask
255.255.255.0
255.255.255.240
255.255.240.0
Number of host bits

8
4
12
Usable addresses
254
14
4094
Private/Public addresses as the growth of home computing and network

enabled devices continued to grow it was found that IPv4 public addresses were being
inefficiently allocated resulting in a depletion of IP address ranges available for use. It
was found that eventually the range would be exhausted. A temporary solution was
the response to this crisis in which the concept of private address was created. A
private address is a non internet routable address that allows an organization can use
for the internal network.
The private IP address classes are
Class A - 10.0.0.0
to
Class B - 172.16.0.0 to
Class C - 192.168.0.0 to
10.255.255.255
172.31.255.255
192.168.255.255
Private addresses resolved the issue of not enough public addresses but created
another altogether different issue. How could a private network communicate with the
internet if the private address could not be routed? The solution to this issue was
Network address translation.
Network Address Translation, more commonly known as NAT was created to
translate between private and public addresses. Defined in RFC 1918 NAT almost
single handed saved the internet. It allows many internal private IP addresses to be
mapped to a single external public IP address allowing it access and be accessed from
the internet. This overcame the issue of a lack of public IP addresses. NAT is
discussed in a later module.
3.6
IPv6
IPv6, is the next generation Internet layer protocol developed as an alternative to

IPv4. Rather than using a 32-bit system, IPv6 is based on a 128-bit address, thats
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.
This means IPv6 has enough addresses to allow network communication to continue
to expand for generations to come but it does introduce some migration work. IPv6 is
not compatible with IPv4
An IPv6 address is written in hexadecimal similar to the following
Example 1
fe80:0000:0000:0000:0200:f4fa:fe31:62ca
IPv6 address can be shortened using the following rules.
Leading zeros can be omitted in each field
Fields containing all 0 can be replaced with a double colon (::)
Example 2
fe80::200:f4fa:fe31
Example 3
2601:f0a0:1009:0004:0000:0000:0000:0001
Can be written
2601:f0a0:1009:4::0001
IPv6 addresses are divided into two parts: a 64-bit network prefix, and a 64-bit
interface identifier. IPv6 has three classes of address
1. Unicast addresses - used to identify each network interface.
2. Anycast addresses - used to identify a group of interfaces at different
locations.
3. Multicast addresses - used to deliver one packet to many interfaces.
Notice IPv6 has no broadcast method
Module 4.
4.1
Router Management
Router Components
A router like most network devices is made up of many component modules which all
have to be available and configured properly. The following gives an overview of
each component within a router and describes its function.
Memory
Unlike a PC or Server, a Router has 4 areas of memory which all carry out a different
function.
RAM - Random Access Memory has the same function as in a PC or Server. This is
where the router operating system(IOS) is loaded during boot. The start-up
configuration file is also loaded into RAM and is called the running-configuration.
The routing table is held in RAM.
ROM Read Only Memory provides a similar service to a bootstrap program,
it holds a limited cut down version of the operating system that can be used to boot
the router to perform recovery and diagnostics function.
NVRAM - Non volatile RAM is an area of memory that allows to semi permanent
storage. It does not lose its contents when the router is powered off. The best way to
remember NVRAM function is to think about a very small hard disk that stores the
start-up configuration file as well as the config register.
Flash
- flash is similar to a hard disk that gives a router room to store the
operating system and other files such as Call manager.
Memory overview
Memory type
RAM
ROM
NVRAM
Flash
Is it writable
Y
N
Y
Y
Is it volatile
Y
N
N
N
What is its function

Loads and runs IOS + running-config
Bootstrap
Stores startup-config
Stores IOS
Config register
The NVRAM has a special location that contains the 16-bit configuration register.
Every time the router boots it reads this value. This value is similar to a BIOS
instruction set. By modifying the config-register a router can be forced to mode into
different modes including a recovery mode. Common settings for the config-register
are
0x2102
0x2142
0x2100
Router default boots IOS and reads startup-config

Boots IOS but ignores start-up config
Boots to ROM MON mode
The config-register setting can be changed using the following command

Router(config)#config-register
Router start-up sequence - A router follows this sequence to boot into a
usable mode
1.
2.
3.
4.
Power on self test

Loads bootstrap and reads the config register
Locates the IOS image and loads IOS into RAM
Locates and loads start-up configuration into RAM
Configuration files - A router has two configuration files known as the start-up
or running configuration file. At boot, the router loads the start-up configuration from
NVRAM into RAM and calls it the running-config.
During normal use, all changes made on a router are made to the runningconfiguration. As the running-configuration is held in RAM it is lost on a power off.
Administrators can commit a running-config to be stored permanently by saving it to
the startup-config. Changes to the running configuration are made immediately.
Please be aware that running-config can be over written by startup-config and vice
versa using the following commands
Router#copy running-config startup-config
Router#copy startup-config running-config
In the real world a router can be configured to reboot in a set period of time. This is a
common configuration when working on a router remotely, which can eliminate the
possibility of locking out a router by mis-configuration. If an administrator configures
a router which then drops the connection it can be embarrassing not having access. By
using this setting a router will reboot and reload the existing known startupconfiguration allowing access but without any changes. Be warned that this will not
work once the running config is saved. The administrator must also remember to
remove the reload command once the configuration is correctly saved otherwise the
router will reload with the original configuration.
Initial router configuration - when a router is unboxed and powered on for
the first time it does not have any startup-config to load. It will then move into initial
configuration mode. An administrator will be prompted to enter this mode. If the
administrator opts to say no then the router will boot into IOS with a blank
configuration file which allows the router to be configured manually. This is the
normal behaviour for experienced administrators. If the option to enter initial config
mode is accepted, a number of questions will appear which when answered will
configure the router automatically.
The operating system IOS - The operating system or IOS is the heart of a
router, without the IOS the router is simply a piece of metal and plastic. The IOS
contains all the programs and logic to provide the functionality a router is renowned
for.
The IOS is normally loaded from FLASH but it is also possible to store IOS centrally
and have a router load it from TFTP. This allows for secure storage of IOS files and to
allow asset and change management to be used in relation to the IOS file.
IOS are router platform specific and have a very unique naming convention.
C3600-ipadvancek9-mz.122-15.T9.bin
C3600
ipadvancek9
mz
122-15.T9
platform
feature set
compressed RAM version
version
Instead of using the IOS stored in flash, you can load it from a TFTP server, or you
can load the limited IOS from ROM. This can be configured in the configuration file
using the following commands in global configuration mode:
Router(config)#boot system tftp
4.2
Connecting to a Router
There are multiple ways to establish connectivity to a router to perform configuration

tasks: these can be broken down to interfaces and lines which are very distinctive in
use.
Lines are used to administratively connect to a router to allow configuration.
Console Physical
Aux
Physical
VTY
Logical
Allows local connection to router

Allows remote connection via a connected modem
Allows remote connection via an IP address
Interfaces are used to connect network devices to allow the flow to data
Serial
Physical slow speed
WAN connectivity
Ethernet
Physical high speed
LAN connectivity
T1
Physical variable speed
WAN connectivity
Connecting to a console port to a PC you will require a terminal emulator to
communicate with the switch or router. Some common programs are Hyperterm,
Putty and SecurCRT.
The console port requires some configuration settings within these programs to
successfully connect and allow communication. By default Cisco device console ports
operate with the following settings
Baud:
Data Bits:
Parity:
Stop bits:
Flow control:
4.3
9600
8
None
1
None
Router Modes
Cisco Devices have three main modes of operation; each has the ability to carry out specific
tasks. The modes are User EXEC mode and Privileged exec mode.
USER MODE
Router>enable
PRIVILEGED MODE
Router#Configure terminal
GLOBAL CONFIGURATION
MODE
User Exec Mode In user exec mode an administrator can carry out read only, non disruptive
commands to assist in troubleshooting. In User exec mode an administrator cannot view or
change any configuration and its the default mode when accessing the router. The router
prompt when in user exec mode looks similar to
Router>
Privileged EXEC mode - In privileged exec mode an administrator is effectively entering the
configuration mode that allows full diagnostics, debug and show commands to be carried out.
It also allows access to modify the configuration files through the global config mode. To enter
Privileged EXEC mode an administrator would use the following commands
Router>enable
If a password or secret are set then a prompt for this will be presented
Router>enable
Password [enter]
Router#
As you can see the router prompt has change to Router#. This indicates privileged EXEC
mode
Global Configuration mode this mode is access whilst in Privileged EXEC mode and
allows access to modify the configuration files of the router. As the name suggests, changes
made in global config mode affect the entire router. Global config mode is accessed using the
following command
Router#configure terminal
Router(config)#
The router prompt will change to Router(config)# to indicate global config.

To exit global configuration mode use the following commands:
Router(config)#end
Router#
Changes made in config mode apply to the running configuration and can be saved to the
startup config by running the command
Router#copy running-config start-up config
You will be prompted for the file location, the default is startup-config, it is ok to simply hit the
enter key here.
Interface Configuration mode allows an administrator to access an interface to configure it.

From global config mode use the following command to enter interface config mode
Router(config)#interface serial0/0
Router(config)#int fa0/1
Router(config-if)#
[access serial 0/0]

[access fastethernet 0/1]
The router prompt changes to Router(config-if)# to indicate that interface configuration mode
is active.
The Exit command moves the user back through config modes one level at a time
Router(config-if)#exit
Router(config)#exit
Router#
The end command drops the user straight back to privileged mode
Router(config-if)#end
Router#
The do command allows any command to be run from the current context for example it is not
normally [possible to use the ping command within interface configuration mode. Using the do
command allows the command to run.
Router(config-if)#ping 192.168.0.1
Router(config-if)#do ping 192.168.0.1
IOS Shortcuts allow an administrator to start typing a command and then allow the IOS to
automatically complete it by typing the TAB key. In this example typing int followed by the
TAB key automatically completes the interface command. This only works when there can be
no ambiguity in the command.
Router(config)#int [TAB]
Router(config)#interface
Router(config)#cl [TAB]
% Ambiguos command: cl
Another useful command an administrator has in their toolbox is the ? . The question mark
symbol tells a router display a list of all valid commands available in the current context.
A lot of the commands have various parameters or interfaces which you can combine. In this
case, by typing the main command e.g "show" and then putting the "?" you will get a list of the
subcommands. This picture shows this clearly:
IOS Navigation Cisco has given its IOS some navigation commands that make working at
the IOS easier and quicker
Command
Ctrl + P ( up arrow)
Ctrl + N ( down arrow)
Ctrl + A
Ctrl + E
Ctrl + F
Ctrl + B
Esc + F
Esc + B
Ctrl + R
Ctrl + U
Ctrl + W
Ctrl + Z
Function
Displays the last command
Cycles through the previous commands
Moves cursor to start of line
Moves cursor to the end of the line
Move forward a character
Move back a character
Move forward a word
Move back a word
Redraw the line
Erase a line
Erase a word
Exits the current config mode
IOS tips there are some tips that every administrator should know, not only do they mark
you out as somebody who knows their stuff but are incredibly useful
Terminal history by default the previous 10 commands are saved, this can be
modified to save any number of commands
Router#terminal history size 100
This saves the previous 100 commands

No IP domain-lookup ever mistyped a command and the router tries to
resolve it to a DNS server. This command stops this annoying feature.
Router(config)#no ip domain-lookup
Logging synchronous this commands stops console messages from

interrupting your typing.
Router(config)#line con 0
Router(config-line)#logging synchronous
Exec timeout this command allows the administrator to modify the idle time
out of a device. This command is configured in minutes.
Router(config-line)#exec-timeout 60 0
4.4
Configuring Passwords
Cisco routers are highly connected network devices that are subject to attack therefore
they must be secured against vulnerabilities. A way of doing this to assign passwords
to each access method and configuration mode.
Console password The console password is used to secure the console port.
Use the following commands to configure the console password.
Router(config-line)#password ABC123
Router(config-line)#login
These commands access the console, sets a password and then forces the application
of password when access the console port.
Telnet password - Use the following commands to configure a password for
Telnet
Router(config)#line vty 0 4
These commands access the vty lines 0 to 4, sets a password and then forces the
application of password when access the console port.
Auxiliary password - Use the following commands to configure the auxiliary port
Router(config)#line aux 1
These commands access the aux port configuration, set a password and then force the
application of password.
Enable password | secret the enable secret or password is a local security
mechanism that secures the privileged EXEC mode. The difference between password
and secret is a hash. Password is stored as clear text in the config file whereas Secret
is stored as a hash.
BE WARNED that although the hash is an encrypted version of a password it is NOT
secure. Given the hash plus internet access it is very easy to Google Cisco secret
crack to find multiple websites that can decrypt the secret.
To configure the password or secret use the following commands
Router(config)#enable password Cisco
Router(config)#enable secret Cisco
Enable secret will automatically take preference over the enable password. It will also
be automatically hashed by MD5 and stored as encrypted text in the config file. If no
secret or passwords are set then you will never be prompted when entering Privileged
EXEC mode locally but will experience issues accessing the router remotely.
This can be verified by looking at the running or startup config
Router#sh run
Banners it is possible to display banners that contain warning or informational

messages whenever an administrator logs into the device. To configure a banner or
Message of the Day (MOTD) required the following configuration. This configuration
requires a delimiter character to specify the start and end of the message
Router(config)#banner motd c
4.6
Router Interfaces
unlike a switch whose interfaces are enabled by default, those of a router are disabled
by default and must be assigned an IP address that must reside in a different subnet to
any other configured interface on the router.
To configure an IP address on an interface then use the following commands
Router#conf t
Router(config)#int s0/0
Router(config)# ip address 192.168.1.1 255.255.255.0
Router(config)#no shut
Saving the configuration of the router is as easy as the following command
Router#copy run start
Its also possible for the administrator to save or copy the configs between RAM,
NVRAM and a TFTP server.
Sub-interfaces on routers especially serial interfaces that connect to external

service providers it is possible to create sub interfaces on a single physical connection.
This is a common configuration for frame-relay.
Router#conf t
Router(config)#int s0/0
Router(config-if)# no shut
Router#conf t
Router(config)#int s0/0.123
Router(config-if)#ip address 192.168.123.1
255.255.255.0
Router(config-if)#no shut
Router(config)#int s0/0.456
Router(config-if)#ip address 192.168.456.1
255.255.255.0
Router(config-if)#no shut
4.6
Cisco Discovery Protocol
Cisco Discovery Protocol (CDP) is a Cisco proprietary layer 2 network protocol that
is used as a discovery tool to discover, identify and access information other network
devices. It does this by multicasting a discovery frame to 01:00:0C:CC:CC:CC every
60 seconds in the hope that other devices receive this and respond. CDP is enabled by
default on most Cisco devices and stores information for 180s. In the event of a
device not responding for this hold time the CDP table will flush the entry and mark
the connected device as dead.
CDP is a discovery protocol and as such it can provide a lot of information regarding
connected devices known as neighbours. This command provides information such as
Device ID, capability, platform type and the interfaces connected. Use the following
command to show the CDP neighbors
Router#sh cdp neighbors
Detailed information can be gained relating to attached devices, such as the type,
name, interface details and IOS versions
Further to the show neighbors command, more information can be gathered from the
CDP details switch, information returned includes Device ID, IP address,
platform type, IOS version and port IDs. Use the following command to
provide the CDP neighbors detail.
Router#sh cdp neighbors detail
Module 5.
5.1
Routing
Routing overview
Routing is the process of receiving a layer 3 packet from a network segment,

processing it and then sending it out an interface to another network segment.
A router uses a routing protocol or manual configuration to build a network topology
table called the routing table. The routing table is a list of the best routes to
destinations in the network and contains information such as the destination network,
next hop address and various other metrics and costs.
As mentioned routers use routing protocols to route packets that belong to a routed
protocol to a destination network.
Routing protocols are concerned with learning the topology of the network and
communicating network changes to each router in the network. RIP, OSPF, EIGRP
and BGP are common routing protocols.
Routed protocols are concerned with logical addressing and give a router the
ability to route information between segments of a network.
Router interfaces belong to an individual collision and broadcast domain and as such
Routers will never normally forward broadcast messages from one interface to
another.
Routers are now capable of almost wire speed routing similar to switching by using a
feature called Cisco express forwarding (CEF). CEF is out with the CCNA course and
is looked at in greater detail in the CCNP:Switch course
Distance Vector Routing Protocols are routing protocols who exchange
their full routing tables to directly connected neighbors. The routing table exchange,
known as an update is sent periodically irrespective of any actually changes within the
table.
Distance Vector Routing is concerned with hop counts or the distance from the local
router to a remote subnet. Common Distance Vector protocols are RIP & RIPv2
Link State Routing Protocols - Link state protocols are a little more
intelligent than Distance Vector protocols in the way they handle updates. They
establish neighbour relationships but only send updates in the event of a route change.
These updates are known as Link State Advertisements (LSA). The use of LSA
enables link state protocols to converge very quickly. The most common Link State
Protocol is the Open Shortest Path First protocol commonly known as OSPF
5.2
Static Routing
Static Routes Static routes are routes that have been manually added to the routing
table by an administrator. This is useful for a very small network or stub network which has
only one exit point, however it is not recommended in a large network duet of the amount of
administrative effort needed to maintain. To configure static routes the command would be
similar to
Router(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1
The above command creates a route to the network 192.168.1.0 / 24 sending all data
destined for it to IP address 10.0.0.1. here is a second example of a static route
The above command creates a route to the network 172.16.2.0 / 16 sending all data destined
for it to IP address 10.0.0.1
Directly Connected Routes - Connected routes are added to the route table for every
interface with a correctly configured IP address. Routers will route between directly connected
networks without additional configuration.
Default Routes Default routes are another way of adding a route to the routing table. Default
routes are basically a route of last resort where if the destination address does not have a n
entry in the routing table the router will forward the traffic to the default route.
To configure a default route use the following command
The above command sends all data that does not match any other route to 10.0.0.1 and is
placed in the routing table with the routing code S
5.3
Dynamic Routing
Static Routing is easy to understand and almost as easy to configure but it is not scalable or
manageable in a large network. Dynamic Routing uses the power of the routing protocol to
discover, build and maintain a network topology map much more quickly and effectively than
static routing and almost always eliminates human error.
Dynamic Routing is relatively straight forward to implement but requires a little work in
actually understanding how the dynamic routing protocols work. By entering a few commands
the router will enable a protocol and start to build the topology and more importantly create
routes. These topology table and routing tables are then exchanged between neighbors.
These updates are sent via Broadcast or Multicast.
Once the topology and routing table and built the router is ready to route. It does this by
comparing a destination address on a packet to the routing table. It then makes a decision
based on the longest prefix match to route the packet.
Dynamic Routing protocols also the ability to summarise routes in blocks. This reduces the
size of the routing table and improves performance but in a large network can lead to
incorrect routing decision. So when summarisation is used it should be sparingly.
Dynamic Routing protocols use an Autonomous system identifier. The AS is a logical grouping
of which routers are joined and sent updates to each other. Routing protocols designed to
work within a single AS are known as IGP (interior gateway Protocol). Routing protocols
designed to connect AS are known as EGP (exterior gateway protocols)
Examples of IGP
Example of EGP
5.4
RIP, RIPv2, EIGRP, IGRP, IS-IS, and OSPF

BGP
Classful v Classless
Classful v Classless routing is the decision of the routing protocol to send subnet
mask information with the updates.
Classful routing protocols do not send subnet mask information
Classless routing protocols do send subnet mask information
Classful routing protocols will apply the major network class to the updates. For
example
10.1.2.0 / 16 & 10.1.3.0 / 16 both lie within the Classful network of 10.0.0.0 so if
either of these networks were to be advertised using a Classful routing protocol then a
single route of 10.0.0.0 would be advertised.
With the same subnets of 10.1.2.0 / 16 & 10.1.3.0 / 16 with a Classless routing
protocol these routes would both be advertised witht eh subnet mask information.
An example of Classful routing protocol is RIPv1
Examples of classless routing protocols include RIPv2, EIGRP and OSPF
5.5
Routing information protocol (RIP)
RIPv2 is a distance-vector routing protocol used extensively in smaller

Networks as it combines RIP with some advanced features such as support for subnet mask
support along with summarisation. Being a Distance vector protocol, RIPv2 relies on the hop
count as its metric which slows its convergence. RIPv2 advertises update to a multicast IP
address of 224.0.0.9
RIPv2 can communicate with RIPv1 with RIPv1. By default:
RIPv1 routers will send only Version 1 packets
RIPv1 routers will receive both Version 1 and 2 updates
RIPv2 routers will both send and receive only Version 2 updates
To configure RIPv2 the following commands should be entered.
Router# router rip
Router (config-router)# version 2
Router (config-router)# network 192.168.1.0
Router (config-router)# network 172.16.0.0
The commands above enable RIPv2 on the router, set the version to 2 and finally apply RIP
to work with the interfaces associated with the networks.
Remember RIP uses the concept of hop count and will use the path with the least hop count
to route traffic. If multiple paths exist between 2 devices where one path uses fast Ethernet
with 5 hops and the other uses a 128k leased line with 1 hop RIP will choose the slower link
because of the smaller hop count. This makes RIP inefficient.
The command to provide an overview of routing is
Router#show ip protocols
RIP Timers - RIP has four basic timers:

Update Timer (default 30 seconds) how often an update is sent
Invalid Timer (default 180 seconds) How long it takes before a route is marked invalid and
Hold-down Timer (default 180 seconds) how long RIPv2 will hold down a route and accept no
new updates.
Flush Timer (default 240 seconds) how long it takes RIPv2 to flush a route after it is put into
hold-down
The hold-down and Flush timers work concurrently therefore a route will be flushed 60
seconds after a routes hold-down timer has expired.
To configure RIPv2 timers should be carried out on all routers participating in RIPv2 and can
be done using the following commands
Router(config)# router rip
Router(config-router)# timers basic 40 150 150 250
Verifying RIPv2
To verify RIPv2 is very simple, use the following command to view the routing table
Router#sh ip route
The output should return something similar to
Codes:Cconnected,Sstatic,RRIP,Mmobile,BBGP
DEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterarea
N1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2
172.16.0.0/24issubnetted,2subnets
R172.16.2.0[120/1]via172.16.3.254,00:00:17,
192.168.1.0/24issubnetted,2subnets
R192.168.1.0[120/1]via10.0.0.1,00:00:17
As you can see, any routes added using RIP are annotated with R to indicate they
were learnt from RIP.
RIP Loop Avoidance Mechanisms

RIP is a Distance Vector routing protocol therefore it is susceptible to routing loops.
The mechanisms introduced to avoid loops are
Split-Horizon Split Horizon prevents a routing update from being sent out the
interface it was received on.
Route-Poisoning Works with split-horizon, by triggering updates for a failed
network that set the metric to infinity.
Hold-Down Timers Prevents RIP from accepting any new updates for routes
in a hold-down state.
5.6
Enhanced interior gateway routing protocol (EIGRP)
EIGRP is a hybrid distance vector (DV) routing protocol developed by Cisco that uses the
Diffusing Update Algorithm (DUAL) to obtain loop free routes quickly and efficiently. It is a fast
converging protocol that is defined by protocol 88
EIGRP establishes Neighbor relationships on their directly attached networks to dynamically
learn routes by multicasting hello packets to the IP address of 224.0.0.10. Routers configured
within the same autonomous system will establish a neighbor relationship with each other.
Hello packets are small discovery packets that are sent to neighbors to ensure they are still
functioning. The hello interval by default is 5 seconds with a hold time of 15 seconds. If no
hellos are received during the hold time DUAL and EIGRP are informed the neighbor is down.
The key functions EIGRP provides an administrator are
Fast efficient routing, with the DUAL algorithm allows for backup routes to be kept in the
routing table to ensure rapid convergence in the event of a failure.
Summarisation can be configured allowing a reduction in the size of the routing table.
Unequal load balancing is configurable which can balance traffic accurately over unequal cost
links.
5.6.1 Packet Formats

EIGRP uses five packet types:
Hello/Acks Forms Neighbor relationships
Updates
Routing updates
Queries
Route queries during convergence
Replies
Query replies during convergence
Requests
Route information requests
uses RTP
uses RTP
uses RTP
EIGRP uses the reliable transport protocol for all updates between neighbors that ensures
acknowledgement of the receipt of updates, and if an acknowledgment is not received,
EIGRP retransmits the update.
EIGRP uses tables to store information relating to neighbors and topology and routing, each
table contains information that helps EIGRP make the best routing decision.
Neighbor Table Each router keeps a neighbor table that includes information regarding the
relationship with each neighbor. The neighbor table tracks hello packets and hold timers so if
a neighbor is unavailable it can trigger reconvergence.
Topology Table the topology table is populated by DUAL and contains all destinations that
are advertised by routers in the neighbor table. For each entry the metric and advertising
neighbor is stored. The topology table contains a lot of information about the best routes
called successors, the next best routes called feasible successors, and feasible distance
Routing table the routing table includes contains a list of the successors identified in the
topology table.
Successor - A successor is the neighbor with the best path to a destination.

FS (Feasible Successor).- Alternative EIGRP routes that the local router can use
immediately if the currently best route fails, without causing a routing loop
Feasible distance - The feasible distance is the metric of a network advertised
by the connected neighbor plus the cost to get to the neighbor
Feasible successor - A feasible successor is the neighbor or neighbors that

have other loop-free paths to a destination that aren't a preferred as the successor's
path.
The local router determines if a route is a feasible successor based of the following
condition:
If the reported distance is less than the feasible distance then the route is a candidate
Feasible Successor
RD < FD = feasible successor route.
Example
Int example the route from Source Router B Destination is the successor due to
the lowest overall cost of 100
Route Source Router C Destination is a feasible successor as the reported distance
(30) is lower than the successor (100).
Route Source Router A Destination is not a feasible successor due to the reported
distance (120) being greater than the successor (100).
By calculating feasible successors EIGRP is provided with redundancy which allows

fast failover in the event of successors path failing. EIGRP instantly promotes a FS
into the successor role.
When there are no feasible successors, a route goes into Active state and EIGRP sends
multicast queries to all neighbors to try and establish a new feasible successor.
Neighbors either reply or alternatively respond with unicast that they are have no
feasible successor and are send query packets. Once the query packets have identified
a new feasible successor EIGRP can place this into the routing table and return to a
passive state. Occasionally when a query cannot be satisfied, that is no feasible
successor exits, EIGRP can go into Active state and never exit is. This is known as
Stuck in Active SIA. When a router is stuck in active it is a good decision to contact
Cisco support to help troubleshoot.
5.6.2 Configuring EIGRP

EIGRP uses an autonomous system number ( AS Number ) to identify the routing process.
This AS should be the same on all Routers taking part in the EIGRP routing process. Valid
options for the AS number are 1 to 65535
Router(config)#router eigrp AS#
After entering the EIGRP Configuration Mode, the next step for an administrator is to specify
which networks EIGRP will advertise
Router(config-router)#network 192.168.1.0 0.0.0.255

The first parameter is the network IP address; the second parameter is wildcard mask. The
wild card mask is similar to a subnet mask but has the opposite effect. We are interested in
the 0.0.0 and not interested in the .255
VLSM support
EIGRP carries the subnet mask in the routing update, which means it supports VLSM and
CIDR. By default EIGRP will carry out summarisation of routes at the Classful boundary, this
can cause issues with VLSM so it is best practice to disable this with the following command
Router(config-router)#no auto-summary
EIGRP Timers can be manually configured by an administrator to speed convergence
in the event of a failed device. The following commands set the hello timer for EIGRP
AS#20 to 2 seconds with hold-time of 6 seconds. This means if no hellos replies are
received in 6 seconds from the neighbor then EIGRP will set the neighbor to dead and
set the DUAL algorithm to active.
Router(config)#interface serial 1/0
Router(config-if)#ip hello-interval eigrp 20 2
Router(config-if)#ip hold-time eigrp 20 6
Administrative distance (AD)- the routing table for EIGRP will contain entries that
are similar to the following
D
192.168.1.0/24 [90/5542656] via 192.168.10.1, 00:55:33
Serial0/0
This entry details that the route is EIGRP by the D classification. The brackets
contain the number 90 which is the administrative distance for EIGRP and is followed
by the EIGRP metric.
EIGRP Bandwidth on Low-Speed Links
By default, EIGRP is limited to using up to 50% of available bandwidth on slow links.
This prevents swamping the interface with traffic that would overwhelm the interface
limiting the available bandwidth for data and thus cause packet drops.
EIGRP uses the interface bandwidth to decide how much EIGRP traffic can use,
therefore its important that the link bandwidth is configured correctly. If its not
possible to reconfigure the bandwidth of the interface an administrator canmodify
EIGRP by using the following command
Router(config)#ip bandwidth percent eigrp AS#
Debug Commands
Being able to identify when a protocol is working correctly is strongly recommended,

by knowing this it is easier too understand and identify what is at fault when an issue
occurs. By using debug commands in a practice lab an administrator can hone their
skills. The following debug commands can be very useful for understanding EIGRP
Router#debug
Router#debug
Router#debug
Router#debug
ip
ip
ip
ip
neighbors
eigrp packet
eigrp neighbors
eigrp ?
EIGRP Load-Balancing EIGRP can provide load balancing over a maximum of six paths
that do that required to be equal cost.. By default EIGRP uses 4 paths, however using a
command EIGRP can be forced to load balance over unequal cost paths.
By using the variance command EIGRP can be forced to load balance across unequal cost
links assuming the links as feasible successors. The variance command is really a multiplier
that takes the feasible distance and multiplies it by the variance factor.
To configure the variance of an EIGRP process use the following commands
Router(config)# router eigrp 50
Router(config-router)# variance 4
I this example if the FD is 20 then EIGRP will load balance across feasible successor whose
metric is 80 or lower.
5.7
Open shortest path first (OSPF)
OSPF protocol is a link-state routing protocol uses the Dijkstra algorithm that supports VLSM,
route summarisation and authentication. OSPF sends packets called link-state
advertisements (LSAs) to all other routers within the same hierarchical area to inform of
routing updates. Routing changes are advertised immediately which makes OSPF a much
superior routing protocol compared to some others. The link state advertisements contain
information on the router links that are sent to neighbors. Once a router receives an LSA it
stores it in the link state database.
LSA packets include information on attached interfaces and metrics. OSPF routers use the
SPF algorithm to calculate the shortest path to each node.
The Shortest Path First (SPF) routing algorithm is the basis for OSPF operations. A router
sends hello packets to acquire neighbors. The hello packet once they have acquired
neighbors starts an election process to define the designated router (DR) and the backup DR.
The DR is responsible for generating LSAs that are distributed to other routers in the OSPF
network. Designated routers allow a reduction in network traffic and in the size of the
topological database. Only one DR and BDR are allowed with OSPF. One of the main
functions of the DR is receive updates from all other routers and sent multicast them back out.
It should be stressed that routers only communicate with the DR.
When the link-state databases of two OSPF neighbors are synchronized, the routers are
adjacent. Topology databases are synchronized between pairs of adjacent routers.
Each OSPF router is identified by a unique Router ID. This can be specified in order by
manually configuring or using the highest loopback interface or finally the highest physical IP
address will become the router-id
5.7.1
Areas, Neighbors and Border Routers
OSPF uses the concept of hierarchal areas called an Autonomous system (AS). OSPF can be
ad is divided into areas which are groups of contiguous networks.
By creating areas, OSPF creates two different types of routing; if the source and destination
are inside an area then this is known as intra-area routing. Subsequently if the source and
destination are in separate areas this is known as inter-area routing.
Area 0 - The main area OSPF creates is Area 0 which is considered the backbone. An OSPF
backbone is responsible for distributing routing information between areas and for connecting
all other areas together. OSPF expects all other areas to connect to area 0 to allow updates.
Of course its not always possible to keep to this rule and often an administrator can find that
an area is not connected to Area 0. In this case a virtual link can be created to logically
connect ABRs to a backbone ABR. This will be discussed later.
Stub Area - Stub areas are connected only to Area0. Stub areas as the name suggests do
not receive routes from outside the autonomous system, but do receive the routes from within
the autonomous system
Totally Stub Area Totally stub areas are only connected to Area 0. A totally stub area only
receives a default route from Area 0. This default route is the only route a totally stub area can
use to communicate with rest of the network
Not so stubby area an NSSA allows a stub area to communicate with an external
Autonomous system by allowing an ASBR to be place within the area. This allows
redistribution of external routes into the OSPF process
A router participating in OSPF must reside within an area or areas. Depending on where the
router interfaces resides will dictate what function that router will take
Interfaces
Function
All in a single area
Internal Router
Interfaces in multiple areas
Area Border router
Interfaces in another AS
Autonomous System Boundary Router
Neighbors Routers that share a network segment can become OSPF neighbors if
they receive and responded to hello packets with some common agreements such as
the area they belong too, the timers are identical, the segment and mask are identical
and authentication is correct.
Hello and Dead Intervals: OSPF routers exchange keepalives or hello packets on each
segment. This is used by routers to confirm they are alive. The Hello interval specifies the
length of time between hello packets. The dead interval is the number of seconds between
routers receiving a hello and deciding a neighbor is down. These intervals have to be exactly
the same between two neighbors. If any of these intervals are different, these routers will not
become neighbors.
Adjacencies An adjacency is the stage where OSPF neighbors actually exchange routing
information. This process is carried out by the DR. instead of each router flooding every other
router with updates; they send a multicast to the DR address of 224.0.0.6 - The DR then
multicasts the update back to the all routers address of 224.0.0.5 which will be received by
every router in the segment.
DR Election the DR and BDR election process is carried out by hello packets. Routers
when configured with OSPF have a priority value set. These priority values are compared and
the router with the highest priority will assume the role of DR. in the event of a tie, the router
with the highest Router-ID will win.
The DR election can be influenced by modifying the router Priority. Setting priority to 0 will
ensure the router never takes part in DR elections.
5.7.2 Building the Adjacency

OSPF adjacencies are complex processes, each adjacencies must go through several
stages before it can be classed a full adjacency. The stages a router goes through to
become adjacent are detailed below.
State
Down:
Attempt:
Description
No information has been received from anybody on the segment.
Start sending hello packets
Init:
Detected hello packets
Two-way:
Neighbor found and DR election started
Exstart:
Establish initial communications
Exchange:
Created a link state request list
Loading:
Exchanging link state information
Full:
Adjacency completed
5.7.3 OSPF Network types
OSPF has been designed to work across multiple diverse network types such as
Ethernet, frame-relay, leased line etc and as such has a requirement to be configurable
for each
Broadcast Multi-Access typically Ethernet
DR and BDR election
Traffic to DRs and BDRs is multicast to 224.0.0.6.
Traffic from DRs and BDRs is multicast to 224.0.0.5.
No manual neighbor commands
Point-to-Point typically point to point leased line
No DR and BDR election
All OSPF traffic is multicast to 224.0.0.5.
Point-to-Multipoint typically hub and spoke networks. (multiple P2P)
No DR and BDR election
All OSPF traffic is multicast to 224.0.0.5.
Non-broadcast Multi-access Network (NBMA) typically frame
relay
DR and BDR election
Manual neighbor configuration
The OSPF process builds and maintains three separate tables:
Neighbor table
Contains a list of all neighbor routers.
Topology table
Contains a list of all possible routes to all known networks within

an area.
Routing table
Contains the best route for each known network.
5.7.4 OSPF Cost

OSPF metrics are an indication of the overhead associated with sending traffic across
a link. The cost associated to a link is inversely proportional to the actual bandwidth
of the link. The higher the bandwidth then the lower the cost associated with that link.
INSERT COST FORMULA
5.7.5 Link-State advertisement Packets

OSPF routing protocol has hierarchical network topology that use concept of area.
OSPF area reduces the protocols impact on CPU and memory. Resources can be
saved by blocking the propagation of some type of LSA to specific areas. Lets
examine the LSA types to see how they are propagated between areas.
LSA Types
LSA TYPE
LSA 1
IDENTIFIER
O
SUMMARY
Router LSA
LSA 2
Network LSA
LSA 3
O IA
Network Summary LSA
LSA 4
O IA
Summary ASB Link States
LSA 5
O E1, O E2
External Link States
LSA 7
O N1, O N2
NSSA External Link States
GENERATED BY
every router and is local
to the area
DR and is local to the
area
ABR and is propagated
between areas
ABR and is propagated
between areas
ASBR and is propagated
between areas
ASBR into NSSA area
and is propagated into
area 0
Knowing the LSA types is not critical to passing the CCNA as the exam concentrates
on single area OSPF. The purpose of the LSA types is to ensure OSPF routers share an
identical link-state database with the other routers in its area. LSA1 and LSA 2
propagate within an area and are responsible for building the OSPF tables. The LSA
types 3 and above are for inter-area routing and are not required in the CCNA exam.
5.7.6 Configuring OSPF

OSPF can be configured on a router by using the following commands
Router(config)#router ospf 50
Router(config-router)#router-id 1.1.1.1
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router(config-router)#network 10.1.1.0 0.0.255.255 area 23
The commands above create an ospf routing process with an identifier of 50, within the ospf
process the networks 192.168.0.0 is assigned to area 0 whilst network 10.1.0.0 is assigned to
area 23
To configure a virtual link requires the a configuration on a ABR connecting Area 0 to

the ABR at the edge of area 12
RouterArea0(config)#router ospf 50
RouterArea0(config-router)#router-id 1.1.1.1
RouterArea0(config-router)#area 12 virtual-link 2.2.2.2
RouterArea12(config)#router ospf 50
RouterArea12(config-router)#router-id 2.2.2.2
RouterArea12(config-router)# area 12 virtual-link
1.1.1.1
5.7.7 Passive interfaces

It is possible to control which router interfaces will participate in the OSPF process. This is
called Passive interfaces and will stop OSPF from forming neighborships on the passive
interface
Router(config)# router ospf 50
Router(config-router)# network 10.1.1.0 0.0.0.255 area 0
Router(config-router)# passive-interface s0
An administrator can configure the passive interface globally on a router and then set specific
interfaces as active
Router(config-router)#passive-interface default
Router(config-router)# no passive-interface s0
5.7.8 OSPF Authentication

Configuring OSPF authentication requires few commands
RouterA(config)#interface s0/0
RouterA(config-if)#ip ospf authentication messagedigest
RouterA(config-if)#ip ospf authentication-key
P@ssw0rd123
RouterB(config)#interface s0/1
RouterB(config-if)#ip ospf authentication messagedigest
RouterB(config-if)#ip ospf authentication-key
P@ssw0rd123
As long as the authentication type and password match then authentication will work
and a neighbor relationship will form.
5.7.9 OSPF Area configuration
Configuring OSPF areas with the exception of area 0 are out with the scope of the CCNA but
these commands will give you an idea of how OSPF can scale.
Stub area
Router(config-router)#area 50 stub
Totally Stubby
Router(config-router)#area 50 stub no-summary
Not-So-Stubby
Router(config-router)#area 50 stub nssa
Totally Stubby Not-So-Stubby
Router(config-router)#area 50 stub nssa no-summary
Not-So-Stubby
Router(config-router)#area 50 stub nssa default-information-originate
Module 6.
6.1
VLANS
Virtual Local Area Networks
Virtual Local Area Networks or VLANs allows an administrator to logically group devices into a
single broadcast domain whilst improving security, VLANs create a layer 3 boundary between
devices which segregates them from other devices on additional VLANs.
A VLAN is never bound by a physical location and can span multiple switches or geographical
location which means they can span LANs, or WANs. Each VLAN is ring fenced within the
switching environment with broadcasts only ever being forward to ports within the VLAN.
Unicast messages to destinations out with the VLAN must pass through a gateway or router
to be routed to the destination.
A VLAN is transparent to the end device, I never knows which VLAN it is a member of.
VLANs are assigned at the switches physical interface by an administrator and can typically
only be assigned to a single VLAN unless a Cisco telephony is in use and a voice VLAN is
configured. VLAN membership can be given by static or dynamic means.
Static
VLAN configuration is carried out manually by an administrator using
interface configuration mode.
Dynamic
VLAN configuration is carried out automatically based on device MAC
address by a VLAN membership policy server (VMPS)
VLAN creation can be carried out several ways and amends a file called vlan.dat in Flash that
stores information relating to configuration of VLANs on the local switch.
To create a VLAN simply use the following commands
Switch(config)# vlan 25
Switch(config-vlan)# name MY_NEW_VLAN
Assigning an interface to a VLAN is a case of accessing the interface config mode, setting
port mode to access and assigning the VLAN.
Switch(config)# interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access VLAN 25

These commands set the port to access mode, more about that later, and then assigns VLAN
25 to the port.
To view the list of VLANs, including which ports are assigned to each VLAN use the following
command.
Switch#sh VLAN
An output similar the following should be presented.
VLAN
-------1
25
1002
1003
1004
1005
Name
--------default
MY_NEW_VLAN
fddi-default
token-ring-default
fddinet-default
trnet-default
Status
--------active
active
suspended
suspended
suspended
suspended
Ports
------Fa0/1
As you can see the port Fa0/1 is now assigned to VLAN 25 and can now only communicate
with other devices assigned to VLAN 25.
Looking at the configuration of the interface when assigning the VLAN to it we

specific a port type of access. There are 2 types of interface supported on a switch,
these are Access and Trunk
Access - An access port belongs to only one VLAN unless Voice is used within the
network. Access ports are associated with end devices such as PCs and servers. A
device is automatically assigned to the ports VLAN when it is plugged into the
switch.
Trunk A Trunk port is used to connect switches together or to connect a switch to a
router. A trunk port should never be associated with an end device and does not belong to a
single VLAN. Instead a trunk port is used to carry VLANs across an uplink to another switch
or router.
When a trunk is configured to carry VLAN information across it, it must be able to identify
which VLAN a frame belongs to. It uses a mechanism called frame tagging or VLAN colouring
where each VLAN is identified and marked.
Most Cisco switches support two methods of tagging. Inter-switch Link or 802.1Q
Inter-Switch Link (ISL) is a Cisco proprietary protocol that is rapidly falling out of favour to
802.1Q which encapsulates a frame with a 26Byte header and 4byte trailer.
ISL Header
(26Bytes)
Ethernet Frame
CRC ( 4Bytes)
ISL frames are larger than normal at around 1544 bytes so the MTU size must be increased
to stop any non Cisco routers from discarding the frame.
802.1Q otherwise known as dot1Q, is now becoming the prevalent tagging protocol. Dot1Q
actually tags the frame rather than encapsulating it by adding a 4byte VLAN ID into the layer2
header. As most modern switches support dot1Q this increase in frame size is ignored and
the frame processed as normal. Dot1Q requires the native VLAN to be identical on both sides
of the Trunk, otherwise switching loops will occur.
ISL
Cisco Proprietary
Encapsulates the frame
No Native VLAN
802.1Q
Industry Standard
Inserts a 4 Byte VLAN tag
Native VLAN 1
Manual vs. Dynamic Trunking

As with most configurations, there is a manual process and an automatic configuration
protocol to enable trunking. Dynamic trunking protocol ( DTP) allows switches to auto
negotiate the trunking protocol used between them.
Manually configuring a trunk
Switch#config t
Switch(config-if)#switchport trunk encapsulation ISL | DOT1Q
Switch(config-if)#switchport mode trunk
This command enters interface config-mode, assigns an encapsulation protocol and finally
sets the mode to trunk. It must be stressed that both sides of the trunk must have the same
encapsulation set or a trunk will fail to form.
Dynamic Trunking Protocol (DTP) Configuration allow for the automatic negotiation of a trunk.
This protocol dynamically establishes whether an interface stays an access port or can move
to being a trunk port. DTP has settings that when configured on both sides of a link can
negotiate or not to create a trunk. The configuration settings are trunk, dynamic desirable,
dynamic auto, no negotiate.
Interface 1
Manual Trunk
Manual Trunk
Manual Trunk
Dynamic Desirable
Dynamic Desirable
Dynamic Auto
Interface 2
Manual Trunk
Dynamic Desirable
Dynamic Auto
Dynamic Desirable
Dynamic Auto
Dynamic Auto
Will trunk establish

Yes
Yes
Yes
Yes
Yes
No
Dynamic Desirable will actively look to establish a trunk link with the other interface; where as
Dynamic Auto is passive and will wait until asked to establish a trunk. Placing the interface
into no-negotiate always creates a trunk but the interface never advertises DTP
To configure a switchport to establish a trunk use the following configuration, this is a slight
difference from the example above.
Switch#config t
Switch(config-if)#switchport mode trunk | Dynamic Desirable | Dynamic Auto
Managing VLAN access to trunks. By default, all VLANS from 1 to 1005 in the VLAN
database are allowed to be carried across a trunk; however an administrator can manually
configure this. This is useful I the manipulation of Spanning tree to manipulate root paths and
generally improve bandwidth usage. To restrict the VLANs allowed to be carried across the
trunk use the following command
Switch(config-if)#switchport trunk allowed VLAN
add 25
add 30-40
remove 34
add all
add all except 50
This command looks at the VLAN database and adds, removes VLAN ID from the trunk. A
trunk port automatically adds newly created VLANs to the allowed VLAN list if VTP exists and
the VLAN is in the allowed list.
If a frame arrives to a trunk without being tagged then it is classed as being in the native
VLAN. All untagged traffic resides in the native VLAN which by default is VLAN 1. This can be
manually configured using the command
Switch(config-if)# switchport trunk native vlan 100
6.2
VLAN Trunking Protocol (VTP)
As the network grows and multiple switches are installed and configured, it can quickly
become an administrative nightmare to manage VLANS. When creating a new VLAN it would
need to be configured on each switch and trunk links amended to allow it to pass across
them. VTP is a Cisco proprietary protocol that maintains VLAN configuration by managing the
administration of VLANS. Using VTP, an administrator can make configuration changes
centrally to one or more switches from a centralised location. This alleviates the
administrative burden from manual VLAN configuration and provides a source of security and
change management control, however it should be noted that simultaneous changes to
switches in the same domain can lead to database inconsistencies.
Switches making uses of VTP are configured to join a VTP domain, which is a logical group of
switches that are under a single administrative control. Only switches that belong to the same
VTP domain can communicate VLAN information to one another. VTP supports the normal
range of VLANs (VLAN ID 1 to 1005), Extended VLANs are not supported by VTP.
Switches participating in VTP can only ever join a single VTP Domain and only then if they
have the correct shared password to connect. Without the correct password or Domain name,
a switch will not participate in the correct VTP.
VTP domain the VTP domain consists of a logical group of interconnected switches under
the same administrative authority that participate in the sharing of a common VLAN database.
VTP Modes
VTP supports 3 modes for switches to operate; these modes are Server, Client and
Transparent.
VTP Server Servers have the ability to create, modify or delete VLANS in a VTP domain.
VTP servers keep a record of the Database revision number with the VLAN configurations
held in NVRAM.
VTP Client Clients can only listen and read advertisements from VTP Servers in the same
domain. They cannot create, delete or modify VLAN information. VTP clients also forward
received VTP advertisements out trunk ports.
VTP Transparent transparent switches do not participate in the VTP Domain, however they
will forward VTP advertisements out trunk ports. They also have the ability to add, delete and
modify local VLAN information that is not propagated.
VTP revision number VTP contains a configuration revision number which is used to ensure
all switches participating in VTP have the correct version of the VLAN database. A switch will
only accept and process a VTP update if the revision number is higher than the current value.
In an enterprise environment it is important to secure the VTP server with a distinct Domain
name and password. Failure to do so may result in the loss of all VLAN information if a new
switch is added. If a switch is added to the network that has the same name and password
but a higher VTP revision number then the new switch will advertise its database that will take
preference thus wiping the existing VLAN database. New switches must be configured as a
VTP client with a NULL value for domain and password.
VTP advertisements each switch in the VTP domain sends advertisements from each trunk
port to a multicast address. Neighbouring switches receive and process the advertisement
based on their mode. VTP advertisements contain the following. VTP Domain names, revision
number, timestamp, VLAN ID, VLAN name, VLAN type, VLAN state.
Configuring VTP
Configuring VTP for server or client mode is straight forward with a few commands to set the
mode, domain, version and password
Switch#conf t
Switch(config)# vtp domain CISCO
Switch(config)# vtp mode SERVER | CLIENT
Switch(config)# vtp version 1 | 2
Switch(config)# vtp domain My_VTP_Domain
Switch(config)# vtp password My_VTP_Passw0rd
To configure VTP for transparent mode
Switch#conf t
Switch(config)# vtp mode transparent
This configuration can be verified by running the command
Switch# show vtp status
6.3
Enabling VTP Pruning
VTP Pruning is a process for removing VLAN information being transmitted over
trunks to a switch that has no interfaces associated with the VLAN. Pruning increases
available bandwidth by restricting VLAN information traffic to those trunk links that
connect to switches that must use the VLAN information. VTP pruning is configured
on switches that support VTP version 1 & 2. Enabling Pruning on a VTP server
enables it globally across the VTP domain. VLAN 1 is never pruned.
Switch(config)# vtp pruning
Alternatively, it is possible to specify which VLANs on a trunk are eligible to be
pruned.
Switch(config)# interface fa0/1
Switch(config-if)# switchport trunk pruning vlan add 10
Switch(config-if)# switchport trunk pruning vlan remove 25
Monitoring VTP
Monitoring and verification of VTP can be carried out with the following commands
Switch#sh vtp status
Switch#sh vtp counters
6.4
VLan Manangement Policy Server
VMPS is a Cisco proprietary service configured on a switch that is responsible for

dynamic VLAN assignment based on MAC address. VMP Client switches
communicate using the VLAN Query protocol or 802.1x responses.
On physically connecting a device to a switchport configured as a VMPS client the
switch sends a packet to the VMPS which will respond with a policy.
The 4 responses a VMPS can send to a client are

Repsonse
Allow
Deny
Shutdown
Wrong Domain
Description
Sends VLAN configuration to port
Places port into pre-configuration state
Shuts the port down
Log an error that port is misconfigured
When a port is configured as a VMPS client it is matched to a list of known MAC

addresses. As soon as traffic is identified on the port it checks the source MAC
address and verifies the VLAN information. If the MAC address matches an entry, the
VMPS forwards VLAN information to the port. If no match is made then VMPS
shutdown the port or places it back in pre-configuration mode.
The VMPS verifies the domain name in the request packets match its own domain
name, otherwise the VMPS server responds with a wrong domain message.
VMPS Database Configuration File VMPS contains a database configuration file
that contains the VMPS MAC-address to Port mappings. This file is an ASCII based
file.
To configure a port to take part in the VMPS process an administrator can use the
commands below
Switch#configure terminal
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan dynamic
6.5
Load Sharing Using STP
By using parallel trunks it is possible to load share Spanning tree protocol by sharing
the VLAN traffic across the multiple trunks. STP would normally block one trunk but
by using load sharing different VLANs can use different trunks thus utilising
bandwidth more effectively. Load sharing is discussed in more detail in the
CCNP:Switch course.
6.6
Etherchannel
Spanning tree is a fantastic protocol that prevents loops occurring in a network;

however it what if you want to have multiple links between 2 switches to provide
higher bandwidth? STP would in normal circumstances block a port making the links
unusable.
Etherchannel provides a way of bundling multiple uplinks together into a single
logical connection that wraps up all the uplinks into a single channel-group on both
switches. Spanning tree also sees the Etherchannel as a single connection so if a

physical link with it goes down STP will not reconverge.
To configure Etherchannel use the following commands on both switches.
Switch1#conf t
Switch1(config)#interface fast 0/8
Switch1(config-if)#channel-group 1 mode on
Switch1(config-if)#interface fast 0/9
Now configure it on the second switch
Switch2#conf t
Switch2(config)#interface fast 0/8
Switch2(config-if)#interface fast 0/9
A logical Etherchannel is now created on each switch which would be called PortChannel 1(Po1). When configuring the Etherchannel this new port should be used
Switch2(config)#interface Po1
an administrator is able to view the etherchannel status using
Switch2(config)#sh interface etherchannel
6.7
Router on a stick - InterVLAN routing
A router-on-a-stick is a term used to describe a network device whose job is to route

traffic between two or more VLANs. First step to setting up a router-on-a-stick is to
configure a trunk link between the switch and the router. The trunk link will connect
to a single port on the switch and a single physical but multiple logical sub-interfaces
on the router. The second step is to remove IP configuration from the router physical
interface and assign it and trunking encapsulation such as dot1q to the sub interface.
To configure a router on a stick, an administrator can follow these commands

Switch(config)#interface FastEthernet0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Router(config)#interface FastEthernet0/0
Router(config-if)#no ip address
Router(config-if)#interface FastEthernet0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip add 192.168.2.1 255.255.255.0
Router(config-subif)#interface FastEthernet0/0.3
Router(config-subif)#interface FastEthernet0/0.4
With routing enabled on the switch each device in the vlans should now be able to
have network connectivity to each other.
Module 7 Wireless Networking

7.1
Fundamentals
Wireless Networking A wireless network as its name suggests is a modern

network that uses Radio Frequency (RF) as the communication bearer, it is fast
becoming a must have technology in most homes with the upsurge in mobile devices
such as ipads, smart phones and laptops. It provides network access for devices
without having to physically connect to any cables or wires.
A wireless network consists of a backbone network, such as the wired networks
discussed in this guide along with a Wireless Access Point (WAP). Connecting to this
WAP gives a device access to resources normally associated with a wired network. In
fact a wireless device gives exactly the same resource access just without the physical
limitations of a cable.
There are some drawbacks to wireless networks such as security, range and bandwidth
which all combine to make a significant impact on users.
Wireless LANS always run in half-duplex mode and make use of CSMA/CD
mechanism to avoid collisions.
Wireless LAN standards.

802.11
802.11a
Throughput
2 Mbps
54Mbps
802.11b
11Mbps
802.11g
54Mbps
802.11n
600Mbps
It is important to note that wireless networks have a small range, in the region of tens
of metres. This means that an office or campus can have many access points to service
mobile users. They use channels of bandwidth within the frequency range allocated to
them, multiple channels improve the throughput of wireless networks, however
careful administration of channels is required. Adjacent WAPs should overlap slightly
to ensure 100% coverage but should never be configured on the same channel. By
using the same channel on adjacent WAP severely impacts the performance.
There are two kinds of wireless networks:
Ad-hoc wireless networks consist of a number of end devices that communicate
directly to each other through an installed wireless network card. Each device can
share resources to each other but cannot access wired network resources.
Access-point based wireless networks introduce a base station or access point with a
fixed connection to a wired LAN. This access point acts like a hub by providing half
duplex connectivity to wireless devices. An access point uses a dedicated range of RF
called a channel.
A network can have multiple access points however its important to know that each
adjacent access point access must use a different channel to reduce interference
7.2
Wireless Security
Security on a wireless network is a headache for administrators; wireless is inherently

more vulnerable to attack then conventional wired networks. Whilst
locking down a network can never be fully 100% achieved, wireless
security is a layered approach, if an administrator makes it awkward and
inconvenience for an attacker they are more likely to walk away.
Good wireless network design is crucial to securing the network; by using carefully
planned directional antennae an administrator can limit the external range of the
network minimising opportunity for access from out with company property.
Wireless networks use IDs called SSID that can advertise a active WAP, Any user
with a wireless network card can scan for SSIDs and start attempting to connect. A
smart administrator will switch this advertisement off thus making the WAP less
visible. This is known as security by obscurity, therefore an attacker will be less likely
to attempt to access a WLAN if they do not know about it.
Physical security aside, WLAN can be further secured using encryption; any
connections to an WAP can be secured using one of 3 industry standards. WEP, WPA,
WPA2 are defined to help secure wireless networks although in reality they are not
very secure.
Wireless Encryption Standards - WEP was the first real standard released for WLAN
security. It uses a predefined shared key that is shared between WAP and device. This
is a administrative burden that results in infrequent shared key changes.
Wi-Fi Protected Access WPA address some of the issues with WEP with the use of a
dynamically exchanged key on a per packet basis. WPA implements a per user
authentication mechanism providing an extra layer of security
Wi-Fi Protected Access 2 WPA2 builds on WPA by using AES encryption that
secured using longer keys and a stronger encryption algorithm
Finally WAP can be configured to only allow access to devices with a certain MAC
address. By limiting the MAC addresses allowed to connect to a WAP it makes the
network a little stronger, however MAC addresses can be spoofed and this present an
administrative burden.
Module 8
8.1
Frame Relay
Frame Relay
Frame Relay is a connection-oriented Layer 2 protocol that allows several data

connections (called virtual circuits) to be multiplexed onto a single physical link.
Frame Relay relies on upper-layer protocols for error correction. Frame Relay
specifies only the connection between a router and a service providers local access
switching equipment. The data transmission within the service providers Frame
Relay cloud is not specified. A connection identifier is used to map packets to
outbound ports on the service providers switch. When the switch receives a frame, a
lookup table is used to map the frame to the correct outbound port. The entire path to
the destination is determined
Frame relay terms
CIR (Committed Information Rate
DLCI (Data Link Connection
Identifier
Inverse ARP
LMI (Local Management Interface
VC (virtual circuit)
The minimum guaranteed data transfer

rate
Identifies the logical circuit
Used to discover the IP address of a
device from a network address.
A signalling protocol used to establish
communications
A logical circuit between two network
devices.
Frame Relay is a nonbroadcast multi-access (NBMA) protocol that standardises the

physical and logical links of a packet switching network. Which means by default
broadcast routing updates are not forwarded to remote routers Frame relay can be
configured as either point-to-point or multi-point and designed using star, full-mesh,
and partial-mesh topologies. Frame relay creates a virtual circuit between two routers
which are logically locally mapped at end.
Point-to-point This configuration allows sub-interfaces to be configured as
directly connected links to other routers where the subnet is distinct and separate to
every other sub interface.
Multi-point Frame relay multipoint interface allows an administrator to connect
a sub-interface to many other frame-relay links. Multipoint links can be described as
multiple point-to-point links. This configuration can create problems with in routing
with the split horizon rule. Routes received into a multipoint link will not be
advertised back out that link.
Star topology - also known as the hub-and-spoke configuration is the most
commonly used network topology. A central site, normally the HQ provides resources
that are required by branch or remote sites. Each remote site is connected directly to
the central site. Typically a Star topology requires the fewest number of PVCs which
makes them the least expensive option for intersite connectivity. This topology does
not provide for redundancy.
Full-mesh topology - the most expensive option where all routers have virtual
circuits to all other destinations. The Full mesh topology provides full redundancy,
because all sites are connected to all other sites. As a network grows and additional
sites are added then the requirement for additional PVCs and the administration of
these increase. The number of links required in a full-mesh topology with n nodes is
(N/2)*(N-1)
Given this formula, we can see how rapidly the number of PVCs rises.
Number of Sites
5
8
10
15
Number of PVCs
10
28
45
105
Partial-mesh topology in a partial mesh, not all sites have direct access to
all other sites. It is common for the network administrator to provide at least 2
connections back to a hub and will usually be based on the traffic flow between sites.
Virtual Circuits
With Frame relay, an administrator is only concerned with the router connection to the
Service provider. Once traffic is passed into the Frame relay cloud the administrator
can only hope the traffic will arrive at its destination.
For frame relay communication to happen the administrator and service provider must
create what is known as a Virtual Circuit (VC). The virtual circuit is the one-way path
traffic takes when traversing the service providers network.
Frame relay virtual circuits are either switched SVC or Permanent (PVC). An SVC is
setup and torn down on a per session basis where as the PVC as its name suggests is
set up once and is permanent. This said to effect communication between two sites
requires the configuration of two Virtual circuits.
Virtual circuits are locally identified with a label called the Data Link Connection
Identifiers (DLCIs). DLCIs are locally significant and are essentially the way into the
frame relay cloud and can be described as a pipe. Its possible to imagine VCs as a
pipe that goes to a location. A DLCI is a label on this pipe; therefore if the
administrator wishes to send data to a remote site, they look at the labels on the pipes
and push the traffic down it.
Frame-Relay switches make decisions based on DLCIs, whereas Ethernet switches
make decisions based on MAC addresses.
Committed information rate (CIR) The committed information rate is the
guaranteed bandwidth that a service provider has a contractual obligation to provide.
CIR is almost always based on cost; higher bandwidth links require additional
expense. Often the service provider will allow the customer to burst above the CIR
which is called the burst excess. This allows a customer for a short period of time to
send more traffic without additional cost. It should be noted that the service provider
will employ Quality of Service (QoS) and policing to make sure this burst is not
abused.
Frame relay can become congested, especially when a multipoint interface is utilised,
therefore some flow control mechanism is required to prevent the receiving router
from becoming over whelmed. This mechanism is the Discard Eligibility (DE). Every
packet that is exceeding the CIR or marked as low priority by QoS will be marked
with a DE flag which marks it as highly likely to be dropped.
8.2
Frame relay Point-to-Point Configuration

Router3(config)#int s0/0
Router3(config-if)#encap frame-relay
Router3(config-if)#exit
Router3(config)#int s0/0.34 point-to-point
Router3(config-if)#ip address 10.0.0.1 255.255.255.0
Router3(config-if)#frame-relay interface-dlci 324
These commands set the frame-relay mode on the physical interface, create a subinterface named s0/0324 and apply an IP address to it. Finally the frame-relay is
applied to the interface. Configuring the remote end of the link is exactly the same
procedure however as DLCIs are locally significant then this will change.
Router4(config-if)#exit
Router4(config)#int s0/0.43 point-to-point
Router4(config)#ip address 10.0.0.2 255.255.255.0
Router4(config-if)#frame-relay interface-dlci 423
Additional PVCs can be added to the router3 by creating an additional sub-interface,
applying an IP address and then assigning the DLCI.
Frame relay Multipoint configuration
Router3(config-if)#ip address 10.0.0.3
Router3(config-if)#frame-relay map ip 10.0.0.4 324
broadcast

broadcast
broadcast
broadcast
broadcast
broadcast
The keyword broadcast allows routing protocols to be run over frame relay.
8.3
Configuring a frame relay switch for lab use
Module 9
9.1
Troubleshooting
Common network client tools
It is important to realise that networking not only uses routers and switches, most of
network troubleshooting can be carried out from a host PC. Here are some common
commands to master.
IPConfig Allows an administrator to verify a hosts IP address, Subnet mask, DNS
server, MAC address, default gateway along with a few other settings.
IPconfig has some switch arguments that can be used to provide more information.
Ipconfig /all
Ipconfig /release
Ipconfig /renew
Ipconfig /flushDNS
provides all information

releases dynamic IP addressing
renews IP addressing from DHCP
erase DNS cache to force a DNS server lookup
PING Packet internet groper. Ping uses the ICMP protocol to send a test
packet to a host to test connectivity. When a destination host receives this test packet,
it immediately sends it back. This end to end test is a great resource and can help
troubleshoot many network issues
Traceroute / tracert this utility can be used to map the route through a
network be showing the IP address of every device the path routes through.
NSLookup NSLookup gives the ability to query a DNS server and ensure a
devices FQDN can be resolved to an IP address.
ARP Arp allows an administrator to find an IP address from a MAC address or vice
versa.
Module 10
Access lists
Access Control Lists are sets or a list of rules read in a specific order that are used to
control, identify or filter traffic through a network device to either permit or deny that
traffic.
When using access lists, its important to understand what permit and deny actually
mean. Permit is used to allow or include traffic in a rule. Deny is used to block or notinclude traffic in a rule.
Access lists are exactly that they are a list of rules that are processed in order from
top down, once a match is made no further processing is carried out. An implicit
deny all is automatically entered at the end of any Access-List.
A few examples of what an Access-list can be used for.
Permitting certain host access to a secure file server
Identifying traffic from a subnet using a specific protocol
Access-lists can be applied on inbound or outbound traffic. It is important to note that
the order of an access list is important as well as where the access-list is applied.
Blocking traffic at the external interface is more preferable then the router processing
the traffic only to drop it exiting the internal interface.
When creating an Access-list all new entries to the ACL are automatically created at
eh end of the ACL, this can make modifying them tricky as they have to be removed
and inserted all over again.
10.1 Standard or Extended Access-lists

Standard access lists filter based on source addresses only while extended access lists
allow much more granularity filtering based on source and destination addresses
along with protocols, and port numbers.
Standard access lists should be applied as close to the destination as possible, while
extended access list should be applied as close to the source as possible.
Wild Card Masks are used to identify hosts or networks that should be included in the
access list. It basically defines what matches and what doesnt matter. Think of a
wildcard as a subnet mask in reverse.
Take the statement
Router(config)#access-list 20 permit 172.16.0.0
0.0.255.255
This statement will create an entry in access-list 20 based on the network 172.16.0.0
The final entry 0.0.255.255 indicates what is included and what is not.
Wherever a 255 is found in the wildcard then it can be ignored. Therefore anything
located in 172.16.0.0 network would be permitted, so any device with an IP address in
this range would be matched and processed.
To block a network of 192.168.1.0 from accessing another subnet we caould create
the following Access list.
Router(config)#access-list 20 deny 192.168.1.0
0.0.0.255
Once an access list is created it is not enforced until it is applied to an interface. To
apply an ACL to an interface the administrator needs to access the interface and apply
the ACL
Router(config-if)#ip access-group 20 in
The command above will apply access list 20 to the interface and will be applied to
traffic entering interface fa0/0
Standard access lists such as the one defined above are useful but not always practical
or suitable. Extended IP access-lists build on the same principles of standard access
lists but allow for more granularities on what it can match.
Router(config)#access-list 105 permit TCP 192.168.1.0
0.0.0.255 host 172.16.0.1 eq www
Router(config)#access-list 105 deny TCP host
192.168.1.10 host 172.16.0.1 eq www
Slightly more complicated than a standard ACL, this extended ACL creates an entry
into ACL 105 that permits the TCP protocol from network 192.168.1.0 to the host of
172.16.0.1 on the port 80. The second entry would block http traffic from a host to the
webserver, however recall ACLs are read from the top down. Therefore as soon as the
first entry is matched all hosts within the 192.168.1.0 network will be permitted. The
second entry to be effective must be re-entered above the network. BE CAREFUL.
Finally apply the Access list to the interface
Router(config-if)#ip access-group 102 in
Within the extended Access list there is a port identifier that is used to identify
specific ports or protocols. These identifiers are
Identifier
eq
gt
lt
Meaning
Match a port
Match all ports greater than
Match all ports lower than
neq
Match all ports not equal to
10.2 Numbered vs Named Access-lists

There are 2 types of access-list, numbered and named.
Numbered access lists are broken down into several ranges, some of which are
specified below.
199
100-199
1300-1999
2000-2699
IP standard access list

IP extended access list
IP standard access list (expanded range)
IP extended access list (expanded range)
Named access lists provide a bit more flexibility than numbered access-lists. They
allow an administrator to be descriptive and name the ACL as well as allow
modification without deleting and recreating by allocating line numbers to each entry.
To create a named access list use the following commands
Router(config)# ip access-list standard MY_NAMED_ACL
Router(config-std-nacl)# permit 192.168.1.0
0.0.255.255
Router(config-std-nacl)# permit 192.168.2.0
0.0.255.255
Router(config)# ip access-list extended
MY_EXTENDED_NAMED_ACL
Router(config-ext-nacl)# permit tcp 192.168.1.0
0.0.0.255 host 10.10.10.10 eq 25
Router(config-ext-nacl)# permit tcp host 10.10.10.10
host 10.10.20.10 eq www
10.3 ACL Practical uses

So where can Access lists be used and for what purpose? The configurations that
follow are real life examples of where ACLs can be used.
10.3.1 Protecting telnet access to routers.
There maybe occasions where the insecure telnet protocol must be allowed access to a
router. This should be secured by only allowing access to the administrators that need
it
This can be accomplished using an access-list to lock down access to these hosts or
subnet. By using an access list you can limit access to a limited number of admin
stations.
Router#conf t
Router(Config)#access-list 10 permit 192.168.10.0
0.0.0.255
Router(Config)#access-list 10 deny any log
Router(Config)#line vty 0 4
Router(Config-line)#access-class 10 in
Router(Config-line)#exit
Router(Config)#end
To view who has attempted to connect to your router then use the following show
command. This will show what matches have been made against the ACL
Router#show access-lists 10
Module 11
Network address translation NAT
Since the year 2000, the Internet has been expanding and as the amount of
information and resources available increases, it is becoming apparent that the current
range of IP addresses cannot cope. Network Address Translation (NAT) is a method
created to deal with the forthcoming exhaustion of IP addresses by connecting
multiple computers to the Internet using one IP address.
The impetus towards increasing use of NAT comes from a number of factors:
A world shortage of IP addresses

Security needs
Ease and flexibility of network administration
The purpose of NAT is to allow traffic from multiple devices on an internal network
to use a single external or public address to access the internet or external network.
The protocols in the TCP/IP model allow sharing of this external address by using a
multiplex methodology. By using ports and port numbers NAT can track internal hosts
and there requests to the external network. This is the key to single address NAT.
TCP Ports - This combination of IP address and TCP port number defines a single
TCP/IP connection. The IP address specifies the two devices at each end, and the two
port numbers ensure that each connection can be uniquely identified and maintained.
11.1 Types of Network address translation

Static NAT
Dynamic NAT
NAT Overload
a single translation from one IP address to one IP address

Translation of a pool of IP addresses
Translation of many private addresses to one or more public
PAT
addresses
Translation of many private addresses to one or more public
addresses based on a random port
Static NAT allows an administrator to use private IP addressing within a LAN

and also make them available to the internet by using a mapping. Access to the
resource from the internet is carried out by accessing the public IP address. The router
holds a NAT table that allows the router to forward traffic to the correct private
address. To configure Static NAT use the following as a template
Router(config)#ip nat inside source static 10.0.0.10
55.55.0.1
Router(config)#interface fa0/1
Router(config-if)#ip address 10.0.0.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface serial 0/0
Router(config-if)#ip nat outside
These commands set the scene by saying I want to NAT my internal IP of 10.0.0.10 to
an external ip address of 55.55.0.1
The interface fa0/1 is defined as the internal interface
The interface serial0/0 is defined as the external interface
Once this translation is in place any traffic destined for the IP address of 55.55.0.1
will be translated and routed to the internal 10.0.0.10 resource.
Dynamic NAT Allows the administrator to translate a pool of internal IP
addresses to be NATed to a pool of external IP addresses. This is to provide
scalability to the static NAT solution. There is still a 1 to 1 translation between
addresses. To configure Dynamic NAT carry out the following commands
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
Router(config)#ip nat pool NAME 55.55.0.1 55.55.0.255
netmask 255.255.255.0
Router(config)#ip nat inside source list 10 pool NAME
Router(config-if)#int s0/0
The commands define what IP addresses can be considered for NAT, this is done with
an access-list. A NAT pool is then created using a wildcard mask and combined with
the Access-list. Finally the interfaces are assigned NAT inside and outside.
NAT-Overload Nat overload is commonly referred to as Port address translation
or PAT. This allows an administrator to translate many private addresses to one or
more public addresses. This is possible due to unique port numbers. PAT uses ports to
identify outgoing and incoming connections and can build a translation table on this.
PAT introduces some new terminology that can be confusing to begin with.
Inside Local
Inside Global
Outside global
Real private IP address

The router external IP address mapped to inside local
the internet address
Router(config)#access-list 10 permit 10.0.0.0 0.0.0.255

Router(config)#ip nat pool NAME 55.55.0.1 55.55.0.255
netmask 255.255.255.0
Router(config)#ip nat inside source list 10 pool NAME
overload
Router(config-if)#int s0/0
The commands for PAT are almost the same as Dynamic NAT, however PAT
introduces the word overload with the ip nat inside command this turns on PAT.
IP addresses have different designations based on whether they are on the private
network or on the public network (Internet) and whether the traffic is incoming or
outgoing:
Module 12
Home lab equipment.
It is always a question that is asked, does a CCNA student need hardware to pass or
can they make do with a simulator? There are three camps on this, one is determined
to ensure that all students have a full hardware based lab to configure, the alternative
is software based only with applications such as Packet Tracer or Dynamips(GNS).
Lets be totally clear, both sides have their pros and cons however a hybrid approach
is one I personally feel is best, both provide valuable contributions to the learning
environment needed to pass the CCNA first time.
Hardware only.
Pros
Real hardware for hands on
Can participate in recovery type labs
Familiarity of equipment
Real IOS
Cons
Can be expensive
Old equipment
Risk of purchasing incorrect equipment
Electricity costs
Noisy
Cabling
Possible to corrupt IOS
Can be difficult for novice to configure
Software only
Pros
Easy to configure
Instantly scalable
Inexpensive
More configurable
Pre-configured tutorials
Cons
Lacks full features
No hands on experience
The Hybrid model combines all the Pros from both the hardware and software
methods along with reducing most of the cons from each. In fact most CCIE
candidates use a hybrid model based on Dynamips to virtualise routers connected to
physical switches. This configuration allows for a highly configurable home lab.
Module 13
Labs
13.1 Basic Labs
Basic Labs
Basic Connectivity & Getting Started
Basic Three Router Routing Lab
Cisco Switch Exploration Lab
Terminal Server Setup
Basic Cisco Hub Exploration Lab
SDM Exploration Lab
13.2 Router and Switch basics
Router & Switch Maintenance

Understanding the IOS
Setting up a TFTP Server
Upgrading IOS for Routers & Switches
Password Recovery for Routers
Password Recovery for Switches
Configuration File Mangement
13.3 Switching Labs
Switching Labs
Vlan Exploration Lab
Two Switch Trunking Lab
Three Switch VTP Lab
Three Switch Spanning Tree Protocol Lab
Three Switch Rapid Spanning Tree Protocol Lab
Inter Vlan Routing Lab
13.4 Routing Labs
Routing Labs
Three Router RIP Lab
Three Router EIGRP Lab
Three Router OSPF Lab
Default Routing Lab
Four Router Split Horizon RIP Lab

Four Router Split Horizon EIGRP Lab
13.5 Security Labs
Security
Standard Access Lists
Extended Access Lists
Named Access Lists
Trusted Hosts Access Lists
13.6 WAN Labs
WAN
Frame-Relay Physical Lab
Frame-Relay Point to Point Lab
Frame-Relay Multipoint Lab
Frame-Relay Basic Configuration Lab
PPP Encapsulation
PPP PAP Lab
PPP CHAP Lab
HDLC Encapsulation Lab

CCNA - The Study Guide (Jambo Jamo)

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

CCNA - The Study Guide (Jambo Jamo)

Enviado por

Direitos autorais:

Formatos disponíveis

The Study Guide

IP Addressing and subnets.................................................................59

Cisco Discovery Protocol..........................................................................83

Home lab equipment........................................................................124

1.1.1 What is a computer network

1.1.2 Benefits of a computer network

1.1.3 Disadvantages of the computer Network

1.1.4 Core Network Devices

1.1.5 Interpret network diagrams

access shared data and work together irrespective of geographical location.

1.2.1 The OSI Model

This group of layers is commonly known as the stack.

File, Print, Messaging, database. Application

End to end communication

1.2.2 The OSI layers in greater detail

Firewall, Gateway, and

1.2.3 Network Applications

Top level domain

When packets arrive I the wrong order

1.2.4 TCP/IP Model

Telnet, FTP, NNTP,

NNTP, POP3, DNS, SSH

IP, ICMP, ARP

Address Resolution Protocol (ARP)

1.2.6 TCP: Transmission Control Protocol

A > B SYN My sequence number is X

Server 2 acknowledges it is ready to

TCP Datagram Protocol Header

identifies the sending port

1.2.7 UDP: User Datagram Protocol

UDP User Datagram Protocol Header

indicates the transmitters port

Error detection and recovery

No error detection and recovery

Port Numbers and Multiplexing

1.2.5 The Cisco 3 layer hierarchical model

All devices are connected to every other device.

Devices are connected to a backbone cable

1.3.1 Differentiate between LAN & WAN

The access layer has high port density switches that

Used to aggregate the access-layer switches and

High speed switching that connects the distribution

1.3.3 Wide Area Network (WAN)

1.3.4 WAN Encapsulation Protocols

The value of the flag is always (0x7E).

London(config)# int s0/0

1.3.5 Frame Relay

A SVC is a logical circuit that is only active during data transmission

1.3.6 Select the appropriate media, cables, ports and connectors

RJ-45 Straight through pinouts

RJ-45 Crossover (Ethernet) Cable Pin-outs

Rolled Cable pin outs

RJ-45 to DB-9 Female Console cable

Uses a single wavelegth laser. Used for long distance

Developed in the 1970s and improved periodically, Ethernet particularly Fast

A typical copper Ethernet cable has a practical length limit of 100meters.

where each person takes turns to speak

2.2 Implement a switched network

What is the difference between a hub and a switch?

2.2.2 Spanning Tree Protocol

Per VLAN Spanning tree

How often BPDUs are sent