?

What's cisco
Cisco is from Sanfrancisco and it was founded in 1984 by a
small group of computer scientists from Stanford
.university

:CCNA course contents

.Network introduction -
.TCP/IP -
.Data link layer -
.Internet layer: 1- IP addressing -
.Subnetting -2
.DHCP, DN -3
.Transport and application layer -
.(Routers and switches (S/W and H/W -
.Routing protocols -
.(Security (access control lists -
.Switching -
.(Remote access (WAN technologies: ISDN, FR, DSL -
.Wireless LANs -
.Security attacks and security devices -
.(VPN (Virtual Private Networks -
.(IPV6 (IP version 6 -

:Network
It's a group of components or devices connected together
to give the users a certain services (applications). A
network consists of two or more computers that are linked
in order to share resources (such as printers and CD-
ROMs), exchange files, or allow electronic
communications. The computers on a network may be
linked through cables, telephone lines, radio waves,
.satellites, or infrared light beams

:Importance of network
.Easy sharing of files and information -1
Sharing of expensive devices (servers and -2
.(printers

1
Modern techniques (VOIP, video conferencing, -3
.(net meeting

:Network components

:PC -1
Source of network aware applications, we use some S/Ws
loaded on PCs and servers to made these network aware
applications ex: HTTP(Hyper Text transfere protocol) for
browsing, FTP(File transfere protocol), SMTP(Simple Mail
Transfere Protocol) to send mails, POP3(Post Office
Protocol 3) to receive mails,Telnet Application

:Network devices -2
Hub, modem, switch, router, repeater, NIC(Network
.Interface Card), bridge

:Connectivity -3
.Cables – Wireless

:Network topologies
?What is a topology
The physical topology of a network refers to the
configuration of cables, computers, and other peripherals.
Physical topology should not be confused with logical
topology which is the method used to pass information
between workstations. Protocol

Point-to-point
The simplest topology is a permanent link between two
endpoints. Switched point-to-point topologies are the basic
model of conventional telephony. The value of a
permanent point-to-point network is the value of
guaranteed, or nearly so, communications between the
two endpoints, and in this topology one device send and

2
only one will received ex: leased lines, ISDN, analog dial-
.up

Bus topology
Bus networks (not to be confused with the system bus of a
.computer) use a common backbone to connect all devices

A device wanting to communicate with another device on

the network sends a broadcast message onto the wire that
all other devices see, but only the intended recipient
actually accepts and processes the message ex: Ethernet
10 base 5, 10 base 2
.base T 10

Advantages of a linear bus topology

.Easy to connect a computer or peripheral to a linear bus
.Requires less cable length than a star topology

Disadvantages of a linear bus topology

Entire network shuts down if there is a break in the main
.cable
Terminators are required at both ends of the backbone
.cable
Difficult to identify the problem if the entire network shuts
.down

3
Not meant to be used as a stand-alone solution in a large
.building

:Ring topology
In a ring network, every device has exactly two neighbors
for communication purposes. All messages travel through
a ring in the same direction (either "clockwise" or
"counterclockwise"). A failure in any cable or device
breaks the loop and can take down the entire network.
Ring topologies are found in some office buildings or
school campuses ex: FDDI (Fiber Distributed Data
.(Interface

:Star topology
A star topology is designed with each node (file server,
workstations, and peripherals) connected directly to a
central network. hub or concentrator

Data on a star network passes through the hub or

concentrator before continuing to its destination. The hub

4
or concentrator manages and controls all functions of the
network. It also acts as a repeater for the data flow. This
configuration is common with twisted pair cable; however,
it can also be used with coaxial cable or fiber optic cable
Many home networks use the star topology. A star
network features a central connection point called a "hub"
that may be a hub, switch or router Devices typically
connect to the hub with Unshielded Twisted Pair (UTP)
.Ethernet

:Mesh topology
A mesh network in which every device connects to every
other is called a full mesh. As shown in the illustration
below, partial mesh networks also exist in which some
devices connect only indirectly to others there's a
redundancy due to Multi backups ex: ATM, FR it's a
communication technique between far devices and
.Ethernet

:Network types
:The three basic types of networks include
(Local Area Network (LAN
(Metropditan Area Network (MAN
(Wide Area Network (WAN

(Local Area Network (LAN

A Local Area Network (LAN) is a network that is confined
to a relatively small area. is a connection between devices
near to each other without using central office ex: Token

5
ring, ATM (Asynchronous Transfere Mode) up to 40 Gbps
and Ethernet 10 Mbps. It is generally limited to a
geographic area such as a writing lab, school, or building.
Rarely are LAN computers more than a mile apart. In a
typical LAN configuration, one computer is designated as
the file server. It stores all of the software that controls
the network, as well as the software that can be shared by
the computers attached to the network. Computers
connected to the file server are called workstations. The
.workstations can be less powerful than the file server

(Metropditan Area Network (MAN

A Metropditan Area Networks (MANs) is a connection
between group of LANs over a small area within city like
cairo a central
.office exist between LANs ex: ATM

:Wide area network

Wide Area Networks (WANs) is a connection between
group of LANs over a large area also central office exist in
.(between ex: FR, ISDN, ATM(155 Mbps – 622 Mbps

(Network models (OSI model TCP/IP model

OSI model

6
Layer 7: Application layer
This layer supports applicationCommunication partners
are identified, quality of service is identified, user
authentication and privacy are considered, and any
constraints on data syntaxare identified. Everything at this
layer is application-specific. This layer provides application
services for file transfers, e-mailand other network
software services. Telnet and FTPare applications that
exist entirely in the application level. Tiered application
.architectures are part of this layer

Layer 6: Presentation layer

7
This layer provides independence from differences in data
representation (e.g., encryption by translating from
application to network format, and vice versa. The
presentation layer works to transform data into the form
that the application layer can accept. This layer formats
and encrypts data to be sent across a providing freedom
.from compatibility problems

Layer 5: Session layer

This layer establishes, manages and terminates
connections between applications. The session layer sets
up, coordinates, and terminates conversations,
exchanges, and dialogues between the applications at
each end. It deals with session and connection
.coordination

Layer 4: Transport layer

This layer provides transparent transfer of data between
end systems, or hosts and is responsible for end-to-end
error recovery and flow control It ensures complete data
.transfer

Layer 3: Network Layer

This layer provides switching and routing technologies,

creating logical paths, known as virtual circuits for
transmitting data from node to node. Routing and
forwarding are functions of this layer, as well as
addressing, internetworking, error handling, congestion
.control and packet sequencing

Layer 2: Data Link Layer

At this layer, data packets are encoded and decoded into

bits. It furnishes transmission protocol knowledge and
management and handles errors in the physical layer, flow
control and frame synchronization. The data link layer is
divided into two sub layers: The Media Access Control
(MAC) layer and the Logical Link Control (LLC) layer. The
MAC sub layer controls how a computer on the network

8
gains access to the data and permission to transmit it. The
LLC layer controls frame synchronization, flow control and
error checking.

Layer 1: Physical Layer

This layer conveys the bit stream - electrical impulse, light

or radio signal -- through the network at the electrical and
mechanical level. It provides the hardware means of
sending and receiving data on a carrier, including defining
cables, cards and physical aspects. Fast Ethernet, RS232,
.and ATM are protocols with physical layer components

2- TCP/IP model

Application Layer

In TCP/IP the Application Layer also includes the OSI

Presentation Layer and Session Layer. In this document an
application is any process that occurs above the Transport
Layer. This includes all of the processes that involve user
interaction. The application determines the presentation
of the data and controls the session. In TCP/IP the terms
socket and port are used to describe the path over which
applications communicate. There are numerous
application level protocols in TCP/IP, including Simple Mail
Transfer Protocol (SMTP) and Post Office Protocol (POP)
used for e-mail, Hyper Text Transfer Protocol (HTTP) used

9
for the World-Wide-Web, and File Transfer Protocol (FTP).
Most application level protocols are associated with one or
.more port number

Transport Layer
In TCP/IP there are two Transport Layer protocols. The
Transmission Control Protocol (TCP) guarantees that
information is received as it was sent. The User Datagram
.Protocol (UDP) performs no end-to-end reliability checks

Internet Layer
In the OSI Reference Model the Network Layer isolates the
upper layer protocols from the details of the underlying
network and manages the connections across the
network. The Internet Protocol (IP) is normally described
as the TCP/IP Network Layer. Because of the Inter-
Networking emphasis of TCP/IP this is commonly referred
to as the Internet Layer. All upper and lower layer
communications travel through IP as they are passed
.through the TCP/IP protocol stack

Network Access Layer

In TCP/IP the Data Link Layer and Physical Layer are
normally grouped together. TCP/IP makes use of existing
Data Link and Physical Layer standards rather than

10
defining its own. Most RFCs that refer to the Data Link
Layer describe how IP utilizes existing data link protocols
such as Ethernet, Token Ring, FDDI, HSSI, and ATM. The
characteristics of the hardware that carries the
communication signal are typically defined by the Physical
.Layer

:LAN cables and connectors

:Network Cabling
Cable is the medium through which information usually
moves from one network device to another. There are
several types of cable which are commonly used with
LANs. In some cases, a network will utilize only one type of
cable, other networks will use a variety of cable types. The
type of cable chosen for a network is related to the
network's topology, protocol, and size. Understanding the
characteristics of different types of cable and how they
relate to other aspects of a network is necessary for the
.development of a successful network

:Unshielded Twisted Pair (UTP) Cable

Twisted pair cabling comes in two varieties: shielded and

unshielded. Unshielded twisted pair (UTP) is the most
popular and is generally the best option for school
.networks

Unshielded Twisted Pair Connector:

The standard connector for unshielded twisted pair cabling

is an RJ-45 connector. This is a plastic connector that looks
like a large telephone-style connector.A slot allows the RJ-
.45 to be inserted only one way

11
:Shielded Twisted Pair (STP) Cable

A disadvantage of UTP is that it may be susceptible to

radio and electrical frequency interference. Shielded
twisted pair (STP) is suitable for environments with
electrical interference; however, the extra shielding can
make the cables quite bulky. Shielded twisted pair is often
.used on networks using Token Ring topology

:Coaxial Cable

Coaxial cabling has a single copper conductor at its

center. A plastic layer provides insulation between the
center conductor and a braided metal shield (See fig. 3).
The metal shield helps to block any outside interference
.from fluorescent lights, motors, and other computers

Coaxial cable

Although coaxial cabling is difficult to install, it is highly

resistant to signal interference. In addition, it can support
greater cable lengths between network devices than
twisted pair cable. The two types of coaxial cabling are
.thick coaxial and thin coaxial
.Thin coaxial cable is also referred to as thinnet

12
Rollover cable:

We can identify a roll-over cable by comparing the two

modular ends of the cable. Holding the cables side-by-
side, with the tab at the back, the wire connected to the
pin on the outside of the left plug should be the same
color as the wire connected to the pin on the outside of
the right plug. If your cable was purchased from Cisco
Systems, pin 1 will be white on one connector, and pin 8
.will be white on the other

:Physical layer LAN devices

:Repeaters
Used for signal regeneration, it may use a level detector
to regenerate the old signal and the regeneration means
.that amplify desired signal only without noise
To connect between 2 PCs the distance between 2 PCs is
.150m we but repeater after 75m from the first PC

:rule 5-4-3
This rule is used to manage max. no of repeaters that may
.be used without collision occurrence
max. no of segments = 5 :5
max. no of repeaters = 4 :4
max. no of populated segments = 3 :3

Maximum number of repeaters between 2 nodes -

shouldn't exceed 4 repeaters else a lot of delay
.and collision will occur

13
:Hub -2

.Physical layer device, i.e deal with bits -

Hub forwarding by flooding (take data from port and -
.(forwards out of all other ports

:a- Multiport repeater

.regenerate the signal bit by bit -
signal transmitted from one port will be -
received by all other por
rule is applicable and we can use 4 hubs as 5-4-3 -
.maximum other wise collision will occur

b- All devices connected to a hub are members in a single

.collision domain
.Domain: Group of PCs
Collision domain: Group of PCs if they talk at the -
same time, collision will occur and affects all other
.PCs
If 2 PCs try to transmit at the same time, collision -
.will occur

c- All devices connected to a hub are members in a single

.Broadcast domain
A broadcast message from 1 PC will reach all other PCs, -
and
.they will accept it and process it

14
d- Devices connected to a hub operate half duplex (either
Tx or Rx at a time), not full duplex (Tx and Rx at the
.same time), else a collision will happen
Base T …. This means that the port speed 10 -
.at half duplex = 10 Mbps
If we have 4 port, then the speed will be 10 Mbps -
because we're allowed to transmit from only one port at
.a time

Data link layer

:MAC addressing -1
In computer networking, the Media Access Control (MAC)
address is every bit as important as an IP address.The
MAC address is a unique value associated with a network
adapter. MAC addresses are also known as hardware
addresses or physical addresses. They uniquely identify an
.adapter on a LAN
MAC addresses are 12-digit hexadecimal numbers (48 bits
in length). By convention, MAC addresses are usually
:written in one of the following two formats
MM:MM:MM:SS:SS:SS

MM-MM-MM-SS-SS-SS

The first half of a MAC address contains the ID number of

the adapter manufacturer. These IDs are regulated by an
Internet standards body . The second half of a MAC
address represents the serial number assigned to the
.adapter by the manufacturer

.Medium access control addressing -

Each device needs an address to access the media which -
.is the MAC address
It's called next hop addressing, we will deal with LANs -
.Ethernet so this next hop is between near devices
.It's a H/W unique address -
.DCE has no MAC -

15
:MAC address for Ethernet
bit address burnt on the ROM of the NIC of the 48 -
(DTE(physical or H/W address
.Serial interface of the router has no MAC address -
-.Ethernet interface of the router has MAC address
(bits is 12 hexadecimals(0,1,2,3,…..,9,A,B,C,D,E,F 48 -
.bits are divided into into two parts each of 24 bits 48 -

OUI (Organization unique Identifier) is

.unique ID/vendor
HUI (Host Unique Identifier) is unique ID/host

:Next Hop destination MAC address may be

:Unicast MAC address -1
.msg to only 1 destination -
The msg will be sent to all PCs, but only one -
.will accept

:Multicast MAC address -2

.msg to 2 or more destination -
This will be useful in some applications like -
video conference when some one needs to send to
.many PCs
Using a S/W setupped on these PCs, we teach each -
.PC a virtual MAC address

:Broadcast MAC address -3

.msg sent all the PCs and they will accept it -
.The src uses a MAC address consists of 48 ones -
.B.C MAC FFFF.FFFF.FFFF -
.All devices has that address on their NIC -

:Logical address protocols

IPv4, IPv6, ARP, RARP

.(IPv4: - Support logical addressing (IP address -1

(Support end-to-end delivery (IP packet - .

16
.IP address: Consists of 32 bits
IPv4 is a connection less protocol i.e best -
.effort delivery

.Connection less protocol: Connection oriented protocol

IP classes

:Reserved IP Address

:(IANA (Internet Addressing Network Association

IANA is the organization that responsible for organize and
.arrangements the IPs

:Private Addressing + NAT

.Private address not equal public (real) address -

17
The IANA assigned a range of private addresses, that can -
be given to devices in an internal network (LAN) and
that address can be repeated in any other LAN with no
restrictions ex: 10.0.0.0
NAT (Network Address Translation) is a certain protocol -
used to change private address that can be used on the
.internet

Network Address

:Subnetting
In subnetting, a network is divided into smaller subnets -
with each subnet having its own subnet address.
- Dividing a major network into multiple subnetworks,
.where each subnet is a separate network
This can be achieved by giving part of host bits to -
.network bits
Now we can divided the major net into 28 subnetworks -
.aech is considered a separate network

Reasons for Subnetting

18
Most IP address assignments were not used very •
.efficiently
.Broadcast problem •
Many sites were requesting multiple network numbers •
.due to variable amounts of networks at their sites

:Subnet mask

Should exist beside the IP address and used to -

.differentiate between network and host parts
.(It is 32 bit mask (because our IP = 32 bit -
.We contains 1s followed by continous 0s -
.(indicates in IP (network part 1 -
.(indicates in IP (host part 0 -

19
:When a PC is up and it needs to send data, it should know 4 information

:Src MAC
.It's a H/W physical add -
Burnt on the ROM of the NIC and the PCC can read it at
.startup

:Src IP
:Manual(static) method -1
Write the IP (usually the private IP), mask, default
.gateway and DNS IP

:Automatic -2
:(Reverse Address Resolution Protocol (RARP(2.1)
Resolve unknown IP to known MAC.It's a S/W, when it's
setuped on a certain PC then this certain PC becomes a
.(RARP server (gives IPs for PCs
.RARP is a layer 2 protoco, i.e it hides in an Ethernet frame
The RARP server will form a table between different MACs
of the PCs and certain allowed IPs but this table should be
.filled manually and we should know all the MACs
.It's still static IP, as we wrote it on the table

RARP request:

.It's sent B.C -

The reply is unicast, from the RARP server (PC sent the -
RARP request).The RARP sent automatically at
.windows startup
RARP is layer 2 protocol, i.e the RARP request is not put -
in IP pck but in Ethernet frame because RARP is used
.only in LANs
-.RARP server can't be out of the LAN or in other LAN

Boot P (Booting Protocol): May be used in WANs.

.Still static IP, as we fill the table manually -

20
Boot P is layer 7 protocol or S/W, when it's setuped on a -
.certain - PC it becomes Boot P server
For a Boot P server we should fill a table betweem MACs -
.vs IPs
Boot P request is B.C and the Boot P reply is unicast -
.(contains (IP, mask and gateway
Boot P is layer 7 and so it hides the IP -
so the Boot P server may be in other
.LAN

DHCP(Dynamic Host Configuration Protocol):

.Gives a dynamic IP, mask, default gateway and DNS IP -

.DHCP is a protocol exists in layer 7 -
:DHCP is a S/W which tells the DHCP server the following -
If any device asks for an IP, the DHCP give this device IP,
.mask , gateway and DNS

.If any device is power off, the DHCP take the IP from him
DHCP server has a DHCP pool and it may be in another -
.LAN
.DHCP deals with UDP when it need -
.DHCP may be loaded on a router -

21
DHCP offer:

One PC may receive 2 offers from 2 different DHCP serves

so the PC will accept one of them, typically the first one
.(will received (near DHCP server is the fast

DHCP discovery message:

B.C message will be accepts by all devices, but only DHCP

.servers will reply with a unicast message on MAC address

dst IP:

1- Manually:

:Open internet explorer and type

2- DNS (Domain Name Service):

When typing www.yahoo.com as making a DNS request -

to the DNS server to know the IP of yahoo (dst), where the
.DNS IP is known from the DHCP offer

dst MAC:

ARP(Address Resolution Protocol):

-.Resolve unknown MAC to known IP

- .It's a layer 2 protocol

22
.(Case (1) If dst is in the same LAN(segment

.The only PC will answer that has same IP

ARP request:

:No ARP at A will be as follows

."Case(2): If the dst is in another LAN (segment) "proxy ARP

PC will determine that dst is reachable only through the
(gateway (router

Each router and PC make is called ARP table (ARP cache) -

shoe IP vs MAC i.e each router and PC each time to not
.send ARP requests every time

:Transport layer
PDU = segment -
.(host to host communication layer (L2 and L3 devics -

:It's responsible for

:Segmentation -1
.Error detection: Using CRC -2
Addressing through port no's: (Process address or -3
.(session address
Multiplexing many session using port number (i.e Socket -4
(.no = IP + port no
Many PCs can browsing a page on the same HTTP server -
.at the same time

23
Any PC can open a twice page on the HTTP server and it -
can do any action on any page and the reply will be on
.the same page

:Transport layer supports both -5

a- Connection less (UDP): No establishing, termination,
.manging of session
b- Connection oriented (TCP): No transmission before
opening a session and make check to know whether
.the data received correct or not
"TCP only make these functions: "connection oriented -6
"Establish connection/session "3 way hand shake (6.1)

Managing/maintenance of connection (6.2)

sequencing: Gives sequence number for each (6.2.1)
segment so the dst can collect back the whole data

:reliability (6.2.2)
Error connection: By discarding the error segment(6.2.3)
.and asking the src for retransmission

:Flow control(6.2.4)
((Windowing = Positive ACK with Retransmission (PAR)
Window size: Number of segments that can be sent -
before waiting ACK and this information is sent in
.SYN message at 3 way hand shake

:Routing introduction
Basic Router Configuration:

(R> (user mode

R>enable

24
(R#conf t (enable/privilege mode
(R(config)# hostname X (configuration or global mode
X(config)# enable password ____ (this password is seen
(.when viewing the running config
X(config)# enable secret _____ (this password is not seen
(.when viewing the running config
X(config)#line con 0
(X(config-line)# password ____ (line mode
X(config-line)# login
X(config-line)# line aux 0
____ X(config-line)# password
X(config-line)# login
X(config-line)#line vty 0 4
____ X(config-line)# password
X(config-line)#login
(Also: R(config-int)# (Interface mode
(R(config-router)# (router mode

Configuration of a certain interface/ Assigning a certain IP to an

interface (example: serial 0):

<R
R>enable
R#conf t
R(config)# interface serial 0
(R(config-int)# ip address x.x.x.x(IP) x.x.x.x (subnet mask
(R(config-int)# no shutdown (opening the port
R(config-int)# description ____ (description of the network
(this interface is connected to
R(config-int)# bandwidth x Kbps (limiting speed [useful
([when using bad cables
R(config-int)# clockrate

:Routing protocol
It's the exchange of information between routers, sa as -
each router can tell other routers about network it
.can reach
.(It's final target is to form the routing table (RTG table -
.Example: Rip, OSPF, IGRP, BGP, EIGRP -

25
Each router sends to other neighbor routers information -
.about the network that it can reaches

:Routed protocol
:It's the protocol that is responsible for -
.i- End-To-End delivery
.ii- Logical addressing for every device
.Example: IP, IPx, Apple talk -

:Static routing
.Build the RTG table manually with fixed entries -

.Used if only 1 single path to destination is available -

.Examples: - Static route -
.default static route -
.default network -

:Dynamic routing
.If multiple paths to dst are available -
"IGP category" Work within autonomous system -1

" EGP category. " work between autonomous systems -2

.Translate between IGPs or between routing protocols -
.Exampl: BGP -

:Administrative distance

26
A number between 0 to 255 given to every protocol
.indicating the trustfulness of this protocol

Best path = least admin distance

:Best path

Best path = least metric

:Metric may be
.Hop: Less hops to dst is better
.B.W: Choose the widely road to the destination
.Delay: Path gives less delay is better
.Load: We may have large BW but used by all people
.Cost: According to BW and delay
Reliability: How many times the network dropped and start
.up again
MTU: Maximum Transmission Unit as it's large, then we
.don't have to divide the data and that's better

(.…,Any protocol use only 1 metric (RIP -

Cisco routers use all of these metrics using a certain -
.(equation (IGRP,EIGRP

Static routing: Used if there's a single path between src -1

.and dst
:Direct connected -1.1
No need to define a routing protocol as directly -
.connected
.Mask is very important information and should be known -
The router can form the routing table of the directly -
connected networks to him through the IP and mask I
.give for its port

:Static route -1.2

27
.Build your routing table manually -
This is used with the internet service provider's routers -
.((ISP

:Default static route -1.3

.Gateway of last resort

:Default network -1.4

(S star means static to all (else

:Dynamic route(2)

.Used if there are multiple paths between src and dst

:(Distance vector(DV

28
each router detects its direct connected networks and
form its initial routing table routers pass periodic copies of
routing table to neighbor routers and learn the best paths
to all networks ( the paths with the least metric ) and form
the final routing table (convergence) after convergence
periodic updates (full routing table) are sent to indicate
. any change in the topology

At Change When a network is down or new network

appears Router "R4" wait for periodic update and then
sends it's full RTG table. Put it's IP with Metric "16" It
Means The It's Down. So router will update it's table and
.after 30 seconds will FWD it to the next router

:Problems
:Slow convergence -1
If any router may sense that any port of any other router
.(is failure (down) after many seconds (at minimum 30 sec

Routing loop -2
:Solutions
TTL expire: TTL of the PCK starts with 255 and when it -1
.reaches zero the PCK will be discarded
Triggered update: - We don't wait until 30 sec (RIP) but -2
whenever the update occurs the router will forward it's full
.RTG table
Any routers receives this update will forward it and will -
.reply with an AC
:Split horizon -3
route learned from interface can never be advertised
.(sent) back on the same interface
(Hold down timer: (RIP=180 sec, IGRP=280 sec -4
The router that learns about a failed route will never try
:to learn about it unless
a- The router is learned from the same source with the
.same metric

29
b- The router is learned from another source with better
.metric
.c- Hold time down is expired

(Ripv1: (Routing information protocol

It's a layer 7 protocol, i.e the PCs will accept routing

updates every 30 sec but they won't understand these
updates
.Distance vector routing protocol -1
Send periodic updates containing full routing table -2
every 30 sec out of all interfaces on address
.255.255.255.255

The router will accept the B.C msg and of course it will -
not pass it as a B.C msg, but it will take an action, like
updating his routing table when the router understands
.that this is a rip msg
Ripv1 deals with UDP and most protocols deals with UDP -
.send B.C

At change (network is up or down) the router send -3

triggered update containing full table and the change
.(entry (ex: 10, 16
."Symbol in RTG table is "R -4
.Admin distance = 120 -5
.(Metric is a hop count (max = 15 hop -6
.We can put as max. a 16 router in series -

.Classfull: doesn't send the mask in updates -7

The router that receives the update will estimate the -
.mask

Support equal load-sharing (Balancing): 4 paths by -8

default and 6
.paths maximum

.Use Bellman Ford algorithm to calculate RTG table -9

30
:Support solutions -10
(Triggered update+ poisoned route+ poison reverse(ACK -
Split horizon -
.Hold down timer = 180 sec -

(IGRP (Interior Gate Way Protocol

Distance Vector(D.V) routing protocol (CISCO -1

.(proprietary
.Like Ripv1, but periodic updates every 90 sec -2
."Symbol in RTG table "I -3
.Admin distance = 100 -4
.IGRP is more trustfulness than Ripv1 -
Metric is composite one ((k1/BW) + (k2*load) + -5
.(((k3*delay) + (k4/reliability) + (k5/MTU
By default k1=k3=1 (the most important factors are -
.(B.W and delay
Composite means that a combination of: B.W, load, -
.delay, reliability, MTU
According to this composite metric we can use as max -
100 routers in series (default) and by configuration we can
.(use as max. 255 routers in series (according to TTL=255
.IGRP is classfull protocol -6
Support equal and non-equal load sharing (4 paths -7
.(default and 6 paths maximum by configuration
Use Bellman Ford algorithm to calculate the RTG table -8
.like Ripv1
:Support solutions -9
.triggered update+ poisoned route+ poison reverse -
.Split horizon -
.Hold down timer = 280 sec -
(The periodic update is every 90 sec)

(Advanced (D.V
Ripv2: Is the same protocol as Ripv1 but changes are in
.the updating and it's a layer 7 protocol
.Its advanced protocol -1

31
.It sends updates on multicast address 224.0.0.9 -2

Ripv2 sends only multicast msg and those who're learned -

.this multicadt address will accept the msg

.It supports authentications using password -3

It's used for security, before sending updates R2 should -
.enter a password
For wrong password, then R1 will discard the request and -
.shutdown interface

.Classless: It sends mask with updates -4

Send periodic updates every 30 sec out of all its -5
.interfaces
."Symbol in RTG table is "R -6

How to know whether our router works Ripv1 or Ripv2 and both have
?"symbol "R

.Use triggered update, split horizon and hold down timer -7

.(Support end load sharing (4 default and 6 maximum -8
.Admin distance = 120 -9
.(Metric = hop count (max = 15 -10

.EIGRP (Enhanced IGRP): It's the best protocol

.It's the best protocol
.Advanced D.V CISCO proprietary -1
.Sends full RTG table at startup to its neighbors -2
At change only partial triggered updates are -3
.transmitted
No periodic updates (no B.WE waste): As no updates -4
.(overhead) are Tx
.No routing loops use DUAL -5
DUAL(Diffusion Update Algorithm): This algorithm put
some conditions for the selected route and never
.results in loops
.Fast convergence use DUAL -6
.Backup path for every best path -
We save the best path and up to 6 backup paths so if 1 -
.path is down we use the following one
.All the backup paths don't result on loops -

32
i.e they should also path the DUAL exam) but they're oh)
.(higher metric (as metric decrease it is better
.Send update in multicast address 224.0.0.10 -7
.Classless: Sends the mask with the update -8
."Symbol in RTG table id "D -9
.(Admin distance = 90 (the best -10
(Metric of EIGRP (32 bit) = 256 * metric of IGRP (24 bits -11
Maximum hop count = 224 hop, we may use 255 -12
.routers in series
Support equal and non-equal load sharing (non-equal -13
.(load balancing
Support routing for multiple network layered routed -14
.(protocols (IP, IPx, Apple talk
IP pck, IPx pck,Apple talk pck are different and so IP, IPx -
.and Apple talk can't understand each other
:EIGRP terminology
"Neighbor table: "List of all neighbors -1
"Routing table: "List of best routes to dst -2
"Topology table: "List of all routers to all destinations -3
.Your neighbors RTG table -
"Successor (S): "Best path -4
"Feasible successor (FS): "Backup path -5
Feasible distance (FD): "Metric between src router and -6
"dst router
Advertised distance (AD): "Metric between my neighbor -7
"and dst
(…,AD = y metric is function of (delay, B.W
.(N.B: RTG table shows successor by certain AD (best path

:Link state routing

:At startup
Each router will try to discover the link state neighbor -1
.using a hello msg
Each router will form a packet describing itself called -2
LSA (Link State Advertisement) and sends it to all its
.neighbor

Each neighbor that receives a LSA will take a copy of it -3

in its LSDB (Link State Data Base) and then sends it
as it is to all its other neighbor, so LSA of each router
.will be flooded in the AS

33
Each router will then draw a tree from its LSDB called -4
.LSDB tree

Each device will apply Dijkstra algorithm (SPF algorithm) -5

on the LSDB tree to get "SPF tree", SPF = Shortest Path
.First

.The SPF tree will be then translated to a routing table -6

:At convergence
Each router will only send periodic LSA every 30 min or
.more to make LSDB refreshment

:At change

34
Router that feels change will send triggered partial -
.update
Assume network on Eo is down then "W" will send the -
.following
Each neighbor will take a copy of this LSA and updates its -
LSDB and redraw the LSDB tree and then redraw the SPF
tree and reform his RTG table and in the same time
.forward the LSA of W as it is to the following neighbors

:Link state disadvantages

Very complex implementation, design and -1
.configuration
.Network instability will affect the entire AS -2
.High CPU usage -3
.High memory utility -4

:Link state advantages

.No routing loops -1
.Reliable -2
.NO B.W waste -3
.Classless -4
.Use multicast -5

:Link states protocols

(OSPF (Open Shortest Path First
.Open standard link state routing protocol -1
Sends triggered update called LSA at startup and at -2
change on multicast address 224.0.0.5 and 224.0.0.6
.(each has different use) to its neighbors
."Symbol in RTG table "O -3
.Admin distance = 110 -4
Metric = cost = (108/B.Wi), if B.W =100 Mbps then the -5
.cost= 1
B.Wi is the B.W of the interface = by default 1.54 Mbps -
.Number of hops is unlimited -

35
.Use Dijkstra algorithm to calculate the RTG table -6
.Classless and reliable -7
.classless: Transmit the mask during update -
.reliable: Transmit ACK -
Sends periodic update every 30 min (LSDB -8
.(refreshment
.(Support hierarchical design (divide AS to areas -9
Each router can know full details about its area and -
.know only summary about other areas

:Hierarchical design
.(More complex design (disadvantages -1
Network instability will affect only the area and not the -2
.(entire network (advantages
.(Less CPU usage (advantages -3
.(Less memory utility (advantages -4

:Process ID
As if we divide our router into number of routers each
:interface can flow a process
.Number that identify a unique LSDB on the local router -1
Locally significant (affect the local router only and not -2
.(advertised to other routers

Each part will have a different process ID and will have a -

.different LSDB
.LSAs will sent to those who share the same process -

:OSPF networks types

:Point-to-point -1

:(BMA (Broadcast Multiple Access -2

Broadcast means that the routers lie in the same local -
area and affected by their broadcasts (Ethernet or
.(token ring

36
Multiple access means that more than 1 neighbor on 1 -
.interface

:(NBMA (Non Broadcast with Multiple Access -3

The WAN switch (ex: FR switch) discarding any B.C msg, -

so if R4 needs to send a B.C to R1, R2 and R3 then the
."router will use "simulate B.C

.Simulate B.C = replicate unicast msg -

:OSPF operation for BMA and NMBA network topologies -
"Neighbor discovery: "Hello protocol -1
Hello msg is keep a life msg sent periodically every 10 -
.seconds to refresh with neighbors
Dead interval (Hold down time) it's means the time after -
.(which I consider my neighbor dead (40 sec

:Neighbor ship is accepted if 4 conditions are verified

.The router lie in the same area -1
.The router has the same Hello interval -2
.The router has the same dead interval -3
.The router has the same OSPF password -4

Password defined by configuration on all OSPF routers -

.and should be the same

:N.B
High speed is large than (T1 = 1.54 Mpbs): Hello every 5 -
.sec and dead every 15 sec
Low speed is less than (T1 = 1.54 Mpbs): Hello every 60 -
sec and dead every 180 sec

37
(Election for designated router (DR) and Backup designed router (BDR

:How to elect a DR
First router to boot up: The routers that boots before -1
.others by 40 seconds
.Router having highest priority per interface -2
By default the priority = 1 and we can change it by -
.(configuration from (0 to 255
.If priority = 0 then the router can't be DR and BDR -
.(Router having highest RID (Router ID -3
:Router ID
.Highest IP address configured in loop back interface -
Highest IP configured on active interface -
.(if the loop back doesn't exist)
:Loop back interface -
.Virtual S/W interface -
."Always up, need no "no shutdown -
Used in DNS table, because if we use a physical interface -
.it may be down any time
.We may use from 0 to 4 milliards loop back interfaces -

"Route discovery: "exchange protocol -2

If a router is not a DR or BDR then this router is called -
.""Drother

:In case of point-to point topology -

:(NAT (Network Address Translation

:Private IPs assigned by IANA -

Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255

The main concept of NAT is that, when a PCK is sent to -

the public network (internet), the NAT device (router) will
change the private address into a public
.real) IP)

38
.NAT is a software loaded on routers or servers -

:NAT terminology
:Inside local IP -1
Internet device with private IP, i.e the local IP of a
.device exist in my network
:Inside global IP -2
Internal device with public IP, i.e the global IP of a
.device exist in my network

:Outside local IP -3
External device with local IP, i.e the local IP of a device
.doesn't exist in my network
:Outside global IP -4
External device with public IP, i.e the global IP of a
.device doesn't exist in my network

"Static NAT: "for servers

.The NAT table is filled manually -

Static NAT is used if your devices are accessed by others -

for getting benefits from their services (i.e serves
.(should have well unchangeable public IPs

?But why we don't give the servers a public IP only -

Because routers and customers lie in the same network
with the server should in the same subnet and so we will
consume many public IPs which is not desirable and so
.we use private IPs even with servers

2-Dynamic NAT :

The router is given a pool of IPs that contains global IPs, so

every user tries to access a public network will be given
.an IP from the pool

To configure Dynamic NAT:

39
.Define the pool of IPs-1
Define which inside addresses are allowed to be -2
(translated. (ACL

Switch:
Forwarding is based on Hardware ASIC (Application-
.(specific integrated circuit
Switches are faster than bridges that the switching-
.function is hardware based
:Transparent Switching
The hosts don’t aware of the presence of the switch in the-
.LAN
.The switch doesn’t change the frame-

:Bridges VS switches
Bridges were introduced by DEC in the 80’s as a low-cost,
low
complexity way to improve network performance.
– Replace a hub with a bridge or a switch and now
many PCs can
transmit at the same time.
– Some people once thought bridges would
replace routers
– But they’re not “smart enough”: bridged
networks don’t scale to
large sizes.
– Switches are basically high speed bridges that
can be
partitioned into logical sub-bridges.
– VLANs (covered later) are how we partition a
switch.
– Logically, switches and bridges are the same.
– They both use the same MAC learning strategy and
both use Spanning Tree Protocol (STP).

Switches learn MAC address:

A switch associates the source MAC addresses
in a frame with the port a frame was received on

Everything just powered on

40
 Host A transmits a frame to Host E

A switch associates the source MAC addresses

in a frame with the port a frame was received on

Switches B, C, D learn the MAC address of A and

associate it with the port receiving the frame

A switch associates the source MAC addresses

in a frame with the port a frame was received on

When a reply is sent, the switches learn the

(Location of E (MAC of E and port received on

:Switches selectivity forward

If a switch has learned a MAC address, it

forwards frames going to that MAC address
out only the associated port

So when A and E communicate, frames are only

41
 sent out the appropriate ports

:Switches flood other traffic

Switch flood traffic out all ports if they do not
know where the destination MAC is
– Unknown unicast MAC addresses
– Multicasts
– Layer 2 Broadcasts (MAC address ffff.ffff.ffff)

Until the unknown unicast MAC address H

replies, frames sent to H are flooded

– Once H replies, the switches can learn which

port the frame from H was received on

Broadcasts and multicasts are also flooded.

42
Collision and broadcast domains:
An Ethernet segment, or multiple segments with hubs and
repeaters, form a collision domain.
– Two devices on such a segment will have a collision if
they transmit at the same time.
– Each port of a bridge or switch is a separate collision
domain.
– May be a single device or multiple devices attached to
the switch via a hub.
– The switch or collection of switches forms a broadcast
domain.
– Broadcasts flood all ports in the interconnected bridges
or switches.

Need for spanning tree protocol:

We see that if a loop is accidentally introduced into a
bridge topology, any broadcast (multicast or unknown as
well) will cause the network to get very busy
– Consequently, switches use Spanning Tree Protocol (STP)
to detect and de-activate loops
– Side-effect: switches normally do not load balance when
there are multiple, redundant links (routers can)

:Spanning tree protocol

STP often accounts for more than 50 % of the
configuration, troubleshooting, and maintenance
headaches in realworld
campus networks (especially if they are poorly designed).

43
STP is a loop-prevention protocol. allows L2 devices to
communicate with each other to discover physical loops in
the
network. specifies an algorithm that L2 devices can use
to create a loop-free logical topology. creates a tree
structure of loop-free leave and branches that spans the
entire Layer 2
network.
Spanning tree algorithm:
STP executes an algorithm called STA.
STA chooses a reference point, called a root bridge, and
then determines the available paths to that reference
point.

- If more than two paths exists, STA picks the best path
and blocks the rest

BPDUS
1- All switches using STP must exchange Bridge Protocol
Data Units (BPDU)
with other switches.
2- Sent every 2 seconds on every active port
3- The exchange of BPDU messages results in the
following:

_ The election of a root switch

_ The election of a designated switch for every switched
segment
_ The removal of loops in the switched network by placing
redundant switch ports in a backup state

44
What's a BID?

Consists of 2 components:
_ A 2-byte priority:
Cisco switch defaults to 32,768 or 0x8000.
_ A 6-byte MAC address
Used to elect a root bridge.

Lowest Bridge ID is the root.

45
If all devices have the same priority, the bridge with the lowest
MAC address becomes the root bridge.

Electing a root bridge:

At startup, a switch assumes that it is the root bridge and sets the
Bridge ID equal to the Root ID in its BPDUs If a switch sees a Root
ID lower than its own, it begins to advertise that Root ID in its
BPDUs.

Spanning tree port states:

Blocked:
All ports start in blocked mode in order to prevent the bridge from
creating a bridging loop. The port stays in a blocked state if
Spanning Tree determines that there is a better path to the root
bridge.

46
Listen:
The port transitions from the blocked state to the listen state
_ Attempts to learn whether there are anyother paths to
the root bridge
_ Listens to frames but cannot send o receive data,
or add to its table.
_ Listens for a period of time called the forward delay.

Learn:
The learn state is very similar to the listen state, except that the
port can add information it has learned to its address table.
Still not allowed to send or receive data
Learns for a period of time called the forward delay

Forward:
The port can send and receive data.
A port is not placed in the forwarding state unless there are no
redundant links or it is determined that it has the best path to the
root.

Disabled:
The port is shutdown manually by an administrator.

STP timers:

The default value of the forward delay (15 seconds) was originally
derived assuming a maximum network size of seven bridge hops,

47
a maximum of three lost BPDUs, and a hello-time interval of 2
seconds.

STP topology changes:

It can take 30-50 seconds for a network to converge to a new
topology. While the network is converging, physical addresses that
can no longer be reached are still listed in the switch
table. Because these addresses are in the table, the switch will
attempt to forward frames to devices it cannot reach.

The STP change process requires the switch to clear the table
faster in order to get rid of unreachable physical addresses.
If a switch detects a change, it can send a topology change BPDU
out its root port.

The topology change BPDU is forwarded to the root switch, and

from there, is propagated throughout the network.

48