Ultimate CCNA ICND Study Guide

Ultimate CCNA ICND
Study Guide
Table of Contents
LAN Switching and Configuring 2950 Switches.............................................................3

Spanning Tree Protocol.....................................................................................................5
Virtual LANs and Trunking.............................................................................................9
RIP, IGRP, and Static Route Concepts and Configuration.........................................13
OSPF and EIGRP Concepts and Configuration...........................................................19
Advanced Routing Protocol Topics................................................................................28
Advanced TCP/IP Topics................................................................................................31
Point-to-Point Leased Line Implementation.................................................................36
ISDN and Dial-On Demand-Routing.............................................................................39
Frame Relay.....................................................................................................................46
IP Access Control List Security......................................................................................52
Ultimate CCNA ICND Guide -2-

LAN Switching and Configuring 2950 Switches
LAN Switch Logic Summary:
1. A frame is received.
2. If the destination is a broadcast/multicast, forward on all ports except the port the
frame was received.
3. If the destination is Unicast, and address not in table, forward on all ports expect
the received port.
4. If the destination is Unicast, address is in the table, and if associated interface is
not the interface the frame arrived, forward frame out correct port.
5. Otherwise, filter the frame.
Basic Configuration/Operation Commands

Command Description
Interface vlan 1 Global command, config interface for VLAN
interface
ip address [address][subnet mask] Interface configuration, set ip-address
ip default-gateway [address] Global command that sets default gateway
interface fastethernet 0/x Puts user into user configuration mode
duplex {auto|full|half} Set duplex mode for interface
speed {10|100|1000|auto|nonegotiate} Sets the speed of the interface
switchport port-security mac-address Statically add MAC address as allowed
address on that port
switchport port-security mac-address sticky Tells switch to learn MAC addresses on the
interface, and add to config as secure MACs
switchport port-security maximum [value] Max # of static secure MAC allowed on the
interface
switchport port-security violation {protect| Tells switch what to do if inappropriate MAC
restrict|shutdown} tries to access network through secure switch
port.
hostname [name] Assign hostname to switch
line con 0 Enter console configuration mode
line vty 0 15 Enter vty configuration mode
login Tells switch to ask for password
password [password] Sets the password
enable secret [password] Sets encrypted password
enable password [password] Sets password to enter privileged mode
configure terminal Enter configuration mode
show interfaces fastethernet 0/x Display interface status
show interfaces vlan 1 Displays the ip address configuration
show interfaces Display info about specific interfaces
show {running|startup}-config Display RAM/NVRAM settings
show-mac-address-table Displays the MAC address table
show port-security [interface][address] Show security options on interface

erase startup-config Erases startup configuration
show interfaces status reveals port, status, vlan, duplex, speed, and type.
*By default, switches work out-of-the-box, all ports on VLAN1*
When changing speed/duplex, interface will temporarily go down.
Configuring the IP Address

 interface vlan 1  IP address of switch configured on this interface
 ip address [address][mask]
 ip default-gateway [address]
Port Security Configuration

Restrict the interface so that only expected devices can use it.
1. switchport port-security  enable port security
a. allowed only on ports not connected to other switches
2. switchport mode access  designate interface as not connecting to another
switch
3. switchport port-security mac-address [mac address] statically configure
allowed mac address
By default, only one mac address per interface, and shuts down violation
 change using switchport port-security maximum [1-132]
 To change violation type, switchport port-security violation
Note: To automatically add the mac of the first frame sent on the port, use:
switchport port-security mac-address sticky

Spanning Tree Protocol
How Spanning Tree Works:

1. STP elects a root bridge, all interfaces placed in forwarding state.
2. Each nonroot bridge considers one of its ports to have the least administrative cost
between itself and the root bridge. Root port placed in forwarding state.
3. Bridge with least cost is designated bridge/designated port, placed in forwarding
state.
Electing the Root and Discovering Root Ports/Designated Ports:

 Root bridge's bridge ID: bridge's priority and MAC address. Lowest priority is
chosen first; if all equal, lowest MAC is chosen.
o Message sent to each switch is called Hello BPDU
 If a bridge receives a BPDU that is "beter" than its self, forwards that BPDU,
claiming it to be the root port.
 Lowest cost hello: cost calculated by adding the cost in the received hello to the
cost of the interface the hello BPDU was received.
Default Port Costs
Ethernet Speed Original Cost Revised Cost

10 Mbps 100 100
100 Mbps 10 19
1 Gbps 1 4
10 Gbps 1 2
Reacting to Changes in the Network
Describes how STP handles breaks in cabling/other network changes.

 Hello Time: How long the root waits before sending periodic Hello BPDUs,
which are forwarded by the other bridges/switches. Default is 2 seconds.
 MaxAge: How long any bridge should wait after beginning to not hear hellos,
before trying to change the STP topology. Default is 20 seconds.
 Forward Delay: Delay that affects the time involved when an interface changes
from blocking state to forwarding state.
Order: Blocking  Listening  Learning  Forwarding

STP Summary
1. The root sends hello BPDU (cost of 0) out all interfaces.
2. Neighboring bridges forward hellos out their nonroot designated ports, identifying
root, with their cost added.
3. Each bridge in the network repeats the previous step.
4. Root repeats step 1 every {hello time}.
5. If bridge doesn't receive hello, continues as normal until time = MaxAge.
a. Switch waits MaxAge time, place in listening state for {Forward Delay}
seconds, place in learning state for {Forward Delay} seconds, place in
forwarding state. Default convergence time = 50 seconds
b. Must also timeout entries in MAC table (send Topology Change
Notification, or TCN BPDU)
State Forward Frames? Learn MAC Addresses? State

Blocking No No Stable
Listening No No Transitory
Learning No Yes Transitory
Forwarding Yes Yes Stable
Optional STP Features
EtherChannel: Provides a way to prevent STP convergence from being needed when
only a single port/cable failure occurs. Combines from 2-8 parallel Ethernet trunks
between same pair of switch, which STP treats as a single link.
 Also provides more bandwidth
*Both links to the same switch must fail for a switch to need STP convergence*
PortFast: Allows a switch to place a port in forwarding state immediately when the port
becomes physically active (only safely done when device is not a bridge/switch)
 Used for end-user devices
 Cisco BPDU Guard Feature, if enabled, tells the switch to disable PortFast ports
if BPDU is received on those ports.
Rapid Spanning Tree (IEEE 802.1w)
Assignment to forwarding/blocking ports the same. RSTP can be used alongside 802.1d
STP (for switches that support RSTP). Main reason to use RSTP is to overcome
convergence time (default of 50 seconds).
Traditional Convergence Time

MaxAge (20 sec) + Listening (15 sec) + Learning (15 sec) = 50 seconds
RSTP Convergence Time: typically less than 10 seconds.

RSTP Link and Edge Types
Link-Type point-to-point: Links between switches

Edge-Type point-to-point: Link between switch/end user
Link-Type Shared: Link between switch and a hub
 RSTP doesn't improve convergence for this type
RSTP Port States

Operational State STP State (802.1d) RSTP State Port included in Active
(802.1w) RSTP Topology?
Enabled Blocking Discarding No
Enabled Listening Discarding No
Enabled Learning Learning Yes
Enabled Forwarding Forwarding Yes
Disable Disable Discarding No
RSTP Port Roles

RSTP STP Role Definition
Root port Root Port A single port that hears best
BPDU.
Designated Port Designated Port Port that advertises "best"
BPDU
Alternate Port -- Port on a switch that
receives sub-optimal BPDU
Backup Port -- When single switch has two
links to same segment (hub)
Disabled -- A port that is
administratively down
RSTP Convergence
 Edge-Type: RSTP immediately places Edge-Type into forwarding state (just like
PortFast).
 Link-Type Point-to-Point: RSTP recognizes lost hellos must faster than STP (3
times the hello timer, of default of 6 seconds).
o Also removes the need for listening state
o Reduces time for learning state by actively negotiating new state w/
neighboring switches (Proposal and Agreement Messages)

Spanning Tree Protocol Configuration
Cisco switches use STP by default, but configuration/customizations can be made for
different VLANs, or use something other than default settings.
Command Description
spanning-tree vlan [vlan #] root Global config that changes the switch to
the root switch. Priority switched to
24,576 or 100 less than current root
bridge.
Spanning-tree vlan [vlan ID] {priority} Global config that changes bridge
priority for the specified vlan
spanning-tree cost [cost] Interface subcommand that changes STP
cost to the specified value
channel-group {channel-group number} Enables EtherChannel on this interface
mode {auto | desirable | on}
show spanning-tree Exec command that displays STP on the
switch/each port
show spanning-tree [interface] Displays STP for specified interface
show spanning-tree vlan [vlan-id] Lists STP information for specified
VLAN
debug spanning-tree Causes switch to provide informational
messages about changes in STP topology
show etherchannel [channel-group #] Lists information about state of
{brief | detail | port | port-channel | summary} EtherChannel on the switch
EtherChannel Configuration: The modes in channel-group should be set to on for all

channels, or one to auto, and one to desirable. If all links set to auto, EtherChannel will
not initialize.
*EtherChannel = "port channeling", listed in show command as Po*

Virtual LANs and Trunking
Things to remember from INTRO:
 A VLAN is essentially a broadcast domain
 L2 switches forward frames between devices in the same VLAN
o L3 switch or router needed to communicate between VLANS
 ISL is proprietary, fully encapsulates original frame (26-byte header, 4-byte
trailer, 12-bit VLAN ID)
 802.1q adds 4-byte header after destination MAC address, CRC needs to
recalculate
 Both support separate instance of STP per VLAN
ISL supports multiple spanning trees using Per-VLAN Spanning Tree (PVST+).
 Cisco's PVST+ allows multiple STP instances over 802.1q trunks
802.1S: IEEE's new specification that adds to 802.1q specification, allowing multiple
spanning trees.
Native VLAN: 802.1q defines one VLAN on each trunk (by default, VLAN1), does not
encapsulate frames. When receiving switch receives frame not encapsulated, assumes it is
native VLAN.
 ISL does not use a concept like this, all frame have an ISL header
Function ISL 802.1Q

Standards body Cisco-proprietary IEEE
Encapsulate original frame Yes No
Allows multiple spanning trees Yes (PVST+) Yes (PVST+ or 802.1S)
Uses a native VLAN No Yes
VLAN Trunking Protocol (VTP): Cisco proprietary protocol (L2) that broadcasts
switch VLAN configuration information. Configure settings on one switch, and all other
switches learn the VLAN settings dynamically.
1. Creation of switch called the VTP Server.

2. Scale to large sizes by reducing need for manual configuration.
3. Advertises every 5 minutes, or whenever change occurs
Broadcasts Include:
- Configuration Revision Number (each time switch modifies config, increment
by 1). When switch receives broadcast with larger revision number, updates
config.
- VLAN names/numbers
- Info about which switches have ports assigned to which VLAN

VTP Operates in 3 Modes
- Server Mode (switch acts as server)  create, modify, delete VLAN
configuration, stored in NVRAM
- Client Mode  Configuration not stored at all, can’t modify/create/delete
- Transparent Mode  Avoid’s using VTP to exchange configuration info, to be

transparent = ignore VTP broadcasts (they still forward to other switches,
however).
 Changes to VLAN can be made, but only saved for that switch.
Function Server Client Transparent

Originates VTP advertisements Yes No No
Processes received advertisements and synchronizes VLAN Yes Yes No

configuration information with other switches
Forwards VTP advertisements received in a trunk Yes Yes Yes
Saves VLAN configuration in NVRAM Yes No Yes
Can create, modify, or delete VLANs using configuration Yes No Yes

commands
VTP Pruning: Since switches usually don’t have interfaces for every VLAN in the
network, bandwidth is usually wasted in broadcasting those updates. VTP pruning allows
switches to prevent broadcasts and unknown unicasts from going to switches with no
interfaces in those VLANs.
 Broadcast is only flooded toward switches with ports in a given VLAN
VLAN Trunking and Configuration

 VTP is enabled by default
 Trunking negotiation is attempted on all ports by default
Command Command Description
Ultimate CCNA ICND Guide - 10 -

vlan database Exec command to enter VLAN config mode
vtp {domain | password | pruning | v2 mode} Defines VTP parameters in VLAN config mode
vlan vlan id [name vlan name] Creates/names a VLAN
switchport mode {access | dynamic {auto | Interface subcommand that configures the interface for
desirable} | trunk} trunking.
switchport trunk {{allowed vlan vlan-list} | Refines the list of allowed VLANs, defines the 802.1Q
{native vlan vlan-id} | {pruning vlan vlan- native VLAN, and limits the range of VLANs for which
list}} pruning can occur.
switchport access vlan vlan-id Interface subcommand that statically

configures the interface into that one VLAN.
show interfaces [interface-id | vlan vlan-id] Displays trunk status.

[switchport | trunk]
show vlan [brief | id vlan-id | name vlan- EXEC command that lists information about
name the VLAN.
| summary]
show vlan [vlan] Displays VLAN information.
show vtp status Lists VTP configuration and status information.
show spanning-tree vlan vlan-id EXEC command that lists information about the spanning
tree for a particular VLAN.
*To configure multiple interfaces simultaneously for same VLAN, use these steps:
vlan database
vlan 1 name test1
exit (apply update/increments revision number – if abort used, no changes saved)
config t
interface range [fastEthernet 0/1 – 5]
switchport mode access (trunking negotiations disabled, ports are access ports)
switchport access vlan 1
exit
show vlan brief (to verify updates, VLAN name, status, and ports)
-or-
show vlan id 1
** Note that vlan 1 is configured by default **

Option Description Action
access Disables port trunk mode and does not even Does not trunk.
attempt to form a trunk on the interface.
trunk Configures the port in permanent trunk mode. Always tries to trunk.
dynamic desirable The port negotiates to a trunk port if the Trunks to switches
connected device is in the trunk, dynamic set to the trunk,
desirable, or dynamic auto state. dynamic desirable, or
Otherwise, the port becomes a nontrunk port. dynamic auto state.
dynamic auto Lets a port become a trunk only if the Trunks to switches
connected device is in the dynamic desirable set to the trunk
or trunk state. dynamic desirable
state.

RIP, IGRP, and Static Route Concepts and
Configuration
Configuring and Testing Static Route
Routers can only forward packets to subnets in its routing table
ip route [address][subnet mask][next hop IP]
-or, for point-to-point serial interfaces-
ip route [address][subnet mask][interface]
show ip route (displays all of router’s ip routes)
 Disadvantage to doing this is that static routing works one-way

(add route on Router A to Router B, but Router B still doesn’t have route to Router A)
Extended Ping Command: Simulates a ping from ethernet host, but actually comes
from router itself. When a ping from a router works, but a ping from a host does not, the
extended ping could help you re-create the problem without needing to work with the end
user on the phone.
1. ping
2. Target Address (IP)
3. Extended Commands = y
4. Source Address (IP)
Distance Vector Concepts
Advertise entire routing table (subnet number and metric) to directly connected
neighbors.
Key Points:
 If a router learns multiple routes to the same subnet, it chooses the best route
based on the metric (# of hops).
 Failure to receive updates after x amount of time results in removal of that route
 Routers add directly connected subnets to their routing tables, even without a
routing protocol

Distance Vector Loop Avoidance Features
Route Poisoning: Router notices link is down, continues to advertise the route, but with
very large metric (view as infinite and invalid). Other routers remove their routes to the
downed subnet.
 RIP uses 16 as the infinite metric
Split Horizon: If 2 routers advertise tables at about the same time, with one link down,
they would continually exchange incorrect routing metrics (counting to infinity). Split
horizon doesn’t allow this because all routes with outgoing interface x are not included
in updates sent out that same interface x.
 In other words, if route to subnet comes in through interface 1, don’t send update of
the same route out interface 1
Ex) Router A’s Ethernet goes down, set metric to 16 and send to neighbor. At the same
time, Router B sends update to Router A, using the old metric that the cost is 2. Now
Router A = 2, Router B = 16. After x amount of time, the two routers exchange routing
table and in turn switch the metrics. This process would repeat indefinitely.
Split Horizon with Poison Reverse (or Poison Reverse): Cisco’s proprietary distance
vector routing protocols use this (used by default). Spit horizon used when network links
up, but when link fails, allows broadcast of infinite metric (including previously blocked
port from Split Horizon).
Hold-Down Timer: Defeats the counting-to-infinity problem when multiple/redundant

links exist between routers. Routers must wait the duration of the hold-down timer before
believing any “good” information about that route.
Triggered/Flash Updates: Sends new update as soon as route fails.

Summary
Issue Solution
Multiple routes to the Either use the first route learned or put multiple routes to the
same subnet have same subnet in the
equal metrics routing table.
Routing loops occur Split horizon—The routing protocol advertises routes out an
due to updates passing interface only if they were not learned from updates entering
each other over a that interface.
single link
Split horizon with poison reverse—The routing protocol uses
split-horizon rules unless a route fails. In that case, the route is
advertised out all interfaces, including the interface in which
the route was learned, but with an infinite-distance metric.
Routing loops occur Route poisoning—When a route to a subnet fails, the subnet is
because routing advertised with an infinite-distance metric. This term
information loops specifically applies to routes that are advertised when the
through alternative route is valid. Poison reverse refers to routes that normally are
paths not advertised because of split horizon but that are advertised
with an infinite metric when the route fails.
Counting to infinity Hold-down timer—After finding out that a route to a subnet

has failed, a router waits a certain period of time before
believing any other routing information about that subnet.
Triggered updates—When a route fails, an update is sent

immediately rather than waiting on the update timer to expire.
Used in conjunction with route poisoning, this ensures that all
routers know of failed routes before any hold-down timers
can expire.
Comparing RIP and IGRP
Feature RIP IGRP

Update Timer 30 seconds 90 seconds
Metric Hop count Bandwidth/delay (also, reliability,
MTU, and load)
Hold-Down Timer 180 280
Flash Updates Yes Yes
VLSM No No

Infinite-Metric Value 16 4,294,967,295
Configuring RIP and IGRP
Command Configuration Mode

router rip Global
router igrp [as number] Global
network [net number] Router subcommand
passive-interface [default] Router subcommand
{interface type interface number}
maximum-paths Router subcommand
variance multiplier Router subcommand
traffic-share {balanced | min} Router subcommand
EXEC Commands
Command Description
show ip route Shows the entire routing table, or a subset if parameters
are entered.
show ip protocols Shows routing protocol parameters and current timer

values.
debug ip rip Issues log messages for each RIP update.
debug ip igrp transactions [ip address] Issues log messages with details of the IGRP updates.
debug ip igrp events [ip address] Issues log messages for each IGRP packet.
ping Sends and receives ICMP echo messages to verify

connectivity.
trace Sends a series of ICMP echoes with increasing TTL

values to verify the current route to a host.
RIP Configuration
router rip
network [network address1]  Use network number (address w/ normal class address)
network [network address2]
show running-config
IGRP Configuration
router igrp [as number]  Note: All routers should use the same AS number
show running-config  I = address found by IGRP, C = directly connected
Example

I 10.1.4.0 [100/8539] via 10.1.2.14, 00:00:50, Ethernet0
 The [100/8359] can be broken into two separate parts:

 100 = administrative distance
 8539 = metric (function of bandwidth and delay)
o The higher the bandwidth, the lower the metric
o The lower the cumulative delay, the lower the metric
Bandwidth Defaults
LAN Interfaces = default reflects the correct bandwidth
Serial Interfaces = defaults to 1544 kbps (T1 speed)
 Configure using the bandwidth [kbps] interface command
To migrate from RIP to IGRP (Commands)

 no router rip
 router igrp [as number]
 network [network ID]
Debug/show commands include

 debug ip rip
 show ip route
 debug ip igrp transactions (detailed info on updates)
 debug ip igrp events (summary that states updates received)
 show ip protocol (Update timer, elapsed time since update received)
Additional Notes
- If multiple route exist, router chooses best metric route
- If routes tie, keep the first/pre-existing route
Command: maximum-paths 1 (default is maximum-paths 4)
 valid range = 1-6
- When RIP places multiple routes, router balances traffic
Command to use lowest-cost: traffic-share min
 Convergence time becomes almost instantaneous
variance allows metrics to be considered equal, since IGRP/EIGRP metrics are

calculated through formula and often won't be exactly the same.
Example: metric = 100, variance = 2, If value > (lowest metric * variance), add route

Administrative Distance: In order to compare metrics between different routing
protocols, use administrative distance to denote how believable an entire routing protocol
is on a single router.
 The lower the number, the better
Default Administrative Distances
Route Type Administrative Distance

Connected 0
Static 1
EIGRP summary route 5
EBGP 20
EIGRP (internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EIGRP (external) 170
iBGP (external) 200

OSPF and EIGRP Concepts and Configuration
Things to Remember about Link State Routing
 Link state protocols advertise a large amount of topological information about the
network (tells what every metric is for every link in the network)
 Routers must calculate the metric (using Shortest path First Algorithm)
 Routers perform CPU intensive computations on the data.
 Discover neighbors before exchanging information.
Process of Learning Routes:

1. Each router discovers its neighbors on each interface, list kept in neighbors table.
2. Each router uses a reliable protocol to exchange topology information in its

topology database.
3. Each router places the learned topology information in its topology database.
4. Each router then runs the SPF algorithm against its own topology database to
calculate the best routes to each subnet in the database.
5. Each router finally places the best route to each subnet in the IP routing table.
OSPF Topology Database: Consists of lists of subnet numbers (links), list of routers
(and links they are connected to).
 Uniquely identifier each router in this database using OSPF Router ID (RID)
To select the RID

 The router first checks for any loopback interfaces that are up, and
chooses the highest numeric IP address of those.
 If no loopback exists, router chooses highest IP address from interfaces
that are up and up.
*Note: loopback interface is a virtual interface, configured with

interface loopback [interface #]
Each Router chooses RID when OSPY is initialized (during initial loading of IOS). If
other interfaces come up after this, not used unless clear ip ospf process is issued.

Meeting OSPF Neighbors: Once router has assigned itself a RID, and some of its
interfaces are up, the router is ready to meet its neighbors (connected routers).
 Can become neighbors if connected to same subnet
 Router multicasts OSPF Hello packets out each interface
o Hello message follows IP packet header (port = 89)
o Hello packets sent to 224.0.0.5 (all OSPF speaking routers)
 Routers learn several things from Hello Packets:

o RID, Area ID, Hello Interval, Dead Interval, router priority, designated
router, backup designated router, and a list of neighbors sending router
already knew about.
o To confirm that a Hello Packet was received, next Hello Message will
include the sender’s RID within the list of neighbors.
 Once router sees its RID included, two-way state achieved, and more
detailed information can be exchanged.
The following must match before routers become neighbors:

1. Subnet mask
2. Hello Interval
3. OSPF Area ID
4. Dead Interval
5. Subnet number (derived using the mask applied to the IP)
Reducing Overhead Using Designated Routers
Sometimes Designated Routers (DR) are required before sending Database Description
(DD) packets.
 DR’s always required on a LAN
 Sometimes required with Frame Relay/ATM (depending on topology/config)
After DR is elected, all updates flow through the Designated Router (DR). This means
that the DR collects and distributes the routing updates to alleviate OSPF update
congestion.
Router decides if it needs to elect a DR depending on the network type.

 Point-to-point DOES NOT need a DR
 Broadcast (for LANs), always needs a DR

 Non-broadcast Multiaccess (NBMA), for frame relay, sometimes needs DR,
sometimes doesn’t. Has 5 different variations, configured with ip ospf network
[type] command
** Since DR’s are so important, loss of one could cause delay in convergence, so
Backup DR (BDR) is also needed. **
Electing the Designated Router
To elect, neighboring routers hold an election, and look at two fields in the Hello Packet:
 Router that sends the highest OSPF priority becomes DR
 If there is a tie, the highest RID wins.
* To elect BDR, typically the second highest priority is used. *
Other Notes:
 Priority setting of 0 means router will never be DR
 Range of valid priority values is 1-255 (to become a DR)
 If DR is elected, then another router comes online with a higher priority, this
router will not become DR until both the DR and BDR fail.
Once DR/BDR is elected:

1. Non-DR send updates to 224.0.0.6 (All OSPF DRs)
2. DR relays these messages to 224.0.0.5 (BDR does not forward, only receives)
3. Once router has exchanged its entire link state database, transition to Full State
Steady-State Operation: If Hello Interval is not received for [dead interval] amount of
time, the router believes the neighbor has failed.
 Default dead timer is 4 times the hello interval
(10 second hello, 40 second dead timer)
 Router marks as “down” in its neighbor table
 Runs the dijkstra algorithm to calculate new routes, floods to inform other
routers of failed link
Loop Avoidance: Link state does not use SPF algorithm, but rather it relies on router
broadcasting downed link immediately. This is the main reason for fast convergence time
(distance vector uses hold time, split horizon, etc, while link state does not).
Scaling OSPF: If network has many routers (~50 or more, a few hundred subnets),
would result in:

 Slow convergence time
 Memory shortages/processor overloading
Scalability Solutions Include:

 OSPF Areas: Break up the network so that routers in one area know less
topology information about the subnets in the other area, and don't know
about other routers at all.
o Border Router: OSPF Area Border Router (ABR), border between 2
different areas (sits in both areas).
o Makes other routers in same area view network as if it had fewer
routers.
o Area 0 defined as backbone, OSPF designs hierarchical
** Note: doesn't change # of subnets know, just decrease # of bytes/require

memory to process updates **
Summary of Distance Vector and Link State
Feature Link State Distance Vector

Convergence Time Fast Slow (loop avoidance
features)
Loop avoidance Built into protocol Extra features such as route
poisoning, split horizon
Memory/CPU Can be large; good design Low
can minimize
Requires design effort for Yes No
large networks
Public/Proprietary? OSPF = public RIP = public
IGRP = Cisco proprietary
Balanced Hybrid Routing Protocol/EIGRP Concepts
EIGRP has some features that act like distance vector protocols, and some that act like
link-state protocols.

Feature Comparison with IGRP:
Similarities Differences
Both Cisco proprietary EIGRP converges faster
Same logic for equal-cost paths EIGRP sends routing info once to neighbor,
then again only when update occurs.
IGRP sends every 90 seconds.

Metric's identical (EIGRP just scales by EIGRP can exchange for Novel IPX and
multiplying by 256) AppleTalk, as well as IP
EIGRP Processes and Tables: Follows three general steps to be able to add routes to
routing table:
1. EIGRP neighbor table: Routers discover other EIGRP routers that are attached
to same subnet, form a neighbor relationship and keep a list in this table.
a. show ip eigrp neighbor
2. EIGRP topology table: Exchange of network topology information with known

neighbors.
a. show ip eigrp topology
3. IP routing table: EIGRP analyzes topology information, puts lowest metric

routes in this table.
a. show ip route -or- show ip route eigrp
** EIGRP could have up to 9 tables, since it supports IP, IPX, and AppleTalk **
Hello Messages: Used to perform neighbor discovery, continually sent to notice when
connectivity has failed.
Interval determines how frequently it is sent
 LANs/Point-to-point connections = 5 seconds
 Multipoint WANS like Frame Relay = 60 seconds
Update Messages: Conveys topology information to neighbors.

 Sent out multicast address 224.0.0.10 if updating multiple routers
 Sent out Unicast address if single router updated
 Reliable messages sent out Reliable Transport Protocol (RTP)
Updating the Routing Table while Avoiding Loops
EIGRP keeps basic topological information (but not full information)

 Routes with feasible successor can be used immediately after route fails
 Routes without on require EIGRP to perform Query and Response process to
confirm that no loop exists.

Successors are in topology table, and are the best route (the route with lowest metric,
which is also in routing table).
Feasible Successors are in topology table, and are placed when the neighbor has a lower
metric for its route.
Diffusing Update Algorithm (DUAL) is used in query and reply process, when both
successor and feasible successor fail. Sends query to confirm route exists, reply verifies
route.
EIGRP Compared
Feature EIGRP IGRP OSPF

Discovers neighbors before exchanging routing Y N Y
information
Builds topology table in addition to routing table Y N Y
Converges Quickly Y N Y
Bandwidth/delay metric Y Y N
Sends full routing table during update N Y N
Requires distance vector loop avoidance features N Y N
Public Standard N N Y
Uses DUAL Algorithm Y N N
IP Configuration Commands
Command Configuration Mode

router ospf process-id Global
network [ip address][wildcard mask] area [area id] Router subcommand
ip ospf cost interface cost Sets cost associated with
interface
bandwidth [bandwidth] Sets interface bandwidth
auto-cost reference bandwidth [number] Router subcommand that sets
the numerator in formula to
calculate cost.
ip ospf hello [number] Interface subcommand that
sets Hello interval, and sets
dead interval to 4 times this
number.
ip ospf network [type] Interface subcommand that
defines the OSPF network
type.
IP OSPF Exec Commands

Command Description
show ip route [ip address] Shows entire routing table, or subset if
parameters entered.
show ip protocols Shows routing protocol parameters and
current timer values.
show ip ospf interface List the area in which the router resides,
and adjacent neighbors.
show ip ospf neighbor Lists neighbors and current status with
neighbors, per interface.
show ip route ospf Lists routes in routing table learned by
ospf.
debug ip ospf events Issues log messages for each OSPF packet.
debug ip ospf packet Issues log messages describing the contents
of all OSPF packets.
debug ip ospf hello Issues log messages describing Hellos and
Hello failures.
OSPF Single-Area Configuration
interface Ethernet 0/0

ip address 10.1.1.1 255.255.255.0
interface serial 0/0
ip address 10.1.4.1 255.255.255.0
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
Network # Wildcard Area #

Mask
Network #: What interfaces you want to include in OSPF configuration

Wildcard Mask: If bit set to 1, “don’t care” bit (and 0 = include)
Area #: What area this router is in
OSPF Configuration with Multiple Areas

If router has interfaces in multiple areas:
router ospf 1
network 10.1.1.1 0.0.0.0 area 0
network 10.1.4.1 0.0.0.0 area 1
network 10.1.6.1 0.0.0.0 area 0
Useful Commands
show ip ospf interface Details IP address, area #, Router ID, Hello/Dead Interval, etc.
for all interfaces
show ip route  Shows all routes known by the router (C – Connected, O – OSPF)
show ip ospf neighbor  Shows the routers ospf neighbors
Remember that the RID is that router’s highest IP address on a physical interface when
OSPF starts running. Alternatively, if a loopback interface has been configured, OSPF
uses the highest IP address on a loopback interface for the RID, even if that IP address is
lower than some physical interface’s IP address.
OSPF Troubleshooting
Mismatched Hello Intervals:
 View neighbors:
show ip ospf neighbor Output doesn’t show neighbors
 Run debugging:
debug ip ospf hello  Output shows mismatched Hello interval
 To identify the interface:

show ip ospf interface [interface]  Will give you the hello interval
 To change hello interval for that interface:

configure terminal
interface [interface]
ip ospf hello [count]
exit
EIGRP Configuration

Configured exactly like IGRP, just switch “igrp” with “eigrp” in commands.
IP EIGRP Exec Commands

Command Description
show ip route [ip address] Shows entire routing table.
show ip eigrp neighbors Lists EIGRP neighbors and status.
show ip eigrp topology Lists RIGRP topology table, including
feasible successors/successors.
show ip route eigrp Lists only EIGRP-learned routes
show ip eigrp traffic Lists traffic statistics about EIGRP
Other Key Points

 Letter “D” signifies EIGRP-learned routes
 All routers must be in same AS number (network x.x.x.x [AS number])
IGRP to EIGRP Migration
Feature of EIGRP called Automatic Redistribution
IGRP Used EIGRP Used
R1 R2 R3
Router redistributes between IGRP and EIGRP
 Border router must be configured for both IGRP and EIGRP

 Both must use same AS number

Advanced Routing Protocol Topics
Route Summarization and Variable Length Subnet Masks (VLSM)
Route Summarization reduces the size of routing tables while maintaining routes to all
destinations in the network. Also improves convergence time (no longer has to announce
changes).
VLSM means that more than one subnet mask value is used.
 Many networks use mask 255.255.255.252 for serial point-to-point links.
 On LAN subnets, mask of 255.255.255.0 could be used as well.
 VLSM is required in order to summarize routes
 Without summarization, 4 routes are recorded for Yosemite, 4 for Seville.

 With summarization, only 1 route for each subnet is used.
Configuring Route Summarization
(perform on each router)
configure terminal
interface serial0/0
ip summary-address eigrp 1 [address][subnet mask]
 Routers now only advertise the “summarized” route to other routers

 show ip route will say “Variably subnetted” to indicate multiple masks are used.
 Summarized routing table includes network id with outgoing interface set to
null0, meaning a packet can be sent to correct network, but no matching subnet
exists, packet is discarded.

VLSM Requirements: subnets do not overlap, and the routing protocol supports it.
Interior IP Routing Protocol VLSM Support
Routing Protocol Support VLSM?

RIPv1 No
IGRP No
RIPv2 Yes
EIGRP Yes
OSPF Yes
Finding the “Best” Summary Subnet Mask
1. Write down all subnets in binary form.

2. Find where the first difference occurs.
3. Use that subnet mask.
Example:
10.2.1.0 = 0000 1010 0000 0010 0000 0001 0000 0000
10.2.2.0 = 0000 1010 0000 0010 0000 0010 0000 0000
10.2.3.0 = 0000 1010 0000 0010 0000 0011 0000 0000
10.2.4.0 = 0000 1010 0000 0010 0000 0100 0000 0000
Set the values that aren’t bold to 1, set all other values to 0, and use that as your mask:
255.255.248.0
Classless and Classful Routing Protocols
Classful don’t transmit the subnet mask information in updates.

Classless do transmit the subnet mask information in updates.
Autosummarization: In classful routing, uses Static Length Mask (uses the traditional
Class A, B, and C masks).
 RIP and IGRP perform this by default (can’t disable)
 RIPv2 and EIGRP, can either be enabled or disabled
Contiguous Network: Single Class A, B, or C network for which all routes to subnets of
that network pass through only other subnets of that same single network.
Discontiguous Network: Only routes to one subnet pass through route of another subnet
of a different network.

Analogy
Lower 48 states are contiguous because you can drive to any point without needing to go
through another country (subnet/network).
To get from Alaska to one of the lower 48 states, you must go through Canada (a separate
network), so it is discontiguous.
** Classful protocols do not support discontiguous networks. **
To migrate from classful to classless

Configure using classless protocol, disable autosummarization.
Classful and Classless Routing
Default Routes are best when only a single path exists to a part of the network.
Also called Gateway of Last Resort
Configure:
ip route 0.0.0.0 0.0.0.0 [IP address of next hop]
-or-
ip default-network [address]
In show ip route command, * (asterisk) denotes it is a candidate for default route.
Toggle between classful/classless: ip classless and no ip classless
Classful Logic
Match network in routing table
Look up specific subnet
If exists, forward, otherwise, discard
Classless Logic
Lookup specific subnet
If exists, forward, otherwise, send to default gateway

Advanced TCP/IP Topics
Scaling the IP Address Space for the Internet
Due to rapid increase in internet use, it was feared that IP addresses would be used up by
the mid-1990s.
Solutions
 Increase size of IP address (IPv6), 128 bits
 Network Address Translation (NAT) and private addressing
o Use private networks internally and still communicate w/ Internet
 Classless Interdomain Routing (CIDR) allows ISPs to reduce wasting of IPs by
assigning a company a subset of a network number rather than the entire network.
CIDR
 Help scalability of internet routers (fewer routes need to exist in routing table)
 Assign subset of network numbers depending on customer needs
Private Addressing
 Private addresses defined in RFC 1918, set of networks that will never be
assigned to any organization as a registered network number.
Range of IP Addresses Class Number of Networks

10.0.0.0 to 10.255.255.255 A 1
172.16.0.0 to 172.31.255.255 B 16
192.168.0.0 to 192.168.255.255 C 256
NAT
Changes the private IP addresses to publicly registered IP address inside each IP packet
Static NAT: Configures a 1-1 mapping between the private address and the registered
address that is used on its behalf.
Inside local = private address Inside Global = public address
Dynamic NAT: 1-1 mapping between inside local and inside global address. However,
this mapping occurs dynamically.
1. Sets up pool of possible inside global addresses
2. Router applies criteria to determine if NAT should be applied
3. If it should be applied, add entry to NAT table
4. Translate source IP address and forward the packet
*Dynamic mappings cleared out after set timeout expires with no activity, or you can use
the command: clear ip nat translation * command

Port Address Translation (PAT)
Allows more internal IP addresses than there are Outside IP addresses. Without PAT, Nat
only supports internally the number available externally.
 If just NAT used, and all IPs already assigned, discard packet. User must try again
until a NAT entry becomes available
Overloading NAT with PAT
Allows scaling to support many client machines, and access to the internet with only a
few public addresses.
 NAT table retains internal IP and port, and translates to global IP and port.
 Since port field is 16 bits, support more than 65,000 port numbers
 Can also translate overlapped/inappropriately assigned network numbers.
o Must translate both source and destination if used
NAT Configuration
Command
ip nat [inside | outside]
ip nat inside source
ip nat outside source
ip nat inside destination list
ip nat pool
ip nat inside source list
Command Description
show ip nat statistics Lists counters for packets and NAT table
entries
show ip nat translations Displays the NAT table
clear ip nat translation Clears some/all of the dynamic entries
debug ip nat Issues a log message describing each
packet whose IP address is translated with
NAT

Assume Router NAT performs the translation:
config t
interface FastEthernet 0/0
ip address [address][mask]
ip nat inside
exit
interface Serial 0/0

ip nat outside
exit
ip nat inside source static 10.1.1.1 200.1.1.1

ip nat inside source static 10.1.1.2 200.1.1.2
show ip nat translations  Displays inside global/inside local IP addresses

show ip nat statistics  Displays total active translations, outside/inside interfaces
Dynamic NAT Configuration
Each interface still needs to be designated as either inside or outside, but static entries no
longer needed.
ip nat pool [pool name] [start address] [end address] netmask [subnet mask]
ip nat inside source list [ACL #] pool [pool name]
To configure NAT overloading:

ip nat inside source list [list #] interface serial 0/0 overload
Turns on PAT
Misc TCP/IP Topics
ICMP: Provides a variety of information about network’s health and operational status.
 Actual messages sit inside IP packet.
 Echo request/echo reply sent and received by ping command
 (Refer to Ultimate CCNA INTRO Guide for additional information)

IOS trace command uses Time to Live (TTL) and the Time Exceeded messages.
 Sets TTL to 1, so next hop sets it to 0 and replies with time exceeded. This is how
trace learns, or “traces”, the route. Next packet sent, increment the TTL to learn
the next hop.
Redirect ICMP Message: If default route exists, but is later discovered to have a better
route, router will send a redirect message to the host to tell it to use the better route. The
host can either accept the better route or disregard it.
Secondary Addressing
If running out of subnets/addresses, you have the ability to use multiple subnets of the
same interface in order to increase the number of supported devices on that
subnet/segment.
If you were to issue a show running-config command:

ip address 10.1.7.252 255.255.255.0 secondary
ip address 10.1.2.252 255.255.255.0
FTP and TFTP
FTP establishes connection on port 21, transfers data on port 20.

 Uses TCP
 Transfer includes any get/put command.
TFTP uses small amount of memory and takes little time to load.
 Use UDP.
 Uses application layer recovery.
MTU and Fragmentation
TCP defines maximum length for IP packet (Maximum Transmission Unit, or MTU)
 Varies based on configuration and the interface’s characteristics.
 By default, calculates based on max size of the data portion of the L2 frame
 1500 for Ethernet interfaces
 If packet larger than allowed MTU, fragments packet into smaller pieces
o IP header contains fields that aid in reassembling the packet
 To change, can use mtu interface subcommand or ip mtu
o mtu sets the MTU regardless of L3 protocol
o ip mtu command takes precedence if both used, unless mtu command set
after ip mtu is (in which case ip mtu resets to current settings)

ISL and 802.1q Configuration
Use multiple logical subinterfaces on 1 physical interface that connects the router to the
switch.
ISL
interface fastethernet 0.[subinterface]
ip address [address] [subnet]
encapsulation isl [VLAN ID]
802.1q
(note that this uses native vlan, in which no VLAN ID is used on a certain trunk, which
by default is VLAN 1)
interface fastethernet 0
ip address [address][subnet mask]
interface fastethernet 0.2

encapsulation dot1q [VLAN ID]

Point-to-Point Leased Line Implementation
To setup point-to-point connection between 2 routers:
1. Assign ip address to each interface (must be in same subnet)
2. Issue no shutdown command.
3. Assign clockrate [bps] command to DCE interface.
Data Link Protocols
HDLC supports synchronous transmission, default for Cisco routers.

PPP supports asynchronous transmission, error recovery (not enabled by default).
Synchronous = CSU/DSU must operate at same speed on either end of the link. Allows
more throughput than asynchronous. Send frames continuously (idle frames when
nothing to actually send).
Receiver Ready: another name for the idle frames
Asynchronous = no frames sent when idle, requires less expensive hardware.
** Note: **
Routers typically use synchronous connections, modem and end PC use asynchronous
PPP and HDLC Framing
HDLC
Flag Address Control Type Data FCS Flag
1 1 2 2 (Variable) 4 1
PPP
Flag Address Control Type Data FCS Flag

1 1 2 2 (Standardized) 4 1
HDLC and PPP Configuration
interface serial 0/0

encapsulation {hdlc | ppp}
compress [predictor | stac | mppc [ignore-pfc]]
show interfaces  verifies setup

** Note: **
To remove ppp encapsulation, and revert back to hdlc: no encapsulation ppp
PPP Features
Link Control Protocol: Features of PPP regardless of the L3 protocol used.

 one used per link
Control Protocol: L3 specific protocols (for examples, IPCP)

 one used per L3 protocol
 Cisco uses additional CP for CDP, called CDPCP
LCP Features
Function LCP Feature Description

Error Detection Link Quality Monitoring Take down a link based on
(LQM) % of errors on a link.
Only useful in redundant

networks that can afford to
take device down.
Looped Link Detection Magic Number Using different magic
numbers, routers send to
each other. If router
receives its own number,
detect looped link.
Multilink Support Multilink PPP Load-balanced between
multiple links.
Authentication PAP/CHAP Exchange names/password
to verify identity.
Looped Link: Bits that the router sends are “looped” back and received by the same
router. Router wouldn’t notice, because it is receiving information.
Authentication: Verifying that router x is actually who they claim to be.

PAP and CHAP
Password Authentication Protocol (PAP)

 Sends clear-text passwords
Challenge Handshake Authentication Protocol (CHAP)

 Uses Message Digest 5 (MD5) one-way hashing on passwords
 Passwords themselves never cross the link (random number used)
PAP
Username/Password
Waiting
Dialing
for Dial
Ack
CHAP
Challenge
Waiting Username/Password
(Hashed) Dialing
for Dial
Accepted

ISDN and Dial-On Demand-Routing
Typical Uses of ISDN

 Occasional access (periodic need to connect)
 Backup link (when frame relay/primary leased line fails)
ISDN Channels
 Both BRI and PRI have digital bearer channels (B channels)
 B channels transport data, operate up to 64 kbps per channel
 Signals new data calls with D, or signaling, channel (16 kbps on BRI, 64 kbps
otherwise)
Type of Interface # of B channels # of D channels Descriptive Term

BRI 2 1 (16 kbps) 2B+D
PRI (T1) 23 1 (64 kbps) 23B+D
PRI (E1) 30 1 (64 kbps) 30B+D
ISND Protocols
Issue Protocol Examples

Telephone network/ ISDN E-series E.163 – International telephone numbering
plan
E.164 - International ISDN addressing

ISND concepts, aspects, I-series I.100 series – Concepts, structures, and
and interfaces terminology
I.400 series – User-Network interface

Switching and signaling Q-series Q.921 – Link Access Procedure on the D
channel (LAPD)
Q.931 – ISDN network layer

OSI Layer Comparisons
OSI Layer I-Series Q-Series Description

1 ITU-T I.430 N/A Connectors, encoding, framing,
reference points
ITU-T I.431
2 ITU-T I.440 ITU-T Q.920 Defines LAPD protocol, encapsulate
signal requests
ITU-T I.441 ITU-T Q.921
3 ITU-T I.450 ITU-T Q.930 Defines signaling messages (call
setup/teardown)
ITU-T I.451 ITU-T Q.931
Tips to Remember
2nd digit in Q-series = OSI layer.

2nd digit in I-series = 2 more than OSI layer
Between local switch and router = Q.931

Between two switches = Signaling System 7 (SS7)
Out-of-band Signaling: D channel signals on different band than data transmission
ISND Switch Authentication: Service Profiler Identifier (SPID), uses free-form decimal
value
ISDN BRI Function Groups and Reference Points
Function Group: A set of functions implemented by a device and software

Reference Point: The interface between two function groups, including cabling details
ISDN Interfaces
U = no other device required
S/T = cabled to function group NT1
Serial Interfaces
Function group Terminal Equipment 2 (TE2) and connect to Terminal Adapter (TA)

Function Group/Reference Point Summary
Function Groups Reference Points Type of Interface in

Router
TE1, NT1 U ISDN Card, U interface
TE1 S/T ISDN Card, S/T interface
TE2 R Serial interface
TE1 S ISDN card, S/T interface
Function Group Definitions
Function Group Meaning

TE1 Terminal Equipment 1
TE2 Terminal Equipment 2
TA Terminal Adapter
NT1 Network Termination Type 1
NT2 Network Termination Type 2
NT1/NT2 N/A
Reference Points
Reference Point What it Connects Between

R TE2 and TA
S TE1 or (TA and NT2)
T NT2 and NT1
U NT1 and the telco
S/T TE1 or TA  NT1 (no NT2 used)
-or-
TE1 / TA  NT1/NT2
** Note **
Home-based ISDN modems include TA and NT1, serial port connects to TA
PRI Function Groups/Reference Points: Designed for businesses, so no function

groups or reference points were defined (thank God!)
PRI Encoding: Alternate Mark Inversion (AMI) or Binary 8 with Zero Substitution
(B8ZS).  Match what the telco is using.
E1 only choice is High-Density Bipolar 3 (HDB3)

PRI Framing: Distinguishes between the D channel and the B channels.
 Extended Super Frame (ESF)  newer, used by most T1’s today
 Super Frame (SF)
E1s use CRC-4 (tell router whether to enable it or not)
T1 = 24th channel is the D channel

E1 = 15th channel is the D channel (0-14, and 16-30 are B channel)
ISDN Configuration and Dial-on-demand Routing
Legacy DDR associates dial configuration with physical interface.

DDR Dialer Profiles dissociates dial configuration from physical interface.
 Provides for great flexibility
Concepts on how Legacy DDR Works
1. Route packets out the interface to be dialed.

a. Static routes must be configured (ip route command)
2. Determine the subset of packets that trigger signaling process.

a. Interesting packets cause the dial to occur, all other are “boring”
i. Interesting by either L3 protocol, or if ACL allows them
To assign by L3 Protocol
dialer-list 1 protocol ip permit
To assign by permission
access-list 101 permit top any host 172.16.3.1 eq 80
dialer-list 2 protocol ip list 101
3. Dial (signal).
a. configure the number to call (single connection):
dialer string [phone number]
b. For multiple routes, need a mapping (IP and their phone numbers)
Add username/password for CHAP support:
username [username] password [password]
dialer map ip [IP address] broadcast name [username] [phone #]

4. Determine when connection terminates.
a. Although interesting and boring packets can be sent, only interesting count
towards idle time.
dialer idle-timeout [seconds]
- or -
dialer fast-idle [seconds] (Used to bring down more quickly)
ISDN BRI Configuration
Use global command to tell the IOS what type of ISDN switch the router is connected to:
isdn switch-type [type]
The types are as follows:

Type of Switch Where it is Found
basic-net3 Australia,Europe,UK
vn3 France
ntt Japan
basic-5ess North America
basic-dms100 North America
basic-ni1 North America
To configure Service Profile Identifier:

isdn spid [SPID #]
ISDN Show/Debug Commands
show interfaces bri 0:1 show isdn status

 L1-L3 status
show dialer interface bri 0  # of active calls
 “Dial Reason”  # of available B channels
 Time Until Disconnect  Switch status
 B channel information
debug isdn q931
show isdn active  Show signaling to setup the called
 Called #  disable with no debug all command
 Active second (duration)
 Remote name debug dialer [events/packets]
show interesting packets that caused the
call to occur
ISND PRI Configuration

 Configure the type of switch to which the router is connected
 Configure the T1 or E1 encoding and framing options (controller config mode)
 Configure the T1/E1 channel range for the DS0 channels
 Configure interface settings (encapsulation, address)
Controller Configuration Mode allows you to configure physical layer parameters such
as encoding, framing, and channels that are in use.
controller t1 1/0  Specifies which controller to configure

framing esf  Type of framing used
linecode b8zs  Type of encoding used
pri-group timeslots 1-24  What channels will be used (typically all of them)
Full PRI Configuration: All previous settings that were on BRI, plus the ones above.
** Shaded lines are ones added for PRI configuration **
interface serial 1/0:23

 Identifies the D channel that needs to be configured (23rd channel)
 B channels are designated as 0-22, D channel is last channel (23)
* Note *
SPIDs are not configured, since PRIs do not use them.
DDR Configuration with Dialer Profiles
Legacy DDR doesn’t support a single set of remote sites through configuration using
multiple BRIs or PRIs in a single router (only allows one set of sites per interface).
Dialer Profilers allow this by using Dialer profiler pools, that pool available B channels.
 Virtual Interface called Dialer Interface
Commands
interface dialer x  Creates virtual dialer interface

dialer pool-member x  Groups the physical ISDN interfaces into a dialer pool
dialer pool x  Tells the dialer interface which dialer pool to use.
 Requires separate subnet for each dialer interface

 Uses the dialer string [number] command (not the map command, no maps used)
Multilink PPP
Allows multiple link between a router and some other device.
MLP can break larger packets into smaller segments, and send over multiple links
(receive faster over multiple lines)  load balances them
 MLP treats multiple links as a single link, with one route in the routing table. *
Commands
ppp multilink  Enable MLP
dialer-load threshold load [inbound | outbound | either]
 Distribute across if load is at this certain percentage (for example, 25)

Frame Relay
Frame Relay Protocols
Frame Relay networks are Non-Broadcast Multiaccess Networks
LMI Messages Frame Relay

(DTE) (DCE) (DCE)
Router Frame Frame (DTE)
Router
Relay Relay
Switch Switch
Access Link
Local Management Interface: protocol that defines keepalive messages and other
messages.
Router’s identify the Virtual Circuit by encapsulating that data in a Data-Link Connection
Identifier (DLCI).
Frame Relay Terms
Term Description
Virtual Circuit (VC) Logical path that connects routers
Permanent Virtual Circuit (PVC) A predefined VC (equated to leased line)
Switched Virtual Circuit (SVC) Dial connection in concept
Data Terminal Equipment (DTE) Devices connected to Frame Relay Service
Data Communications Equipment Frame Relay switches, typically in service
(DCE) provider’s network.
Access Link Leased line between DTE and DCE
Access Rate (AR) Speed at which access link is clocked.
Data-link Connection Identifier (DLCI) Frame Relay address used in headers to
identify the VC
Nonbroadcast Multiaccess (NBMA) Broadcasts not supported, but more than 2
devices can be connected
Local Management Interface Used between DCE and DTE, manages the
connection (signaling messages, keepalive
messages).

Frame Relay Standards
What specification defines ITU Document ANSI Document
Data-link specifications Q.922-A T1.618
(LAPF header/trailer)
PVC Management, LMI Q.933-A T1.617-D
SVC Signaling Q.933 T1.617
Multiprotocol encapsulation Q.933-E T1.617-F
LMI and Encapsulation Types
LMI is between Router (DTE) and Frame Relay Switch (DCE).

DLCI is between Router (DTE) and Router (DTE)  encapsulation
LMI status inquiry messages perform two key functions:

 Perform keepalive function between the DTE and DCE ( implies link is down)
 Signal when PVC is active or inactive
There are three protocol types for LMI:

 Cisco (proprietary)
 ANSI (T1.617-D)
 ITU (Q.933-A)
DTE needs to know which LMI type to use (must be the same as the DCE type)
 Autosense feature detects it automatically
 To configure it manually, frame-relay lmi-type [type]
Can use either cisco, ansi, or q933a as the type
Encapsulation defined by LAPF (Q.922-A)
LAPF Header Information LAPF Trailer

(DLCI, FECN, BECN, DE) (FCS)
 Doesn’t provide protocol type field, can’t support multiple protocols.
Two solutions developed to overcome lack of Protocol Type field.

1. Additional header created, 2-byte protocol type field
2. RFC 1490 (superseded by RFC 2427)
a. “Multiprotocol Interconnect over Frame Relay”
Protocol type field between LAPF header and L3 packet
LAPF Header Cisco or RFC 1490 Packet LAPF Trailer
If Cisco used, type = cisco If other standard used, type = ietf

DLCI Addressing Details
DLCI’s are locally significant, meaning they must have a unique value only on the local
access link.
Analogy
There can only be one 150 ProProfs Avenue, Rochester, NY.

At the same time, every other city in the US can have a 150 ProProfs Avenue address.
Global Addressing makes the DLCI’s appear as if they were unique LAN addresses,
makes it easier to understand DLCI addressing.
 Switches change the DLCI before the receiver gets it
o Sender treats the DLCI as the destination address
o Receiver treats the DLCI as the source address
Network Layer Concerns with Frame Relay
 Choices for L3 Addresses on Frame Relay interfaces

 Handling of broadcasts
3 Different Options for handling L3 packets:

1. One subnet for all DTEs
- Usually used in a full mesh topology
2. One subnet per VC

- Usually used in a partially meshed topology
- Wastes some IP addresses (unless mask of 255.255.255.252 is used)
3. A hybrid of the 1st two options

- Used if you can create a sub-full mesh network between some router, but only a
partial between others
- Uses subinterfaces (logical interfaces on the same physical interface, with
different IPs)
Broadcast Handling: Cisco IOS sends copies of the broadcasts across each VC. To
reduce lag in network, these are placed in different output queue than the one for user
traffic, and you can limit the amount of bandwidth this consumes.

Frame Relay Service Interworking
Most use Asynchronous Transfer Mode (ATM) within the core of the Frame Relay
Network.
- 53-byte cells
- Better Quality of Service (QoS)
- Service Interworking is the use of ATM between Frame Relay switches
- FRF.5 is the specification that defines how to use ATM in Frame Relay
- FRF.8 is the specification that defines how two routers communicate when one is
using ATM, and the other is using Frame Relay
Frame Relay Configuration
Command Description
encapsulation frame-relay [ietf | cisco] Frame relay encapsulation type
frame-relay lmi-type {ansi | q933a | cisco} LMI type configuration
bandwidth num Configure bandwidth in kbps
frame-relay map {protocol protocol-address Statically defines mapping between
dlci} payload-compression frf9 stac caim L3 address and a DLCI
[element-number] [broadcast] [ietf | cisco]
keepalive sec Defines whether and how long LMI

keepalives should be sent
interface serial number.sub [point-to-point | Creates a subinterface or references
multipoint] already existing one.
frame-relay interface-dlci dlci [ietf | cisco] Links or correlates a DLCI to the

[voice-cir cir] [ppp virtual-template-name] subinterface.
Show Commands
show interfaces
show frame-relay pvc [interface interface] [dlci]
show frame-relay lmi [type number]

Fully-Meshed Network with Single Subnet
interface serial0
encapsulation frame-relay
- Check that all serial interfaces are in the same subnet

- LMI type automatically sensed
- Encapsulation is cisco
- PVC DLCIs are learned via LMIs
- Inverse ARP enabled by default
More criteria given:

 Router 1 requires IETF encapsulation (it is not a Cisco router)
 Router 2’s LMI type should be ANSI, no autosense used
Router 1
interface serial0
frame-relay lmi-type ansi
frame-relay interface-dlci 53 ietf
ip address [address][subnet]
Router 2
interface serial0
encapsulation frame-relay ietf
ip address [address][subnet]
Frame Relay Address Mapping
Creates a correlation between L3 address and corresponding L2 address

 Statically configure the mapping
 Dynamically learn mapping through Inverse ARP
Inverse ARP: Announces L3 addresses as soon as the LMI signals the PVCs are up.
Static Configuration
no frame-relay inverse-arp
frame-relay map ip [address][DLCI #] broadcast

Partially Meshed Network with 1 IP per VC
Step 1: Configure Encapsulation

interface serial0
Step 2: Configure sub-interfaces

interface serial 0.1 point-to-point
frame-relay interface-dlci [dlci #]
Step 3: Configure Individual VCs

interface serial0

ip address [address] [subnet]
Step 4: Verify Connectivity

show frame-relay map
show frame-relay pvc
debug frame-relay lmi
Partially Meshed Network with some Fully Meshed Parts
Step 1: Configure Encapsulation

interface serial0
Step 2: Configure multipoint sub-interface(s)

interface serial 0.1 multipoint
ip address [address] [subnet mask]
frame-relay interface-dlci [dlci #]  first interface
frame-relay interface-dlci [dlci #]  second interface
Step 3: Configure point-to-point interface(s)

ip address [address] [subnet mask]
Step 4: Verify Connectivity

show frame-relay map
debug frame-relay events  Inverse ARP IP values given in HEX

IP Access Control List Security
Access Control Lists (ACLs): cause a router to discard some packets based on criteria
defined by the network engineer.
 Prevent hackers
 Prevent employees from using parts of the system
 Filter routing updates
 Match packets for VPN tunneling
 Match packets for implementing QoS features
IP Standard ACL Concepts
ACL is applied on an interface, either as it is entering or as it is leaving an interface.

(Inbound or Outbound packets)
Deny: the packet will be filtered

Allow: the packet will be not be filtered
 At the end of every access list, there is an implied “Deny All Access” list. If a packet
does not match any access list statement, the packet will be filtered.
If multiple rules in the Access List

1. Matching parameters of access-list are compared to the packet.
2. Is a match made, the action defined in the access-list statement is performed.
3. If a match is not made, repeat steps 1-2 until a match is made.
4. If no match is made, the deny action is performed.
Wildcard Masks
Access Lists match packets by looking at the IP, TCP, and UDP headers of the packet.
Standard Access lists only look at the Source IP Address
Wilcard masks define the portion of the IP packet that should be examined.
 0 = match those bits
 1 = ignore those bits
Examples
Wildcard Mask Description
0.0.0.0 The entire IP address must match.
0.0.0.255 The first 3 octets must match
0.0.255.255 The first 2 octets must match
0.0.15.255 The first 20 bits must match.

To match all hosts in a single subnet: Subtract the subnet mask from 255.255.255.255
Standard IP Access List Configuration
Command Description
access-list access-list number {deny | permit} source Global command for standard number
[source-wildcard] [log] access lists.
access-list access-list-number remark text Remark that comments what the list does
ip-access group {number | name [in | out]} Interface subcommand that enable access
lists
access-class number | name [in | out] Line subcommand to enable standard or
extended access lists
Show Commands
show ip interface
show access-lists [access list number/name]
show ip access-list [access list number/name]
Configuration to Deny 1 Specific User

interface Ethernet0
ip access-group 1 out
access-list 1 remark stop all traffic whose source ID is this user

access-list 1 deny [ip address][wildcard mask]
Explanation of Commands
- Standard Access list can be in the range of 1-99, or 1300-1999

- access-list commands are the global access list
- Then, to enable on specific interface, use ip-access group command
- Remember, access list referenced from top to bottom, so it looks for a specific IP
to filter, and then allows all IP addresses (Wildcard of 255.255.255.255)
** Note **
If you run show runn config, would say “deny host x” and “permit any”

Extended IP Access Control Lists
The one key difference is the variety of fields in the packet that can be compared for
matching by extended access lists.
Extended Access List Matching Options

Misc Protocol Header Source Destination Options TCP,UDP,ICMP,IGRP,IGMP,etc
Header Type Checksum IP IP
Fields
IP Header
* Note *
If TCP/UDP used, can filter on Source/Destination Port
Access-list Statement What it Matches

access-list 101 deny ip any host 10.1.1.1 Any IP packet, any source IP address, with
a destination IP address of 10.1.1.1
access-list 101 deny tcp any gt 1023 host Packets with a TCP header, any source IP
10.1.1.1 eq 23 address, with a source port greater than (gt)
1023. Packet must have a destination of
10.1.1.1 and a destination port of 23.
access-list 101 deny tcp any host 10.1.1.1 The same as above, but any source port (it
eq 23 is omitted)
access-list 101 deny tcp any host 10.1.1.1 Telnet used rather than port number
eq telnet
access-list 101 deny udp 1.0.0.0 A packet with a source in network 1.0.0.0,
0.255.255.255 lt 1023 any using UDP with a source port less than (lt)
1023, with any destination IP address.
Sequence options follow:

[protocol type] [source IP] [source port] [destination IP] [destination port]

Extended IP ACL Configuration
Command Configuration Mode and Description
access-list access list # {deny | permit} protocol Global command for extended numbered access lists.
source source-wildcard destination destination- Number between 100-199 and 2000-2699.
wildcard [log | log-input]
ip access-group [number | name [in | out]] Interface subcommand to enable access lists
access-list access list # remark text Create comment about what ACL does
access-class number | name [in | out] Line subcommand for standard/extended access lists.
Show Commands
Command Description
show ip interfaces [type number] References access lists enabled on the
interface
show access-lists [access-list-number | Shows details of access lists for all
access-list-name] protocols
show ip access-list [access-list-number | Show IP access lists
access-list-name]
Extended Access List Range: 100 to 199, or 2000 to 2699
Cisco recommends you locate Extended ACL as close to the source as possible.
Misc ACL Topics
Named ACLs: Identifies ACLs using names, can delete individual lines in a named IP
access list.
 Use a global command that places the user in a named IP access list submode
 When named matching statement is deleted, only that line is deleted
o With numbered lists, the deletion of any statement in the list deletes all
statements in the list
Command to create ACL: ip access-list extended [ACL name]

Command to delete line: no deny ip [source] [destination] [wildcard]
Controlling Telnet with ACLs: Can control who can telnet to/from a router
line vty 0 4
login
password cisco
access-class 3 in

access-list 3 permit 10.1.1.0 0.0.0.255
ACL Implementation Considerations
1. Create ACLs using text editor outside the router, and copy/paste into
configuration. This makes fixing typos easier, allows for a backup of
configuration, which makes adding/deleting from them easier.
2. Place extended ACLs as close to the source of the packet as possible to discard
packets quickly.
3. Place standard ACLs as close to the packet's destination as possible, because

standard ACLs often discard packets that you do not want discarded when they
are placed close to the source.
4. Place more-specific statements early in the ACL.
5. Disable an ACL from its interface (no ip access-group) before making changes to
it.

Ultimate CCNA ICND Study Guide

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Ultimate CCNA ICND Study Guide

Enviado por

Direitos autorais:

Formatos disponíveis

Ultimate CCNA ICND

LAN Switching and Configuring 2950 Switches.............................................................3

Ultimate CCNA ICND Guide -2-

Basic Configuration/Operation Commands

Ultimate CCNA ICND Guide -3-

*By default, switches work out-of-the-box, all ports on VLAN1*

When changing speed/duplex, interface will temporarily go down.

Configuring the IP Address

Port Security Configuration

Ultimate CCNA ICND Guide -4-

How Spanning Tree Works:

Electing the Root and Discovering Root Ports/Designated Ports:

Default Port Costs

Ethernet Speed Original Cost Revised Cost

Reacting to Changes in the Network

Describes how STP handles breaks in cabling/other network changes.

Ultimate CCNA ICND Guide -5-

State Forward Frames? Learn MAC Addresses? State

Optional STP Features

Rapid Spanning Tree (IEEE 802.1w)

Traditional Convergence Time

RSTP Convergence Time: typically less than 10 seconds.

Ultimate CCNA ICND Guide -6-

Link-Type point-to-point: Links between switches

RSTP Port States

RSTP Port Roles

Ultimate CCNA ICND Guide -7-

EtherChannel Configuration: The modes in channel-group should be set to on for all

*EtherChannel = "port channeling", listed in show command as Po*

Ultimate CCNA ICND Guide -8-

Function ISL 802.1Q

1. Creation of switch called the VTP Server.

Ultimate CCNA ICND Guide -9-

- Client Mode  Configuration not stored at all, can’t modify/create/delete

- Transparent Mode  Avoid’s using VTP to exchange configuration info, to be

Function Server Client Transparent

Processes received advertisements and synchronizes VLAN Yes Yes No

Forwards VTP advertisements received in a trunk Yes Yes Yes

Saves VLAN configuration in NVRAM Yes No Yes

Can create, modify, or delete VLANs using configuration Yes No Yes

VLAN Trunking and Configuration

Command Command Description

Ultimate CCNA ICND Guide - 10 -

switchport access vlan vlan-id Interface subcommand that statically

show interfaces [interface-id | vlan vlan-id] Displays trunk status.

show vlan [vlan] Displays VLAN information.

show vtp status Lists VTP configuration and status information.

** Note that vlan 1 is configured by default **

Ultimate CCNA ICND Guide - 11 -

Ultimate CCNA ICND Guide - 12 -

Routers can only forward packets to subnets in its routing table

ip route [address][subnet mask][next hop IP]

-or, for point-to-point serial interfaces-

ip route [address][subnet mask][interface]

show ip route (displays all of router’s ip routes)

 Disadvantage to doing this is that static routing works one-way

Distance Vector Concepts

Ultimate CCNA ICND Guide - 13 -

Hold-Down Timer: Defeats the counting-to-infinity problem when multiple/redundant

Triggered/Flash Updates: Sends new update as soon as route fails.

Ultimate CCNA ICND Guide - 14 -

Counting to infinity Hold-down timer—After finding out that a route to a subnet

By default, switches work out-of-the-box, all ports on VLAN1

EtherChannel = "port channeling", listed in show command as Po

Note that vlan 1 is configured by default