What is a network?

A computer network can be described as a system of interconnected devices that

can communicate using some common standards (called protocols). These devices
communicate to exchange resources (e.g. files and printers) and services.

Here is an example network consisting of two computers connected together:

In the example above, the two computers are directly connected using a cable. This
small network can be used to exchange data between just these two computers.

What if we want to expand our network? Then we can use a network device, either a
switch or a hub, to connect more than two computers together:

Now all of the devices on the network can communicate with each other.

We’ll talk more about hubs and switches in just a moment. For now, just remember
that these devices serve as a central point to which all of the computers connect to.
 OSI & TCP/IP models
OSI model
OSI (Open Systems Interconnection) model was created by the International
Organization for Standardization (ISO), an international standard-setting body. It
was designed to be a reference model for describing the functions of a
communication system. The OSI model provides a framework for creating and
implementing networking standards and devices and describes how network
applications on different computers can communicate through the network media.

The OSI model has seven layers, with each layer describing a different function of
data traveling through a network. Here is the graphical representation of these
layers:

The layers are usually numbered from the last one, meaning that the Physical layer
is considered to be the first layer. It is useful to remember these layers, since there
will certainly be a couple of questions on the CCNA exam regarding them. Most
people learn the mnemonic „Please Do Not Throw Sausage Pizza Away“:

So, what is the purpose of these layers?

They are most commonly used by vendors. They enable them to implement some
functionality into a networking device, which then enables easier interoperability with
devices from other vendors.

Here is a brief description of each of the layers of the OSI model.

 Physical – defines how to move bits from one device to another. It details
how cables, connectors and network interface cards are supposed to work and how
to send and receive bits.
 Data Link – encapsulates a packet in a frame. A frame contains a header and
a trailer that enable devices to communicate. A header (most commonly) contains a
source and destination MAC address. A trailer contains the Frame Check Sequence
field, which is used to detect transmission errors. The data link layer has two
sublayers:
 1. Logical Link Control – used for flow control and error detection.
2. Media Access Control – used for hardware addressing and for controlling the
access method.

 Network – defines device addressing, routing, and path determination.

Device (logical) addressing is used to identify a host on a network (e.g. by its IP
address).
 Transport – segments big chunks of data received from the upper layer
protocols. Establishes and terminates connections between two computers. Used for
flow control and data recovery.
 Session – defines how to establish and terminate a session between the two
systems.
 Presentation – defines data formats. Compression and encryption are
defined at this layer.
 Application – this layer is the closest to the user. It enables network
applications to communicate with other network applications.

It is a common practice to reference a protocol by the layer number or layer name.

For example, HTTPS is referred to as an application (or Layer 7) protocol. Network
devices are also sometimes described according to the OSI layer on which they
operate – e.g. a Layer 2 switch or a Layer 7 firewall.

The following table shows which protocols reside on which layer of the OSI model:

TCP/IP model
The TCP/IP model was created in the 1970s by the Defense Advance Research
Project Agency (DARPA) as an open, vendor-neutral, public networking model.
Just like the OSI model, it describes general guidelines for designing and
implementing computer protocols. It consists of four layers: Network Access,
Internet, Transport, and Application:

The following picture show the comparison between the TCP/IP model and OSI
model:
 As you can see from the picture above, the TCP/IP model has fewer layers than the
OSI model. The Application, Presentation, and Session layers of the OSI model are
merged into a single layer in the TCP/IP model. Also, Physical and Data Link layers
are called Network Access layer in the TCP/IP model. Here is a brief description of
each layer:

 Link – defines the protocols and hardware required to deliver data across a
physical network.
 Internet – defines the protocols for the logical transmission of packets over
the network.
 Transport – defines protocols for setting up the level of transmission service
for applications. This layer is responsible for reliable transmission of data and the the
error-free delivery of packets.
 Application – defines protocols for node-to-node application communication
and provide services to the application software running on a computer.

Differences between OSI and TCP/IP model

There are some other differences between these two models, besides the obvious
difference in the number of layers. OSI model prescribes the steps needed to
transfer data over a network and it is very specific in it, defining which protocol is
used at each layer and how. The TCP/IP model is not that specific. It can be said
that the OSI model prescribes and TCP/IP model describes.

Local area network (LAN)

The term local area network (LAN) is commonly used to describe a network of
devices in a limited area (a house, office, building…). This type of network is usually
capable of achieving high data transfer rate (up to 10 Gbps!) at low cost. Examples
of this type of network are a small office network inside a single building or your
home network.

A typical SOHO (small office/home office) LAN consist of PCs, printers, switches,
routers, and cabling that connects all these devices together. The following figure
shows a typical LAN:
In the picture above we have two computers that are connected to a switch. The
switch is then connected to a router that provides the LAN with access to the
Internet.

Some of the most popular LAN technologies are Ethernet, Token Ring and FDDI.
Most LAN networks use TCP/IP to communicate. Twisted-pair cabling is usually
used in a LAN.

Ethernet is by far the most popular wired LAN technology. It defines wiring, signaling,
connectors, frame formats, protocol rules, etc. Most modern LANs also support the
wireless LAN (WLAN) technology, defined by the IEEE 802.11 standards. WLANs
use radio waves instead of wires or cables for links between devices.

Wide area network

The term wide area network is used to describe a network that spans multiple
geographic locations. Consider an example. A company has two offices, one in
London and one in Berlin. Both offices have a LAN. If the company connects these
two LANs together using WAN technology, a WAN is created.

The key difference between LANs and WANs is that the company usually doesn’t
own WAN infrastructure. A company usually leases WAN services from a service
provider. A WAN spanning multiple cities could look something like this:
 Frame Relay, ATM and X.25 are different types of WAN technologies. The Internet
can also be considered a WAN.

Encapsulation
The term encapsulation is used to describe a process of adding headers and
trailers around some data. This process can be explained with the four-layer TCP/IP
model, with each step describing the role of the layer.  For example, here is what
happens when you send an email using your favourite email program (such as
Outlook or Thunderbird):

1. the email is sent from the Application layer to the Transport layer.
2. the Transport layer encapsulates the data and adds its own header with its
own information, such as which port will be used and passes the data to the Internet
layer
3. the Internet layer encapsulates the received data and adds its own header,
usually with information about the source and destination IP addresses. The Internet
layer than passes the data to the Network Access layer
4. the Network Access layer is the only layer that adds both a header and a
trailer. The data is then sent through a physical network link.

Here is a graphical representation of how each layer add its own information:

Each packet (header + encapsulated data) defined by a particular layer has a

specific name:

 Frame – encapsulated data defined by the Network Access layer. A frame

can have both a header and a trailer.
 Packet – encapsulated data defined by the Network layer. A header contains
the source and destination IP addresses.
 Segment – encapsulated data as defined by the Transport layer. Information
such as the source and destination ports or sequence and acknowledgment
numbers are included in the header.

NOTE
The term decapsulation refers to the process of removing headers and trailers as data passes
from lower to upper layers. This process happens on the computer that is receiving data.
 

Data encapsulation in the OSI model

Just like with the TCP/IP layers, each OSI layer asks for services from the next lower
layer. The lower layer encapsulates the higher layer’s data between a header (Data
Link protocols also add a trailer).

While the TCP/IP model uses terms like segment, packet and frame to refer to a
data packet defined by a particular layer, the OSI model uses a different
term: protocol data unit (PDU). A PDU represent a unit of data with headers and
trailers for the particular layer, as well as the encapsulated data. Since the OSI
model has 7 layers, PDUs are numbered from 1 to 7, with the Physical layer being
the first one. For example, the term Layer 3 PDU refers to the data encapsulated at
the Network layer of the OSI model.

Here is a graphical representation of all the PDUs in the OSI model:

Ethernet explained
Ethernet is the most used networking technology for LANs today. It defines wiring
and signaling for the Physical layer of the OSI model. For the Data Link layer, it
defines frame formats and protocols.

Ethernet is described as IEEE 802.3 standard. It uses Carrier Sense Multiple

Access with Collision Detection (CSMA/CD) access method and supports speeds
up to 100 Gbps. It can use coaxial, twisted pair and fiber optic cables. Ethernet uses
frames to with source and destination MAC addresses to deliver data.
NOTE
The term Ethernet LAN refers to a combination of computers, switches, and different kinds of
cables that use the Ethernet standard to communicate over the network. It is by far the most
popular LAN technology today.
 Ethernet frame
We have already learned that encapsulated data defined by the Network Access
layer is called an Ethernet frame. An Ethernet frame starts with a header, which
contains the source and destination MAC addresses, among other data. The middle
part of the frame is the actual data. The frame ends with a field called Frame Check
Sequence (FCS).

The Ethernet frame structure is defined in the IEEE 802.3 standard. Here is a
graphical representation of an Ethernet frame and a description of each field in the
frame:

 Preamble – informs the receiving system that a frame is starting and enables
synchronisation.
 SFD (Start Frame Delimiter) – signifies that the Destination MAC Address
field begins with the next byte.
 Destination MAC – identifies the receiving system.
 Source MAC – identifies the sending system.
 Type – defines the type of protocol inside the frame, for example IPv4 or
IPv6.
 Data and Pad – contains the payload data. Padding data is added to meet
the minimum length requirement for this field (46 bytes).
 FCS (Frame Check Sequence) – contains a 32-bit Cyclic Redundancy
Check (CRC) which allows detection of corrupted data.

The FCS field is the only field present in the Ethernet trailer. It allows the receiver to
discover whether errors occurred in the frame. Note that Ethernet only detects in-
transit corruption of data – it does not attempt to recover a lost frame. Other higher
level protocols (e.g. TCP) perform error recovery.

MAC & IP addresses

MAC address
A Media Access Control (MAC) address is a 48-bit (6 bytes) address that is used
for communication between two hosts in an Ethernet environment. It is a hardware
address, which means that it is stored in the firmware of the network card.

Every network card manufacturer gets a universally unique 3-byte code called
the Organizationally Unique Identifier (OUI). Manufacturers agree to give all NICs
a MAC address that begins with the assigned OUI. The manufacturer then assigns a
unique value for the last 3 bytes, which ensures that every MAC address is globaly
unique.

MAC addresses are usually written in the form of 12 hexadecimal digits. For
example, consider the following MAC address:

D8-D3-85-EB-12-E3
Every hexadecimal character represents 4 bits, so the first six hexadecimal
characters represent the vendor (Hewlett Packard in this case).

How to find out your own MAC address?

If you are using Windows, start the Command Prompt (Start – Programs –
Accessories – Command Prompt). Type the ipconfig/all command and you should
see a field called Physical Address under the Ethernet adapter settings:

If you are using Linux, type the ifconfig command. You should see your MAC
address referred to as HWaddress.
 IP address
An IP address is a 32-bit number that identifies a host on a network. Each device
that wants to communicate with other devices on a TCP/IP network needs to have
an IP address configured. For example, in order to access the Internet, your
computer will need to have an IP address assigned (usually obtained by your router
from the ISP).

An IP address is usually written in the form of four decimal numbers seperated by

periods (e.g. 10.0.50.1). The first part of the address represents the network the
device is on (e.g. 10.0.0.0), while the second part of the address identifies the host
device (e.g. 10.0.50.1).

In contrast to MAC address, an IP address is a logical address. It can be configured

manually or it can be obtained from a DHCP server.
NOTE
The term IP address is usually used for IPv4, which is the fourth version of the IP protocol. A
newer version exists, IPv6, and uses 128-bit addressing.
 

Private IP addresses

There are three ranges of addresses that can be used in a private network (e.g. your
home LAN). These addresses are not routable through the Internet.

Private addresses ranges are:

 10.0.0.0 – 10.255.255.255
 172.16.0.0 – 172.31.255.255
 192.168.0.0 – 192.168.255.255

How to find out your IP address

If you are using Windows, start the Command Prompt (Start – Programs –
Accessories – Command Prompt). Enter the ipconfig command. You should see a
field called IP Address:
Linux users:

Enter ifconfig. You should see a field called inet addr:

Unicast, multicast, and broadcast addresses

There are three types of Ethernet addresses:

1. unicast addresses
Unicast addresses represent a single LAN interface. A unicast frame will be sent to a
specific device, not to a group of devices on the LAN:
The unicast address will have the value of the MAC address of the destination
device.

2. multicast addresses
Multicast addresses represent a group of devices in a LAN. A frame sent to a
multicast address will be forwarded to a group of devices on the LAN:

 
Multicast frames have a value of 1 in the least-significant bit of the first octet of the
destination address. This helps a network switch to distinguish between unicast and
multicast addresses. One example of an Ethernet multicast address would
be 01:00:0C:CC:CC:CC, which is the address used by CDP (Cisco Discovery
Protocol).

3. broadcast addresses
Broadcast addresses represent all device on the LAN. Frames sent to a broadcast
address will be delivered to all devices on the LAN:

The broadcast address has the value of FFFF.FFFF.FFFF (all binary ones). The
switch will flood broadcast frames out all ports except the port that it was received
on.

Network devices
Let’s take a look at the network devices commonly found in today’s LANs..

Hubs
A hub serves as a central point to which all of the hosts in a network connect to. A
Hub is an OSI Layer 1 device and has no concept of Ethernet frames or addressing.
It simply receives a signal from one port and sends it out to all other ports. Here is an
example 4-port Ethernet hub (source: Wikipedia):
Today, hubs are considered obsolete and switches are commonly used instead.

Switches
Like hubs, a switch is used to connect multiple hosts together, but it has many
advantages over a hub. Switch is an OSI Layer 2 device, which means that it can
inspect received traffic and make forwarding decisions. Each port on a switch is a
separate collision domain and can run in a full duplex mode (photo credit:
Wikipedia).

Routers
 A router is a device that routes packets from one network to another. A router is
most commonly an OSI Layer 3 device. Routers divide broadcast domains and have
traffic filtering capabilities.

The picture below shows a typical home router:

In the next sections we will describe each of these devices in more detail.

Network hubs explained

A hub serves as a central point to which all of the hosts in a network connect to. It is
an OSI Layer 1 device and has no concept of Ethernet frames or addressing – it
simply receives the signal from one port and sends it out to all other ports. Here is an
example 4-port Ethernet hub (image source: Wikipedia):

As mentioned above, hubs have no way of distinguishing out which port a signal
should be sent to; instead, an electrical signal is sent out each port. All nodes on the
network will receive data, and the data will eventually reach the correct destination,
but with a lot of unnecessary network traffic:
 In the example above you can see that the hub has sent out the receiving signal out
all other ports, except the incoming port. Hubs are therefore considered obsolete and
switches are commonly used instead in modern LANs. Hubs have numerous
disadvantages over switches, such as:

 they are not aware of the traffic that passes through them
 they create only one large collision domain
 a hub typically operates in half duplex
 there is also a security issue with hubs since the traffic is forwarded to all
ports (except the source port), which makes it possible to capture all traffic on a
network with a network sniffer!

 
NOTE
Hubs are also known as multiport repeaters because that is basically what they do – repeat the
electrical signal that comes in one port out all other ports (except the incoming port).

Network bridge explained

A network bridge is a device that divides a network into segments. Each segment
represent a separate collision domain, so the number of collisions on the network is
reduced. Also, because each collision domain has its own separate bandwidth, a
bridge also improves the overall network performance.
NOTE
Unlike hubs, bridges allow multiple devices to send at the same time. This is why there are
considered to be predecessors of network switches.
 
 A bridge works at the Data link layer (Layer 2) of the OSI model, just like a switch
does. It inspects incoming traffic and decide whether to forward it or filter it. Each
incoming Ethernet frame is inspected for destination MAC address. If the bridge
determines that the destination host is on another segment of the network, it
forwards the frame to that segment.

Consider the following network:

In the example above we have a network of four computers. The network is divided
into segments by a bridge. Each segment is a separate collision domain with its own
bandwidth. Let’s say that Host A wants to communicate with Host C. Host A will send
the frame with the Host C’s destination MAC address to the bridge. The bridge will
inspect the frame and forward it to the segment of the network Host C is on.

Network bridges offered substantial improvements over network hubs, but are not
widely used anymore in modern LANs – switches are commonly used instead. Here
is why:

 most bridges have only 2 or 4 ports. A switch can have tens or even hundreds
of ports
 bridges are software based, while switches are hardware-based and use
chips (ASICs) when making forwarding decisions, which makes them much faster
than bridges
 switches can have multiple spanning-tree instances, bridges can have only
one
 switches can have multiple broadcast domains (one per VLAN)
 Network switch explained
 Just like hubs and bridges, a switch is used to connect multiple hosts
together, but it has many advantages over them. Switch is an OSI Layer 2
device, which means that it can inspect received traffic and make forwarding
decisions. Each port on a switch is a separate collision domain and can run in
a full duplex mode (photo credit: Wikipedia).


 A switch manages the flow of data across a network by inspecting the

incoming frame’s destination MAC address and forwarding the frame only to
the host for which the data was intended. Each switch has a dynamic table
(called the MAC address table) that maps MAC addresses to ports. With this
information, a switch can identify which system is sitting on which port and
where to send the received frame.
 To better understand how a switch works, consider the following example:


 As you can see from the example above, Host A is trying to communicate with
Host C and sends a packet with the Host C’s destination MAC address. The
packet arrives at the switch, which looks at the destination MAC address. The
switch then searches that MAC address in its MAC address table. If the MAC
 address is found, the switch then forwards the packet only out the port
connected to the frame’s destination. Hosts connected to other ports will not
receive the frame.
 Network router explained
 A router is a network device that routes packets from one network to another.
It is usually connected to two or more different networks. When a packet
comes to a router port, the router reads the address information in the packet
to determine out which port the packet will be sent. For example, a router
provides you with the internet access by connecting your LAN with the
Internet.
 NOTE
A router is most commonly an OSI Layer 3 device, since its forwarding decision is based
on the information of the OSI Layer 3 – the destination IP address. Routers divide
broadcast domains, provide full duplex communication, and have traffic filtering
capabilities.
  
 The picture below shows a typical home router:


 If two hosts from different networks want to communicate, they will need a
router in order to exchange data. Consider the following example:
 

 We have a network of three hosts and a router. Note that each computer is on
a different network. Host A wants to communicate with Host B and sends the
packet with the Host B’s IP address (10.0.0.20) to the router. The router
receives the packet, compares the packet’s destination IP address to the
entries in its routing table and finds a match. It then sends the packet out the
interface associated with the network 10.0.0.0/24. Only Host B will receive
and process the packet. In fact, Host C will not even be aware that the
communication took place.

Half duplex and full duplex

In telecommunication, a duplex communication system is a point-to-point system of
two devices that can communicate with each other in both direction. These two types
of duplex communication systems exist in Ethernet environments:

 half-duplex – a port can send data only when it is not receiving data. In other words,
it cannot send and receive data at the same time. Network hubs run in half-duplex mode in
order to prevent collisions. Since hubs are rare in modern LANs, the half-duplex system is
not widely used in Ethernet networks anymore.
 full-duplex – all nodes can send and receive on their port at the same time. There
are no collisions in full-duplex mode, but the host NIC and the switch port must support the
full-duplex mode. Full-duplex Ethernet uses two pairs of wires at the same time instead of a
single wire pair like half-duplex.

The following picture illustrates the concept:

Because hubs can only operate in half duplex, the switch and hub will negotiate to
use half-duplex, which means that only one device can send data at the time. The
workstation on the right supports full duplex, so the link between the switch and the
workstation will use full duplex, with both devices sending data simultaneously.

Each NIC and switch port has a duplex setting. For all links between hosts and
switches, or between switches, the full-duplex mode should be used. However, for all
links connected to a LAN hub, the half-duplex mode should be used in order to
prevent a duplex mismatch that could decrease network performance.

In Windows, you can set up duplex settings in the Properties window of your

network adapter:
 IEEE Ethernet standards
Ethernet is defined in a number of IEEE 802.3 standards. These standards define
the physical and data-link layer specifications for Ethernet. The most important 802.3
standards are:

 10Base-T (IEEE 802.3) – 10 Mbps with category 3 unshielded twisted pair

(UTP) wiring, up to 100 meters long.
 100Base-TX (IEEE 802.3u) – known as Fast Ethernet, uses category 5, 5E,
or 6 UTP wiring, up to 100 meters long.
 100Base-FX (IEEE 802.3u) – a version of Fast Ethernet that uses multi-mode
optical fiber. Up to 412 meters long.
 1000Base-CX (IEEE 802.3z) – uses copper twisted-pair cabling. Up to 25
meters long.
 1000Base-T (IEEE 802.3ab) – Gigabit Ethernet that uses Category 5 UTP
wiring. Up to 100 meters long.
 1000Base-SX (IEEE 802.3z) – 1 Gigabit Ethernet running over multimode
fiber-optic cable.
 1000Base-LX (IEEE 802.3z) – 1 Gigabit Ethernet running over single-mode
fiber.
 10GBase-T (802.3.an) – 10 Gbps connections over category 5e, 6, and 7
UTP cables.

Notice how the first number in the name of the standard represents the speed of the
network in megabits per second. The word base refers to baseband, meaning that
the signals are transmitted without modulation. The last part of the standard name
refers to the cabling used to carry signals. For example, 1000Base-T means that the
speed of the network is up to 1000 Mbps, baseband signaling is used, and the
twisted-pair cabling will be used (T stands for twisted-pair).

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse
technologies, Cisco has developed a layered hierarchical model for designing a
reliable network infrastructure. This three-layer model helps you design, implement,
and maintain a scalable, reliable, and cost-effective network. Each of layers has its
own features and functionality, which reduces network complexity.

Here is an example of the Cisco hierarchical model:

Here is a description of each layer:

 Access – controls user and workgroup access to the resources on the

network. This layer usually incorporates Layer 2 switches and access points that
provide connectivity between workstations and servers. You can manage access
control and policy, create separate collision domains, and implement port security at
this layer.
 Distribution – serves as the communication point between the access layer
and the core. Its primary functions are to provide routing, filtering, and WAN access
and to determine how packets can access the core. This layer determines the fastest
way that network service requests are accessed – for example, how a file request is
forwarded to a server – and, if necessary, forwards the request to the core layer.
This layer usually consists of routers and multilayer switches.
 Core – also referred to as the network backbone, this layer is responsible for
transporting large amounts of traffic quickly. The core layer provides interconnectivity
between distribution layer devices it usually consists of high speed devices, like high
end routers and switches with redundant links.

Types of Ethernet cabling

There are three cable types commonly used for Ethernet cabling: coaxial, twisted
pair, and fiber-optic cabling. In today’s LANs, the twisted pair cabling is the most
popular type of cabling, but the fiber-optic cabling usage is increasing, especially in
high performance networks. Coaxial cabling is generally used for cable Internet
access. Let’s expain all three cable types in more detail.

Coaxial cabling
A coaxial cable has an inner conductor that runs down the middle of the cable. The
conductor is surrounded by a layer of insulation which is then surrounded by another
conducting shield, which makes this type of cabling resistant to outside interference.
This type of cabling comes in two types – thinnet and thicknet. Both types have
maximum transmission speed of 10 Mbps. Coaxial cabling was previously used in
computer networks, but today are largely replaced by twisted-pair cabling (Photo
credit: Wikipedia)

Twisted-pair cabling
A twisted-pair cable has four pair of wires. These wires are twisted around each
other to reduce crosstalk and outside interference. This type of cabling is common in
current LANs.
Twisted-pair cabling can be used for telephone and network cabling. It comes in two
versions, UTP (Unshielded Twisted-Pair) and STP (Shielded Twisted-Pair). The
difference between these two is that an STP cable has an additional layer of
insulation that protects data from outside interferences.

Here you can see how a twisted pair cable looks like (Photo credit: Wikipedia):

A twisted-pair cable uses 8P8C connector, sometimes wrongly referred to as RJ45

connector (Photo credit: Wikipedia).

Fiber-optic cabling
This type of cabling uses optical fibers to transmit data in the form of light signals.
The cables have strands of glass surrounded by a cladding material (Photo credit:
Wikipedia):
 This type of cabling can support greater cable lengths than any other cabling type
(up to a couple of miles). The cables are also immune to electromagnetic
interference. As you can see, this cabling method has many advantages over other
methods but its main drawback is that it is more expensive.

There are two types of fiber-optic cables:

 Single-mode fiber (SMF) – uses only a single ray of light to carry data. Used
for larger distances.
 Multi-mode fiber (MMF) – uses multiple rays of light to carry data. Less
expensive than SMF.

Four types of connectors are commonly used:

 ST (Straight-tip connector)
 SC (Subscriber connector)
 FC (Fiber Channel)
 LC (Lucent Connector)

Types of Ethernet cables – straight-through and

crossover
Ethernet cables can come in two forms when it comes to wiring:

1. Straight-through cable

This cable type has identical wiring on both ends (pin 1 on one end of the cable is
connected to pin 1 at the other end of the cable, pin 2 is connected to pin 2 etc.):
 This type of cable is used to connect the following devices:

 computer to hub
 computer to switch
 router to hub
 router to switch

Computers and routers use wires 1 and 2 to transmit data and wires 3 and 6 to
receive data. Hubs and switches use wires 1 and 2 to receive data and wires 3 and 6
to send data. That is why, if you want to connect two computers together, you will
need a crossover cable.

2. Crossover cable

With the crossover cable, the wire pairs are swapped, which means that different
pins are connected together – pin 1 on one end of the cable is connected to pin 3 on
the other end, pin 2 on one end is connected to pin 6 on the other end (Photo credit:
Wikipedia):

This type of cable is used when you need to connect two devices that use same
wires to send and receive data. For example, consider connecting two computers
together. If you use straight-through cable, with identical wiring in both ends, both
computers will use wires 1 and 2 to send data. If computer A sends some packets to
computer B, computer A will send that data using wires 1 and 2. That will cause a
problem because computers expect packets to be received on wires 3 and 6, and
your network will not work properly. This is why you need to use a crossover cable
for such connections.
NOTE
Newer devices support the Auto MDI-X capability to automatically detect and configure the
required cable connection type. This removes the need for a specific cable type between certain
devices. Also, note that the Gigabit Ethernet and faster standards use all four wire pairs to
transfer data in both direction simultaneously.

Types of IP addresses
The IP addresses are divided into three different types, based on their operational
characteristics:

1. unicast IP addresses – an address of a single interface. The IP addresses of this

type are used for one-to-one communication. Unicast IP addresses are used to
direct packets to a specific host. Here is an example:

In the picture above you can see that the host wants to communicate with the server.
It uses the (unicast) IP address of the server (192.168.0.150) to do so.

2. multicast IP addresses – used for one-to-many communication. Multicast

messages are sent to IP multicast group addresses. Routers forward copies of the
packet out to every interface that has hosts subscribed to that group address. Only
the hosts that need to receive the message will process the packets. All other hosts
on the LAN will discard them. Here is an example:
R1 has sent a multicast packet destined for 224.0.0.9. This is an RIPv2 packet, and
only routers on the network should read it. R2 will receive the packet and read it. All
other hosts on the LAN will discard the packet.

3. broadcast IP addresses – used to send data to all possible destinations in the

broadcast domain (the one-to-everybody communication). The broadcast address for
a network has all host bits on. For example, for the network 192.168.30.0
255.255.255.0 the broadcast address would be 192.168.30.255*. Also, the IP
address of all 1’s (255.255.255.255) can be used for local broadcast. Here’s an
example:
R1 wants to communicate with all hosts on the network and has sent a broadcast
packet to the broadcast IP address of 192.168.30.255. All hosts in the same
broadcast domain will receive and process the packet.

*This is because the subnet mask of 255.255.255.0 means that the last octet in the
IP address represents the host bits. And 8 one’s written in decimal is 255.

Classes of IP addresses
TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has
a range of valid IP addresses. The value of the first octet determines the class. IP
addresses from the first three classes (A, B and C) can be used for host addresses.
The other two classes are used for other purposes – class D for multicast and class
E for experimental purposes.

The system of IP address classes was developed for the purpose of Internet IP
addresses assignment. The classes created were based on the network size. For
example, for the small number of networks with a very large number of hosts, the
 Class A was created. The Class C was created for numerous networks with small
number of hosts.

Classes of IP addresses are:

For the IP addresses from Class A, the first 8 bits (the first decimal number)
represent the network part, while the remaining 24 bits represent the host part. For
Class B, the first 16 bits (the first two numbers) represent the network part, while the
remaining 16 bits represent the host part. For Class C, the first 24 bits represent the
network part, while the remaining 8 bits represent the host part.

Consider the following IP addresses:

 10.50.120.7 – because this is a Class A address, the first number (10)

represents the network part, while the remainder of the address represents the host
part (50.120.7). This means that, in order for devices to be on the same network, the
first number of their IP addresses has to be the same for both devices. In this case, a
device with the IP address of 10.47.8.4 is on the same network as the device with
the IP address listed above. The device with the IP address 11.5.4.3 is not on the
same network, because the first number of its IP address is different.
 172.16.55.13 – because this is a Class B address, the first two numbers
(172.16) represent the network part, while the remainder of the address represents
the host part (55.13). A device with the IP address of 172.16.254.3 is on the same
network, while a device with the IP address of 172.55.54.74 isn’t.

 
NOTE
The system of network address ranges described here is generally bypassed today by use of
the Classless Inter-Domain Routing (CIDR) addressing.
 

Special IP address ranges that are used for special purposes are:

 0.0.0.0/8 – addresses used to communicate with the local network

 127.0.0.0/8 – loopback addresses
 169.254.0.0/16 – link-local addresses (APIPA)

Private IP addresses explained

The original design of the Internet intended that each host on every network should
have a real, routable IP address. An organization that would like to access the
Internet would complete some paperwork to describe its internal network and the
number of hosts on it. The organization would then receive a number of IP
 addresses, according to its needs. But there was one huge problem with this concept
– if each host on each network in the world was provided with an unique IP address,
we would have run out of IP addresses a long time ago!

Therefore, the concept of private IP addressing was developed to address the IP

address exhaustion problem. The private IP addresses can be used on the private
network of any organization in the world and are not globally unique.

Consider the following example:

In the example above you can see that two unrelated organizations use the same
private IP network (10.0.0.0/24) inside their respective internal networks. Because
private IP addresses are not globally unique, both organizations can use private IP
addresses from the same range. To access the Internet, the organizations can use a
technology called Network Address Translation (NAT), which we will describe in the
later lessons.

There are three ranges of addresses that can be used in a private network (e.g. your
home LAN or office)

 10.0.0.0 – 10.255.255.255
 172.16.0.0 – 172.31.255.255
 192.168.0.0 – 192.168.255.255

Internet routers are configured to discard any packets coming from the private IP
address ranges, so these addresses are not routable on the Internet.
 Subnetting explained
Subnetting is the practice of dividing a network into two or more smaller networks. It
increases routing efficiency, enhances the security of the network and reduces the
size of the broadcast domain.

Consider the following example:

In the picture above we have one huge network: 10.0.0.0/24. All hosts on the
network are in the same subnet, which has the following disadvantages:

 a single broadcast domain – all hosts are in the same broadcast domain. A
broadcast sent by any device on the network will be processed by all hosts, creating
lots of unnecessary traffic.
 network security – each device can reach any other device on the network,
which can present security problems. For example, a server containing sensitive
information shouldn’t be in the same network as user’s workstations.
 organizational problems – in a large networks, different departments are
usually grouped into different subnets. For example, you can group all devices from
the Accounting department in the same subnet and then give access to sensitive
financial data only to hosts from that subnet.

The network above could be subnetted like this:

Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting
and 10.1.0.0/24 for Marketing. Devices in each subnet are now in a different
broadcast domain. This will reduce the amount of traffic flowing on the network and
allow us to implement packet filtering on the router.

Subnet mask
An IP address is divided into two parts: network and host parts. For example, an IP
class A address consists of 8 bits identifying the network and 24 bits identifying the
host. This is because the default subnet mask for a class A IP address is 8 bits long.
(or, written in dotted decimal notation, 255.0.0.0). What does it mean? Well, like an
IP address, a subnet mask also consists of 32 bits. Computers use it to determine
the network part and the host part of an address. The 1s in the subnet mask
represent a network part, the 0s a host part.
Computers works only with bits. The math used to determine a network range is
binary AND.

Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8
bits (255.0.0.0).
First, we need to convert the IP address to binary:

IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000

Computers then use the AND operation to determine the network number:

The computer can then determine the size of the network. Only IP addresses that
begins with 10 will be in the same network. So, in this case, the range of addresses
in this network is 10.0.0.0 – 10.255.255.255.
NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.

Create subnets
There are a couple of ways to create subnets. In this article we will subnet a class C
address 192.168.0.0 that, by default, has 24 subnet bits and 8 host bits.

Before we start subnetting, we have to ask ourselves these two questions:

1. How many subnets do we need?

2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit,
we can have 21 or 2 subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets,
etc.

2. How many hosts per subnet do we need?

2y – 2 = number of hosts per subnet. y is the number of 0s in the subnet mask.

Subnetting example
 An example will help you understand the subnetting concept. Let’s say that we need
to subnet a class C address 192.168.0.0/24. We need two subnets with 50 hosts per
subnet. Here is our calculation:

1. Since we need only two subnets, we need 2 1 subnet bits. In our case, this means
that we will take one bit from the host part. Here is the calculation:

First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s
convert them to binary:

192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000

We need to take a single zero from the host part of the subnet mask. Here is our
new subnet mask:

255.255.255.128 = 11111111.11111111.11111111.10000000

Remember, the ones in the subnet mask represent the network.

2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left
with seven bits for the hosts. Is it enough for 50 hosts? The formula to calculate the
number of hosts is 2y – 2, with y representing the number of host bits. Since 2 7 – 2 is
126, we have more than enough bits for our hosts.

3. Our network will look like this:

192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range
of IP addresses in this subnet is 192.168.0.0 – 192.168.0.127.

192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128.

The range of IP addresses in this subnet is 192.168.0.128 – 192.168.0.255.

CIDR (Classless inter-domain routing)

CIDR (Classless inter-domain routing) is a method of public IP address
assignment. It was introduced in 1993 by Internet Engineering Task Force with the
following goals:

 to deal with the IPv4 address exhaustion problem

 to slow down the growth of routing tables on Internet routers

Before CIDR, public IP addresses were assigned based on the class boundaries:

 Class A – the classful subnet mask is /8. The number of possible IP
addresses is 16,777,216 (2 to the power of 24).
 Class B – the classful subnet mask is /16. The number of addresses is
65,536
 Class C – the classful subnet mask is /24. Only 256 addresses available.

Some organizations were known to have gotten an entire Class A public IP address
(for example, IBM got all the addresses in the 9.0.0.0/8 range). Since these
addresses can’t be assigned to other companies, there was a shortage of available
IPv4 addresses. Also, since IBM probably didn’t need more than 16 million IP
addresses, a lot of addresses were unused.

To combat this, the classful network scheme of allocating the IP address was
abandoned. The new system was classsless – a classful network was split into
multiple smaller networks. For example, if a company needs 12 public IP addresses,
it would get something like this: 190.5.4.16/28.

The number of usable IP addresses can be calculated with the following formula:

2 to the power of host bits – 2

In the example above, the company got 14 usable IP addresses from the 190.5.4.16
– 190.5.4.32 range because there are 4 host bits and 2 to the power of 4 minus 2 is
14 The first and the last address are the network address and the broadcast
address,,respectively. All other addresses inside the range could be assigned to
Internet hosts.

Ping explained
ping is perhaps the most commonly used tool to troubleshoot a network. Ping
(Packet Internet Groper) is included with most operating systems. It is invoked
using a ping command and uses ICMP (Internet Control Message Protocol) to
reports errors and provides information related to IP packet processing. Ping works
by sending an ICMP echo request message to the specified IP address. If the
computer with the destination IP address is reachable, it responds with an ICMP
echo reply message.

A ping command usually outputs some other information about a network

performance, e.g. a round-trip time, a time to send an ICMP request packetand
receive an ICMP reply packet.

Here is an output of the ping command from a Windows PC:

In the example above we have pinged the ip address 10.10.100.1. By default, ping

on Windows sends four ICMP request packets. As you can see from the output
above, the host with the IP address of 10.10.100.1 is reachable and has replied with
four ICMP reply packets. You can also see that the remote host has replied within 1
ms (time<1ms), which indicates that the network is not congested.
 Extended ping command
The ping command in Cisco IOS (and other operating systems) is used to test the
accessibility of devices on a TCP/IP network. Cisco devices also support
the extended ping command that allows you to perform a more advanced check of
the host reachability and network connectivity. With this command, you can define
the source IP address as any IP address on the router, number and size of ping
packets, different timeout interval, etc.

The extended ping command is invoked from the privileged exec mode by

typing ping and pressing Enter. The following arguments can be modified:

 Protocol [ip] – specify the protocol, such as appletalk, clns, ip, novell, apollo,
vines, decnet, or xns. The default is ip.
 Target IP address – specify the IP address or the hostname of the host to
ping.
 Repeat count – specify the number of ping packets that will be sent to the
destination address. 5 by default.
 Datagram size – specify the size of the ping packet (in bytes). The default is
100 bytes.
 Timeout in seconds – specify the timeout interval. The default is 2 seconds.
The echo reply needs to be received before the timeout expires in order for ping to
be successful.
 Extended commands – specify whether or not a series of additional
commands will appear. The default is no. If you type yes additional arguments will be
shown.
 Source address or interface – specify the interface or the IP address of the
router to use as the source address for the ping packets.
 Type of service – specifies the Type of Service (ToS). This is the Internet
service’s quality selection. The default is 0.
 Set DF bit in IP header? – specify whether or not the Don’t Fragment (DF) bit
will be set on the ping packet. If yes is entered, the Don’t Fragment option does not
allow the packet to be fragmented. The default is no.
 Validate reply data? – specify whether or not to validate the reply data. The
default is no.
 Data pattern – specify the data pattern. Data patterns are used to
troubleshoot framing errors and clocking problems on serial lines. The default
is [0xABCD].
 Loose, Strict, Record, Timestamp, Verbose – specify the IP header
options.
 Sweep range of sizes – specify the sizes of the ping echo packets that are
sent. This parameter is used to determine the minimum sizes of the MTUs
configured on the nodes along the path to the destination address. The default is no.

The extended ping command is most often used to change the source IP address of
the ping echo packets. Consider the following example:
By default, routers choose the IP address of the outgoing interface as the source IP
address for ping echo packets. This means that R2 will use the IP address of the
Fa0/1 interface (10.0.0.1) as the source IP address for the ping packets sent to
10.0.0.2 (R1). Let’s try to ping R1 using the standard ping command:

R2#ping 10.0.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

As you can see from the output, the ICMP replies were received. However, I can run
the extended ping command to change the source IP address to the IP address of
the R2 Fa0/0 interface (192.168.5.1). This is done to ensure that R1 knows about the
192.168.5.1 network (in other words, that it knows where to send packets destined
for the 192.168.5.0/24 network, which could indicate routing problems).

R2#ping

Protocol [ip]:

Target IP address: 10.0.0.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: yes

Source address or interface: 192.168.5.1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

Packet sent with a source address of 192.168.5.1

.....

Success rate is 0 percent (0/5)

In the output above you can see that no echo replies were received after I’ve
changed the source IP of the ping packets. This means that R1 doesn’t know how to
reach the 192.168.5.0/24 network.

Traceroute explained
Traceroute is a command-line interface based tool used to identify the path used by
a packet to reach its target. This tool also uses ICMP messages, but unlike ping, it
identifies every router in a path taken by the packets. Traceroute is useful when
troubleshooting network problems because it can help identify where exactly the
problem is. You can figure out which router in the path to an unreachable target
should be examined more closely as the probable cause of the network’s failure.

Traceroute sends a series of ICMP echo request packets to a destination. First

series of messages has a Time to Live (TTL) parameter set to 1, which means that
the first router in a path will discard the packet and send an ICMP Time Exceeded
message. TTL is then increased by one until the destination host is reached and an
ICMP echo reply message is received. Originating host can then use received ICMP
messages to identify all routers in a path.
NOTE
The traceroute command on Windows is named tracert. On Unix and Cisco IOS traceroute it is
invoked using the traceroute command.
 

Here is an example of using the tracert command in Windows:

In the output above you can see that the traceroute command has listed the IP
addresses of all of the routers in the path.

Traceroute on Unix-like operating systems

Traceroute command on Unix works slighty different than the Windows version. It
uses UDP packets with a large destination port number (33434 to 33534) that is
unlikely to be used by any application at the destination host. Like the Windows
version of the command, traceroute on Unix uses TTL to get the IP addresses of the
intermediary routers. When a destination host is reached, it replies with an ICMP port
unreachable message.

traceroute command
The traceroute command on a Cisco device can be used to identify the path used by
a packet to reach its target. It identifies all the routers in the path from the source
host to destination host and it can be useful when troubleshooting network problems.
Using this command you can figure out which router in the path to an unreachable
target should be examined more closely as the probable cause of the network’s
failure.

Consider the following example network:

 In the picture above you can see that we have a network of four routers. The network
is working correctly. Consider what happens when we issue the traceroute command
on R1 to the IP address of the router’s R4 Gi0/0 interface (172.16.0.2):

R1#traceroute 172.16.0.2

Type escape sequence to abort.

Tracing the route to 172.16.0.2

1 10.0.0.1 0 msec 0 msec 0 msec

2 192.168.5.2 0 msec 0 msec 0 msec

3 172.16.0.2 0 msec 0 msec 0 msec

You can see that the traceroute command has listed the IP addresses of all of the
routers in the path to the destination. Now let’s assume that the router R3 goes
down. Consider the command output now:

R1#traceroute 172.16.0.2

Type escape sequence to abort.

Tracing the route to 172.16.0.2

1 10.0.0.1 0 msec 0 msec 0 msec

2 10.0.0.1 !H * !H

3**

Notice how there is no response from R3 (192.168.5.2). Using this information, we

can assume that there is a problem with R3 and investigate the matter. The !H in the
output indicates that the host is unreachable. Other character that can appear in
the traceroute command output are:

 number of miliseconds – the round-trip time in milliseconds.

 * – the probe has timed out.
 A – administratively prohibited (for example, with an access-list).
 Q – source quench (the destination is too busy).
 I – user interrupted test.
 U – port is unreachable.
 N – the network is unreachable.
 P – the protocol is unreachable.
 T – timeout.
 ? – unknown packet type.

Wildcard masks
Wildcard masks are used to specify a range of network addresses. They are
commonly used with routing protocols (like OSPF) and access lists.

Just like a subnet mask, a wildcard mask is 32 bits long. It acts as an inverted subnet
masks, but with wildcard mask, the zero bits indicate that the corresponding bit
position must match the same bit position in the IP address. The one bits indicate
that the corresponding bit position doesn’t have to match the bit position in the IP
address.

Here is an example of using a wildcard mask to include only the desired interfaces in
the OSPF routing process:

Router R1 has three networks directly connected. To include only the 10.0.1.0
subnet in the OSPF routing process, the following network command can be used:

R1(config)#router ospf 1

R1(config-router)#network 10.0.1.0 0.0.0.255 area 0

Let’s break down the wildcard part of the command. To do that, we need to use
binary numbers instead of decimal notation.

10.0.1.0 = 00001010.00000000.00000001.00000000

0.0.0.255 = 00000000.0000000.00000000.11111111

The theory says that the zero bits of the wildcard mask have to match the same
position in the IP address. So, let’s write the wildacard mask below the IP address:

00001010.00000000.00000001.00000000

00000000.00000000.00000000.11111111

As you can see from the output above, the last octet doesen’t have to match,
because the wildcard mask bits are all ones. The first 24 bits have to match,
because of the wildcard mask bits of all zeros. So, in this case, wildcard mask will
match all addresses that begins with 10.0.1.X. In our case, only one network will be
matched, 10.0.1.0/24.

What is we want to match both 10.0.0.0/24 and 10.0.1.0/24? Than we will have to
use different wildcard mask. We need to use the wildcard mask of 0.0.1.255. Why is
that? Well, we again need to write down the addresses in binary:

00001010.00000000.00000000.00000000 = 10.0.0.0

00001010.00000000.00000001.00000000 = 10.0.1.0

00000000.00000000.00000001.11111111 = 0.0.1.255

From the output above, we can see that only the first 23 bits have to match (notice
that the third octet of the wildcard mask has a 1 at the end). That means that all
addresses in the range of 10.0.0.0 – 10.0.1.255 will be matched. So, in our case, we
have successfully matched both addresses, 10.0.0.0 and 10.0.1.0.
NOTE
Wildcard mask of all zeros (0.0.0.0) means that the entire IP address have to match in order for a
statement to execute. For example, if we want to match only the IP address of 192.168.0.1, the
command used would be 192.168.0.1 0.0.0.0.
A wildcard mask of all ones (255.255.255.255) means that no bits have to match. This basically
means that all addresses will be matched.

Cisco console rollover cable

A rollover cable is usually shipped with each Cisco device. This cable connects a
serial port on your computer to the console port of the device and it is used for the
device’s initial configuration. It is called rollover because the wires on one end are
rolled at the other end – the wire at pin 1 connects to the pin 8 on the other side, the
wire at pin 2 to the pin 7, etc.

The cable is of light blue color with a DB-9 connector at one end and a RJ-45
connector at the other:
 You connect the rollover cable to the serial port on your computer. On the Cisco
device, there is a blue console port (usually marked in blue) to which you connect
the other end of the cable:After the cable is connected, you can access the device
using the terminal emulation software (e.g. Putty or HyperTerminal). You need to
configure the PC’s serial port to match the console port settings. Here are the
defaults:

 9600 baud
 no hardware flow control
 8 data bits
 no parity bits
 1 stop bit
  

NOTE
Newer Cisco devices usually include a USB console port, since serial ports are rare on modern
PCs.

TCP/IP suite of protocols

The TCP/IP suite is a set of protocols used on computer networks today (most
notably on the Internet). It provides an end-to-end connectivity by specifying how
data should be packetized, addressed, transmitted, routed and received on a TCP/IP
network. This functionality is organized into four abstraction layers and each protocol
in the suite resides in a particular layer.

The TCP/IP suite is named after its most important protocols, the Transmission
Control Protocol (TCP) and the Internet Protocol (IP). Some of the protocols included
in the TCP/IP suite are:

 ARP (Address Resolution Protocol) – used to associate an IP address with

a MAC address.
 IP (Internet Protocol) – used to deliver packets from the source host to the
destination host based on the IP addresses.
 ICMP (Internet Control Message Protocol) – used to detects and reports
network error conditions. Used in ping.
 TCP (Transmission Control Protocol) – a connection-oriented protocol that
enables reliable data transfer between two computers.
 UDP (User Datagram Protocol) – a connectionless protocol for data transfer.
Since a session is not created before the data transfer, there is no guarantee of data
delivery.
 FTP (File Transfer Protocol) – used for file transfers from one host to
another.
 Telnet (Telecommunications Network) – used to connect and issue
commands on a remote computer.
 DNS (Domain Name System) – used for host names to the IP address
resolution.
 HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic
images, sound, video, and other multimedia files) on the World Wide Web.

The following table shows which protocols reside on which layer of the TCP/IP
model:

TCP explained
One of the main protocols in the TCP/IP suite is Transmission Control Protocol
(TCP). TCP provides reliable and ordered delivery of data between applications
running on hosts on a TCP/IP network. Because of its reliable nature, TCP is used
by applications that require high reliability, such as FTP, SSH, SMTP, HTTP, etc.

TCP is connection-oriented, which means that, before data is sent, a connection

between two hosts must be established. The process used to establish a TCP
connection is known as the three-way handshake. After the connection has been
established, the data transfer phase begins. After the data is transmitted, the
connection is terminated.

One other notable characteristic of TCP is its reliable delivery. TCP uses sequence
numbers to identify the order of the bytes sent from each computer so that the data
can be reconstructed in order. If any data is lost during the transmission, the sender
can retransmit the data.

Because of all of its characteristics, TCP is considered to be complicated and costly

in terms of network usage. The TCP header is up to 24 bytes long and consists of
the following fields:

 source port – the port number of the application on the host sending the
data.
 destination port – the port number of the application on the host receiving
the data.
 sequence number – used to identify each byte of data.
 acknowledgment number – the next sequence number that the receiver is
expecting.
 header length – the size of the TCP header.
 reserved – always set to 0.
 flags – used to set up and terminate a session.
 window – the window size the sender is willing to accept.
 checksum – used for error-checking of the header and data.
 urgent – indicates the offset from the current sequence number, where the
segment of non-urgent data begins.
 options – various TCP options, such as Maximum Segment Size (MSS) or
Window Scaling.

 
NOTE
TCP is a Transport layer protocol (Layer 4 of the OSI model).

TCP three-way handshake

Since TCP is a connection-oriented protocol, a connection needs to be established
before two devices can communicate. TCP uses a process called three-way
handshake to negotiate the sequence and acknowledgment fields and start the
session. Here is a graphical representation of the process:

As the name implies, the three way handshake process consists of three steps:

1.
1. Host A initiates the connection by sending the TCP SYN packet to the
destination host. The packet contains the random sequence number (e.g. 5432)
which marks the beginning of the sequence numbers for data that the Host A will
transmit.
2. The Server receives the packet and responds with its own sequence
number. The response also includes the acknowledgment number, which is Host A’s
sequence number incremented by 1 (in our case, that would be 5433).
3. Host A acknowledges the response of the Server by sending the
acknowledgment number, which is the Server’s sequence number incremented by 1.

Here is another picture with the numbers included:

 After the data transmission process is finished, TCP will terminate the connection
between two endpoints. This four-step process is illustrated below:

1. The client application that wants to close the connection sends a TCP
segment with the FIN (Finished) flag set to 1.
2. The server receives the TCP segment and acknowledges it with the ACK
segment.
3. Server sends its own TCP segment with the FIN flag set to 1 to the client in
order to terminate the connection.
4. The client acknowledges the server’s FIN segment and closes the connection.

UDP explained
One other important protocol in the TCP/IP site is User Datagram Protocol (UDP).
This protocol is basically a scaled-down version of TCP. Just like TCP, this protocol
provides delivery of data between applications running on hosts on a TCP/IP
network, but, unlike TCP, it does not sequence the data and does not care about the
order in which the segments arrive at the destination. Because of this it is considered
to be an unreliable protocol. UDP is also considered to be a connectionless protocol,
since no virtual circuit is established between two endpoints before the data transfer
takes place.

Because it does not provide many features that TCP does, UDP uses much less
network resources than TCP. UDP is commonly used with two types of applications:

 applications that are tolerant of the lost data – VoIP (Voice over IP) uses
UDP because if a voice packet is lost, by the time the packet would be retransmitted,
too much delay would have occurred, and the voice would be unintelligible.
 applications that have some application mechanism to recover lost
data – Network File System (NFS) performs recovery with application layer code, so
UDP is used as a transport-layer protocol.

The UDP header is 8 bytes long and consists of the following fields:

Here is a description of each field:

 source port – the port number of the application on the host sending the
data.
 destination port – the port number of the application on the host receiving
the data.
 length – the length of the UDP header and data.
 checksum – checksum of both the UDP header and UDP data fields.

 
NOTE
UDP is a Transport layer protocol (Layer 4 of the OSI model).

Ports explained
A port is a 16-bit number used to identify specific applications and services. TCP
and UDP specify the source and destination port numbers in their packet headers
and that information, along with the source and destination IP addresses and the
transport protocol (TCP or UDP), enables applications running on hosts on a TCP/IP
network to communicate.

Applications that provide a service (such as FTP and HTTP servers) open a port on
the local computer and listen for connection requests. A client can request the
service by pointing the request to the application’s IP address and port. A client can
use any locally unused port number for communication. Consider the following
example:
In the picture above you can see that a host with an IP address of 192.168.0.50
wants to communicate with the FTP server. Because FTP servers use, by default,
the well-known port 21, the host generates the request and sends it to the FTP
server’s IP address and port. The host use the locally unused port of 1200 for
communication. The FTP server receives the request, generates the response,and
sends it to the host’s IP address and port.

Port numbers are from 0 to 65535. The first 1024 ports are reserved for use by
certain privileged services:
NOTE
The combination of an IP address and a port number is called a socket. In our example the
socket would be 192.168.0.50:1200.

ARP (Address Resolution Protocol) explained

ARP (Address Resolution Protocol) is a network protocol used to find out the
hardware (MAC) address of a device from an IP address. It is used when a device
wants to communicate with some other device on a local network (for example on an
Ethernet network that requires physical addresses to be known before sending
packets). The sending device uses ARP to translate IP addresses to MAC
addresses. The device sends an ARP request message containing the IP address of
the receiving device. All devices on a local network segment see the message, but
only the device that has that IP address responds with the ARP reply message
containing its MAC address. The sending device now has enough information to
send the packet to the receiving device.

ARP request packets are sent to the broadcast addresses (FF:FF:FF:FF:FF:FF for
the Ethernet broadcasts and 255.255.255.255 for the IP broadcast).

Here is the explanation otf the ARP process:

Let’s say that Host A wants to communicate with host B. Host A knows the IP
address of host B, but it doesn’t know the host B’s MAC address. In order to find out
the MAC address of host B, host A sends an ARP request, listing the host B’s IP
address as the destination IP address and the MAC address of FF:FF:FF:FF:FF:FF
(Ethernet broadcast). Switch will forward the frame out all interfaces (except the
incoming interface). Each device on the segment will receive the packet, but
because the destination IP address is host B’s IP address, only host B will reply with
the ARP reply packet, listing its MAC address. Host A now has enough information
to send the traffic to host B.

All operating systems maintain ARP caches that are checked before sending an
ARP request message. Each time a host needs to send a packet to another host on
the LAN, it first checks its ARP cache for the correct IP address and matching MAC
address. The addresses will stay in the cache for a couple of minutes. You can
display ARP entries in Windows by using the arp -a command:
 DHCP & DNS
DHCP (Dynamic Host Configuration Protocol)
DHCP is a network protocol that is used to assign various network parameters to a
device. This greatly simplifies administration of a network, since there is no need to
assign static network parameters for each device.

DHCP is a client-server protocol. A client is a device that is configured to use DHCP

to request network parameters from a DHCP server. DHCP server maintains a pool
of available IP addresses and assignes one of them to the host. A DHCP server can
also provide some other parameters, such as:

 subnet mask
 default gateway
 domain name
 DNS server

Cisco routers can be configured as both DHCP client and DHCP server.

DHCP process explained:

DHCP client goes through the four step process:

1: A DHCP client sends a broadcast packet (DHCP Discover) to discover DHCP
servers on the LAN segment.

2: The DHCP servers receive the DHCP Discover packet and respond with DHCP
Offer packets, offering IP addressing information.

3: If the client receives the DHCP Offer packets from multiple DHCP servers, the first
DHCP Offer packet is accepted. The client responds by broadcasting a DHCP
Request packet, requesting the network parameters from the server that responded
first.

4: The DHCP server approves the lease with a DHCP Acknowledgement packet.

The packet includes the lease duration and other configuration information.
NOTE
DHCP uses a well-known UDP port number 67 for the DHCP server, and the UDP port number
68 for the client.
DNS (Domain Name System)
DNS is a network protocol used to translate hostnames into IP addresses. DNS is
not required to establish a network connection, but it is much more user friendly for
human users than the numeric addressing scheme. Consider this example – you can
access the Google homepage by typing 216.58.207.206, but it’s much easier just to
type www.google.com!

To use DNS, you must have a DNS server configured to handle the resolution
process. A DNS server has a special-purpose application installed. The application
maintains a table of dynamic or static hostname-to-IP address mappings. When a
user request some network resource using a hostname, (e.g. by
typing www.google.com in a browser), a DNS request is sent to the DNS server
asking for the IP address of the hostname. The DNS server then replies with the IP
address. The user’s browser can now use that IP address to access
www.google.com.

The figure below explains the concept:

Suppose that the DNS Client wants to communicate with the server named Server1.
Since the DNS Client doesn’t know the IP address of Server1, it sends a DNS
Request to the DNS Server, asking for Server1’s IP address. The DNS Server
replies with the IP address of Server1 (DNS Reply).

The picture below shows a sample DNS record, taken from a DNS server:
Here you can see that the host with the hostname APP1 is using the IP address
of 10.0.0.3.
NOTE
DNS uses a well-known UDP port 53.

Telnet & SSH

Telnet
Telnet is a network protocol that allows a user to communicate with a remote device.
It is a virtual terminal protocol used mostly by network administrators to remotely
access and manage devices. Administrator can access the device by telnetting to
the IP address or hostname of a remote device.

To use telnet, you must have a software (Telnet client) installed. On a remote device,
a Telnet server must be installed and running. Telnet uses the TCP port 23 by
default.

One of the greatest disadvantages of this protocol is that all data, including
usernames and passwords, is sent in clear text, which is a potential security risk.
This is the main reason why Telnet is rarely used today and is being replaced by a
much secure protocol called SSH. Here you can find information about setting up
Telnet access on your Cisco device.
NOTE
The word telnet can also refer to the software that implements the telnet protocol.
 

On Windows, you can start a Telnet session by typing the telnet IP_ADDRESS or

HOSTNAME command:

Setting up Telnet
To access a Cisco device using telnet, you first need to enable remote login. Cisco
devices usually supports 16 concurrent virtual terminal sessions, so the first
command usually looks like this:

HOSTNAME(config)line vty 0 15

To enable remote login, the login command is used from the virtual terminal session
mode:

HOSTNAME(config-vty)login

Next, you need to define a password. This is done using the password command

from the virtual terminal session mode:

HOSTNAME(config-vty)password PASSWORD

Let’s try this on a real router. First, we will try to access the router without enabling
telnet on a device:

As you can see in the picture above, we can not access a Cisco device using telnet
before setting up the password. Let’s do that:

Now, let’s try to access our device:

This time, because telnet was configured on the device, we have successfully
telnetted to the device.

SSH (Secure Shell)

SSH is a network protocol used to remotely access and manage a device. The key
difference between Telnet and SSH is that SSH uses encryption, which means that
all data transmitted over a network is secure from eavesdropping. SSH uses
the public key encryption for such purposes.

Like Telnet, a user accessing a remote device must have an SSH client installed. On
a remote device, an SSH server must be installed and running. SSH uses the TCP
port 22 by default.

Here is an example of creating an SSH session using Putty, a free SSH client:

NOTE
SSH is the most common way to remotely access and manage a Cisco device. Here you can find
information about setting up SSH access on your Cisco device.

Setting up SSH
To enable secure access to your Cisco device, you can use SSH instead of Telnet.
SSH uses encryption to secure data from eavesdropping.
To enable SSH, the following steps are required:

1. set up a hostname and and a domain name.

2. configure local username and password.
3. generate RSA public and private keys.
4. allow only SSH access.

The following example shows the configuration of the first three steps:

First, we have defined the device hostname by using the hostname R1 command.

Next, we have defined the domain name by using the ip domain-name
cisco command. After that, the local user is created by using the username study
password ccna command. Next, we need to enable only the SSH access to a device.
This is done by using the transport input ssh command:

If we use the transport input ssh command, the telnet access to the device is

automatically disabled.
NOTE
You should use the more recent version of the protocol, SSH version 2. This is done by using
the ip ssh version 2 global configuration command.

FTP & TFTP

FTP (File Transfer Protocol)
FTP is a network protocol used to transfer files from one computer to another over a
TCP network. Like Telnet, it uses a client-network architecture, which means that a
user has to have an FTP client installed to access the FTP server running on a
remote machine. After establishing the FTP connection, the user can download or
upload files to and from the FTP server.
Consider the following example:

A user wants to transfer files from Host A to the FTP server. The user will start an
FTP client program (in this example, Filezilla), and initiate the connection:

In the example above, the anonymous authentication was used, so the user was not
asked to provide the password. The client can now transfer files from and to the FTP
server using the graphical interface.
NOTE
FTP uses two TCP ports: port 20 for sending data and port 21 for sending control
commands. The protocol supports the use of authentication, but like Telnet, all data is sent in
clear text, including usernames and passwords.
TFTP (Trivial File Protocol)
TFTP is a network protocol used to transfer files between remote machines. It is a
simple version of FTP, lacking some of the more advanced features FTP offers, but
requiring less resources than FTP.

Because of it’s simplicity TFTP can be used only to send and receive files. This
protocol is not widely used today, but it still can be used to save and restore a router
configuration or to backup an IOS image.

Consider the following example:

 A user wants to transfer files from Host A to the router R1. R1 is a Cisco device and
it has a TFTP server installed. The user will start an TFTP client program and initiate
the data transfer.
NOTE
TFTP doesn’t support user authentication and sends all data in clear text. It uses UDP port 69 for
communication.

SNMP (Simple Network Management Protocol)

Simple Network Management Protocol (SNMP) is an application layer protocol
that is used for network device management. This protocol can collects and
manipulate valuable network information from switches, routers, servers, printers,
and other network-attached devices.

An SNMP-managed network consists of two components:

 Network management station (NMS) – the software which runs on the

administrative computer. This software gathers SNMP data by requiring the devices
on the network to disclose certain information. Devices can also inform the NMS
about problems they are experiencing by sending an SNMP alert (called a trap).
 Agent – the software which runs on managed devices and reports information
via SNMP to the NMS.

Consider the following example:

The router R1 is configured to send SNMP traps to the NMS Station. If a problem
occurs, the router will send an SNMP trap to Host A. For example, if there is a port
security violation on R1, the router will send the SNMP trap, notifying that there has
been a potential security breach on the network.
NOTE
SNMP agents use a UDP port 161, while the manager uses a UDP port 162. The current SNMP
version is SNMPv3. The prior versions, SNMPv1 and SNMPv2 are considered obsolete and
should not be used.

HTTP and HTTPS explained

HTTP (Hypertext Transfer Protocol)
HTTP is an client-server protocol that allows clients to request web pages from web
servers. It is an application level protocol widely used on the Internet. Clients are
usually web browsers. When a user wants to access a web page, a browser sends
an HTTP Request message to the web server. The server responds with the
requested web page. By default, web servers use the TCP port 80.

Clients and web servers use request-response method to communicate with each
other, with clients sending the HTTP Requests and servers responding with the
HTTP Responses. Clients usually send their requests using GET or POST methods,
for example GET /homepage.html. Web servers responds with a status message
(200 if the request was successful) and sends the requested resource.

An example will clarify this process:

The client wants to access http://google.com and points his browser to the
URL http://google.com (this is an example of an HTTP Request message). The
web server hosting http://google.com receives the request and responds with the
content of the web page (the HTTP response message).

Web servers usually use a well-known TCP port 80. If the port is not specified in a
URL, browsers will use this port when sending HTTP request. For example, you will
get the same result when requesting http://google.com and http://google.com:80.
NOTE
The version of HTTP most commonly used today is HTTP/1.1. A newer version, HTTP/2, is
available and supported by most browser.
 

HTTPS (Hypertext Transfer Protocol Secure)

Hypertext Transfer Protocol Secure is a secure version of HTTP. This protocol
enables secure communication between a client (e.g. web browser) and a server
(e.g. web server) by using encryption. HTTPS uses Transport Layer Security
(TLS) protocol or its predecessor Secure Sockets Layer (SSL) for encryption.

HTTPS is commonly used to create a secure channel over some insecure network,
e.g. Internet. A lot of traffic on the Internet is unencryped and susceptible to sniffing
attacks. HTTPS encrypts sensitive information, which makes a connection secure.

HTTPS URLs begin with https instead of http. In Internet Explorer, you can

immediately recognize that a web site is using HTTPS because a lock appears to the
right of the address bar:

NOTE
HTTPS uses a well-known TCP port 443. If the port is not specified in a URL, browsers will use
this port when sending HTTPS request. For example, you will get the same result when
requesting https://gmail.com and https://gmail.com:443.
NTP (Network Time Protocol)
Network Time Protocol (NTP) is an application layer protocol used for clock
synchronization between hosts on a TCP/IP network. The goal of NTP is to ensure
that all computers on a network agree on the time, since even a small difference can
create problems. For example, if there is more than 5 minutes difference on your
host and the Active Directory domain controller, you will not be able to login into your
AD domain.

NTP uses a hierarchical system of time sources. At the top of the structure are highly
accurate time sources – typically atomic or GPS clocks. These clocks are known as
stratum 0 servers. Stratum 1 servers are directly linked to stratum 0 servers and
computers run NTP servers that deliver the time to stratum 2 servers, and so on
(image source: Wikipedia):

NTP uses a client-server architecture; one host is configured as the NTP server and
all other hosts on the network are configured as NTP clients. Consider the following
example:
Host A is configured to use a public NTP server uk.pool.ntp.org. Host A will
periodically send an NTP request to the NTP server. The NTP server will provide the
accurate data and time, so Host A can synchronize its clock.
NOTE
NTP uses a well-known UDP port 123. The current version is NTPv4, and it is backward
compatible with NTPv3.

APIPA (Automatic Private IP Addressing)

Automatic Private IP Addressing (APIPA) is a feature in operating systems (such
as Windows) that enables computers to automatically self-configure an IP address
and subnet mask when their DHCP server isn’t reachable. The IP address range for
APIPA is 169.254.0.1-169.254.255.254, with the subnet mask of 255.255.0.0.

When a DHCP client boots up, it looks for a DHCP server in order to obtain network
parameters. If the client can’t communicate with the DHCP server, it uses APIPA to
configure itself with an IP address from the APIPA range. This way, the host will still
be able to communicate with other hosts on the local network segment that are also
configured for APIPA.

Consider the following example:

The host on the left is configured as DHCP client. The host boots up and looks for
DHCP servers on the network. However, the DHCP server is down and can’t
respond to the host. After some time (from a couple of seconds to a couple of
minutes, depending on the operating system) the client auto-configures itself with an
address from the APIPA range (e.g. 169.254.154.22).
NOTE
If your host is using an IP address from the APIPA range, there is usually a problem on the
network. Check the network connectivity of your host and the status of the DHCP server.
 

The APIPA service also checks regularly for the presence of a DHCP server (every
three minutes). If it detects a DHCP server on the network, the DHCP server
replaces the APIPA networking addresses with dynamically assigned addresses.

ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) is a network layer protocol that reports
errors and provides information related to IP packet processing. ICMP is used by
network devices to send error messages indicating, for example, that a requested
service is not available or that a host isn’t reachable.

ICMP is commonly used by network tools such as ping or traceroute. Consider the

following example that illustrates how ping can be used to test the reachability of a
host:

Host A wants to test whether it can reach Server over the network. Host A will start
the ping utility that will send ICMP Echo Request packets to Server. If Server is
reachable, it will respond with ICMP Echo Reply packets. If Host A receives no
response from Server, there might be a problem on the network.
NOTE
ICMP messages are encapsulated in IP datagrams, which means that they don’t use higher level
protocols (such as TCP or UDP) for transmission.
 

One other common ICMP message is the Destination unreachable message. Here

is an example:
Host A sends a packet to Host B. Because the Host B is down, the router will send
an ICMP Destination host unreachable message to Host A, informing it that the
destination host is unreachable, e.g.:

C:\>ping 192.168.8.11

Pinging 192.168.8.11 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 192.168.8.11:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

IP header
An IP header is a prefix to an IP packet that contains information about the IP
version, length of the packet, source and destination IP addresses, etc. It consists of
the following fields:
 Here is a description of each field:

 Version – the version of the IP protocol. For IPv4, this field has a value of 4.
 Header length – the length of the header in 32-bit words. The minumum
value is 20 bytes, and the maximum value is 60 bytes.
 Priority and Type of Service – specifies how the datagram should be
handled. The first 3 bits are the priority bits.
 Total length – the length of the entire packet (header + data). The minimum
length is 20 bytes, and the maximum is 65,535 bytes.
 Identification – used to differentiate fragmented packets from different
datagrams.
 Flags – used to control or identify fragments.
 Fragmented offset – used for fragmentation and reassembly if the packet is
too large to put in a frame.
 Time to live – limits a datagram’s lifetime. If the packet doesn’t get to its
destination before the TTL expires, it is discarded.
 Protocol – defines the protocol used in the data portion of the IP datagram.
For example, TCP is represented by the number 6 and UDP by 17.
 Header checksum – used for error-checking of the header. If a packet arrives
at a router and the router calculates a different checksum than the one specified in
this field, the packet will be discarded.
 Source IP address – the IP address of the host that sent the packet.
 Destination IP address – the IP address of the host that should receive the
packet.
 Options – used for network testing, debugging, security, and more. This field
is usually empty.

Consider the following IP header, captured with Wireshark:

Notice the fields in the header: the IP version is IPv4, the header length is 20 bytes,
the upper-level protocol used is TCP, the TTL value is set tu 128, source and
destination IP addresses are listed, etc.

Cisco IOS overview

IOS (Internetwork Operating System) is a multitasking operating system used on
most Cisco routers and switches. IOS has a command-line interface with the
predetermined number of multiple-word commands. This operating system is used to
configure routing, switching, internetworking and other features supported by a Cisco
device.
NOTE
Previous versions of Cisco switches ran CatOS, a legacy version of a CLI-based operating
sytem.
 

Below you can see how IOS looks like when a Cisco device is started for the first
time, using a 3745 router as an example:

Cisco 3745 (R7000) processor (revision 2.0) with 249856K/12288K bytes of memory.

Processor board ID FTX0945W0MY

R7000 CPU at 350MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache

5 FastEthernet interfaces

DRAM configuration is 64 bits wide with parity enabled.

 151K bytes of NVRAM.

Press RETURN to get started!

 Accessing the IOS

There are three most common ways to access the IOS:

1. Console access – this type of access is usually used to configure newly acquired
devices. These devices usually don’t have an IP address configured, and therefore
can not be accessed through the network. Most of the Cisco devices have a physical
console port. This port can be connected to a computer using a rollover cable, a
special type of cable with pins on one end reversed on the other end of the cable.
The rollover cable is a serial cable, which means that you can’t just plug it in an
Ethernet port on your computer. You will need an adapter that converts an interface
on your computer (usually a 9-pin serial interface) into RJ-45.
NOTE
Newer Cisco devices usually include a USB console port, since serial ports are rare on modern
PCs.
 

2. Telnet access – this type of access used to be a common way to access network
devices. Telnet is an terminal emulation program that enables you to access IOS
through the network and configure the device remotely. The device that is being
configured needs to have an Telnet server installed and an IP address configured.

Telnet uses a well known TCP port 23. One of the biggest disadvantages of this
protocol is that is sends all data as clear-text, which includes the passwords! This is
the reason why this type of access is usually not used anymore. Instead, SSH is
usually used.

3. SSH access – like Telnet, this access type enables you to configure devices
remotely, but it adds an extra layer of security by encrypting all communications
using public-key cryptography. SSH uses well known TCP port 22. 

IOS modes
IOS has many different modes. There are three main modes any many submodes.
We will describe the three main modes and one submode.

 user EXEC mode – the default mode for the IOS CLI. This is the mode that a
user is placed in after accessing the IOS. Only basic commands (like ping or telnet)
are available in this mode.
 privileged EXEC Mode – this mode is accessed by typing
the enable command from the user EXEC mode. This mode can be password
protected. In this mode a user can view and change a device’s configuration.
 global configuration mode – this mode can be accessed by typing
the configure terminal command from the privileged EXEC mode. It is used to
change the device’s configuration.
 

A global configuration mode can have many submodes. For example, when a user
wants to configure an interface, he will have to enter the interface submode by
entering the interface INTERFACE_TYPE INTERFACE_NUMBER command
(e.g. interface FastEthernet 0/1 ) from the global configuration mode. This submode
can have many commands that are specific for the interface.

We’ll describe each of the modes mentioned above in more detail in the following
lectures.

Power on a Cisco device

When you first power-on a newly purchashed Cisco device, it will perform a power-
on self-test (POST) to discover the hardware components and verify that all
components work properly. If the POST is successful, the device will enter the setup
mode. This mode presents a step-by-step dialog to help you configure some basic
parameters, such as the device hostname, passwords, interface IP address, etc. To
enter the setup mode, power on your device and type yes when prompted to make
a selection:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity

for management of the system, extended setup will ask you

to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: yes

Configuring global parameters:

Enter host name [Router]: R1

 The enable secret is a password used to protect access to

privileged EXEC and configuration modes. This password, after

entered, becomes encrypted in the configuration.

Enter enable secret: secret

The enable password is used when you do not specify an

enable secret password, with some older software versions, and

some boot images.

Enter enable password: cisco

The virtual terminal password is used to protect

access to the router over a network interface.

Enter virtual terminal password: cisco

Configure SNMP Network Management? [no]:no

Current interface summary

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 unassigned YES manual administratively down down

GigabitEthernet0/1 unassigned YES manual administratively down down

GigabitEthernet0/2 unassigned YES manual administratively down down

Vlan1 unassigned YES manual administratively down down

Enter interface name used to connect to the

management network from the above interface summary: GigabitEthernet0/2

Configuring interface GigabitEthernet0/2:

Configure IP on this interface? [yes]: yes

IP address for this interface: 192.168.0.1

Subnet mask for this interface [255.255.255.0] :

The following configuration command script was created:

hostname R1

enable secret 5 $1$mERr$5jbOD5lHVUWxAAsNOD6eO/

enable password cisco

line vty 0 4

password cisco

interface Vlan1

shutdown

no ip address

interface GigabitEthernet0/0

shutdown

no ip address

interface GigabitEthernet0/1

shutdown

no ip address
!

interface GigabitEthernet0/2

no shutdown

ip address 192.168.0.1 255.255.255.0

end

[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.

[2] Save this configuration to nvram and exit.

Enter your selection [2]: 2

Building configuration...

[OK]

Use the enabled mode 'configure' command to modify this configuration.

Press RETURN to get started!

The wizard guides you through the initial configuration of your device and will create
an initial configuration file. The setup mode is useful when you are unfamiliar with the
IOS CLI, but once you learn the basics of CLI, you probably won’t use this mode
ever again.
NOTE
You can enter the setup mode at any time from the command line by typing the setup command
from the privileged mode. To exit the setup mode without saving any changes, press CRTL+C.

IOS command modes

We’ve already learned that IOS has three main command modes: the user exec,
privileged exec, and the global configuration modes. Each of these modes serves a
different purpose and has its own set of commands. In this lesson we will describe
each of this modes in more detail.
User EXEC mode commands
Initially, a user logs into the User Exec mode. This is the mode with the least number
of commands. You can get a list of all available commands by typing the character ?.

As you can see, most of the commands available are used to show statistics and
perform some basic troubleshooting. The prompt on the left side of the screen
always displays the device hostname (R1 in this case), followed by the character >.

All commands can be abbreviated to their first letters of the command name. For
example, you can abbreviate ping by typing pin, because no other command in the
User EXEC mode IOS mode begins with these letters.

Privileged EXEC mode commands

This IOS mode is also called enable mode because you must enter
the enable command from a user EXEC mode if you want to access this mode. You
can use more commands in the privileged EXEC mode than you were able to use in
the user EXEC mode. You can save a device configuration or reload a device in this
mode. You can also enter a third mode, the configuration mode. The access to the
privileged EXEC mode is usually protected with a password.

The prompt for this mode shows # after the device hostname.
Global configuration mode commands
To change a device configuration, you need to enter the global configuration mode.
This mode can be accessed by typing configure terminal (or conf t, the abbreviated
version of the command) from the enable mode. The prompt for this mode
is hostname(config).

Global configuration mode commands are used to configure a device. You can set a
hostname, configure authentication, set an IP address for an interface, etc. From this
mode you can also access submodes, for example the interface mode, from where
you can configure interface options.

You can get back to a privileged EXEC mode by typing the end command. You can
also type CTRL + C to exit the configuration mode.
Submode commands
A global configuration mode contains many submodes. For example, if you want to
configure an interface you have to enter that interface configuration mode. Each
submode contains only commands that pertain to the resource that is being
configured.

To enter the interface configuration mode you need to specify which interface you
would like to configure. This is done by using the interface
INTERFACE_TYPE/INTERFACE_NUMBER global configuration command,
where INTERFACE_TYPE represents the type of an interface (Ethernet,
FastEthernet, Serial…) and INTERFACE_NUMBER represents the interface
number, since CIsco devices usually have more than one physical interface. Once
inside the interface configuration mode, you can get a list of available commands by
typing the “?” character. Each submode has its own prompt. Notice how the
command prompt was changed to Router(config-if) after I’ve entered the interface
submode:

Get help in IOS

You can use the question mark to display a list of commands available in the prompt
you are in:

Router#?

Exec commands:

<1-99> Session number to resume

auto Exec level Automation

clear Reset functions

clock Manage the system clock

configure Enter configuration mode

connect Open a terminal connection

copy Copy from one file to another

 debug Debugging functions (see also 'undebug')

delete Delete a file

dir List files on a filesystem

disable Turn off privileged commands

disconnect Disconnect an existing network connection

enable Turn on privileged commands

erase Erase a filesystem

exit Exit from the EXEC

logout Exit from the EXEC

mkdir Create new directory

more Display the contents of a file

no Disable debugging informations

ping Send echo messages

reload Halt and perform a cold restart

--More--

If the output spans more than one page, press the spacebar to display the following
page of commands, or press Enter to go one command at a time. To quit the output,
press q.

To display only commands that start with a particular character or a string of

characters, type the letters and then press the question mark:

Router#de?

debug delete

In the picture above you can see that we’ve displayed all commands that start
with de.

If the command is more than one word long, you can use the question mark to
display the next command in a string:

Router#debug ?

aaa AAA Authentication, Authorization and Accounting

custom-queue Custom output queueing

eigrp EIGRP Protocol information

frame-relay Frame Relay

 ip IP information

ipv6 IPv6 information

ntp NTP information

ppp PPP (Point to Point Protocol) information

standby Hot Standby Router Protocol (HSRP)

Router#debug eigrp ?

fsm EIGRP Dual Finite State Machine events/actions

packets EIGRP packets

In the picture above you can see that we’ve displayed all commands that can follow
the command debug. We then displayed all commands that can follow the
commands debug eigrp.

You can also autocomplete a command. Just type the first few characters and
press Tab. If there is only a single match, IOS will complete the command.

You don’t have to type an entire word to finish a command. Just can type just the
first letter or a couple of letters, and if there is only a single match, IOS will
understand what are you trying to accomplish. For example, you can type sh ip int
b instead of the longer version, show ip interface brief:

Router#sh ip int b

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 unassigned YES NVRAM administratively down down

GigabitEthernet0/1 unassigned YES NVRAM administratively down down

GigabitEthernet0/2 192.168.0.1 YES manual up down

Vlan1 unassigned YES NVRAM administratively down down

Note that we were able to execute the command above because each set of
characters had only one match in the list of commands. If we’ve typed sh ip in
b instead, IOS would not have understood our intention:

Router#sh ip in b

% Ambiguous command: "sh ip in b"

The % Ambiguous command: “show ip in b” message was displayed because

the third keyword, in, has more than one meaning (inspect or interface).
 Running & startup configuration
CIsco devices store commands in two configuration files:

 startup configuration
 running configuration

Immediately after you type a command in the global configuration mode, it will be
stored in the running configuration. A running configuration resides in a device’s
RAM, so if a device loses power, all configured commands will be lost.

To avoid this scenario, you need to copy your current configuration into the startup
configuration. A startup configuration is stored in the nonvolatile memory of a device,
which means that all configuration changes are saved even if the device loses
power.

To copy your running configuration into the startup configuration you need to type
the command copy running-configuration startup-configuration.

IOS basic commands

In this article we will go through some basic IOS commands.

Hostname command
The hostname command is used to configure the device hostname. Because this
command changes a device configuration, it must be entered in the global
configuration mode. After typing the command, the prompt will change and display
the new hostname.

Here is an example that shows you how to change a hostname of a device.

First, enter the global configuration mode by typing the enable command in the user
EXEC mode and the configuration terminal command in the privileged EXEC mode.
Once inside the global configuration mode, type the command hostname R1. Notice
how the prompt was changed to reflect the configured value.
 No shutdown command
By default, all interfaces on a Cisco router are turned off. To enable an interface,
the no shutdown command is used. You first need to enter the submode of the
interface that you want to configure. You can do that by using the global
configuration mode command interface INTERFACE_TYPE/
INTERFACE_NUMBER. You can get a list of available interfaces by typing the ‘?’
character after the interface command.

You may notice that the promt has changed to reflect the mode you are currently in.
For the interface mode the HOSTNAME#(config-if) prompt is shown.

Once inside the interface mode, you can enable an interface by typing the no
shutdown command.

IP address command
The ip address interface mode command is used to assign an IP address to an
interface. The syntax of this command is ip address IP_ADDRESS SUBNET_MASK.
For example, if we want to assign an IP address of 10.0.0.1 with the subnet
mask 255.0.0.0 to a interface, we would use the following command:

ip address 10.0.0.1 255.0.0.0

 
What if you had made a mistake and written the ip address 10.0.0.2
255.0.0.0 command instead of the command above? Well, you can remove the
wrong IP address by typing the same command, but this time with the no keyword in
front of it, in our case no ip address. You can remove any command from your IOS
configuration by using the no keyword in front of the command.

Setting up passwords
Each Cisco IOS device has the built-in authentication features. There are three basic
ways to configure authentication on a device:

 Configure a password for the console access – by default, the console

access doesn’t requires a password. You can configure a password for the console
access by using the following set of commands:

 
 HOSTNAME(config) line console 0

HOSTNAME(config-line) password PASSWORD

HOSTNAME(config-line) login

This will force a user to type the password when trying to access the device through
the console port.

 Configure a password for the telnet access – by default, the telnet access
is disabled. You need to enable it. This is done using the following sequence of
commands:

HOSTNAME(config) line vty FIRST_VTY LAST_VTY

HOSTNAME(config-line) password PASSWORD

HOSTNAME(config-line) login

The first command defines a range of virtual terminal sessions that you would like to
configure. A virtual session can be a telnet or SSH session. Cisco devices usually
supports 16 concurrent VTY sessions. So, this command usually looks like this: line
vty 0 15.
The login command allows a remote access to a device. It is required in order for
telnet to work.

 Configure a password for the privileged EXEC mode – from the privileged
EXEC mode you can enter the global configuration mode and change the
configuration of a device. Therefore it is important to prevent an unauthorized user
from entering the global configuration mode. You can do that by setting up a
password to enter the privileged EXEC mode. This can be done in two ways:

HOSTNAME(config) enable password PASSWORD

HOSTNAME(config) enable secret PASSWORD

Both of the commands above accomplish the same thing, but with one major
difference. The enable secret PASSWORD commands encrypts the password, while
the enable password PASSWORD command doesn’t, which means that an
unauthorized user could just read a password from the device configuration:

Notice how the password (cisco) is visible in the device’s configuration.

Service password-encryption command

By default,  passwords configured using the enable password command and
passwords for the console or telnet access are stored in clear text in the
configuration file. This presents a security risk because an attacker could easily find
out passwords. The global configuration service password-encryption command
encrypts all passwords configured.

It is important to note that this type of password encryption is not consider especially
secure, since the algorithm used can be easily cracked. Cisco recommends using
this command only with additional security measures.

Configuring banners
You can display a banner on a Cisco device. A banner is usually shown before the
login prompt. It is usually some text that appears on the screen when a user connect
to the device (e.g. some legal information).

The most commonly used banner is the Message Of The Day (MOTD) banner. This
banner, if configured, is shown before the login prompt to every user that is trying to
establish a session with the device. The following global configuration command is
used to configure a MOTD banner:

hostname(config) banner motd DELIMITING_CHARACTER TEXT

DELIMITING_CHARACTER

A delimiting character is a character of your choice. Its purpose is to signify the start
and end of a text that will appear in the banner. For example, the command banner
motd # Unauthorized access forbidden! # will show the following text: Unauthorized
access forbidden!.
 Show version command
The show version command is used to display information about a Cisco device. The
command can be entered in both the user EXEC and privileged EXEC mode. By
using this command you can find out many useful information about your Cisco
device, such as:

 Software Version – IOS software version

 System up-time – time since last reboot
 Software image name – IOS filename stored in flash
 Hardware Interfaces – interfaces available on device
 Configuration Register value – bootup specifications, console speed setting,
etc.
 Amount of RAM memory – amount of RAM memory
 Amount of NVRAM memory
 Amount of Flash memory

The following example shows the output of the command:

Show history command
An IOS device stores, by default, 10 last commands you have entered in your
current EXEC session. You can use the show history command from the user EXEC
or privileged EXEC mode to display them.

You can set a number of command saved in the buffer for the current terminal
session by using the terminal history size NUMBER command from the user EXEC
or privileged EXEC mode.
NOTE
Another way to recall your command from the history buffer is by using the up arrow key on your
keyboard. Most recent command is recalled first.
Show running-configuration & show startup-configuration commands
After you have changed the configuration of your device you can verify its
configuration. To dispay the current configuration, type show running-
configuration from the privileged EXEC mode. This show the configuration that is
stored in a device’s RAM.

After you have stored your running configuration into the startup configuration, you
can view the saved configuration using the show startup-config command from the
privileged EXEC mode.

This command shows the configuration that is currenty stored in the device’s
NVRAM. This configuration will be loaded next time the device is restarted.
show command
We’ve already mentioned a couple of show commands in the previous sections, so
you should already we somewhat aware of this command. This command is used to
display the device’s configuration, statistics, command history, interface status…
The show command is invoked from the enable mode and can accept a lot of
parameters:

Floor1#show ?

aaa Show AAA values

access-lists List access lists

arp Arp table

cdp CDP information

class-map Show QoS Class Map

clock Display the system clock

 controllers Interface controllers status

crypto Encryption module

debugging State of each debugging option

dhcp Dynamic Host Configuration Protocol status

dot11 IEEE 802.11 show information

file Show filesystem information

flash: display information about flash: file system

...

terminal Display terminal configuration parameters

users Display information about terminal lines

version System hardware and software status

vlan-switch VTP VLAN status

vtp Configure VLAN database

Here is a brief description of the most popular show commands:

 show running-config – displays the running (current) configuration of your

device:
 show startup-config – displays the startup configuration of your device:
 show ip interface brief – provides information about the interfaces on a router,
including the logical (IP) address and status:
 show history – shows the command history:
 show interface INTERFACE – displays the status of the specified interface:
 show version – shows information about the device, such as the IOS version
running on the device, number of interfaces, device model, time of the last reboot,
amount of memory available on the device, etc.
 Configure descriptions
 Adding a description to an interface on a Cisco device doesn’t provide any
extra functionality, but it is useful for administrative purposes, since it will help
you to remember the interface function. A description of an interface is locally
significant and can be up to 240 characters long. It can be set using
the description command from the interface submode:
 Router(config)#interface g0/0

 Router(config-if)#description WAN to London

 The description is displayed in the output of the show running-

config command:
 !

 interface GigabitEthernet0/0
  description WAN to London

 no ip address

 duplex auto

 speed auto

 shutdown

 !

 interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

 shutdown

 !

 To erase the description, use the no description interface mode command

(or the shortcut no desc):
 Router(config)#int g0/0

 Router(config-if)#no desc

Run privileged commands within global config

mode
Beginning with the IOS 12.3, the privileged-exec mode commands (such as show
running-configuration, show interface status, etc.) can be executed within the global
configuration mode and its submodes. This allows you to execute privileged-exec
mode commands without needing to exit the current configuration mode. Here is an
example that explains the usefulness of this feature:

Router(config)#int g0/0

Router(config-if)#show interface g0/0

% Invalid input detected at '^' marker.

Router(config-if)#
In the example above you can see that we’re currently in the interface submode. We
want to get more information about the interface with the show interface
Fa0/1 command, but we got an error because the command is not available in this
mode. However, if we use the do keyword in front of the command, the command
will succeed:

Router(config-if)#do show interface g0/0

GigabitEthernet0/0 is administratively down, line protocol is down (disabled)

Hardware is CN Gigabit Ethernet, address is 0030.a3ab.1601 (bia 0030.a3ab.1601)

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is RJ45

output flow-control is unsupported, input flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00,

Last input 00:00:08, output 00:00:05, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0 (size/max/drops); Total output drops: 0

Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 watchdog, 1017 multicast, 0 pause input

0 input packets with dribble condition detected

0 packets output, 0 bytes, 0 underruns

--More--

The command was now executed because of the do keyword. Notice that we’re still
in the interface submode and we can continue with the interface configuration.
 Ports on an IOS device
Cisco uses the term interface to refer to physical ports on an IOS device. Interfaces
can be configured with different settings, depending on the type of the interface and
whether you are configuring an interface on a router or a switch. Let’s look at the
Cisco 1841 router as an example:

1. Slot 1  Network Card expansion slot – you can buy and install an additional
interface card of various types to fit in here.
2. Kensington Security Slot – you can physical secure the router with a cable
here to help prevent theft.
3. Fast Ethernet port 0/1 and status indicator LED.
4. Console port – you can connect directly to the router’s management
command line interface here via your laptop and a console cable.
5. Slot 0  Network Card expansion slot – another slot for additional interface
cards. Note the the numbering is from right to left.
6. CompactFlash memory card slot – the IOS operating system image lives
here.
7. USB port – You can plug in a USB drive here to move files to and from the
router.
8. Fast Ethernet port 0/0 and status indicator LED.
9. Aux port – You can connect a legacy modem here for out of band (outside the
normal network path) management. Not commonly used in modern networks.
10. On/Off switch.
11. Input power socket.

To display basic information about the device interfaces in IOS, use the show ip
interface brief command from the privileged exec mode. This is one of the most
commonly used commands on Cisco devices:

Router#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.0.1 YES manual administratively down down

FastEthernet0/1 unassigned YES unset administratively down down

 Vlan1 unassigned YES unset administratively down down

In the output above we can see that this router has 2 physical interfaces –
FastEthernet0/0 and FastEthernet0/1.

Consider the output for the Fa0/0 interface:

Router#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.0.1 YES manual administratively down down

Here is a brief description of each column:

 Interface – displays the type of the interface, in this case Fast Ethernet 0/0.
The first zero specifies the physical slot on the router, while the second zero
specifies the port number.
 IP-Address – displays the interface’s IP address.
 OK? – YES in this column signifies that the IP address is currently valid.
 Method – manual in this column means that the interface has been manually
configured. DHCP means that the interface has been configured using DHCP.
 Status – up indicates that the interface is administratively up.
 Protocol – up indicates that the interface is operational.

To configure a specific interface, use the interface TYPE SLOT/PORT command

from the global config mode. This puts us in the interface submode, where we can
configure various interface options:

Router(config)#interface f0/0

Router(config-if)#speed 100

In the example above you can see that we’ve configured the speed option for the
interface Fast Ethernet 0/0.

By default, all ports on a Cisco switch are up and running as soon as you power-on

the device. This means that all you need is to connect your devices and the switch
and you are good to go. This isn’t the case with Cisco routers, however. You need
to manually enable each interface on a router with the no shutdown interface mode
command:

Router(config)#int f0/0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Use the show ip interface brief command to check the device’s IP addresses and
status of its interfaces:

Router#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.0.1 YES manual up up

FastEthernet0/1 unassigned YES unset administratively down down

Vlan1 unassigned YES unset administratively down down

Auxiliary Port on a Cisco router

Most Cisco routers include an additional auxiliary (Aux) port as a backup async port.
This port is commonly used as a dial-up port for remote router management. It is
connected to a modem and enables an administrator to make a phone call to
connect to the router’s CLI.

The following figure shows how to connect a modem to an aux port on a router
(image source: Cisco):

The network administrator uses a terminal emulation program to connect to the

router over the aux port. The configuration of the aux port resembles the the console
port configuration:

Router(config)#line aux 0
Router(config-line)#password cisco

Router(config-line)#login

The code above enables password checking for users dialing into the router.

Pipe character in IOS

IOS supports the use of the pipe character (represented with the | character) to filter
the output of the show and more commands. The pipe function takes the output of
the command and sends it to another function, such as begin or include. This way,
you can filter the output to find the section of the output that interests you. Here are a
few examples:

R1#show running-config | begin interface

interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

interface FastEthernet1/0

no ip address

shutdown

duplex auto

speed auto

interface FastEthernet2/0

no ip address
shutdown

duplex auto

speed auto

--More--

In the picture above you can see that we’ve entered the show running-config | begin
interface command (we could have abbreviated it to show run | b int). This command
starts the output from the first occurence of the word interface.

Another example, this time with include:

R1#show run | include password

no service password-encryption

enable password cisco

password cisco

password cisco

As you can see from the example above, the include function displays only lines that
include the word password. The include function is helpful in some situations but can
also be confusing because it only includes exact matching commands with no
context around them, as in this example with password cisco shown twice in the
output.

To display only the section of the output about a certain feature, use
the section function:

R1#show run | section vty

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

You can see in the example above that the command displayed only the vty
section of the running configuration. The section function is not supported for all
parts of the configuration, but can be very helpful for example to view all the
configuration for a particular routing protocol:

R1#sh run | sec ospf

ip ospf cost 100

router ospf 1

log-adjacency-changes

passive-interface FastEthernet0/0

network 10.10.0.0 0.0.255.255 area 0

 
NOTE
Cisco Packet Tracer doesn’t support the pipe function. The examples above were created in
GNS3.

IOS boot sequence

The IOS boot sequence is a process performed after an Cisco IOS device is
powered on. The IOS device performs a power-on self-test (POST) to test its
hardware components and choose an IOS image to load. The boot sequence
consists of the following steps:

1. The device performs the power-on self-test (POST) process to discover and verify
its hardware components.

2. If the POST test is successful, the bootstrap program is copied from ROM into
RAM.

3. The bootstrap program decides which IOS image to load from the flash memory
into RAM, and then loads the chosen IOS.

4. IOS finds the startup configuration file, usually located in NVRAM, and loads it into
RAM as the running configuration.

Backing up IOS configuration

It is always a good idea to have a backup copy of the configuration of your IOS
device. IOS configurations are usually copied to a TFTP server using
the copy command. You can backup both the startup configuration and the running
configuration of your device. The copy command accepts two parameters: the first
parameter is the from location, and the second it the to location.

TFTP is a client-server network protocol used to send and receive files. To backup
files to a TFTP server, you will have to set it up first. You can use Packet Tracer to
do so; just add a Server to your topology, assign it an IP address and enable the
TFTP service:
 
To backup the running configuration to a TFTP server, you can use the copy
running-config tftp: command:

R1#copy running-config tftp:

Address or name of remote host []? 192.168.0.10

Destination filename [R1-confg]?

Writing running-config...!!

[OK - 561 bytes]

561 bytes copied in 0.001 secs (561000 bytes/sec)

Remember, the first parameter after the copy keyword is the from location, while the
second one is the to location. In our case, the from location is the current running-
config, and the to location is the remote TFTP server.

To restore the configuration, just switch the order of the parameters – copy tftp
startup-config:

R1#copy tftp: running-config

Address or name of remote host []? 192.168.0.10

Source filename []? R1-confg

Destination filename [running-config]?

Accessing tftp://192.168.0.10/R1-confg...

Loading R1-confg from 192.168.0.10: !

[OK - 561 bytes]

561 bytes copied in 0 secs

Notice that we had to specify the filename, along with the IP address of the TFTP
server.

debug command
The debug command displays information about the Cisco device operations,
generated or received traffic, and any error messages. The information are provided
in real-time until the user disables debugging or the device is restarted.
The debug operation takes a lot of CPU resources and should not be used often in
production environments. It is meant to be used as a troubleshooting tool for only a
short period of time. You can choose to debug only specific events – for example,
EIGRP information, received ICMP messages, etc.

Consider the following example:

R1#debug ip icmp

ICMP packet debugging is on

R1#

R1#

ICMP: echo reply sent, src 10.0.0.2, dst 10.0.0.1

ICMP: echo reply sent, src 10.0.0.2, dst 10.0.0.1

In the example above you can see that I’ve enabled debugging only for the ICMP
events (such as pings). In the output you can see that R1 has responded to the
device with the IP address of 10.0.0.1 with two ping reply packets.

To disable debugging of the ICMP events, simply re-enter the command with the no
keyword in front of it:

R1#no debug ip icmp

ICMP packet debugging is off

To debug only RIP messages, we would run the following command:

R1#debug ip rip

RIP protocol debugging is on

R1#

R1#RIP: received v2 update from 10.0.0.1 on GigabitEthernet0/0

172.16.0.0/16 via 0.0.0.0 in 2 hops

192.168.5.0/24 via 0.0.0.0 in 1 hops

RIP: received v2 update from 10.0.0.1 on GigabitEthernet0/0

172.16.0.0/16 via 0.0.0.0 in 16 hops

192.168.5.0/24 via 0.0.0.0 in 16 hops

You can enable debugging of everything happening on your device by issuing

the debug all command (VERY IMPORTANT: do not use this command on
production devices, since it can produce so much output it crashes the device!):

R1#debug all

This may severely impact network performance. Continue? (yes/[no]): yes

All possible debugging has been turned on

*Mar 1 00:00:44.303: corvil trace: "40492 cdkContext_TraceControl() return 0"

*Mar 1 00:00:44.307: IP routecache flags changed on Null0,

added No CEF; now No CEF

*Mar 1 00:00:44.311: fh_fd_syslog_event_match: num_matches = 0

*Mar 1 00:00:44.311: fh_fd_data_syslog: num_matches = 0

*Mar 1 00:00:44.315: fh_fd_syslog_event_match: num_matches = 0

*Mar 1 00:00:44.315: fh_fd_data_syslog: num_matches = 0

*Mar 1 00:00:45.263: CEF: background resolution thread state:

*Mar 1 00:00:45.263: Thread fast_thread: Empty

*Mar 1 00:00:45.263: Thread todothread: Empty

*Mar 1 00:00:45.263: Thread slow_thread: Empty

*Mar 1 00:00:45.267: fh_fd_syslog_event_match: num_matches = 0

*Mar 1 00:00:45.267: fh_fd_data_syslog: num_matches = 0

*Mar 1 00:00:45.267: fh_fd_syslog_event_match: num_matches = 0

To disable this command, type the undebug all command (or the u all shortcut). You
will quite possibly be getting so much output that it is nearly impossible to enter a
command, and the shortest u all is your best chance. If you cannot enter the
command then you can try connecting from a different PC and entering the
command there.

R1#u all

All possible debugging has been turned off

Cisco Terminal Monitor

If you ever connected to a Cisco IOS device using through the console you might
have noticed a message like this:

R1#

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to

down

As you can probably guess from the output, the message indicates that the link
connected to the GigabitEthernet0/0 interface went down. This message was shown
to you because the logging console command is enabled by default for the console
line. However, SSH and Telnet users will not be shown this message by default. The
enable mode command that needs to be executed in order to see these messages is
terminal monitor:

R1#terminal monitor

After executing this command the logging messages will also appear on the terminal
lines.

NOTE
The command terminal no monitor disables the showing of the log messages.
Notice that this is not the standard Cisco syntax – usually the keyword ‘no’ goes in
front of the command. We would usually expect the command to be no terminal
monitor, but the correct command is actually terminal no monitor.
Syslog explained
Syslog is a standard for message logging. Syslog messages are generated on
Cisco devices whenever an event takes place – for example, when an interface goes
down or a port security violation occurs.

You’ve probably already encountered syslog messages when you were connected to
a Cisco device through the console – Cisco devices show syslog messages by
default to the console users:

R1#

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to

down

This is because the logging console global configuration command is enabled by

default. SSH and Telnet users need to execute the terminal monitor EXEC mode
command in order to see the messages:

R1#terminal monitor

R1#

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

In the example above you can see that the logged in user executed the terminal
monitor command. Because of that, the telnet user was notified via a syslog
message when the Gi0/1 interface went up a couple of moments later.

It is recommended to store the logs generated by Cisco devices to a central syslog

server. To instruct a device to send logs to the syslog server, we can use the logging
IP_ADDRESS command:

R1(config)#logging 10.0.0.10

Now, logs generated on R1 will be sent to the syslog server with the IP address of
10.0.0.10. Of course, you need to have a Syslog server (e.g. Kiwi syslog) installed
and configured.
NOTE
It is also possible (and recommended) to use specify hostname instead of the IP address in
the logging command. The command is logging host HOSTNAME.

logging synchronous command

By default, IOS displays syslog messages to the console users at any time, even
during the typing of a command. Consider the following example:

R1(config-if)#ip address 192.168.0.100 255.2

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to

down
55.255.0

Notice how the command was interrupted and the syslog message was shown. To
prevent this, the logging synchronous console line mode command is used:

R1(config)#ip address 192.168.0.100 255.2

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R1(config)#ip address 192.168.0.100 255.2

Now, the syslog message was shown, but the command was copied to the next line
below the message.

exec-timeout command
By default, an IOS device will disconnect a console or VTY user after 10 minutes of
inactivity. You can specify a different inactivity timer using the exec-timeout
MINUTES SECONDS line mode command.

For example, to disconnect a console user after 90 seconds of inactivity, we can use
the following command:

R1(config)#line con 0

R1(config-line)#exec-timeout 1 30

After 90 seconds of inactivity, the session will be disconnected and the user will need
to supply the console password to log back in:

R1(config-line)#

R1 con0 is now available

Press RETURN to get started.

User Access Verification

Password:

NOTE
To disable the timeout, use the value of 0 (not recommended in production environments!)
 Syslog message format
Syslog messages that appear on a Cisco device consists of several parts. Consider
the following message:

*Jan 18 03:02:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0,

changed state to down

The message consists of the following parts:

 Jan 18 03:02:42 – the timestamp

 %LINEPROTO – the source that generated the message. It can be a
hardware device (e,g. a router), a protocol, or a module of the system software.
 5 – the severity level, from 0 to 7, with lower numbers being more critical.
 UPDOWN – the unique mnemonic for the message
 Line protocol on Interface GigabitEthernet0/0, changed state to down –
the description of the event

Severity levels are numbered 0 to 7:

 0 – emergency (System unusable)

 1 – alert (Immediate action needed)
 2 – critical events (Critical condition)
 3 – error events (Error condition)
 4 – warning events (Warning condition)
 5 – notification events (Normal but significant condition)
 6 – informal events (Informational message only)
 7 – debug messages (Appears during debugging only)

In our example the message has the severity level of 5, which is a notification event.
The first five levels (0-4) are used by messages that indicate that the functionality of
the device is affected. Levels 5 and 6 are used by notification messages, while the
level 7 is reserved for debug messages.

The severity levels can be used to specify the type of messages that will be logged.
For example, if you think that you are getting too many non-important messages
when logged in through a console, the global configuration command logging
console 2 will instruct the device to only log messages of the severity level 0, 1 and 2
to the console.

Types of memory on a Cisco device

Cisco devices usually have four types of memory that are being used for different
purposes. These four types are:

 ROM (Read-only memory) – stores a bootstrap program that is used to

initialize a boot process. This is a read-only type of memory, so it can’t be altered.
 RAM (Random Access Memory) – the running configuration and routing
tables of the device are stored here. This type of memory loses its content when a
device is restarted.
 Flash memory – used to store IOS software images. Can also be used to
store other files, for example backup configuration files.  Retains its content even
after a device is restarted.
 NVRAM (Nonvolatile RAM) – usually used to store a startup configuration
file. This type of memory retains its content even after a device is powered down or
restarted.

IOS files
Cisco devices usually use integrated flash memory to store IOS software images and
other files (e.g. backup configuration files). The startup configuration is stored in
NVRAM. For each memory device available on the device, a file system called IOS
file system (IFS) is created. To list file systems available on your device, the show
file systems EXEC mode command is used:

R1#show file systems

File Systems:

Size(b) Free(b) Type Flags Prefixes

* 255744000 221896413 disk rw flash0: flash:#

262136 255005 nvram rw nvram:

In the command above you can see that I have two file systems available on my
device. Here is a description of each field:

 Size(b) – total memory in the file system (in bytes)

 Free(b) – free memory in the file system (in bytes)
 Type – type of the file system. disk represents the flash memory,
and nvram represents the NVRAM memory
 Flags – filesystem permissions. rw means that the file system is read/write.
 Prefixes – file system aliases.

The IOS image is a single file that is loaded into RAM when the device boots. This
file is usually stored in the flash memory, since this type of memory will retain the
stored files even after the router is powered off or rebooted. To show the contents of
the flash memory, the show flash: command is used:

R2#show flash:

System flash directory:

 File Length Name/status

3 33591768 c1900-universalk9-mz.SPA.151-4.M4.bin

2 28282 sigdef-category.xml

1 227537 sigdef-default.xml

[33847587 bytes used, 221896413 available, 255744000 total]

249856K bytes of processor board System flash (Read/Write)

The file c1900-universalk9-mz.SPA.151-4.M4.bin is an IOS image for the 1900

Integrated Services Router series. The other two XML files are used for encryption
purposes.

Erasing configuration files

In certain scenarion you might want to remove the existion configuration of an Cisco
IOS device and restore the device to the factory settings. To do this, you will need to
access the device over the network or through the console and issue one of the
following commands (not all commands are supported on all Cisco devices):

 write erase
 erase nvram:
 erase startup-config

Once you execute one of the commands above, you will need to reload the device.
Here is an example:

R1#write erase

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

[OK]

Erase of nvram: complete

%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

R1#reload

Proceed with reload? [confirm]

How to upgrade Cisco IOS

Before upgrading IOS, you need to obtain the latest IOS version. This is usually
done by logging in at https://software.cisco.com/ and selecting your device type and
version. The downloaded file must then be transferred to a flash drive of the device,
usually via TFTP or FTP.
Let’s upgrade Cisco Catalyst 2960 to a newer version of IOS via TFTP. Here are the
steps:

1. We need to place the image file to a TFTP server that is reachable by the switch:

2. Next, we need to transfer the file from the TFTP server to the flash memory of the
switch. This can be done by issuing the copy command on the switch:

SW1#copy tftp flash

Address or name of remote host []? 10.0.0.100

Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin

Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]?

Accessing tftp://10.0.0.100/c2960-lanbasek9-mz.150-2.SE4.bin....

Loading c2960-lanbasek9-mz.150-2.SE4.bin from

10.0.0.100: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 4670455 bytes]

4670455 bytes copied in 3.079 secs (121951 bytes/sec)

SW1#

Notice how we need to enter the IP address and the exact filename of the image we
wanted to copy. We’ve also specified that the destination filename will be the same
as the source filename.

By issuing the show flash: command, we can see that the file was copied to the
switch:

SW1#show flash:

Directory of flash:/

1 -rw- 4414921 c2960-lanbase-mz.122-25.FX.bin

3 -rw- 4670455 c2960-lanbasek9-mz.150-2.SE4.bin

2 -rw- 1052 config.text

64016384 bytes total (54929956 bytes free)

3. The last step is to configure the switch to load the new IOS version. If we reboot
the system now, the old IOS file will be loaded:

SW1#reload

Proceed with reload? [confirm]

C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)

Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory.

2960-24TT starting...

Base ethernet MAC Address: 000C.8536.AA3B

 We need to instruct the switch to load the new file. The easiest way to do it is by
using the boot system command. This command accepts a single parameter – the
name of the file to load:

SW1(config)#boot system c2960-lanbasek9-mz.150-2.SE4.bin

4. The last step is to save the configuration and reload the device. We can verify that
the newer version of IOS is being used by issuing the show version command:

SW1#show version

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4,

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 26-Jun-13 02:49 by mnguyen

Copy files with FTP

IOS includes a built-in FTP client that can be used to transfer images to and from the
Cisco device. Unlike TFTP, FTP supports authentication, and you will need to
provide a valid FTP server username and password.

The following steps are required for FTP transfers:

1. create an FTP username and password by using the ip ftp username

USERNAME and ip ftp password PASSWORD global configuration command. We
need to provide the username and password that were already created on the FTP
server.
2. issue the copy ftp flash exec mode command and follow the wizard.

Here is an example. Let’s say that we want to transfer the image file from the FTP
server to a Cisco switch. We can do this using the following set of commands:

SW1(config)#ip ftp username tuna

SW1(config)#ip ftp password peyo

SW1(config)#end

SW1#

%SYS-5-CONFIG_I: Configured from console by console

SW1#copy ftp flash

Address or name of remote host []? 10.0.0.100

Source filename []? c2960-lanbasek9-mz.150-2.SE4.bin

Destination filename [c2960-lanbasek9-mz.150-2.SE4.bin]?

Accessing ftp://10.0.0.100/c2960-lanbasek9-mz.150-2.SE4.bin...

[OK - 4670455 bytes]

4670455 bytes copied in 10.02 secs (37473 bytes/sec)

To verify that the file has indeed been transfered, we can use the show
flash: command:

SW1#show flash:

Directory of flash:/

1 -rw- 4414921 c2960-lanbase-mz.122-25.FX.bin

4 -rw- 4670455 c2960-lanbasek9-mz.150-2.SE4.bin

2 -rw- 1052 config.text

We can also transfer files from the IOS device to the FTP server, for example to
backup the startup configuration. Here is an example of copying the startup
configuration of a switch to the FTP server:

SW1#copy startup-config ftp

Address or name of remote host []? 10.0.0.100

Destination filename [SW1-confg]?

Writing startup-config...

[OK - 1052 bytes]

1052 bytes copied in 0.09 secs (11000 bytes/sec)

64016384 bytes total (54929956 bytes free)

Cisco More Command

The IOS more command displays the content of a text file. The ‘more’ command
works just like it does in Linux – it allows you to view a file on a disk. You can use
this command to view a text file, e.g. your configuration file or a saved backup
configuration file.

Here’s an example:

R1# more nvram:startup-config

Using 648 bytes

version 16.6.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname R1

....

In the example above we’ve listed the startup configuration (that is stored in NVRAM
by default) using the more command.

You can filter the more command’s output just as you would do with a show
command, e.g.:

Router# more nvram:startup-config | include interface

interface GigabitEthernet0/0/0

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface Vlan1

In the example above we’ve filtered only the lines that include the word ‘interface’.

Configure Cisco router as DHCP server

Dynamic Host Configuration Protocol (DHCP) is an application layer protocol
used to distribute various network configuration parameters to devices on a TCP/IP
network. – IP addresses, subnet masks, default gateways, DNS servers, etc. DHCP
employs a client-server architecture; a DHCP client is configured to request network
parameters from a DHCP server on the network. A DHCP server is configured with a
pool of available IP addresses and assigns one of them to the DHCP client.

A Cisco router can be configured as a DHCP server. Here are the steps:
1. Exclude IP addresses from being assigned by DHCP by using the ip dhcp
excluded-address FIRST_IP LAST_IP
2. Create a new DHCP pool with the ip dhcp pool NAME command.
3. Define a subnet that will be used to assign IP addresses to hosts with
the network SUBNET SUBNET_MASK command.
4. Define the default gateway with the default-router IP command.
5. Define the DNS server with the dns-server IP address command.
6. (Optional) Define the DNS domain name by using the ip domain-name
NAME command.
7. (Optional) Define the lease duration by using the lease DAYS HOURS
MINUTES command. If you don’t specify this argument, the default lease time of 24
hours will be used.

Here is an example configuration:

Floor1(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.50

Floor1(config)#ip dhcp pool Floor1DHCP

Floor1(dhcp-config)#network 192.168.0.0 255.255.255.0

Floor1(dhcp-config)#default-router 192.168.0.1

Floor1(dhcp-config)#dns-server 192.168.0.1

In the example above you can see that I’ve configured the DHCP server with the
following parameters:

 the IP addresses from the 192.168.0.1 – 192.168.0.50 range will not be

assigned to hosts
 the DHCP pool was created and named Floor1DHCP
 the IP addresses assigned to the hosts will be from the 192.168.0.0/24 range
 the default gateway’s IP address is 192.168.0.1
 the DNS server’s IP address is 192.168.0.1

To view information about the currently leased addresses, you can use the show ip
dhcp binding command:

Floor1#show ip dhcp binding

IP address Client-ID/ Lease expiration Type

Hardware address

192.168.0.51 0060.5C2B.3DCC -- Automatic

In the output above you can see that there is a single DHCP client that was assigned
the IP address of 192.168.0.51. Since we’ve excluded the IP addresses from
the 192.168.0.1 – 192.168.0.50 range, the device got the first address available
– 192.168.0.51.

To display information about the configured DHCP pools, you can use the show ip
dhcp pool command:

Floor1#show ip dhcp pool

Pool Floor1DHCP :

Utilization mark (high/low) : 100 / 0

Subnet size (first/next) : 0 / 0

Total addresses : 254

Leased addresses : 1

Excluded addresses : 1

Pending event : none

1 subnet is currently in the pool

Current index IP address range Leased/Excluded/Total

192.168.0.1 192.168.0.1 - 192.168.0.254 1 / 1 / 254

This command displays some important information about the DHCP pool(s)
configured on the device – the pool name, total number of IP addresses, the number
of leased and excluded addresses, subnet’s IP range, etc.

DHCP relay agent

When a device is configured as a DHCP client, it will send a a broadcast packet to
discover DHCP servers on the network. Broadcast packets are not forwarded by
routers by default, so if a DHCP server is in a different network than the DHCP client,
it will not receive the request. Consider the following scenario:

The workstation on the left is configured as a DHCP client. R2 on the right is

configured as a DHCP server. The workstation sends a DHCP discover packet, but
it receives no request, since R1 doesn’t forward the packet to R2 (broadcast packets
stay on the local subnet).
 To rectify this, we can configure R1 to act as a DHCP relay agent and forward the
request to the configured DHCP server. This is done by issuing the ip helper-
address DHCP_SERVER_IP_ADDRESS command on its Gi0/0 interface. This
command instructs the router to do the following:

1. watch for DHCP messages on the interface

2. when a DHCP packet arrives, set the packet’s source IP address to the IP
address of Gi0/0
3. change the destination IP address of the packet from 255.255.255.255 (the
broadcast address) to the IP address of the DHCP server and send it to R2
4. when the answer from the DHCP server is received, change the packet’s
destination IP to 255.255.255.255 and send it out its Gi0/0 interface, so that the
workstation (which does not have an IP address yet) can receive the answer.

To configure the interface Gi0/0 on R1 to forward DHCP packets, only a single

command is needed:

R1(config-if)#ip helper-address 172.16.0.2

To make sure that the workstation indeed got its IP parameters, we can issue
the ipconfig command:

C:\>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::2E0:B0FF:FEB3:73E

IP Address......................: 10.0.0.104

Subnet Mask.....................: 255.255.255.0

Default Gateway.................: 10.0.0.1

Configure Cisco router as a DHCP client

Cisco routers can be configure as both DHCP servers and DHCP clients. An
interface on a router that connects to the Internet Service Provider (ISP) is often
configured as a DHCP client. This way, the ISP can provide the IP information to the
client device.

To configure an interface as a DHCP client, the ip address dhcp interface mode

command is used. Consider the following example:
We have a small network consisting of a router and a DHCP server. We want to
configure the interface Gi0/0 on the router as a DHCP client. This is how this is done:

R1(config)#int Gi0/0

R1(config-if)#ip address dhcp

We can verify that the Gi0/0 interface has indeed got its IP address from the DHCP
server by running the show ip int brief command:

R1#show ip int brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 192.168.0.1 YES DHCP up up

GigabitEthernet0/1 unassigned YES unset administratively down down

The DHCP keyword in the method column indicates that the IP information were

obtained by the DHCP server.
NOTE
If you want to configure a Cisco switch as a DHCP client, the ip address dhcp command is used
under the VLAN 1 configuration mode.

Configure timezone and Daylight Saving Time

(DST)
It is recommended to set the correct timezone and adjust the DST setting before
configuring a router as an NTP client. The syntax of the command used to set the
timezone is:

(config)clock timezone NAME HOURS [MINUTES]

The name of the timezone can be anything you like. After the name parameter, you
need to specify the difference in hours (and optionally minutes) from Coordinated
Universal Time (UTC). For example, to specify the Atlantic Standard Time, which
is 4 hours behind UTC, we would use the following command:

R1(config)#clock timezone AST -4

The syntax of the command used to adjust for DST is:

(config)clock summer-time NAME recurring [week day month hh:mm week day month hh:mm
[offset]]

Again, the name parameter can be anything you like. The recurring keyword

instructs the router to update the clock each year. If you press enter after
the recurring keyword, the router will use the U.S. DST rules for the annual time
changes in April and October. You can also manually set the date and time for DST
according to your location. For example, to specify the DST that starts on the last
Sunday of March and ends on the last Sunday of October, we would use the
following command:

R1(config)clock summer-time DST recurring last Sunday March 2:00 last Sunday October 2:00

Configure NTP on a Cisco router

NTP (Network Time Protocol) is an application layer protocol used for time
synchronization between hosts on a TCP/IP network. The goal of NTP is to ensure
that all devices on a network agree on the time, since even a small difference can
cause problems. NTP uses a client-server architecture; usually with one host being
configured as the NTP server, and other hosts on the network are configured as NTP
clients.

Cisco routers can be configured as both NTP clients and NTP servers. To configure
a Cisco router as an NTP client, we can use the ntp server IP_ADDRESS command:

Floor1(config)#ntp server 192.168.0.100

NOTE
To define a version of NTP, add the version NUMBER keywords at the end of the command
(e.g. ntp server 192.168.0.100 version 3).
 

To verify NTP status, use the show ntp status command:

Floor1#show ntp status

Clock is synchronized, stratum 2, reference is 192.168.0.100

nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19

reference time is DE4AB2B7.0000037A (18:49:27.890 UTC Thu Apr 5 2018)

clock offset is 0.00 msec, root delay is 0.00 msec

root dispersion is 0.02 msec, peer dispersion is 0.02 msec.

 To configure your Cisco router as an NTP server, only a single command is needed:

DEVICE(config)#ntp master

After entering this command you will need to point all the devices in your LAN
to use the router

Cisco Discovery Protocol (CDP) overview

CDP (Cisco Discovery Protocol) is a proprietary protocol developed by Cisco used
to discovers information about the locally attached Cisco equipment. With CDP, the
administrator can gather hardware and protocol information about neighboring
devices, which can be helpful when troubleshooting or documenting the network.

To discover information, Cisco devices send CDP messages out each of their
interfaces. These messages contain information about them, such as their
hostname, network and data link addresses, the device model, IOS version, etc.

To display information about directly connected devices, we use the show cdp

neighbor command:

Floor1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Gig 0/0 166 S 2960 Fas 0/1

As you can see from the example above, there is one directly connected device.
Here is a description of each field:

 Device ID – the hostname of the directly connected device. In this case the
hostname is Switch.
 Local Interface – the local interface on which the CDP messages were
received (Gi0/0 in this case).
 Holdtime – the amount of time the local device will hold the information
before discarding it if no more CDP packets are received.
 Capability – the capability of the directly connected device. The
letter S indicates that the directly connected device is a switch. The letter R would
indicate a router.
 Platform – the model and OS level running on the neighbor, 2960 series
switch in this case.
 Port ID – the neighbor device’s interface on which the CDP packets were
sent, in this case Fa0/1.

 
To get even more information about the neighbors, use the show cdp neighbors
detail command:

Floor1#show cdp neighbors detail

Device ID: Switch

Entry address(es):

Platform: cisco 2960, Capabilities: Switch

Interface: GigabitEthernet0/0, Port ID (outgoing port): FastEthernet0/1

Holdtime: 126

Version :

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE

SOFTWARE (fc1)

Copyright (c) 1986-2005 by Cisco Systems, Inc.

Compiled Wed 12-Oct-05 22:05 by pt_team

advertisement version: 2

Duplex: full

NOTE
IEEE has released a vendor-neutral link layer protocol called Link Layer Discovery Protocol
(LLDP) as an alternative to CDP.
as NTP server.

Link Layer Discovery Protocol (LLDP)

Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol
defined in IEEE standard 802.1AB. Just like Cisco’s CDP, LLDP is used by network
devices to advertise their identity, capabilities, and neighbors on a local Ethernet
network. However, since LLDP is an open standard, it has one big advantage over
CDP – it can be used on non-Cisco devices.

LLDP is disabled by default on Cisco devices. To enable it, use the lldp

run command in the config mode:

R1(config)#lldp run

To display information about the LLDP neighbors, run the show lldp

neighbors command:
 R1#show lldp neighbors

Capability codes:

(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device

(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID Local Intf Hold-time Capability Port ID

R2 Gig0/0 120 R Gig0/0

Total entries displayed: 1

As you can see from the output above, R1 has a single neighbor. Here is the
description of the fields in the output:

 Device ID – the neighbor’s host name

 Local Intf – the local device interface on which the neighbor is connected to
 Hold-time – the time the receiving device should hold the information sent by
this device before discarding it.
 Capability – the type of the device. R means router, T means telephone, etc.
 Port ID – neighboring device’s interface

To get more detail information about LLDP neighbors, run the show lldp neighbors
detail command:

R1#show lldp neighbors detail

------------------------------------------------

Chassis id: 0002.4A13.6C01

Port id: Gig0/0

Port Description: GigabitEthernet0/0

System Name: R2

System Description:

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4,

RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Thurs 5-Jan-12 15:41 by pt_team

Time remaining: 90 seconds

System Capabilities: R

Enabled Capabilities: R

Management Addresses - not advertised

Auto Negotiation - supported, enabled

Physical media capabilities:

1000baseT(FD)

100baseT(FD)

Media Attachment Unit type: 10

Vlan ID: 1

Total entries displayed: 1

NOTE
To get information about a specific neighbor, run the show lldp entry DEVICE_ID command.
 

To display global LLDP information, run the show lldp command:

R2#show lldp

Global LLDP Information:

Status: ACTIVE

LLDP advertisements are sent every 30 seconds

LLDP hold time advertised is 120 seconds

LLDP interface reinitialisation delay is 2 seconds

This command displays information about whether LLDP is active on the device, the
frequency of LLDP transmissions, the holdtime for packets being sent, and the delay
time for LLDP to initialize on an interface.

You can also configure whether you would like your device to send or receive LLDP
packets on a particular interface using the no lldp transmit and no lldp
receive interface mode commands. For example, to only receive LLDP packets on
the Gi0/0 interface, I would use the following command to disable the sending of
LLDP packets:

R1(config-if)#no lldp transmit

Uniform Resource Locator (URL) structure

 An URL is a string of characters that contains information about how to fetch a
resource from its location. An URL specifies the primary access mechanism and the
network location of a resource. A typical URL consists of the following components:

1. the protocol used to connect to the server (e.g. HTTPS)

2. the server hostname (e.g. study-ccna.com)
3. the document path (e.g. /ospf)

Here is a graphical representation of these components:

URLs can also be used to reference documents other than the web sites. Here are
some examples of using URLs to reference an FTP resource, mail address and local
files:

 ftp://www.study-ccna.com/uploads.zip – refers to the uploads.zip file on

the study-ccna.com server that can be accessed using FTP
 mailto:[email protected] – a hyperlink that allows users to to send
emails to [email protected] using their default email client program.
 file://C:\images – used to open the C:\images folder on the local computer
 Map hostnames to IP addresses
 It is possible to define static hostname-to-address mappings on a Cisco
device for the purpose of name resolution. This is usually done in
environments without a DNS server.
 The mappings can be defined using the global configuration command ip host
HOSTNAME IP_ADDRESS:
 Floor1(config)#ip host HQ_SERVER 192.168.0.100

 In the output above we’ve defined the IP address of 192.168.0.100 for the

hostname HQ_SERVER. To display the hostname-to-address mappings,
the show hosts command is used:
 Floor1#show hosts

 Default Domain is not set

 Name/address lookup uses domain service

 Name servers are 255.255.255.255

 Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate

 temp - temporary, perm - permanent

 NA - Not Applicable None - Not defined


  Host Port Flags Age Type Address(es)

 HQ_SERVER None (perm, OK) 0 IP 192.168.0.100

 We can ping the server using its hostname to verify that the hostnames are
being resolved:
 Floor1#ping HQ_SERVER

 Type escape sequence to abort.

 Sending 5, 100-byte ICMP Echos to 192.168.0.100, timeout is 2 seconds:

 !!!!!

 Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

 You can see that HQ_SERVER responded to the ping request, which means

that the name resolution was successful.

 NOTE
The drawback of this method of name resolution is that we need to create static
hostname-to-address mappings on each device in order to be able to resolve hostnames.
If possible, use DNS instead.

Configure Cisco device as DNS client

DNS is an  application layer protocol used to resolve hostnames to IP addresses. If
you have a DNS server on your network, you can configure your Cisco device to use
it for name resolution. Here are the steps:

1. (Optional) If you’ve previously disabled DNS lookups on your device, re-

enable it with the ip domain-lookup command.
2. Specify the IP address of the DNS server using the ip name-server command.
It is possible to specify up to six DNS servers.
3. (Optional) Specify the domain name to append to the hostname you type in by
using the ip domain-name command.

Here is an example configuration:

Floor1(config)#ip name-server 192.168.0.100

In the output above you can see that I’ve specified the IP address of my DNS server
(192.168.0.100). Let’s say that the DNS server contains a record for a server
called fileshare. I can try to ping that host using its hostname to verify that the name
resolution process is indeed working:

Floor1#ping fileshare

Translating "fileshare"...domain server (192.168.0.100)

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.110, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/1 ms

As you can see from the output above, the hostname fileshare was translated to the
IP address of 192.168.0.110.

no ip domain-lookup command
By default, any single word entered on an IOS device that is not recognized as a
valid command is treated as a hostname to which you want to telnet. The device will
try to translate that word to an IP address in a process that can last about a minute.

Consider the following example:

R1#writte

Translating "writte"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

In the output above you can see that I’ve mistyped the command write. The router
entered the DNS resolution process which lasted about a minute. This can be
annoying and this is why this feature is often turned off, especially in the lab
environments.

If you don’t need to have a DNS server configured for your router, you can use
the no ip domain-lookup command to disable the DNS translation process:

R1(config)#no ip domain-lookup

Now, if I mistype a command, the router will not perform a DNS resolution process:

R1#writte

Translating "writte"

% Unknown command or computer name, or unable to find computer address

R1#

show processes command

If a Cisco device is suffering from high CPU usage, we can use the show
processes command to list all running processes and determine the cause of
problem. This command gives you a list of active processes, along with their
 corresponding process ID, priority, CPU time used, number of times invoked, and
other information.

Here is an example output of this command invoked on a Cisco router:

R1#show processes

CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

1 Csp 602F3AF0 0 1627 0 2600/3000 0 Load Meter

2 Lwe 60C5BE00 4 136 29 5572/6000 0 CEF Scanner

3 Lst 602D90F8 1676 837 2002 5740/6000 0 Check heaps

4 Cwe 602D08F8 0 1 0 5568/6000 0 Chunk Manager

5 Cwe 602DF0E8 0 1 0 5592/6000 0 Pool Manager

6 Mst 60251E38 0 2 0 5560/6000 0 Timers

7 Mwe 600D4940 0 2 0 5568/6000 0 Serial Backgrou

8 Mwe 6034B718 0 1 0 2584/3000 0 OIR Handler

9 Mwe 603FA3C8 0 1 0 5612/6000 0 IPC Zone Manage

10 Mwe 603FA1A0 0 8124 0 5488/6000 0 IPC Periodic Ti

11 Mwe 603FA220 0 9 0 4884/6000 0 IPC Seat Manage

12 Lwe 60406818 124 2003 61 5300/6000 0 ARP Input

13 Mwe 60581638 0 1 0 5760/6000 0 HC Counter Time

The first line of the output shows the CPU utilization for the last 5 seconds, 1 minute,
and 5 minutes. Here is a description of other fields in the output:

 PID – the Process ID.

 Q – the process queue priority. Possible values are: C (critical), H (high), M
(medium), and L (low).
 Ty – scheduler test (status). Possible values are: * (currently running), E
(waiting for an event), S (ready to run, voluntarily relinquished processor), rd (ready
to run, wakeup conditions have occurred), we (waiting for an event), sa (sleeping
until an absolute time), si (sleeping for a time interval), sp (sleeping for a time interval
(alternate call), st(sleeping until a timer expires), hg (hung; the process will never
execute again), xx (dead: the process has terminated, but has not yet been deleted).
 PC – current program counter.
 Runtime – CPU time the process has used.
 Invoked – number of times the process has been invoked.
 microSecs – CPU time for each process invocation.
 Stacks – low water mark or Total stack space available, shown in bytes.
 TTY – terminal that controls the process.
 Process – the name of the process.
 Encrypt local usernames and passwords
 We’ve learned it is possible to configure local usernames and passwords on a
Cisco device and then use them to login to the device. To do this, we’ve used
the username USER password PASSWORD command, like in the example
below:
 R1(config)#username tuna password peyo

 However, there is one problem with this command – the password is stored in
clear text in the configuration:
 R1#show running-config

 Building configuration...

 Current configuration : 635 bytes

 !

 version 15.1

 ....

 !

 username tuna password 0 peyo

 !

 ...

 We can use the service password-encryption global configuration command

to encrypt the password, but this method does not provide a high level of
network security and the passwords can be cracked.
 To rectify this, Cisco introduced a new command – username USER secret
PASSWORD. This command uses a stronger type of encryption:
 R1(config)#username tuna secret peyo

 R1(config)#

 R1(config)#do show run | include username

 username tuna secret 5 $1$mERr$Ux7QsUATkj4kWVORI4.m21

 Note that (unlike with the enable password and enable secret commands) you

can’t have both the username password and username secret commands
configured at the same time:
 R1(config)#username tuna password peyo

 ERROR: Can not have both a user password and a user secret.
  Please choose one or the other.

The ARP table on a Cisco router

Just like regular hosts, if a Cisco router wants to exchange frames with a host in the
same subnet, it needs to know its MAC address. The IP-to-MAC address mapping
are kept in the r

outer’s ARP table. Consider the following example:

R1 has two connected subnets – 10.0.0.0/24 and 172.16.0.0./16. Before exchanging

frames with either host, R1 will need to know their MAC addresses. Here is the
output of the R1’s ARP table:

R1#show ip arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.1 - 0060.5C32.7E01 ARPA GigabitEthernet0/0

Internet 10.0.0.10 6 000C.85CA.AD73 ARPA GigabitEthernet0/0

Internet 172.16.0.1 - 0060.5C32.7E02 ARPA GigabitEthernet0/1

Internet 172.16.0.2 10 0001.63DB.1802 ARPA GigabitEthernet0/1

The ARP table contains two entries for R1’s own two interfaces with the IP address
of 10.0.0.1 and 172.16.0.1. The – in the age column indicates that the entry will
never be timed out.

The ARP table also lists the MAC addresses of the two connected hosts. Consider
the entry for Host A:

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.10 6 000C.85CA.AD73 ARPA GigabitEthernet0/0

Here is a brief description of each field:

 Protocol – the protocol type, almost always Internet

 Address – the IP address associated with the MAC address, in our case the
IP address of Host A
 Age – by default, an entry will be removed from the ARP table if it wasn’t used
in 240 minutes. 6 in this column means that the entry was last used 6 minutes ago.
Each time an entry is used, the age will be reset back to zero.
 Hardware – the MAC address of the host with the corresponding IP address.
 Type – the type of hardware address. For Ethernet, this value will always be
ARPA.
 Interface – the interface on R1 on which the corresponding host is connected.

Here are the steps R1 needs to take before forwarding frames to Host A:

1. R1 wants to communicate with Host A. R1 checks its routing table. The

subnet on which Host A resides is a directly connected subnet.
2. R1 checks its ARP table to find out whether the Host A’s MAC address is
known. If it is not, R1 will send an ARP request to the broadcast MAC address of
FF:FF:FF:FF:FF:FF.
3. Host A receives the frame and sends its MAC address to R1 (ARP reply). The
host also updates its own ARP table with the MAC address of the Gigabit0/0
interface on R1.
4. R1 receives the reply and updates the ARP table with the MAC address of
Host A.
5. Since both hosts now know each other MAC addresses, the communication
can occur.

Layer 2 switching
Layer 2 switching (or Data Link layer switching) is the process of using devices’
MAC addresses to decide where to forward frames. Switches and bridges are used
for Layer 2 switching. They break up one large collision domain into multiple smaller
ones.

In a typical LAN, all hosts are connected to one central device. In the past, the
device was usually a hub. But hubs had many disadvantages, such as not being
aware of traffic that passes through them, creating one large collision domain, etc.
To overcome some of the problems with hubs, bridges were created. They were
better than hubs because they created multiple collision domains, but they had
limited number of ports. Finally, switches were created and are still widely used
today. Switches have more ports than bridges, can inspect incoming traffic and make
forwarding decisions accordingly. Also. each port on a switch is a separate collision
domain, so no packet collisions should occur.

Layer 2 switches are faster than routers because they don’t take up time looking at
the Network layer header information. Instead, they look at the frame’s hardware
 addresses to decide what to do with the frame – to forward, flood, or drop it. Here
are other major advantages of Layer 2 switching:

 fast hardware-based bridging (using ASICs chips)

 wire speed
 low latency
 low cost

Here is an example of the typical LAN network – the switch serves as a central
device that connects all devices together:

Differences between hubs and switches

To better understand the concept of frame switching based on the hardware address
of a device, you need to understand how switches differ from hubs.

First, consider an example of a LAN in which all hosts connects to a hub:

As mentioned previously, hubs create only a single collision domain, so the chance
for a collision to occur is high. The hub depicted above simply repeats the signal it
receives out all ports, except the one from which the signal was received, so no
frame filtering takes place. Imagine if you had 20 hosts connected to a hub, a packet
would be sent to 19 hosts, instead of just one! This can also cause security
problems, because an attacker can capture all traffic on the network.

Now consider the way the switches work. We have the same topology as above,
only this time we are using a switch instead of a hub:
 Switches increase the number of collision domains. Each port is one collision
domain, which means that the chances for collisions to occur are minimal. A switch
learns which device is connected to which port and forwards a frame based on the
destination MAC address included in the frame. This reduces traffic on the LAN and
enhances security.

How switches work

Each network card has a unique identifier called a Media Access Control (MAC)
address. This address is used in LANs for communication between devices on the
same network segment. Devices that want to communicate need to know each other
MAC addresses before sending out packets.

Switches also use MAC addresses to make accurate forwarding or filtering decision.
When a switch receives a frame, it associates the media access control (MAC)
address of the sending device with the port on which it was received. The table that
stores such associations is called a MAC address table. This table is stored in the
volatile memory, so associations are erased after the switch is rebooted.

Switches usually perform these three functions in a LAN:

 address learning – switches learn MAC addresses by examining the source

MAC address of each received frame.
 forward/filter decisions – switches decide whether to forward or filter a
frame, based on the destination MAC address.
 loop avoidance – switches use Spanning Tree Protocol (STP) to prevent
network loops while still permitting redundancy.

To better how a network switch works, take a look at the following example:
Let’s say that host A wants to communicate with host B for the first time. Host A
knows the IP address of host B, but since this is the first time the two hosts
communicate, the hardware (MAC) addresses are not known. Host A uses the ARP
process to find out the MAC address of host B. The switch forwards the ARP request
out all ports except the port the host A is connected to. Host B receives the ARP
request and responds with its MAC address. Host B also learns the MAC address of
host A (because host A sent its MAC address in the ARP request). Host C receives
the ARP request, but doesn’t respond since the IP address listed in the request is
not its own.

As mentioned above, a switch learns which MAC addresses are associated with
which port by examining the source MAC address of each received frame. Because
host B responded with the ARP reply that included its MAC address, the switch
knows the MAC address of host B and stores that address in its MAC address table.
For host A, the switch knows its MAC address because of the ARP request that
included it.

Now, when host A sends a packet to host B, the switch looks up in its MAC address
table and forwards the frame only out the Fa0/2 port – the port on which host B is
connected to. Other hosts on the network will not be involved in the communication:
NOTE
By default, MAC addresses stay in the switch’s MAC address table for 5 minutes. So if host A
and host B decide to communicate inside the next 5 minutes, a new ARP process will not be
necessary.
 

You can display the MAC address table of the switch by using the show mac-
address-table command:

Switch#show mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0003.e489.513e DYNAMIC Fa0/2

1 00e0.8f13.6970 DYNAMIC Fa0/1

The output is pretty much self-explanatory: all ports belong to VLAN 1 and MAC
addresses associated with specific ports are listed. DYNAMIC means that the
address were learned dynamically by using the source MAC address of the received
frames.

Collision & broadcast domain

Collision domain
A collision domain is, as the name implies, the part of a network where packet
collisions can occur. A collision occurs when two devices send a packet at the same
time on the shared network segment. The packets collide and both devices must
send the packets again, which reduces network efficiency. Collisions are often in a
hub environment, because each port on a hub is in the same collision domain. By
contrast, each port on a bridge, a switch or a router is in a separate collision domain.

The following example illustrates collision domains:

We have 6 collision domains in the example above.
NOTE
Remember, each port on a hub is in the same collision domain. Each port on a bridge, a switch
or router is in a seperate collision domain.
Broadcast domain
A broadcast domain is the domain in which a broadcast is forwarded. A broadcast
domain contains all devices that can reach each other at the data link layer (OSI
layer 2) by using broadcast. All ports on a hub or a switch are by default in the same
broadcast domain. All ports on a router are in the different broadcast domains and
routers don’t forward broadcasts from one broadcast domain to another.

The following example clarifies the concept:

In the picture above we have three broadcast domains, since all ports on a hub or a
switch are in the same broadcast domain, and all ports on a router are in a different
broadcast domain.
CSMA/CD
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) helps hosts
to decide when to send packets on a shared network segment and how to detect
collisions if they occur. For example, in a hub network, two devices can send packets
at the same time. This can cause a collision. CSMA/CD enables devices to “sense”
the wire to ensure that no other device is currently transmitting packets. But, if two
devices “sense” that the wire is clear and send packets at the same time, a collision
can occur. If the collision occur, packets have to be resend after a random period of
time.

Consider the following example:

In the topology above we have a hub network. Host A is trying to communicate with
host B. Host A “senses” the wire and decides to send packets. But, in the same time,
host C sends its packets to host D and the collision occurs. The sending devices
(host A and host C) detect the collision and resend the packet after a random period
of time.

 
NOTE
Since switches are now commonly used in networks instead of hubs, CSMA/CD is not really
used anymore. Each port on a swich usually operate in a full duplex mode and there are no
packet collisions in a full duplex mode.

What is a VLAN?
VLANs (Virtual LANs) are logical grouping of devices in the same broadcast
domain. VLANs are usually configured on switches by placing some interfaces into
one broadcast domain and some interfaces into another. Each VLAN acts as a
subgroup of the switch ports in an Ethernet LAN.
 VLANs can spread across multiple switches, with each VLAN being treated as its
own subnet or broadcast domain. This means that frames broadcasted onto the
network will be switched only between the ports within the same VLAN.

A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the
same broadcast domain even if they are not connected to the same switch. Here are
the main reasons why VLANs are used:

 VLANs increase the number of broadcast domains while decreasing their

size.
 VLANs reduce security risks by reducing the number of hosts that receive
copies of frames that the switches flood.
 you can keep hosts that hold sensitive data on a separate VLAN to improve
security.
 you can create more flexible network designs that group users by department
instead of by physical location.
 network changes are achieved with ease by just configuring a port into the
appropriate VLAN.

The following topology shows a network with all hosts inside the same VLAN:

Without VLANs, a broadcast sent from host A would reach all devices on the
network. Each device will receive and process broadcast frames, increasing the CPU
overhead on each device and reducing the overall security of the network.

By placing interfaces on both switches into a separate VLAN, a broadcast from host
A would reach only devices inside the same VLAN, since each VLAN is a separate
broadcast domain. Hosts in other VLANs will not even be aware that the
communication took place. This is shown in the picture below:
 NOTE
To reach hosts in a different VLAN, a router is needed.

Access and trunk ports

If you intend to use VLANs in your network, you will need to configure some ports on
a switch as access ports and other as trunk ports. Here is a description each port
type:

 access port – a port that can be assigned to a single VLAN. This type of
interface is configured on switch ports that are connected to end devices such as
workstations, printers, or access points.
 trunk port – a port that is connected to another switch. This type of interface
can carry traffic of multiple VLANs, thus enabling you to extend VLANs across your
entire network. Frames are tagged by assigning a VLAN ID to each frame as they
traverse between switches.

The following picture illustrates the difference:

In the example network pictured above, the switch ports connected to workstations
would be configured as access ports. The ports that connect switches together
would be configured as trunk ports.

Configuring VLANs
By default, all ports on a switch are in the VLAN 1. We can verify that by typing
the show vlan command from the IOS enable mode of a switch:

In the picture above, you can see that all of the 24 ports of the switch are in the
same VLAN, namely VLAN 1.
 Two steps are required to create a VLAN and assign a switch port to the VLAN:

1. create a vlan using the vlan NUMBER global mode command

2. assing a port to the VLAN by using two interface subcommands. The first
command is the switchport mode access command. This command specifies that the
interface is an access interface. The second command is the switchport access vlan
NUMBER command. This command assigns the interface to a VLAN.

Here is an example of assigning the VLAN 2 to the interface:

The first command (vlan 2) created the VLAN 2. We’ve then entered the Fa0/1
subinterface mode and configured the interface as an access interface that belongs
to VLAN 2. To verify this, we can again use the show vlan command:
Configuring access & trunk ports
To configure an interface to be an access interface, the switchport mode
acess interface command is used. This type of interface can be assigned only to a
single VLAN.

To configure a trunk interface, the switchport mode trunk interface command is used.

This type of interface can carry traffic of multiple VLANs.

An example will help you understand the concept.

Host A and host B are in different VLANs, VLAN 1 and VLAN 2. These ports need to
be configured as access ports and assigned to their respective VLANs by using the
following sequence of commands:

Because the link between SW1 and SW2 needs to carry traffic of multiple VLANs, it
needs to be configured as a trunk interface. This is done by using the following
commands on both SW1 and SW2:

On SW1:

On SW2:

Now the link between SW1 and SW2 can carry traffic from both the VLAN1 and
VLAN2. You can verify that an interface is indeed a trunk interface by using
the show interface Fa0/3 switchport command on SW1:
NOTE
VLAN 1 doesn’t have to be created, it exists by default. Also, by default, all ports are in the VLAN
1, so Fa0/1 doesn’t need the switchport access vlan 1 command.

Frame tagging
To identify the VLAN a packet is belonging to, switches use tagging to assign a
numerical value to each frame in a network with multiple VLANs. This is done to
ensure that switches know out which ports to forward frames.

For example, consider the following network topology.

There are two VLANs in the toplogy pictured above, namely VLAN 3 and VLAN 4.
Host A sends a broadcast packet to switch SW1. Switch SW1 receives the packet,
tags the packet with the VLAN ID of 3 and sends it to SW2. SW2 receives the
packet, looks up at the VLAN ID, and forwards the packet only out the port Fa0/1,
since only that port is in VLAN 3. Host B and host C will not receive the packet
because they are in different VLAN than host A.
NOTE
When forwarding a tagged frame to a host device a switch will remove the VLAN tag, since host
devices don’t understand tagging and would drop the packet.

EEE 802.1Q
IEEE 802.1Q is one of the VLAN tagging protocols supported by Cisco switches.
This standard was created by the Institute of Electrical and Electronics Engineers
(IEEE), so it an open standard and can be used on non-Cisco switches.

To identify to which VLAN a frame belongs to, a field is inserted into the frame’s
header.

Original frame:

802.1Q frame:

An example will attempt to clarify the concept. Let’s say that we have a network of 2
switches and 4 hosts. Hosts A and host D are in VLAN 2, while hosts B and C are in
VLAN 3.

On the segment between two switches, a process called VLAN trunking is used.
Let’s say that host A sends a broadcast frame. SW1 “tags” the frame by inserting the
VLAN ID in the header of the frame before sending the frame to SW2. SW2 receives
the frame and knows that the frame belongs to VLAN 3, so it sends the frame only to
host D, since that host is in VLAN 3.

Inter-Switch Link (ISL)

Another VLAN tagging protocol is Inter-Switch Link (ISL). This protocol is Cisco
proprietary, which means that, unlike 802.1Q, it can be used only between Cisco
switches. It is considered to be deprecated, and newer Cisco switches don’t even
support it.

ISL works by encapsulating a frame in an ISL header and trailer. The encapsulated
frame remains unchanged. The VLAN ID is included in the ISL header.

Original frame:

ISL frame:

Configuring voice VLANs

Most corporate networks today use IP telephony. This means that the phones are
connect to the same network and use the same cabling as other network devices,
such as workstations or routers. Since offices usually have only a single UTP cable
to each desk, most of the IP phones today include a small switch that enable you to
connect your PC to the phone sitting on the desk, and then connect the phone to the
local network.

Consider the backside of an IP telephone Yealink T21:

As you can see from the picture, this phone has two UTP ports. One port is
connected to the local network, while the other port can be connected to the PC.

The port on the phone connected to the switch can carry both data and voice traffic.
To enable this, we need to define two VLANs on the switch port – data VLAN and
voice VLAN. Here is how we can do that:

SW1(config)#vlan 5

SW1(config)#vlan 20

SW1(config)#int fa0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 5

SW1(config-if)#switchport voice vlan 20

We’ve created two VLANs – VLAN 5 that will be used for data sent by the PC and
VLAN 20 for IP phone’s voice traffic. We’ve then placed the port into both VLANs.
The keyword voice indicates that the VLAN 20 will be a voice VLAN.

To verify that the interface indeed carries data from both VLANs, we can use
the show interfaces Fa0/1 switchport command:

Switch#show interfaces fa0/1 switchport

Name: Fa0/1
Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 5 (VLAN0005)

Trunking Native Mode VLAN: 1 (default)

Voice VLAN: 20

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

...

The lines Access Mode VLAN: 5 (VLAN0005) and Voice VLAN: 20 indicate that the

interface is indeed carrying traffic from both VLANs.
NOTE
Some IP phones can be automatically configured with appropriate VLANs using protocols such
as LLDP or CDP. However, on some models you will need to manually configure data and voice
VLANs on the phone using its web interface.

Configuring allowed VLANs

By default, all VLANs are allowed across a trunk link on a Cisco switch. We can
verify that using the show interfaces trunk command:

SW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-1005

Port Vlans allowed and active in management domain

Fa0/1 1,5,10
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,5,10

In the output above you can see that all VLANs (1 through 1005) are allowed on the
trunk by default.

We can prevent traffic from certain VLANs from traversing a trunk link using the
following interface mode command:

(config-if)#switchport trunk allowed vlan {add | all | except | remove} vlan-list

For example, to prevent traffic from VLAN 5 to traverse the trunk link, we would use
the following command:

SW1(config)#int fa0/1

SW1(config-if)#switchport trunk allowed vlan remove 5

The same command needs to be entered on the switch on the other end of the link.

To verify that the traffic from VLAN 5 will indeed be blocked from traversing a
trunked link, we can enter the show interfaces trunk command again:

SW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-4,6-1005

Port Vlans allowed and active in management domain

Fa0/1 1,10

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 none

Notice how now only VLANs 1-4 and 6-1005 are allowed on trunk.
NOTE
You can use the switchport trunk allowed vlan all interface mode command to reset the switch
port to its original default setting (permitting all VLANs on the trunk).
 What is VTP?
NOTE
This topic is not included in the latest version of the CCNA exam (200-301). If you are studying
for the exam feel free to skip this article.
 

VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco

switches to exchange VLAN information. With VTP, you can synchronize VLAN
information (such as VLAN ID or VLAN name) with switches inside the same VTP
domain. A VTP domain is a set of trunked switches with the matching VTP settings
(the domain name, password and VTP version). All switches inside the same VTP
domain share their VLAN information with each other.

To better understand the true value of VTP, consider an example network with 100
switches. Without VTP, if you want to create a VLAN on each switch, you would
have to manually enter VLAN configuration commands on every switch! VTP
enables you to create the VLAN only on a single switch. That switch can then
propagate information about the VLAN to every other switch on the network and
cause other switches to create it. Likewise, if you want to delete a VLAN, you only
need to delete it on one switch, and the change is automatically propagated to every
other switch inside the same VTP domain.

The following network topology explains the concept more thoroughly:

On SW1, we have created a new VLAN. SW1 sends a VTP update about the new
VLAN to SW2, which in turn sends its VTP update to SW3. These updates will cause
SW2 and SW3 to create the same VLAN. You can see how this simplifies network
administration – the engineer only had to log in and create the VLAN on the first
switch. Other switches have created the same VLAN automatically.
NOTE
VTP does not advertise information about which switch ports are assigned to which VLAN.
 

Three VTP versions are available – V1, V2, and V3. The first two versions are similar
except that V2 adds support for token ring VLANs. V3 adds the following features:

 enhanced authentication
 support for extended VLANs (1006 to 4094). VTP versions 1 and 2 can
propagate only VLANs 1 to 1005.
 support for private VLAN
 VTP primary server and VTP secondary servers
 VTP mode off that disables VTP
 backward compatibility with VTP V1 and V2
 the ability to be configured on a per-port basis

VTP modes
NOTE
This topic is not included in the latest version of the CCNA exam (200-301). If you are studying
for the exam feel free to skip this article.
 

Each switch can use one of four different VTP modes:

 VTP client mode – a switch using this mode can’t change its VLAN
configuration. That means that a VTP client switch cannot create or delete VLANs.
However, received VTP updates are processed and forwarded.
 VTP server mode – a switch using this mode can create and delete VLANs.
A VTP server switch will propagate VLAN changes. This is the default mode for
Cisco switches.
 VTP transparent mode – a switch using this mode doesn’t share its VLAN
database, but it forwards received VTP advertisements. You can create and delete
VLANs on a VTP transparent switch, but these changes will not be sent to other
switches.
 VTP mode off – similar to VTP transparent mode, with a difference that a
switch using this mode will not forward received VTP updates. This command is
supported only in VTP V3.

As mentioned above, all switches are configured as VTP servers by default. This is
fine in smaller networks without too many VLANs and VLAN changes, since all
VLAN information can easily be stored in each switch’s NVRAM. However, in larger
networks, it is recommended to specify a couple of higher-quality switches to serve
as VTP servers. All other switches in the network should be set up as VTP clients.

Consider the following example:

We have a simple network of three switches. SW1 is configured as VTP server. After
the VLAN 5 is created on SW1, this switch will notify the connected switch (SW2)
about the created VLAN. SW2 will receive the update but, since it uses the VTP
transparent mode, it will not create this VLAN in its configuration. However, it will
forward the VTP update to SW3. Since SW3 is configured as VTP client, it will
process the update and create VLAN 5.

VTP configuration
We’ve already learned that using VTP makes it is possible to make configuration
changes on one or more switches and have those changes automatically advertised
to all the other switches in the same VTP domain. In a typical network some
switches are configured as VTP servers and other switches are configured as VTP
clients. A VLAN created on a VTP server switch is automatically advertised to all
switches inside the same VTP domain.
NOTE
With VTP V1 and V2 it is not possible to completely disable VTP on Cisco switches; the best you
can do is to place the switch in the VTP transparent mode. VTP V3 adds the mode off option
which effectively disables VTP. This article describes the configuration of VTP V1 or V2.
 

To exchange VTP messages, five requirements must be met:

1. a switch has to be configured as either a VTP server or VTP client

2. the VTP domain name has to be the same on both switches
3. if present, the VTP domain password has to be the same
4. VTP versions have to match
5. the link between the switches has to be a trunk link

Consider the following example network:

We have a network of three switches connected via trunk links. On SW1, we will
configure the VTP domain name using the vtp domain NAME command and VTP
password using the vtp password PASSWORD commands:

SW1(config)#vtp domain study-ccna

Changing VTP domain name from NULL to study-ccna

SW1(config)#vtp password cisco

Setting device VLAN database password to cisco

NOTE
The default VTP mode on Cisco switches is the server mode, so the command vtp mode
server wasn’t necessary in the SW1 configuration pictured above.
Now we need to configure SW2 and SW3 as VTP clients. We can do it using the following set of
commands:
SW2(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW2(config)#vtp domain study-ccna

Changing VTP domain name from NULL to study-ccna

SW2(config)#vtp password cisco

Setting device VLAN database password to cisco

SW3(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW3(config)#vtp domain study-ccna

Changing VTP domain name from NULL to study-ccna

SW3(config)#vtp password cisco

Setting device VLAN database password to cisco

Now, when we create a new VLAN on SW1, the VTP will be sent to SW2 and SW3 and the new
VLAN will be created automatically on SW2 and SW3:

On SW1, we will create a new VLAN:

SW1(config)#vlan 30

SW2 and SW3 will create the VLAN 30 automatically. We can use the show
vlan command on both switches to verify this (in this example VLAN 2 ‘Accounting’
was also already created on SW1):

SW2:
SW3:

NOTE
This configuration is not supported on Packet Tracer. You can enter the commands but they will
not show up in the running config and the VLAN will not be added on SW2 and SW3
To display the VTP configuration information, we can use the show vtp
status command:

Switch#show vtp status

VTP Version :2

Configuration Revision :3

Maximum VLANs supported locally : 255

Number of existing VLANs :7

VTP Operating Mode : Client

VTP Domain Name : study-ccna

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x82 0xA7 0xF2 0x89 0x5F 0xC3 0x98 0x52

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

The most important field listed in the output above is the Configuration

Revision number.  This number indicates the level of revision for a VTP packet.
Each device tracks the VTP configuration revision number that is assigned to it. This
information is used in order to determine whether the received information is more
recent than the current version.

Each time you make a VLAN change on a VTP server, the configuration revision
number is incremented by one and a VTP advertisement is sent. The switch that
receives a VTP packet compares the configuration revision to its own revision. If the
configuration revision number in the received VTP advertisement is higher than its
own revision number, the switch will overwrite its VLAN configurations with the new
information that is being advertised.
NOTE
It is important to check a new switch’s VTP configuration revision number before adding it to your
network. If the revision number on the new switch is higher than the current revision number of
other switches on the network, all current VLANs could be deleted!

What is STP?
Spanning Tree Protocol (STP) is a network protocol designed to prevent layer 2
loops. It is standardized as IEEE 802.D protocol. STP blocks some ports on switches
with redundant links to prevent broadcast storms and ensure loop-free topology.
With STP in place, you can have redundant links between switches in order to
provide redundancy.

To better understand the importance of STP and how STP prevents broadcast
storms on a network with redundant links, consider the following example:

SW1 sends a broadcast frame to SW2 and SW3. Both switches receive the frame
and forward the frame out every port, except the port the frame was received on. So
SW2 forwards the frame to SW3. SW3 receives that frame, and forwards it to SW1.
SW1 then again forwards the frame to SW2! The same thing also happens in the
opposite direction. Without STP in place, these frames would loop forever. STP
prevents loops by placing one of the switch ports in blocking state.

So, our toplogy above could look like this:

In the topology above, STP has placed one port on SW3 in the blocking state. That
port will no longer process any frames except the STP messages. If SW3 receives a
broadcast frame from SW1, it will not forward it out the port connected to SW2.
NOTE
STP enables layer 2 redundancy. In the example above, if the link between SW3 and SW1 fails,
STP would converge and unblock the port on SW3.

How STP works

STP uses the Spanning-Tree Algorithm (SPA) to create a topology database of the
network. To prevent loops, SPA places some interfaces in forwarding state and other
interfaces in blocking state. How does STP decides in which state the port will be
placed? A couple of criteria exist:

1. all switches in a network elect a root switch. All working interfaces on the root
switch are placed in forwarding state.
2. all other switches, called nonroot switches, determine the best path to get to the
root switch. The port used to reach the root switch (root port) is placed in forwarding
state.
3. on the shared Ethernet segments, the switch with the best path to reach the root
switch is placed in forwarding state. That switch is called the designated switch and
its port is known as the designated port.
4. all other interfaces are placed in blocking state and will not forward frames.
NOTE
STP considers only working interfaces – shutdown interfaces or interfaces without the cable
installed are placed in an STP disabled state.
  

An example will help you understand the concept:

Let’s say that SW1 is elected as the root switch. All ports on SW1 are placed into
forwarding state. SW2 and SW3 choose ports with the lowest cost to reach the root
switch to be the root ports. These ports are also placed in forwarding state. On the
shared Ethernet segment between SW2 and SW3, port Fa0/1 on SW2 has the
lowest cost to reach the root switch. This port is placed in forwarding state. To
prevent loops, port Fa0/1 on SW3 is placed in blocking state.
NOTE
A switch with the lowest switch ID will become the root switch. A switch ID consists of two
components: the switch’s priority (by default 32,768 on Cisco switches) and the switch’s MAC
address.
BPDU (Bridge Protocol Data Unit)
BPDUs are messages used by switches to share STP information with each other in
order to elect a root switch and detect loops. The most common messages are Hello
BPDUs which include the following information:

 root switch ID
 sender’s switch ID
 sender’s root cost
 Hello, MaxAge, and forward delay timers

Electing the Root Switch in STP

The STP process works by default on Cisco switches and begins with the root
switch election. The election is based on the bridge IDs (BIDs) sent in the BPDUs.
Each switch that participates in STP will have a 8-byte switch ID that comprises of
the following fields:

 2-byte priority field – by default, all switches have the priority of 32768. This
value can be changed using configuration commands.
 6-byte system ID – a value based on the MAC address of each switch.

A switch with the lowest BID will become a root switch, with lower number meaning
better priority.

Consider the following example:

As mentioned above, the switch with the lower BID wins. Since by default all
switches have the BID priority of 32768, the second comparison has to be made –
the lowest MAC address. In our example SW1 has the lowest MAC address and
becomes the root switch.
NOTE
For simplicity, all ports on switches in the example above are assigned to VLAN 1. Also, note that
STA adds the VLAN number to the priority value, so all switches actually have the BID priority of
32,769.
 

To influence the election process, you can change the BID priority to a lower value
on a switch you would like to become root. This can be done using the following
command:

(config)#spanning-tree vlan ID priority VALUE

The priority must be in increments of 4096, so if you choose any other value, you will
get en error and possible values listed:

(config)#spanning-tree vlan 1 priority 224

% Bridge Priority must be in increments of 4096.

% Allowed values are:

0 4096 8192 12288 16384 20480 24576 28672

32768 36864 40960 45056 49152 53248 57344 61440

(config)#spanning-tree vlan 1 priority 4096

Selecting STP root port

As we’ve mentioned before, all working interfaces on the root switch are placed in
forwarding state. All other switches (called nonroot switches) determine the best path
to get to the root switch and the port used to reach the root switch is placed in
forwarding state. The best path is the one with the lowest cost to reach the root
switch. The cost is calculated by adding the individual port costs along the path from
the switch to the root.

Take a look the following example:

SW1 has won the election process and is the root switch. Consider the SW3’s
perspective for choosing its root port. Two paths are available to reach the root
switch, one direct path over Fa0/1 and the other going out Fa0/2 and through SW2.
The direct path has a cost of 19, while the indirect path has the cost of 38 (19+19).
That is why Fa0/1 will become the root port on SW3.

In case the best root cost ties for two or more paths, the following tiebreakers are
applied:
 the lowest neighbor bridge ID
 the lowest neighbor port priority

the lowThe default port cost is defined by the operating speed of the interface:

Speed Cost

10 Mbps 100

100 Mbps 19

1 Gbps 4

10 Gbps 2

You can override the default value on the per-interface basis using the following
command:

(config-if)#spanning-tree cost VALUE

 est neighbor internal port number

Selecting STP designated port (DP)

We’ve already learned that, on the shared Ethernet segments, the switch with the
best path to reach the root switch is placed in forwarding state. That switch is called
the designated switch and its port is known as the designated port. In order to
avoid loops, the non-designated port on the other end of the link is placed in
blocking state.

The designated switch is determined based on the following criteria:

1. the switch with the lowest cost to reach the root becomes the designated
switch on that link.
2. in case of a tie, the switch with the lowest BID becomes the designated
switch.

Consider the following example:

 SW1 has the lowest BID and has been selected as the root switch. SW2 and SW3
have then determined their own root port to reach the root switch. On the shared
network segment between SW2 and SW3 a designated port needs to be selected.
Because SW3 has the lower cost to reach the root switch (4<19), its Fa0/2 port will
be the designated port for the segment. The Fa0/2 port on SW2 will be placed in
blocking state.
NOTE
If the link between SW1 and SW3 fails, STP will converge and the Fa0/2 port on SW2 will be
placed in the forwarding state.

What is RSTP?
RSTP (Rapid Spanning Tree Protocol) is an evolution of STP. It was originally
introduced as IEEE 802.1w standard and in 2004 IEEE decided to replace STP with
RSTP in 802.1D standard. Finally, in 2011, in the IEEE decided to move all the
RSTP details into 802.1Q standard.

RSTP is backwards-compatible with STP and there are many similarities between
the two protocols, such as:

 the root switch is elected using the same set of rules in both protocols
 root ports are selected with the same rules, as well as designated port on LAN
segments
 both STP and RSTP place each port in either forwarding or blocking state.
The blocking state in RSTP is called the discarding state.

However, there are differences between STP and RSTP:

 RSTP enables faster convergence times than STP (usually within just a
couple of seconds)
 STP ports states listening, blocking, and disabled are merged into a single
state in RSTP – the discarding state
 STP features two port types – root and designated port. RSTP adds two
additional port types – alternate and backup port.
 with STP, the root switch generates and sends Hellos to all other switches,
which are then relayed by the non-root switches. With RSTP, each switch can
generate its own Hellos.

Consider the following network topology with RSTP turned on:

In order to avoid loops, RSTP has placed one port on SW3 in the alternate state.
This port will not process or forward any frames except the RSTP messages.
However, if the root port on SW3 fails, the alternate port will rapidly become the root
port and start forwarding frames.

How RSTP works

Just like STP, RSTP creates a topology database of the network. To prevent loops,
some interfaces on switches are placed in forwarding state and other interfaces in
discarding state. How does RSTP decides in which state the port will be placed? A
couple of criteria exist:

1. all switches in a network elect a root switch. All working interfaces on the root
switch are placed in forwarding state.
2. all other switches, called nonroot switches, determine the best path to get to the
root switch. The port used to reach the root switch (root port) is placed in forwarding
state.
3. on the shared Ethernet segments, the switch with the best path to reach the root
switch is placed in forwarding state. That switch is called the designated switch and
its port is known as the designated port.
4. all other interfaces are placed in discarding state and will not forward frames.
NOTE
RSTP is backwards-compatible with STP and they both can be used in the same network.
 
Consider the following example:

Let’s say that SW1 is elected as the root switch. All ports on SW1 are placed in
forwarding state. SW2 and SW3 choose ports with the lowest cost to reach the root
switch to be the root ports. These ports are also placed in forwarding state. On the
shared Ethernet segment between SW2 and SW3, port Fa0/1 on SW2 has the
lowest cost to reach the root switch. This port is placed in forwarding state. To
prevent loops, port Fa0/1 on SW3 is placed in discarding state. If the root port on
SW3 fails, this alternate port will quickly take over and become the root port.
NOTE
RSTP also introduces a concept of backup port. This port serves as a replacement for the
designated port inside the same collision domain. This can only occur when using hubs in your
network.

Configuring RSTP
Most newer Cisco switches use RSTP by default. RSTP prevents frame looping out
of the box and no additional configuration is necessary. To check whether a switch
runs RSTP, the show spanning-tree command is used:

SW1#show spanning-tree

VLAN0001

Spanning tree enabled protocol rstp

Root ID Priority 32769

Address 0004.9A47.1039

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0004.9A47.1039
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/3 Desg FWD 19 128.3 P2p

Fa0/2 Desg FWD 19 128.2 P2p

If RSTP is not being used, the following command will enable it:

SW1(config)#spanning-tree mode rapid-pvst

Most other configuration options (electing root switch, selecting root and designated

ports) are similar to the ones used in STP.

Configure an IP address on a switch

By default, Cisco switches forward Ethernet frames without any configuration. This
means that you can buy a Cisco switch, plug in the right cables to connect various
devices to the switch, power it on, and the switch will work properly.

However, to perform switch management over the network or use protocols such as
SNMP, the switch will need to have an IP address. The IP address is configured
under a logical interface, known as the management domain or VLAN. Usually, the
default VLAN 1 acts like the switch’s own NIC for connecting into a LAN to send IP
packets. Here are the steps to configure an IP address under VLAN 1:

1. enter the VLAN 1 configuration mode with the interface vlan 1 global

configuration command.
2. assign an IP address with the ip address IP_ADDRESS
SUBNET_MASK interface subcommand.
3. enable the VLAN 1 interface with the no shutdown interface subcommand.
4. (Optional) use the ip default-gateway IP_ADDRESS global configuration
command to configure the default gateway.
5. (Optional) Add the ip name-server IP_ADDRESS global configuration
command to configure the DNS server.

Here is a simple example network:

We have a simple network of a host and a switch. We can assign the switch with an
IP address to enable IP communication between the two devices:

SW1(config)#int vlan 1

SW1(config-if)#

SW1(config-if)#

SW1(config-if)#ip address 10.0.0.2 255.0.0.0

SW1(config-if)#no shutdown

SW1(config-if)#

%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

To verify the IP address set on a switch, we can use the show int vlan 1 command:

SW1#show int vlan 1

Vlan1 is up, line protocol is up

Hardware is CPU Interface, address is 0030.a3e8.6b3c (bia 0030.a3e8.6b3c)

Internet address is 10.0.0.2/8

....
We can verify that the host can reach the switch using its IP address by pinging it
from Host A:

C:\>ping 10.0.0.2

Pinging 10.0.0.2 with 32 bytes of data:

Reply from 10.0.0.2: bytes=32 time<1ms TTL=255

Reply from 10.0.0.2: bytes=32 time<1ms TTL=255

...

Configure interVLAN routing

NOTE
This topic is not included in the latest version of the CCNA exam (200-301). If you are studying
for the exam feel free to skip this article.
Each VLAN is its own subnet and broadcast domain, which means that frames
broadcasted onto the network are switched only between the ports within the same
VLAN. For interVLAN communication, an OSI layer 3 device (usually a router) is
needed. This layer 3 device needs to have an IP address in each VLAN and have a
connected route to each of those subnets. The hosts in each subnet can then be
configured to use the router’s IP addresses as their default gateway.

Three options are available for routing between VLANs:

1. Use a router, with one router LAN interface connected to the switch for each
VLAN. Since you need one Ethernet interface on your router to connect to each
VLAN, this option is not really scalable and rarely used today.
2. Use one router interface with trunking enabled. This option is called router on a
stick (ROAS) and enables all VLANs to communicate over a single interface.
 3. Use a Layer 3 switch, which is a device that performs both the switching and
routing operations.

Configure Cisco ROAS Router On A Stick

NOTE
This topic is not included in the latest version of the CCNA exam (200-301). If you are studying
for the exam feel free to skip this article.
To allow interVLAN communication, you can divide a single physical interface on a
router into logical interfaces that will be configured as trunk interfaces. This method
of interVLAN communication is called router on a stick (ROAS) and enables all
VLANs to communicate through a single physical interface. The physical interface is
divided into logical interfaces (known as subinterfaces), one for each VLAN.

A subinterface is created with the interface TYPE

NUMBER.SUBINTERFACE command. The subinterface number begins with the
period and it is usually the same as the VLAN the subinterface will be in. For
example, the command interface Gi0/0.1 creates a subinterface .1 under the
physical Gi0/0 port.

To configure trunking on a router, the following commands are used:

1. (config)# interface TYPE NUMBER.SUBINTERFACE – creates the

subinterface and enters the subinterface command mode.
2. (config-subif)# encapsulation dot1q VLAN_ID – sets the subinterface to trunk
and associates it with a specific VLAN.
3. (config-subif)# ip address IP_ADDRESS SUBNET_MASK – sets the IP
address for the subinterface.

We will use the following network in our example:

We have a network of three hosts, a switch and a router. Each host is in a different
VLAN, so we need to divide the physical router’s interface Gi0/0 into logical
interfaces, one for each VLAN. But first, here is the configuration of the switch:

SW1(config)#int fa0/3

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

% Access VLAN does not exist. Creating vlan 3

SW1(config-if)#int fa0/4

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 10

% Access VLAN does not exist. Creating vlan 10

SW1(config-if)#int fa0/2

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 5

% Access VLAN does not exist. Creating vlan 5

SW1(config-if)#int fa0/1

SW1(config-if)#switchport mode trunk

Notice how we’ve configured the Fa0/1 port on a switch (the port connected to the
router’s Gi0/0 interface) as the trunk port. Other ports were configured as access
ports and placed into respective VLANs since they are connected to end devices.
Now, let’s configure the router:

R1(config)#int Gi0/0

R1(config-if)#no shutdown

R1(config-if)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R1(config-if)#int Gi0/0.1

R1(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.1, changed state to

up

R1(config-subif)#encapsulation dot1q 3

R1(config-subif)#ip address 10.0.3.1 255.255.255.0

R1(config-subif)#int Gi0/0.2
R1(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.2, changed state to

up

R1(config-subif)#encapsulation dot1q 10

R1(config-subif)#ip address 10.0.10.1 255.255.255.0

R1(config-subif)#int Gi0/0.3

R1(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.3, changed state to

up

R1(config-subif)#encapsulation dot1q 5

R1(config-subif)#ip address 10.0.5.1 255.255.255.0

In the output above you can see that the router’s physical interface Gi0/0 was
divided into three subinterfaces that were then configured as trunk interfaces and
assigned the IP addresses.

To test whether the intervlan communication works, we can try to ping Host C from
Host A:

C:\>ping 10.0.5.10

Pinging 10.0.5.10 with 32 bytes of data:

Reply from 10.0.5.10: bytes=32 time<1ms TTL=127

Reply from 10.0.5.10: bytes=32 time=1ms TTL=127

Reply from 10.0.5.10: bytes=32 time<1ms TTL=127

Reply from 10.0.5.10: bytes=32 time<1ms TTL=127

As you can see from the output above, the response was received, which means
that the hosts can communicate even though they are in different VLANs.

Configure static MAC address

Although Cisco switches dynamically build the MAC address table by using the
source MAC address of the received frames, you can also manually add a MAC
address to the switch’s MAC address table. The static MAC entries will be retained
even after the switch is restarted.

To configure a static MAC address, the following command is used:

(config)#mac-address-table static MAC_ADDRESS vlan ID interface INTERFACE

The following command will permanently assign the MAC address

of 1111.1111.1111 to the interface Fa0/2, VLAN 1:

SW1(config)#mac-address-table static 1111.1111.1111 vlan 1 interface fa0/2

To verify the configuration, we can use the show mac address table command:

SW1(config)#do show mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 1111.1111.1111 STATIC Fa0/2

NOTE
To delete the static entry from the MAC address table, re-enter the command with
the no keyword in front.

Configure speed and duplex

By default, Cisco switches will auto-negotiate the speed and duplex settings. When
you connect a device (either a switch, router, or a workstation) to a port on a Cisco
switch, the negotiation process will occur and the devices will agree on the
transmission parameters. Most of the today’s network adapters support this function.

Consider the following example network:

In the picture above you see a network of a hub, a switch, and a workstation. All
three devices have auto-negotiation turned on. Because hubs can only operate in
half duplex, the switch and hub will negotiate to use the speed of 100 Mbps and half-
duplex. The workstation on the right is capable of 100 Mbps and supports full duplex,
so the devices will use these parameters to communicate.

We can verify the speed and duplex settings using the show interface command on
SW1:

SW1#show interface Fa0/1

FastEthernet0/1 is up, line protocol is up (connected)

Hardware is Lance, address is 0009.7c66.6401 (bia 0009.7c66.6401)

...

Half-duplex, 100Mb/s

...

SW1#show int fa0/2

FastEthernet0/2 is up, line protocol is up (connected)

Hardware is Lance, address is 0009.7c66.6402 (bia 0009.7c66.6402)

...

Full-duplex, 100Mb/s

...

As you can see from the output above, the interface Fa0/1 will use the speed of 100
Mbps and half-duplex. The Fa0/2 interface will use the same speed, but it will use
the full duplex communication.

It is recommended that devices on both sides of a link should have the auto-
negotiation setting turned on, or both sides should have it off. If you encounter a
 device that has speed and duplex parameters manually configured, you can use the
interface mode speed and duplex commands to set the duplex and speed settings,
e.g.:

SW1(config)#int Fa0/3

SW1(config-if)#speed 100

SW1(config-if)#duplex full

When one device uses autonegotiation and the other one has disabled it, the device
using autonegotiation will choose the default duplex setting based on the current
speed. The defaults are:

 If the speed is not known, 10 Mbps and half duplex settings will be used.

And If the device successfully senses the speed without IEEE autonegotiation, by
just looking at the signal on the cable.

 If the speed is 10 or 100 Mbps, use half duplex.

 If the speed is 1,000 Mbps or faster, use full duplex.

show interfaces status command

The status of an interface on a Cisco switch can be checked using the show
interface TYPE exec mode command. Consider the following example:

SW1#show interfaces fa0/1

FastEthernet0/1 is up, line protocol is up (connected)

Hardware is Lance, address is 0040.0b21.0b01 (bia 0040.0b21.0b01)

BW 100000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s

input flow-control is off, output flow-control is off

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:08, output 00:00:05, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

 Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

956 packets input, 193351 bytes, 0 no buffer

Received 956 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

2357 packets output, 263570 bytes, 0 underruns

0 output errors, 0 collisions, 10 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

As you can see from the output above, this command gives us plenty of information
about the specified interface. Here is a brief description of the most important lines:

 FastEthernet0/1 is up, line protocol is up (connected) – indicates that the

interface is in the up and up state
 Hardware is Lance, address is 0040.0b21.0b01 – Lance indicates the
chipset used by the port. The MAC address of the port is also listed
 BW 100000 Kbit, DLY 1000 usec – the bandwidth and delay of the interface
 Full-duplex, 100Mb/s – the port operates in the full duplex mode and
supports the speed of up to 100Mb/s
 956 packets input, 193351 bytes, 0 no buffer – the total number and size of
packets received by the port.
 Received 956 broadcasts – the total number of broadcast packets received
by the device.
 0 input errors, 0 CRC, 0 frame… – the number of received packets that were
received incorrectly.
 2357 packets output, 263570 bytes, 0 underruns – he total number and
size of packets sent by the port.
 0 output errors, 0 collisions – the number of packets that were not sent
because of an error and the number of Ethernet collisions.
 Interface status codes
 Interface status codes can tell you whether an interface on a Cisco router or a
switch is working. Status codes of an interface can be displayed using
the show interface TYPE command, e.g.:
 SW1#show interface fa0/1
 FastEthernet0/1 is up, line protocol is up (connected)

 Hardware is Lance, address is 0060.70d8.0001 (bia 0060.70d8.0001)

 BW 100000 Kbit, DLY 1000 usec,

 reliability 255/255, txload 1/255, rxload 1/255

 Encapsulation ARPA, loopback not set

 Keepalive set (10 sec)

 The first line of the output indicates the working state of the interface. The first
status code (known as line status) indicates that the Layer 1 is working
(FastEthernet0/1 is up). The second status code (known as protocol status)
indicates that Layer 2 is also working (line protocol is up) and is
always Down if the line status is Down. Finally, the word at the end of the line
indicates the working state of the interface (connected in our case).
 All possible combinations of the status codes are given in the table below:


 NOTE
Only interfaces with status codes of up and up will forward or receive frames.

 Interface range command

 If you have multiple interfaces that need to be configured with the same
settings, you can use the interface range command to specify a range of
interfaces to which the subsequent commands will be applied.
 For example, let’s say that interfaces Fa0/4, Fa0/5, Fa0/6, Fa0/7, and Fa0/8
need to have the same description. We don’t need to enter the subinterface
mode of each interface separately to configure the description – we can use
the interface range Fa0/4 – 8 command and then execute
the description command:
 SW1(config)#interface range Fa0/4 - 8

 SW1(config-if-range)#description END_HOSTS

 The description parameter will be applied to all interfaces in the specified

range:
 SW1#show running-config

 Building configuration...
  ...

 Current configuration : 1157 bytes

 interface FastEthernet0/3

 !

 interface FastEthernet0/4

 description END_HOSTS

 !

 interface FastEthernet0/5

 description END_HOSTS

 !

 interface FastEthernet0/6

 description END_HOSTS

 !

 interface FastEthernet0/7

 description END_HOSTS

 !

 interface FastEthernet0/8

 description END_HOSTS

 !

 interface FastEthernet0/9

 !

 ....

show version command

The exec mode show version command displays information about the device, such
as:

 the IOS version running on the device

 number of interfaces
 device model
 time of the last reboot
 amount of memory available on the device

Here is an example output of this command executed on a Cisco Catalyst 2960

series switch:

SW1#show version

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4,

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 26-Jun-13 02:49 by mnguyen

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE

SOFTWARE (fc4)

Switch uptime is 39 minutes

System returned to ROM by power-on

System image file is "flash:c2960-lanbasek9-mz.150-2.SE4.bin"

This product contains cryptographic features and is subject to United

....

cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 65536K bytes of memory.

Processor board ID FOC1010X104

Last reset from power-on

1 Virtual Ethernet interface

24 FastEthernet interfaces

2 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

 64K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 00:17:59:A7:51:80

Motherboard assembly number : 73-10390-03

Power supply part number : 341-0097-02

Motherboard serial number : FOC10093R12

Power supply serial number : AZS1007032H

Model revision number : B0

Motherboard revision number : B0

Model number : WS-C2960-24TT-L

System serial number : FOC1010X104

Top Assembly Part Number : 800-27221-02

Top Assembly Revision Number : A0

Version ID : V02

CLEI Code Number : COM3L00BRA

Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 26 WS-C2960-24TT-L 15.0(2)SE4 C2960-LANBASEK9-M

Configuration register is 0xF

As you can see from the output above, this command gives us detailed information
about the IOS device. Here is a brief description of the most important information:

 Version 15.0(2)SE4 – the IOS version that the device is running

 Switch uptime is 39 minutes – the uptime of the device
 System returned to ROM by power-on – the reason for the last reload of the
device (e.g. whether the device was reloaded using the reload command, powered
off and on…)
 System image file is “flash:c2960-lanbasek9-mz.150-2.SE4.bin” – the
image file of the running IOS
 cisco WS-C2960-24TT-L (PowerPC405) processor – CPU type
 24 FastEthernet interfaces, 2 Gigabit Ethernet interfaces – physical
interfaces on the device
 Configuration register is 0xF – the configuration register setting that defines
which IOS software and configuration file to load.

Port security
By default, all interfaces on a Cisco switch are turned on. That means that an
attacker could connect to your network through a wall socket and potentially threaten
your network. If you know which devices will be connected to which ports, you can
use the Cisco security feature called port security. By using port security, a network
administrator can associate specific MAC addresses with the interface, which can
prevent an attacker to connect his device. This way you can restrict access to an
interface so that only the authorized devices can use it. If an unathorized device is
connected, you can decide what action the switch will take, for example discarding
the traffic and shutting down the port.

To configure port security, three steps are required:

1. define the interface as an access interface by using the switchport mode

access interface subcommand
2. enable port security by using the switchport port-security interface subcommand
3. define which MAC addresses are allowed to send frames through this interface by
using the switchport port-security mac-address MAC_ADDRESS interface
subcommand or using the swichport port-security mac-address sticky interface
subcommand to dynamically learn the MAC address of the currently connected host

Two steps are optional:

1. define what action the switch will take when receiving a frame from an unathorized
device by using the port security violation {protect | restrict | shutdown} interface
subcommand. All three options discards the traffic from the unauthorized device. The
restrict and shutdown options send a log messsages when a violation occurs. Shut
down mode also shuts down the port.
2. define the maximum number of MAC addresses that can be used on the port by
using the switchport port-security maximum NUMBER interface submode command

The following example shows the configuration of port security on a Cisco switch:
First, we need to enable port security and define which MAC addresses are allowed
to send frames:

Next, by using the show port-security interface fa0/1 we can see that the switch has
learned the MAC address of host A:

By default, the maximum number of allowed MAC addresses are one, so if we

connect another host to the same port, the security violation will occur:

The status code of err-disabled means that the security violation occured on the
port.
NOTE
To enable the port, we need to use the shutdown and no shutdown interface subcommands.
What is IP routing?
IP routing is the process of sending packets from a host on one network to another
host on a different remote network. This process is usually done by routers. Routers
examine the destination IP address of a packet , determine the next-hop address,
and forward the packet. Routers use routing tables to determine the next hop
address to which the packet should be forwarded.

Consider the following example of IP routing:

Host A wants to communicate with host B, but host B is on another network. Host A
is configured to send all packets destined for remote networks to router R1. Router
R1 receives the packets, examines the destination IP address and forwards the
packet to the outgoing interface associated with the destination network.

Default gateway
A default gateway is a router that hosts use to communicate with other hosts on
remote networks. A default gateway is used when a host doesn’t have a route entry
for the specific remote network and doesn’t know how to reach that network. Hosts
can be configured to send all packets destined to remote networks to the default
gateway, which has a route to reach that network.

The following example explains the concept of a default gateway more thoroughly.

Host A has an IP address of the router R1 configured as the default gateway

address. Host A is trying to communicate with host B, a host on another, remote
network. Host A looks up in its routing table to check if there is an entry for that
destination network. If the entry is not found, the host sends all data to the router R1.
Router R1 receives the packets and forwards them to host B.

Routing table
 Each router maintains a routing table and stores it in RAM. A routing table is used by
routers to determine the path to the destination network. Each routing table consists
of the following entries:

 network destination and subnet mask – specifies a range of IP addresses.

 remote router – IP address of the router used to reach that network.
 outgoing interface – outgoing interface the packet should go out to reach the
destination network.

There are three different methods for populating a routing table:

 directly connected subnets

 using static routing
 using dynamic routing

Each of this method will be described in the following chapters.

Consider the following example. Host A wants to communicate with host B, but host
B is on another network. Host A is configured to send all packets destined for remote
networks to the router. The router receives the packets, checks the routing table to
see if it has an entry for the destination address. If it does, the router forwards the
packet out the appropriate interface port. If the router doesn’t find the entry, it
discards the packet.

We can use the show ip route command from the enabled mode to display the
router’s routing table.

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

 P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/1

C 192.168.0.0/24 is directly connected, FastEthernet0/0

As you can see from the output above, this router has two directly connected routes
to the subnets 10.0.0.0/8 and 192.168.0.0/24. The character C in the routing table
indicates that a route is a directly connected route. So when host A sends the packet
to host B, the router will look up into its routing table and find the route to the
10.0.0.0/8 network on which host B resides. The router will then use that route to
route packets received from host A to host B.

Connected, static & dynamic routes

Let’s explain the types of routes that can be found in a router’s routing table.

Connected routes
Subnets directly connected to a router’s interface are added to the router’s routing
table. Interface has to have an IP address configured and both interface status
codes must be in the up and up state. A router will be able to route all packets
destined for all hosts in subnets directly connected to its active interfaces.

Consider the following example. The router has two active interfaces, Fa0/0 and
Fa0/1. Each interface has been configured with an IP address and is currently in the
up-up state, so the router adds these subnets to its routing table.
As you can see from the output above, the router has two directly connected routes
to the subnets 10.0.0.0/8 and 192.168.0.0/24. The character C in the routing table
indicates that a route is a directly connected route.
NOTE
You can see only connected routes in a router’s routing table by typing the show ip route
connected command.
Static routes
By adding static routes, a router can learn a route to a remote network that is not
directly connected to one of its interfaces. Static routes are configured manually by
typing the global configuration mode command ip route DESTINATION_NETWORK
SUBNET_MASK NEXT_HOP_IP_ADDRESS. This type of configuration is usually
used in smaller networks because of scalability reasons (you have to configure each
route on each router).

A simple example will help you understand the concept of static routes.

Router A is directly connected to router B. Router B is directly connected to the

subnet 10.0.0.0/24. Since that subnet is not directly connected to Router A, the
router doesn’t know how to route packets destined for that subnet. However. you can
configure that route manually on router A.

First, consider the router A’s routing table before we add the static route:
Now, we’ll use the static route command to configure router A to reach the subnet
10.0.0.0/24. The router now has the route to reach the subnet.

The character S in the routing table indicates that a route is a statically configured
route.

Another version of the ip route command exists. You don’t have to specify the next-
hop IP address. You can rather specify the exit interface of the local router. In the
example above we could have typed the ip route DEST_NETWORK
NEXT_HOP_INTERFACE command to instruct router A to send all traffic destined
for the subnet out the right interface. In our case, the command would be ip route
10.0.0.0 255.255.255.0 Fa0/0.

Default static route

A default route defines where packets will be sent if no specific route for the
destination network is listed in the routing table. If no default route is set, the router
will discard all packets with destination addresses not found its routing table.

Consider the following example:

We have a network of three routers. R1 is directly connected to two subnets –
192.168.0.0/24 and 10.0.0.0/24. R3 is connected to the Internet.

Here is the routing table on R1:

R1#show ip route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/24 is directly connected, GigabitEthernet0/1

L 10.0.0.1/32 is directly connected, GigabitEthernet0/1

192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.0.0/24 is directly connected, GigabitEthernet0/0

L 192.168.0.1/32 is directly connected, GigabitEthernet0/0

Notice the lack of the default gateway or default route. If R1 tries to access a public
IP address (e.g. 4.2.2.2), the packets will be dropped because no route to that IP
address has been found in the routing table:
To create a default static route on R1, we need to use the following command:

R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2

The command above instructs R1 to match all IP address and subnet masks and
send the packets to 10.0.0.2 (the interface on R3 that is connected to R1). The
routing table on R1 now looks like this:

R1#show ip route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/24 is directly connected, GigabitEthernet0/1

L 10.0.0.1/32 is directly connected, GigabitEthernet0/1

192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.0.0/24 is directly connected, GigabitEthernet0/0

L 192.168.0.1/32 is directly connected, GigabitEthernet0/0

S* 0.0.0.0/0 [1/0] via 10.0.0.2

Notice how the gateway of last restort is now set to 10.0.0.2. There is also a route
marked with S* in the routing table, which means that the static default route we’ve
just configured is a candidate default route (since routers can learn about multiple
default routes), and * indicates that this static route is a candidate to become the
default route.

Ping will now succeed:

R1#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

NOTE
Connected routes always take precedence over static or dynamically discovered routes because
they have the administrative distance value of 0 (the lowest possible value). In our case, this
means that R1 will send out packets destined for 192.168.0.0/24 according to the specified
connected route.

Dynamic routes
A router can learn dynamic routes if a routing protocol is enabled. A routing protocol
is used by routers to exchange routing information with each other. Every router in
the network can then use information to build its routing table. A routing protocol can
dynamicaly choose a different route if a link goes down, so this type of routing is
fault-tolerant. Also, unlike with static routing, there is no need to manually configure
every route on every router, which greatly reduces the administrative overhead. You
only need to define which routes will be advertised on a router that connect directly
to the corresponding subnets – routing protocols take care of the rest.

The disadvantage of dynamic routing is that it increases memory and CPU usage on
a router, because every router has to process received routing information and
calculate its routing table.

To better understand the advantages that dynamic routing procotols bring, consider
the following example:
Both routers are running a routing protocol, namely EIGRP. There is no static routes
on Router A, so R1 doesn’t know how to reach the subnet 10.0.0.0/24 that is directly
connected to Router B. Router B then advertises the subnet to Router A using
EIGRP. Now Router A has the route to reach the subnet. This can be verified by
typing the show ip route command:

You can see that Router A has learned the subnet from EIGRP. The letter D in front
of the route indicates that the route has been learned through EIGRP. If the subnet
10.0.0.0/24 fails, Router B can immediately inform Router A that the subnet is no
longer reachable.

Administrative distance & metric

Administrative distance
A network can use more than one routing protocol, and routers on the network can
learn about a route from multiple sources. Routers need to find a way to select a
better path when there are multiple paths available. Administrative distance number
is used by routers to find out which route is better (lower number is better). For
example, if the same route is learned from RIP and EIGRP, a Cisco router will
choose the EIGRP route and stores it in the routing table. This is because EIGRP
routes have (by default) the administrative distance of 90, while RIP route have a
higher administrative distance of 120.

You can display the administrative distance of all routes on your router by typing
the show ip route command:
In the case above, the router has only a single route in its routing table learned from
a dynamic routing protocols – the EIGRP route.

The following table lists the administrative distance default values:

Metric
If a router learns two different paths for the same network from the same routing
protocol, it has to decide which route is better and will be placed in the routing table.
Metric is the measure used to decide which route is better (lower number is better).
Each routing protocol uses its own metric. For example, RIP uses hop counts as a
metric, while OSPF uses cost.

The following example explains the way RIP calculates its metric and why it chooses
one path over another.
 RIP has been configured on all routers. Router 1 has two paths to reach the subnet
10.0.0.0/24. One path is goes through Router 2, while the other path goes through
Router 3 and then Router 4. Because RIP uses the hop count as its metric, the path
through Router 2 will be used to reach the 10.0.0.0/24 subnet. This is because that
subnet is only one router away on the path. The other path will have a higher metric
of 2, because the subnet is two routers away.
NOTE
The example above can be used to illustrate a disadvantage of using RIP as a routing protocol.
Imagine if the first path through R2 was the 56k modem link, while the other path (R3-R4) is a
high speed WAN link. Router R1 would still chose the path through R2 as the best route,
because RIP uses only the hop count as its metric.
 

The following table lists the parameters that various routing protocols use to
calculate the metric:

Routing protocols
Dynamic routes are routes learned via routing protocols. Routing protocols are
configured on routers with the purpose of exchanging routing information. There are
many benefits of using routing protocols in your network, such as:

 unlike static routing, you don’t need to manually configure every route on each
router in the network. You just need to configure the networks to be advertised on a
router directly connected to them.
 if a link fails and the network topology changes, routers can advertise that
some routes have failed and pick a new route to that network.

Types of routing protocols

 There are two types of routing protocols:

1. Distance vector (RIP, IGRP)

2. Link state (OSPF, IS-IS)

Cisco has created its own routing protocol – EIGRP. EIGRP is considered to be an
advanced distance vector protocol, although some materials erroneously state that
EIGRP is a hybrid routing protocol, a combination of distance vector and link state.

All of the routing protocols mentioned above are interior routing protocols (IGP),
which means that they are used to exchange routing information within one
autonomous system. BGP (Border Gateway Protocol) is an example of an exterior
routing protocol (EGP) which is used to exchange routing information between
autonomous systems on the Internet.

Distance vector protocols

As the name implies, distance vector routing protocols use distance to determine the
best path to a remote network. The distance is something like the number of hops
(routers) to the destination network.

Distance vector protocols usually send the complete routing table to each neighbor
(a neighbor is directly connected router that runs the same routing protocol). They
employ some version of Bellman-Ford algorithm to calculate the best routes.
Compared with link state routing protocols, distance vector protocols are easier to
configure and require little management, but are susceptible to routing loops and
converge slower than the link state routing protocols. Distance vector protocols also
use more bandwidth because they send complete routing table, while the link state
procotols send specific updates only when topology changes occur.

RIP and EIGRP are examples of distance vector routing protocols.

Link state protocols

Link state routing protocols are the second type of routing protocols. They have the
same basic purpose as distance vector protocols, to find a best path to a destination,
but use different methods to do so. Unlike distance vector protocols, link state
protocols don’t advertise the entire routing table. Instead, they advertise information
about a network toplogy (directly connected links, neighboring routers…), so that in
the end all routers running a link state protocol have the same topology database.
Link state routing protocols converge much faster than distance vector routing
protocols, support classless routing, send updates using multicast addresses and
use triggered routing updates. They also require more router CPU and memory
usage than distance-vector routing protocols and can be harder to configure.

Each router running a link state routing protocol creates three different tables:

 neighbor table – the table of neighboring routers running the same link state
routing protocol.
 topology table – the table that stores the topology of the entire network.
 routing table – the table that stores the best routes.
 

Shortest Path First algorithm is used to calculate the best route. OSPF and IS-IS are
examples of link state routing protocols.

Difference between distance vector and link state routing protocols

The following table summarizes the differences:

RIP overview
NOTE
RIP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

RIP (Routing Information Protocol) is one of the oldest distance vector routing
protocols. It is usually used on small networks because it is very simple to configure
and maintain, but lacks some advanced features of routing protocols like OSPF or
EIGRP. Two versions of the protocol exists: version 1 and version 2. Both versions
use hop count as a metric and have the administrative distance of 120. RIP version 2
is capable of advertising subnet masks and uses multicast to send routing updates,
while version 1 doesn’t advertise subnet masks and uses broadcast for updates.
Version 2 is backwards compatible with version 1.

RIPv2 sends the entire routing table every 30 seconds, which can consume a lot of
bandwidth. RIPv2 uses multicast address of 224.0.0.9 to send routing updates,
supports authentication and triggered updates (updates that are sent when a change
in the network occurs).

For example of how RIP works, consider the following figure.

Router R1 directly connects to the subnet 10.0.0.0/24. Network engineer has
configured RIP on R1 to advertise the route to this subnet. R1 sends routing updates
to R2 and R3. The routing updates list the subnet, subnet mask and metric for this
route. Each router, R2 and R3, receives this update and adds the route to their
respective routing tables. Both routers list the metric of 1 because the network is only
one hop away.
NOTE
Maximum hop count for a RIP route is 15. Any route with a higher hop count is considered to be
unreachable.

Configuring RIPv2
NOTE
RIP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

Configuring RIPv2 is a pretty straightforward process. Only three steps are required:

1. enabling RIP by using the router rip global configuration command

2. instructing the router to use RIPv2 by typing the version 2 command
3. telling RIP which networks to advertise by using one or more network commands.

The first two commands are easy to comprehend, but the last command requires a
little bit more thought. With the network command you specify which interfaces will
participate in the routing process. This command takes a classful network as a
parameter and enables RIP on the corresponding interfaces.Let’s configure our
sample network to use RIP.
Router R1 and R2 have directly connected subnets. We want to include these
subnets in the RIP routing process. To do that, we first need to enable RIP on both
routers and then advertise these subnets using the network command.

On router R1, in the global configuration mode, enter the router rip command to

enable RIP. In the RIP configuration mode, change the version of the protocol to 2
by using the version 2 command. Next, use the network 10.0.0.0 command to
include the Fa0/1 interface on the router R1 in the routing process. Remember,
the network command takes a classful network number as a parameter, so in this
case every interface that has an IP address that begins with 10 will be included in
the RIP process (IP addresses that begins with 10 are, by default, the class A
addresses and have the default subnet mask of 255.0.0.0). For instance, if another
interface on the router had the IP address of 10.1.0.1 it would also be included in the
routing process with the network command. You also need to include the link
between the two routers in the RIP routing process. This is done by adding
another network statement, network 172.16.0.0.

So, the configuration on R1 should look like this:

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 10.0.0.0

R1(config-router)#network 172.16.0.0

The configuration on R2 looks similar, but with different network number for the
directly connected subnet:

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#network 192.168.0.0

R2(config-router)#network 172.16.0.0

You can verify that router R1 has a route to R2’s directly connected subnet by typing
the show ip route command:
 The legend lists R for all RIP routes in the routing table. Also note that the
administrative distance of 120 is shown, together with the metric of 1.

passive-interface command
NOTE
RIP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

Consider the following example network with RIP turned on:

The RIP configuration on R2 looks like this:

router rip

version 2

network 10.0.0.0

network 192.168.0.0

As we’ve already mentioned, the network command does two things:

 advertises the defined network in RIP.

 activates RIP on the interfaces whose addresses fall within the specified
classful networks.

So in the example network above, RIP will also be activated on the interface
connected to the workstation on the right. This means that the workstation will also
receive RIP updates, which is pointless. To prevent this from happening, the passive
interface command is used:

R2(config)#router rip

R2(config-router)#passive-interface Gi0/1

Now, the RIP process will no longer send RIP updates out the Gi0/1 interface.
However, all received RIP updates will be processed and the subnet 10.0.0.0/24 will
still be advertised.

RIP loop prevention

NOTE
RIP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

Distance vector protocols are susceptible to routing loops. Routing loops occur when
a packet is continually routed through the same routers over and over again, in an
endless circle. Because they can render a network unusable, distance vector routing
protocols (such as RIP and EIGRP) employ several different mechanisms to prevent
routing loops. We will describe them in this article.

Split Horizon
Split horizon is one of the features of distance vector routing protocols that prevents
routing loops. This feature prevents a router from advertising a route back onto the
interface from which it was learned.

Consider the following network topology:

Router R1 has a route to the subnet 10.0.1.0/24 that is advertised to router R2 by

using RIP. Router R2 receives the update and stores the route in its routing table.
Router R2 knows that the routing update for that route has come from R1, so it won’t
advertise the route back to router R1. Otherwise, if the network 10.0.1.0/24 goes
down, router R1 could receive a route to the subnet 10.0.1.0/24 from R2. Router R1
would think that R2 has the route to reach the subnet, and would send packets
destinated for the 10.0.1.0/24 to R2. R2 would receive the packets from R1 and
sends them back to R1, because R2 thinks that R1 has a route to reach the subnet,
thereby creating a routing loop.

Route poisoning
Route poisoning is another method for preventing routing loops employed by
distance vector routing protocols. When a router detects that one of its directly
connected routes has failed, it sends the advertisement for that route with an infinite
metric (poisoning the route). A router that receives the update knows that the route
has failed and doesn’t use it anymore.

Consider the following example:

Router R1 is directly connected to the 10.0.1.0/24 subnet. Router R1 runs RIP and
the subnet is advertised to R2. When the R1’s Fa0/1 interface fails, the route
advertisement is sent by R1 to R2 indicating that the route has failed. The route has
a metric of 16, which is more than the RIP’s maximum hop count of 15, so R1
considers the route to be unreachable.

Holddown timer
Holddown is another loop-prevention mechanism employed by distance vector
routing protocol. This feature prevents a router from learning new information about
a failed route. When a router receives the information about the unreachable route,
the holddown timer is started. The router ignores all routing updates for that route
until the timer expires (by default, 180 seconds in RIP). Only updates allowed during
that period are updates sent from the router that originally advertised the route. If
that router advertise the update, the holddown timer is stopped and the routing
information is processed.

An example will help you understand the concept better. Consider the following
network topology.
Router R1 has advertised its directly connected subnet 10.0.1.0/24 through RIP.
After some period of time, the interface Fa0/1 on R1 fails and the router R1 sends
the poisoned route to R2. R2 receives the routing update, marks the route as
unreachable and starts the holddown timer. During that time all updates from any
other routers about that route are ignored to prevent routing loops. If interface Fa0/1
on R1 comes back up, R1 again advertises the route. R2 process that update even if
the holddown timer is still running, because the update is sent by the same router
that originally advertised the route.

Advertise default routes using RIP

NOTE
RIP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

Consider the following example network:

 In the network above we have three routers running RIP. Router R3 is connected to
the ISP’s internet router and and has a static default route that points to it. It is
possible to advertise that default route using RIP to other routers in the local
network. On R3, we simply need to enter the default-information originate command
in the RIP configuration mode.

Here is the configuration on R3:

R3(config)#ip route 0.0.0.0 0.0.0.0 50.50.50.1

R3(config)#router rip

R3(config-router)#default-information originate

R1 and R2 don’t need any additional configuration – they learn the default route just
like any other RIP route:

R1#show ip route rip

R* 0.0.0.0/0 [120/1] via 10.0.0.1, 00:00:04, GigabitEthernet0/0

As you can see from the output above, R1 learned about the default route via RIP.
The route is marked with an asterisk (*), indicating that the route is a candidate to be
the default route.

EIGRP overview
NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance

vector routing protocol. This protocol is an evolution of an earlier Cisco protocol
called IGRP, which is now considered obsolete. EIGRP supports classless routing
and VLSM, route summarization, incremental updates, load balacing and many other
useful features. It is a Cisco propriatery protocol, so all routers in a network that is
running EIGRP must be Cisco routers.

Routers running EIGRP must become neighbors before exchanging routing

information. To dynamically discover neighbors, EIGRP routers use the multicast
address of 224.0.0.10. Each EIGRP router stores routing and topology information in
three tables:

 Neighbor table – stores information about EIGRP neighbors

 Topology table – stores routing information learned from neighboring routers
 Routing table –  stores the best routes

Administrative distance of EIGRP is 90, which is less than both the administrative
distance of RIP and  the administrative distance of OSPF, so EIGRP routes will be
 preferred over these routes. EIGRP uses Reliable Transport Protocol (RTP) for
sending messages.

EIGRP calculates its metric by using bandwidth, delay, reliability and load. By
default, only bandwidth and delay are used when calulating metric, while reliability
and load are set to zero.

EIGPR uses the concept of autonomous systems. An autonomous system is a set of

EIGRP enabled routers that should become EIGRP neighbors. Each router inside an
autonomous system must have the same autonomous system number configured,
otherwise routers will not become neighbors.

EIGRP Neighbors
EIGRP must establish neighbor relationships with other EIGRP neighboring routers
before exchanging routing information. To establish a neighbor relationships, routers
send hello packets every couple of seconds. Hello packets are sent to the multicast
address of 224.0.0.10.
NOTE
On LAN interfaces hellos are sent every 5 seconds. On WAN interfaces every 60 seconds.
 

The following fields in a hello packet must be the identical in order for routers to
become neighbors:

 ASN (autonomous system number)

 subnet number
 K values (components of metric)

Routers send hello packets every couple of seconds to ensure that the neighbor
relationship is still active. By default, routers considers the neighbor to be down after
a hold-down timer has expired. Hold-down timer is, by default, three times the hello
interval. On LAN network the hold-down timer  is 15 seconds.

Feasible and reported distance

Two terms that you will often encounter when working with EIGRP are feasible and
reported distance. Let’s clarify these terms:

 Feasible distance (FD) – the metric of the best route to reach a network.
That route will be listed in the routing table.
 Reported distance (RD) – the metric advertised by a neighboring router for a
specific route. It other words, it is the metric of the route used by the neighboring
router to reach the network.

To better understand the concept, consider the following example.

 EIGRP has been configured on R1 and R2. R2 is directly connected to the subnet
10.0.1.0/24 and advertises that subnet into EIGRP. Let’s say that R2’s metric to
reach that subnet is 28160. When the subnet is advertised to R1, R2 informs R1 that
its metric to reach 10.0.1.0/24 is 28160. From the R1’s perspective that metric is
considered to be the reported distance for that route. R1 receives the update and
adds the metric to the neighbor to the reported distance. That metric is called
the feasible distance and is stored in R1’s routing table (30720 in our case).

The feasible and reported distance are displayed in R1’s EIGRP topology table:

R1#show ip eigrp topology

IP-EIGRP Topology Table for AS 1/ID(192.168.0.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

P 10.0.1.0/24, 1 successors, FD is 30720

via 192.168.0.2 (30720/28160), FastEthernet0/0

P 192.168.0.0/24, 1 successors, FD is 28160

via Connected, FastEthernet0/0

Successor and feasible successor

Another two terms that appear often in the EIGRP world
are successor and feasible successor. A successor is the route with the best
metric to reach a destination. That route is stored in the routing table. A feasible
successor is a backup path to reach that same destination that can be used
immediately if the successor route fails. These backup routes are stored in the
topology table.

For a route to be chosen as a feasible successor, one condition must be met:

 the neighbor’s advertised distance (AD) for the route must be less than the
successor’s feasible distance (FD).
The following example explains the concept of a successor and a feasible
successor.

R1 has two paths to reach the subnet 10.0.0.0/24. The path through R2 has the best
metric (20) and it is stored in the R1’s routing table. The other route, through R3, is a
feasible successor route, because the feasiblility condition has been met (R3’s
advertised distance of 15 is less than R1’s feasible distance of 20). R1 stores that
route in the topology table. This route can be immediately used if the primary route
fails.

EIGRP topology table

EIGRP toplogy table contains all learned routes to a destination. The table holds all
routes received from a neighbor, successors and feasible successors for every
route, and interfaces on which updates were received. The table also holds all locally
connected subnets included in an EIGRP process.

Best routes (the successors) from the topology table are stored in the routing table.
Feasible successors are only stored in the topology table and can be used
immediately if the primary route fails.

Consider the following network topology.

 EIGRP is running on all three routers. Routers R2 and R3 both connect to the subnet
10.0.1.0/24 and advertise that subnet to R1. R1 receives both updates and calulates
the best route. The best path goes through R2, so R1 stores that route in the routing
table. Router R1 also calculates the metric of the route through R3. Let’s say that
advertised distance of that route is less then feasible distance of the best route. The
feasibility condition is met and router R1 stores that route in the topology table as a
feasible successor route. The route can be used immediately if the primary route
fails.

EIGRP configuration
NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

Configuring EIGRP 1
EIGRP configuration closely resembles RIP configuration. Only two steps are
required:

 enabling EIGRP by using the router eigrp ASN_NUMBER command

 telling EIGRP which networks to advertise by using one or
more network statements

The first command, router eigrp ASN_NUMBER, enables EIGRP on a

router. ASN_NUMBER represents an autonomous system number and has to be the
same on all routers running EIGRP, otherwise routers won’t become neighbors. The
second command, network SUBNET, enables EIGRP on selected interfaces and
specifies which networks will be advertised. By default, the network command takes
a classful network number as the parameter.

To illustrate a configuration of EIGRP, we will use the following network:

The network depicted above consists of only two routers. Each router has a directly
connected subnet that needs to be advertised through EIGRP. Here is the EIGRP
configuration on R1 and R2:
You can verify that routers have become neighbors by using the show ip eigrp
neighbors command on either router:

The command above lists all EIGRP neighbors. The address field lists the
neighboring router RID (router ID). The interface field shows on which local interface
the neighbor relationship has been formed.

You can verify that routes are indeed being exchanged by using the show ip
route command on both routers:

R1:

R2:
NOTE
The D character at the beginning of a line in a routing table indicates that the route has been
learned via EIGRP.
 

Configuring EIGRP 2
By default, the network command uses a classful network as the parameter. All
interfaces inside that classful network will participate in the EIGRP process.To
enable EIGRP only on specific interfaces, a wildcard mask can be used. The syntax
of the command is:

(router-eigrp) network WILDCARD_MASK

Consider the following example.

Router R1 has two directly connected subnets, 10.0.0.0/24 and 10.0.1.0/24. We

want to enable EIGRP only on the subnet connected to the interface Fa0/0. If we
enter the network 10.0.0.0 command under the EIGRP configuration mode, both
subnets will be included in EIGRP process because we’ve used a classful network
number in the network command. To configure EIGRP only on interface Fa0/0,
the network 10.0.0.0 0.0.0.255 command can be used. This will enable EIGRP only
on interfaces starting with 10.0.0.X.

By using the command show ip protocols, you can verify that only the network
10.0.0.0/24 is included in  EIGRP:
Wildcard mask in EIGRP
NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
The network command in EIGRP uses a classful network as the parameter by
default, which means that all interfaces inside the classful network will participate in
the EIGRP process. We can enable EIGRP only for specific networks using wildcard
masks. The syntax of the command is:

(router-eigrp)#network IP_ADDRESS WILDCARD_MASK

We will use the following example network:

The router is directly connected to three subnets. Let’s say that we want to advertise
only the 10.0.0.0/24 subnet in EIGRP. We can use the wildcard mask of 0.0.0.255 to
do this:

R1(config-router)#network 10.0.0.0 0.0.0.255

Using the show ip protocols command we can verify that only the subnet 10.0.0.0/24
is included in EIGRP:

R1#show ip protocols

Routing Protocol is "eigrp 1 "

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Default networks flagged in outgoing updates

Default networks accepted from incoming updates

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Redistributing: eigrp 1

Automatic network summarization is in effect

Automatic address summarization:

Maximum path: 4

Routing for Networks:

10.0.0.0/24

Routing Information Sources:

Gateway Distance Last Update

Distance: internal 90 external 170

Notice that 10.0.0.0/24 is listed under the Routing for Networks column. The other
two networks (10.0.1.0/24 and 10.0.5.0/24) are not included in EIGRP.

EIGRP automatic & manual summarization

NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
Route summarization is a method of representing multiple networks with a single
summary address. It is often use in large networks with many subnets because it
reduces the number of routes that a router must maintain and minimizes the traffic
used for routing updates. Two methods for summarizing routes exist: automatic
summarization and manual summarization.
EIGRP automatic summarization
By default, EIGRP has the auto summary feature enabled. Because of this, routes
are summarized to classful address at network boundaries in the routing updates.

To better understand the concept of auto-summarization, consider the following

example.

Router R1 and R2 are running EIGRP. Router R1 has the locally connected subnet
10.0.1.0/24 that is advertised to the router R2. Because of the auto summary feature,
the router R1 summarizes the network 10.0.1.0/24 before sending the route to R2.
With the auto summary feature turned on, R1 sends the classful route 10.0.0.0/8 to
R2 instead of the more specific 10.0.1.0/24 route.

On R1, we have configured the following network statement:

But, because of the auto-summary feature, R2 receives the route to the classful
network 10.0.0.0/8:

The auto summary feature can cause problems with discontiguous networks. This is
why this feature is usually turned off. This is done by using the no auto-
summary command:
Now R2 has the classless route to reach the subnet 10.0.1.0/24:

NOTE
After typing the no auto-summary command, the neighbor relationship will be re-established.
EIGRP manual summarization
One of the advantages of EIGRP over some other routing protocols (like OSPF) is
that manual summarization can be done on any router within a network. A single
route can be used to represent multiple routes, which reduces the size of routing
tables in a network.

Manual summarization is configured on a per-interface basis. The syntax of the

command is:

(config-if) ip summary-address eigrp ASN SUMMARY_ADDRESS SUBNET_MASK

An example will help you to understand the concept of manual summarization:

Router R1 and R2 are running EIGRP. Router R1 (on the left) has two directly
connected subnets: 10.0.0.0/24 and 10.0.1.0/24. EIGRP advertises these subnets as
two separate routes. R2 now has two routes for two subnets, which can be
confirmed by using the show ip route command on R2:

We could configure R1 to advertise only one summary route for both subnets, which
helps reduce R2’s routing table. To do this, the following command can be used:

Now, R1 is sending only one route to reach both subnets to R2. We can verify that
by using the show ip route command on R2:
 Now R2 has only one route to reach both subnets on R1.
NOTE
In the example above, the ip summary command included two subnets on R1, but also some
other addresses that are not in these subnets. The range of the summarized addresses
is 10.0.0.0 – 10.0.255.255, so R2 thinks that R1 has the routes for all addresses inside that
range. That could cause some problems if these addresses exist somewhere else in the network.

EIGRP authentication & load balancing

NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
 

EIGRP authentication
EIGRP authentication is used to prevent an attacker from forming the EIGRP
neighbor relationship with your router and advertising incorrect routing information.
By using the same preshared key (PSK) on all routers you can force EIGRP to
authenticate each EIGRP message. That way you can ensure that your router
accepts routing updates only from the trusted sources. To authenticate every
message, the MD5 (Message Digest 5) algorithm is used.

Three steps are required to configure EIGRP authentication:

 1. creating a keychain
 2. specifying a key string for a key
 3. configuring EIGRP to use authentication

EIGRP uses the concept of key chains. Each key chain can have many keys, just
like in real life. You can specify a different lifetime interval of each key. That way the
second key in a key chain can be used after the first one is expired, the third one
after the second and so on. After you have created a key chain with the
corresponding keys, you need to enable EIGRP authentication for a particular
interface.

To configure a router to use EIGRP configuration the following commands are used:
1. (global-config) key chain NAME – creates a keychain
2. (config-keychain) key NUMBER – identifies the key number
3. (config-keychain-key) key-string STRING – specifies the key string for the key

Next, we need to enable EIGRP authentication on an interface. From the interface

mode, the following commands are used:

4. (config-if) ip authentication mode eigrp ASN md5 – enables EIGRP authentication

on the interface
5. (config-if) ip authentication key-chain eigrp ASN KEY_CHAIN_NAME – specifies
the name of the key chain that will be used for authentication
NOTE
For the authentication to work, the key number and the key string have to match on both routers!
The key chain name doesn’t have to be the same on both routers.
 

The following example shows how EIGRP authentication is configured:

To establish a time frame for the validity of a key, you need to configure the accept-
lifetime and the send-lifetime parameters. The syntax of the commands is:

(config-keychain-key) accept-lifetime start_time {infinite | end_time | duration seconds}

(config-keychain-key) send-lifetime start_time {infinite | end_time | duration seconds}

The first command specifies the time period during which the key will be accepted.
The second command specifies the time period during which the key will be sent.

For example, if we want to use a key only from January 1st, 2013 to December 1st,
2013, the following commands are used:

EIGRP load balancing

By default, EIGRP supports equal-cost load balancing over four links. Equal-cost
means that multiple routes must have the same metric to reach the destination, so
that router can choose to load balance across equal cost links.

To better understand the equal-cost load balancing concept, consider the following
example.
All three routers are running EIGRP. Routers R2 and R3 are connected to the subnet
10.0.1.0/24. Both routers advertise the route to reach that subnet to R1. Router R1
receives the two routing updates for the subnet 10.0.1.0/24 with the same metric (the
metric is the same because both routers connect to the subnet 10.0.1.0/24 and R1
across the links with the same bandwidth and delay values). Router R1 places both
routes in the routing table and load balances across three links.

You can verify that R1 is indeed using both paths by typing the show ip
route command:

One of the advantages of EIGRP is that, unlike OSPF and many other routing
protocols, EIGRP also supports unequal-cost load balancing. You can set up your
router to load balance over links with different metric to reach the destination. To
accomplish unequal-cost load balancing, the variance command is used. The
command takes one parameter, the multiplier, which tells the router to load balance
across each link with the metric for the destination less than the feasible distance
multiplied by the multiplier value.
NOTE
The multiplier value, by default, is 1. The maximum value is 128.
 

Consider the following example.

All three routers are running EIGRP. Routers R2 and R3 are connected to the subnet
10.0.1.0/24. Both routers advertise the route to reach that subnet to R1. Router R1
chooses the route from R2 as the best route. Let’s say that R1 calculated the metric
of 40 for the path through R2. That route is placed in the R1’s routing table. But what
if we want to load balance traffic across the other link? The route through R3 has a
feasible distance of 30, which is less than the metric of the successor route, so the
feasibility condition has been met and that route has been placed in the R1’s
topology table. Let’s say that R1 calculated the metric of 60 for the route through R3.
To enable load balancing across that link, you need to use the variance command:

(router-eigrp) variance MULTIPLIER

In our example, the variance 2 command can be used. This tells the router to load
balance across any links with the metric less then 80 (because 40 times 2 is 80). The
route through R3 is added to the routing table.
NOTE
A path has to be a feasible successor route to be used in unequal load balancing.

EIGRP Reliable Transport Protocol (RTP)

NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
EIGRP doesn’t send messages with UDP or TCP; instead, a Cisco’s protocol
called Reliable Transport Protocol (RTP) is used for communication between
EIGRP-speaking routers. As the name implies, reliability is a key feature of this
 protocol, and it is designed to enable quick delivery of updates and tracking of data
reception.

Five different packets types are used by EIGRP:

 Update – contains route information. When routing updates are sent in

response to the metric or topology changes, reliable multicasts are used. In the
event that only one router needs an update, for example when a new neighbor is
discovered, unicasts are used.
 Query – a request for specific routes that always uses the reliable multicast
method. Routers send queries when they realize they’ve lost the path to a particular
network and are looking for alternative paths.
 Reply – sent in response to a query via the unicast method. Replies can
include a specific route to the queried destination or declare that there is no known
route.
 Hello – used to discover EIGRP neighbors. It is sent via unreliable multicast
and no acknowledgment is required.
 Acknowledgment (ACK) – sent in response to an update and is always
unicast. ACKs are not sent reliably.

 
NOTE
The acronym RTP is also used for a different protocol – Real-time Transport Protocol (RTP),
used for VoIP communication.

EIGRP Diffusing Update Algorithm (DUAL)

NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.
Diffusing Update Algorithm (DUAL) is an algorithm used by EIGRP to select and
maintain the best route to each remote network. DUAL is also used for the following
purposes:

 discover a backup route if there is one available.

 support for variable length subnet masks (VLSMs).
 perform dynamic route recoveries.
 query neighbors for unknown alternate routes.
 send out queries for alternate routes.

EIGRP stores all routes advertised by all EIGRP neighbors. The metric of these
routes is used by DUAL to select the efficient and loop free paths. DUAL selects
routes that will be inserted into the routing table. If a route fails, and there is no
feasible successor, DUAL chooses a replacement route, which usually takes a
couple of seconds.

The following requirements must be met in order for DUAL to work properly:
 EIGRP neighbors must discovered.
 all transmitted EIGRP messages should be received correctly.
 all changes and messages should be processed in the order in which they’re
detected.

EIGRP summary
NOTE
EIGRP is not explicitly listed in the latest 200-301 version of the CCNA exam
topics (whereas OSPF is) but you can still be tested on it in the exam.

Here is a list of the most important EIGRP features:

 advanced distance vector routing protocol

 classless routing protocol
 supports VLSM (Variable Length Subnet Mask)
 converges fast
 supports multiple Network layer protocols (IPv4, IPv6, IPX, AppleTalk…)
 uses multicast address of 224.0.0.10 for routing updates
 sends partial routing updates
 supports equal and unequal-cost load balancing
 supports manual summarization on any router within a network
 by default, uses bandwidth and delay to calculate its metric
 Cisco proprietary
 supports MD5 authentication

OSPF overview
OSPF (Open Shortest Path First) is a link state routing protocol. Because it is an
open standard, it is implemented by a variety of network vendors. OSPF will run on
most routers that doesn’t necessarily have to be Cisco routers (unlike EIGRP which
can be run only on Cisco routers).

Here are the most important features of OSPF:

 a classless routing protocol

 supports VLSM, CIDR, manual route summarization, equal cost load
balancing
 incremental updates are supported
 uses only one parameter as the metric – the interface cost.
 the administrative distance of OSPF routes is, by default, 110.
 uses multicast addresses 224.0.0.5 and 224.0.0.6 for routing updates.

Routers running OSPF have to establish neighbor relationships before exchanging

routes. Because OSPF is a link state routing protocol, neighbors don’t exchange
routing tables. Instead, they exchange information about network topology. Each
OSFP router then runs SFP algorithm to calculate the best routes and adds those to
the routing table. Because each router knows the entire topology of a network, the
chance for a routing loop to occur is minimal.
 Each OSPF router stores routing and topology information in three tables:

 Neighbor table – stores information about OSPF neighbors

 Topology table – stores the topology structure of a network
 Routing table –  stores the best routes

OSPF neighbors
OSPF routers need to establish a neighbor relationship before exchanging routing
updates. OSPF neighbors are dynamically discovered by sending Hello packets out
each OSPF-enabled interface on a router. Hello packets are sent to the multicast IP
address of 224.0.0.5.

The process is explained in the following figure:

Routers R1 and R2 are directly connected. After OSFP is enabled both routers send
Hellos to each other to establish a neighbor relationship. You can verify that the
neighbor relationship has indeed been established by typing the show ip ospf
neighbors command.

In the example above, you can see that the router-id of R2 is  2.2.2.2. Each OSPF
router is assigned a router ID. A router ID is determined by using one of the
following:

1.    using the router-id command under the OSPF process.

2.    using the highest IP address of the router’s loopback interfaces.
3.    using the highest IP address of the router’s physical interfaces.

The following fields in the Hello packets must be the same on both routers in order
for routers to become neighbors:

 subnet
 area id
 hello and dead interval timers
 authentication
 area stub flag
 MTU

 
By default, OSPF sends hello packets every 10 second on an Ethernet network
(Hello interval). A dead timer is four times the value of the hello interval, so if a
routers on an Ethernet network doesn’t receive at least one Hello packet from an
OSFP neighbor for 40 seconds, the routers declares that neighbor to be down.

OSPF neighbor states

Before establishing a neighbor relationship, OSPF routers need to go through
several state changes. These states are explained below.

1. Init state – a router has received a Hello message from the other OSFP router
2. 2-way state – the neighbor has received the Hello message and replied with a
Hello message of his own
3. Exstart state – beginning of the LSDB exchange between both routers. Routers
are starting to exchange link state information.
4. Exchange state – DBD (Database Descriptor) packets are exchanged. DBDs
contain LSAs headers. Routers will use this information to see what LSAs need to be
exchanged.
5. Loading state – one neighbor sends LSRs (Link State Requests) for every
network it doesn’t know about. The other neighbor replies with the LSUs (Link State
Updates) which contain information about requested networks. After all the
requested information have been received, other neighbor goes through the same
process
6. Full state – both routers have the synchronized database and are fully adjacent
with each other.

OSPF areas
OSPF uses the concept of areas. An area is a logical grouping of contiguous
networks and routers. All routers in the same area have the same topology table, but
they don’t know about routers in the other areas. The main benefits of creating areas
is that the size of the topology and the routing table on a router is reduced, less time
is required to run the SFP algorithm and routing updates are also reduced.

Each area in the OSPF network has to connect to the backbone area (area 0). All
router inside an area must have the same area ID to become OSPF neighbors. A
router that has interfaces in more than one area (area 0 and area 1, for example) is
called Area Border Router (ABR). A router that connects an OSPF network to other
routing domains (EIGRP network, for example) is called Autonomous System
Border Router (ASBR).
NOTE
In OSPF, manual route summarization is possible only on ABRs and ASBRs.
 

To better understand the concept of areas, consider the following example.

All routers are running OSPF. Routers R1 and R2 are inside the backbone area
(area 0). Router R3 is an ABR, because it has interfaces in two areas, namely area 0
and area 1. Router R4 and R5 are inside area 1. Router R6 is an ASBR, because it
connects OSFP network to another routing domain (an EIGRP domain in this case).
If the R1’s directly connected subnet fails, router R1 sends the routing update only to
R2 and R3, because all routing updates all localized inside the area.
NOTE
The role of an ABR is to advertise address summaries to neighboring areas. The role of an
ASBR is to connect an OSPF routing domain to another external network (e.g. Internet, EIGRP
network…).
LSA, LSU and LSR
The LSAs (Link-State Advertisements) are used by OSPF routers to exchange
topology information. Each LSA contains  routing and toplogy information to describe
a part of an OSPF network. When two neighbors decide to exchange routes, they
send each other a list of all LSAa in their respective topology database. Each router
then checks its topology database and  sends a Link State Request (LSR) message
requesting all LSAs not found in its topology table. Other router responds with the
Link State Update (LSU) that contains all LSAs requested by the other neighbor.

The concept is explained in the following example:

After configuring OSPF on both routers, routers exchange LSAs to describe their
respective topology database. Router R1 sends an LSA header for its directly
connected network 10.0.1.0/24. Router R2 check its topology database and
determines that it doesn’t have information about that network. Router R2 then
sends Link State Request message requesting further information about that
network. Router R1 responds with Link State Update which contains information
about subnet 10.0.1.0/24 (next hop address, cost…).

OSPF configuration
Configuring OSPF 1
OSPF basic configuration is very simple. Just like with other routing protocols
covered so far (RIP, EIGRP) first you need to enable OSPF on a router. This is done
by using the router ospf PROCESS-ID global configuration command. Next, you
need to define on which interfaces OSPF will run and what networks will be
advertised. This is done by using the network IP_ADDRESS WILDCARD_MASK
AREA_ID command from the ospf configuration mode.
NOTE
The OSPF process number doesn’t have to be the same on all routers in order to establish a
neighbor relationship, but the Area ID has to be the same on all neighboring routers in order for
routers to become neighbors.
 

Let’s get started with some basic OSPF configuration. We will use the following
network topology:

First, we need to enable OSPF on both routers. Then we need to define what
network will be advertised into OSPF. This can be done by using the following
sequence of commands on both routers:
The network commands entered on both routers include subnets directly connected
to both routers. We can verify that the routers have become neighbors by typing
the show ip ospf neighbors command on either router:

To verify if the routing updated were exchanged, we can use the show ip

route command. All routes marked with the character O are OSPF routes. For
example, here is the output of the command on R1:

You can see that R1 has learned about the network 192.168.0.0/24 through OSPF.

Configuring OSPF 2
Although basic OSPF configuration can be very simple, OSPF provides many extra
features that can get really complex. In this example, we will configure multiarea
OSPF network and some other OSPF features.

Consider the following multiarea OSPF network:

In this example we have two OSPF areas – area 0 and area 1. As you can see from
the network topology depicted above, routers R1 and R3 are in the area 0 and area
1, respectively. Router 2 connects to both areas, which makes him an ABR (Area
Border Router). Our goal is to advertise the subnets directly connected to R1 and
R3. To do that, the following configuration on R1 will be used:

 
NOTE
We have used the router-id 1.1.1.1 command to manually specify the router ID of this router.
OSPF process will use that RID (router-id) when communicating with other OSPF neighbors.
 

Because R1 connects only to R2, we only need to establish a neighbor relationship

with R2 and advertise directly connected subnet into OSPF.

Configuration of R3 looks similar, but with one difference, namely area number. R3 is
in the area 1.

What about R2? Well, because R2 is an ABR, we need to establish neighbor

relationship with both R1 and R3. To do that, we need to specify different area ID for
each neighbor relationship, 0 for R1 and 1 for R2. We can do that using the following
sequence of commands:

Now R2 should have neighbor relationship with both R1 and R3. We can verify that
by using the show ip ospf neighbor command:

To verify if directly connected subnets are really advertised into the different area, we
can use the show ip route ospf command on both R1 and R3:
 Characters IA in front of the routes indicate that these routes reside in different
areas.
NOTE
Since they reside in different areas, R1 and R3 will never establish a neighbor relationship.

Designated & Backup Designated Router

Based on the network type, OSPF router can elect one router to be a Designated
Ruter (DR) and one router to be a Backup Designated Router (BDR). For
example, on multiaccess broadcast networks (such as LANs) routers defaults to
elect a DR and BDR. DR and BDR serve as the central point for exchanging OSPF
routing information. Each non-DR or non-BDR router will exchange routing
information only with the DR and BDR, instead of exchanging updates with every
router on the network segment. DR will then distribute topology information to every
other router inside the same area, which greatly reduces OSPF traffic.

To send routing information to a DR or BDR the multicast address of 224.0.0.6 is

used. DR sends routing updates to the multicast address of 224.0.0.5. If DR fails,
BDR takes over its role of redistributing routing information.

Every router on a network segment will establish a full neighbor relationship with the
DR and BDR. Non-DR and non-BDR routers will establish a two way neighbor
relationship between themselves.
NOTE
On point-to-point links, a DR and BDR are not elected since only two routers are directly
connected.
 

On LANs, DR and BDR have to be elected. Two rules are used to elect a DR and
BDR:

1. router with the highest OSPF priority will become a DR. By default, all routers
have a priority of 1.
2. if there is a tie, a router with the highest router ID wins the election. The router
with the second highest OSPF priority or router ID will become a BDR.

To better understand the concept, consider the following example.

All routers depicted above are in the same area (area 0). All routers are running
OSPF. Routers R1 and R2 have been elected as DR and BDR because they have
the highest and the second highest router ID (100.0.0.0 and 90.0.0.0 respectively). If,
for example, R3’s directly connected subnet fails, R3 informs R1 and R2 (the DR and
BDR for the segment) of the network change (step 1). R1 then informs all other non-
DR and non-BDR routers of the change in topology (step 2).

We can verify that R1 and R2 are indeed the DR and BDR of the segment by typing
the show ip ospf neighbors command on R3:

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

60.0.0.0 1 FULL/DROTHER 00:00:33 10.0.0.5 FastEthernet0/0

100.0.0.0 1 FULL/DR 00:00:33 10.0.0.1 FastEthernet0/0

70.0.0.0 1 FULL/DROTHER 00:00:33 10.0.0.4 FastEthernet0/0

90.0.0.0 1 FULL/BDR 00:00:33 10.0.0.2 FastEthernet0/0

NOTE
You can influence the DR and BDR election process by manually configuring the OSPF priority.
This is done by using the ip ospf priority VALUE command interface command.

OSPF authentication
 OSPF can be configured to authenticate every OSPF message. This is usually done
to prevent a rogue router from injecting false routing information and therefore
causing a Denial-of-Service attack.

Two types of authentication can be used:

1.    clear text authentication – clear text passwords are used
2.    MD5 authentication – MD5 authentication is used. This type of authentication is
more secure because the password doesn’t go in clear-text over the network.
NOTE
With OSPF authentication turned on, routers must pass the authentication process before
becoming OSPF neighbors.
 

To configure clear text authentication, the following steps are required:

1. configure the OSPF password on the interface by using the ip ospf

authentication-key PASSWORD interface command
2. configure the interface to use OSPF clear-text authentication by using the ip
ospf authentication interface command

In the following example, we will configure OSPF clear-text authentication.

Both routers are running OSPF. On R1, we need to enter the following commands:

The same commands have to be entered on R2:

To verify that clear-text authentication is indeed turned on, we can use the show ip
ospf interface INTERFACE_NUMBER/INTERFACE_TYPE command on either
router:
 Configuring OSPF MD5 authentication is very similar to configuring clear-text
authentication. Two commands are also used:

1. First you need to configure the MD5 value on an interface by using the ip ospf
message-digest-key 1 md5 VALUE interface command
2. Next, you need to configure the interface to use MD5 authentication by using
the ip ospf authentication message-digest interface command

Here is an example configuration on R1:

You can verify that R1 is using OSPF MD5 authentication by typing the show ip ospf
INTERFACE/INTERFACE_TYPE command:
NOTE
OSPF authentication type can also be enabled on an area basis, instead of configuring OSPF
authentication type per interface basis. This is done by using the area AREA_ID authentication
[message-digest] command under the OSPF configuration mode. If you omit the message-
digest keyword, a clear-text authentication will be used for that area. All interfaces inside the
area will use OSPF authentication.

OSPF summarization
Route summarization helps reduce OSPF traffic and route computation. OSPF,
unlike EIGRP, doesn’t support automatic summarization. Also, unlike EIGRP, where
you can summarize routes on every router in an EIGRP network, OSFP can
summarize routes only on ABRs and ASBRs.

The following command is used for OSPF summarization:

(config-router) area AREA_ID range IP_ADDRESS MASK

To better understand OSPF summarization, consider the following example network:

All three routers are running OSPF and exchanging routes. Before OSPF
summarization is configured, the router R1 inside the backbone area has two entries
for the networks 11.0.0.0/24 and 11.0.1.0/24 in its routing table.

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0

11.0.0.0/24 is subnetted, 2 subnets

O IA 11.0.0.0 [110/3] via 10.0.0.2, 00:00:40, FastEthernet0/0

O IA 11.0.1.0 [110/3] via 10.0.0.2, 00:00:40, FastEthernet0/0

O IA 172.16.0.0/16 [110/2] via 10.0.0.2, 00:00:40, FastEthernet0/0

We could summarize these two subnets on R2, so that R1 receives only one routing
update for both subnets. To do that, the following command can be used on R2:

Router(config)#router ospf 1

Router(config-router)#area 1 range 11.0.0.0 255.255.0.0

Now, R1 has only one entry in its routing table for R3’s directly connected subnets:

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0

11.0.0.0/16 is subnetted, 1 subnets

O IA 11.0.0.0 [110/3] via 10.0.0.2, 00:00:30, FastEthernet0/0

O IA 172.16.0.0/16 [110/2] via 10.0.0.2, 00:02:52, FastEthernet0/0

 NOTE
Be careful with summarization. In this case, router R1 thinks that R2 has routes for all subnets in
the range 11.0.0.0 – 11.0.255.255. When summarizing, try to be as specific as possible.

OSPF summary
Here is a list of the most important OSPF features:

 link state routing protocol

 classless routing protocol

 supports VLSM (Variable Length Subnet Mask)

 converges fast

 uses the concept of areas

 uses multicast address for routing updates (224.0.0.5 and 224.0.0.6)

 sends partial routing updates

 supports only equal cost load balancing

 manual summarization can be done only on ABRs and ASBRs

 uses interface cost as a metric

 uses SPF algorithm to calculate the best paths

 open standard

 each router inside an area has the same topology table

 supports clear-text and MD5 authentication

 Differences between OSPF and EIGRP

 The following table lists the differences between OSPF and EIGRP:


 Comparing internal routing protocols (IGPs)

 The following table lists the differences between the three most popular
interior routing protocols:
   

Feature RIP EIGRP OSPF

Type distance vector hybrid distance vector

Metric hop count bandwidth and delay cost

Speed of convergence slow fast fast

Routing classful (RIPv1), classless classless

classless(RIPv2)

Updates periodical broadcast multicast multicast

(RIPv1),
multicast(RIPv2)

Manual no (RIPv1), yes yes yes

summarization (RIPv2)

Supported on non- yes no yes

Cisco routers

Configuration easy medium hard

complexity

What are ACLs?

ACLs are a set of rules used most commonly to filter network traffic. They are used
on network devices with packet filtering capatibilites (e.g. routers or firewalls). ACLs
are applied on the interface basis to packets leaving or entering an interface.

For example on how ACLs are used, consider the following network topology:
Let’s say that server S1 holds some important documents that need to be available
only to the company’s management. We could configure an access list on R1 to
enable access to S1 only to users from the management network. All other traffic
going to S1 will be blocked. This way, we can ensure that only authorized user can
access the sensitive files on S1.

Types of ACLs
There are two types of access lists:

1. standard access lists – with standard access lists, you can filter only on the
source IP address of a packet. These types of access list are not as powerful as
extended access lists, but they are less processor intensive for the router.

The following example describes the way in which standard access lists can be
used.

Let’s say that server S1 holds some important documents that need to be available
only to company’s management. We could configure an access list on R1 to enable
access to S1 only to users from the management network. All other traffic going to
S1 will be blocked. This way, we can ensure that only authorized user can access
sensitive files on S1.

2. extended access lists – with extended access lists, you can be more precise in
your filtering. You can evaluate source and destination IP addresses, type of layer 3
protocol, source and destination port, etc. Extended access lists are more complex
to configure and consume more CPU time than the standard access lists, but they
allow a much more granular level of control.

To demonstrate the usefulness of extended ACLs, we will use the following example.

In the example network above, we have used the standard access list to prevent all
users to access server S1. But, with that configuration, we have also disable access
to S2! To be more specific, we can use extended access lists. Let’s say that we need
to prevent users from accessing server S1. We could place an extended access list
on R1 to prevent users only from accessing S1 (we would use an access list to filter
the traffic according to the destination IP address). That way, no other traffic is
forbidden, and users can still access the other server, S2:
Configuring standard ACLs
To create an standard access list on a Cisco router, the following command is used
from the router’s global configuration mode:

R1(config)# access-list ACL_NUMBER permit|deny IP_ADDRESS WILDCARD_MASK

NOTE
ACL number for the standard ACLs has to be between 1–99 and 1300–1999.
 

You can also use the host keyword to specify the host you want to permit or deny:

R1(config)# access-list ACL_NUMBER permit|deny host IP_ADDRESS

Once the access list is created, it needs to be applied to an interface. You do that by
using the ip access-group ACL_NUMBER in|out interface
subcommand. in and out keywords specify in which direction you are activating the
ACL. in means that ACL is applied to the traffic coming into the interface, while
the out keyword means that the ACL is applied to the traffic leaving the interface.

Consider  the following network topology:

We want to allow traffic from the management LAN to the server S1. First, we need
to write an ACL to permit traffic from LAN 10.0.0.0/24 to S1. We can use the
following command on R1:

R1(config)#access-list 1 permit 10.0.0.0 0.0.0.255

The command above permits traffic from all IP addresses that begin with 10.0.0. We
could also target the specific host by using the host keyword:

R1(config)#access-list 1 permit host 10.0.0.1

The command above permits traffic only from the host with the IP address of
10.0.0.1.

Next, we will deny traffic from the Users LAN (11.0.0.0/24):

 R1(config)#access-list 1 deny 11.0.0.0 0.0.0.255

Next, we need to apply the access list to an interface. It is recommended to place the
standard access lists as close to the destination as possible. In our case, this is
the Fa0/0 interface on R1. Since we want to evaluate all packets trying to exit
out Fa0/0, we will specify the outbound direction with the out keyword:

R1(config-if)#ip access-group 1 out

NOTE
At the end of each ACL there is an implicit deny all statement. This means that all traffic not
specified in earlier ACL statements will be forbidden, so the second ACL statement (access-list 1
deny 11.0.0.0 0.0.0.255) wasn’t even necessary.

Configuring extended ACLs

To be more precise when matching a certain network traffic, extended access lists
are used. Extended access lists are more difficult to configure and require more
processor time than the standard access lists, but they enable a much more granular
level of control.

With extended access lists, you can evaluate additional packet information, such as:

 source and destination IP address

 type of TCP/IP protocol (TCP, UDP, IP…)
 source and destination port numbers

Two steps are required to configure an extended access list:

1. configure an extended access list using the following command:

(config) access list NUMBER permit|deny IP_PROTOCOL SOURCE_ADDRESS

WILDCARD_MASK [PROTOCOL_INFORMATION] DESTINATION_ADDRESS
WILDCARD_MASK PROTOCOL_INFORMATION

2. apply an access list to an interface using the following command:

(config) ip access-group ACL_NUMBER in | out

NOTE
Extended access lists numbers are in ranges from 100 to 199 and from 2000 to 2699. You
should always place extended ACLs as close to the source of the packets that are being
evaluated as possible.
 

To better understand the concept of extended access lists, consider the following
example:
We want to enable the administrator’s workstation (10.0.0.1/24) unrestricted access
to Server (192.168.0.1/24). We will also deny any type of access to Server from the
user’s workstation (10.0.0.2/24).

First, we’ll create a statement that will permit the administrator’s workstation access
to Server:

R1(config)#access-list 100 permit ip 10.0.0.1 0.0.0.0 192.168.0.1 0.0.0.0

Next, we need to create a statement that will deny the user’s workstation access to
Server:

R1(config)#access-list 100 deny ip 10.0.0.2 0.0.0.0 192.168.0.1 0.0.0.0

Lastly, we need to apply the access list to the Fa0/0 interface on R1:

R1(config)#int f0/0

R1(config-if)#ip access-group 100 in

This will force the router to evaluate all packets entering Fa0/0. If the administrator
tries to access Server, the traffic will be allowed, because of the first statement.
However, if User tries to access Server, the traffic will be forbidden because of the
second ACL statement.
NOTE
At the end of each access list there is an explicit deny all statement, so the second ACL
statement wasn’t really necessary. After applying an access list, every traffic not explicitly
permited will be denied.
 

What if we need to allow traffic to Server only for certain services? For example, let’s
say that Server was a web server and users should be able to access the web pages
stored on it. We can allow traffic to Server only to certain ports (in this case, port 80),
and deny any other type of traffic. Consider the following example:

On the right side, we have a Server that serves as a web server, listening on port 80.
We need to permit User to access web sites on S1 (port 80), but we also need to
deny other type of access.

First, we need to allow traffic from User to the Server port of 80. We can do that
using the following command:

R1(config)#access-list 100 permit tcp 10.0.0.2 0.0.0.0 192.168.0.1 0.0.0.0 eq 80

By using the tcp keyword, we can filter packets by the source and destination ports.
In the example above, we have permitted traffic from 10.0.0.2 (User’s workstation) to
192.168.0.1 (Server) on port 80. The last part of the statement, eq 80, specifies the
destination port of 80.

Since at the end of each access list there is an implicit deny all statement, we don’t
need to define any more statement. After applying an access list, every traffic not
originating from 10.0.0.2 and going to 192.168.0.1, port 80 will be denied.

We need to apply the access list to the interface:

R1(config)#int f0/0

R1(config-if)#ip access-group 100 in

We can verify whether our configuration was successful by trying to access Server
from the User’s workstation using different methods. For example, the ping will fail:

C:\>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

 Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Ping statistics for 192.168.0.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Telnetting to the port 21 will fail:

C:\>telnet 192.168.0.1 21

Trying 192.168.0.1 ...

% Connection timed out; remote host not responding

However, we will be able to access Server on port 80 using our browser:

Configuring named ACLs

Just like the numbered ACLs we’ve used so far, named ACLs allow you to filter
network traffic according to various criteria. However, they have the following
benefits over numbered ACLs:

 an ALC can be assigned a meaningful name (e.g. filter_traffic_to_server)

 ACL subcommands are used in the ACL configuration mode, and not in the
global configuration mode as with numbered ACLs
 you can reorder statements in a named access list using sequence numbers
NOTE
Just like numbered ACLs, named ACLs can be of two types: standard and extended.
 
The named ACL name and type is defined using the following syntax:

(config) ip access-list STANDARD|EXTENDED NAME

The command above moves you to the ACL configuration mode, where you can
configure the permit and deny statements. Just like with numbered ACLs, named
ACLs ends with the implicit deny statement, so any traffic not explicitly permitted will
be forbidden.

We will use the following network in our configuration example:

We want to deny the user’s workstation (10.0.0.2/24) any type of access to

the Domain server (192.168.0.1/24). We also want to enable the user unrestricted
access to the File share (192.168.0.2/24).

First, we will create and name our ACL:

R1(config)#ip access-list extended allow_traffic_fileshare

Once inside the ACL config mode, we need to create a statement that will deny the
user’s workstation access to the Domain server:

R1(config-ext-nacl)#20 deny ip 10.0.0.2 0.0.0.0 192.168.0.1 0.0.0.0

The number 20 represents the line in which we want to place this entry in the ACL.
This allows us to reorder statements later if needed.

Now, we will execute a statement that will permit the workstation access to the File
share:

R1(config-ext-nacl)#50 permit ip 10.0.0.2 0.0.0.0 192.168.0.2 0.0.0.0

Lastly, we need to apply the access list to the Gi0/0 interface on R1:

R1(config)#int Gi0/0

R1(config-if)#ip access-group allow_traffic_fileshare in

The commands above will force the router to evaluate all packets trying to enter
Gi0/0. If the workstation tries to access the Domain server, the traffic will be
forbidden because of the first ACL statement. However. if the user tries to access
the File server, the traffic will be allowed, because of the second statement.

Our named ACL configuration looks like this:

R1#show ip access-lists

Extended IP access list allow_traffic_fileshare

20 deny ip host 10.0.0.2 host 192.168.0.1

50 permit ip host 10.0.0.2 host 192.168.0.2

Notice the sequence number at the beginning of each entry. If we need to stick a
new entry between these two entries, we can do that by specifying a sequence
number in the range between 20 and 50. If we don’t specify the sequence number,
the entry will be added to the bottom of the list.

We can use the ping command on the workstation to verify the traffic is being

blocked properly:

C:\>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Reply from 10.0.0.1: Destination host unreachable.

Ping statistics for 192.168.0.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>

C:\>ping 192.168.0.2

Pinging 192.168.0.2 with 32 bytes of data:

Reply from 192.168.0.2: bytes=32 time<1ms TTL=127

Reply from 192.168.0.2: bytes=32 time<1ms TTL=127

Reply from 192.168.0.2: bytes=32 time<1ms TTL=127

Reply from 192.168.0.2: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.0.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

As you can see from the ping output above, the traffic is being filtered properly.

What is NAT?
NAT (Network Address Translation) is a process of changing the source and
destination IP addresses and ports. Address translation reduces the need for IPv4
public addresses and hides private network address ranges. This process is usually
done by routers or firewalls.

An example will help you understand the concept:

 Host A request a web page from an Internet server. Because Host A uses private IP
addressing, the source address of the request has to be changed by the router
because private IP addresses are not routable on the Internet. Router R1 receives
the request, changes the source IP address to its public IP address and sends the
packet to server S1. Server S1 receives the packet and replies to router R1. Router
R1 receives the packet, changes the destination IP addresses to the private IP
address of Host A and sends the packet to Host A.

There are three types of address translation:

1. Static NAT – translates one private IP address to a public one. The public IP
address is always the same.
2. Dynamic NAT – private IP addresses are mapped to the pool of public IP
addresses.
3. Port Address Translation (PAT) – one public IP address is used for all
internal devices, but a different port is assigned to each private IP address. Also
known as NAT Overload.
4.Static NAT
5. With static NAT, routers or firewalls translate one private IP address to a
single public IP address. Each private IP address is mapped to a single public
IP address. Static NAT is not often used because it requires one public IP
address for each private IP address.
6. To configure static NAT, three steps are required:
7. 1. configure private/public IP address mapping by using the ip nat inside
source static PRIVATE_IP PUBLIC_IP command
2. configure the router’s inside interface using the ip nat inside command
3. configure the router’s outside interface using the ip nat outside command
8. Here is an example.

9.
 10. Computer A requests a web resource from S1. Computer A uses its private IP
address when sending the request to router R1. Router R1 receives the
request, changes the private IP address to the public one and sends the
request to S1. S1 responds to R1. R1 receives the response, looks up in its
NAT  table and changes the destination IP address to the private IP address
of Computer A.
11. In the example above, we need to configure static NAT. To do that, the
following commands are required on R1:

12.
13. Using the commands above, we have configured a static mapping between
Computer A’s private IP address of 10.0.0.2 and router’s R1 public IP address
of 59.50.50.1. To check NAT, you can use the show ip nat
translations command:
14.

Dynamic NAT
Unlike with static NAT, where you had to manually define a static mapping between
a private and public address, dynamic NAT does the mapping of a local address to
a global address happens dynamically. This means that the router dynamically picks
an address from the global address pool that is not currently assigned. The dynamic
entry stays in the NAT translations table as long as the traffic is exchanged. The
entry times out after a period of inactivity and the global IP address can be used for
new translations.

With dynamic NAT, you need to specify two sets of addresses on your Cisco router:

 the inside addresses that will be translated

 a pool of global addresses

To configure dynamic NAT, the following steps are required:

1. configure the router’s inside interface using the ip nat inside command

2. configure the router’s outside interface using the ip nat outside command
3. configure an ACL that has a list of the inside source addresses that will be
translated
4. configure a pool of global IP addresses using the ip nat pool NAME
FIRST_IP_ADDRESS LAST_IP_ADDRESS netmask SUBNET_MASK command
5. enable dynamic NAT with the ip nat inside source list ACL_NUMBER pool
NAME global configuration command

Consider the following example:

Host A requests a web resource from a internet server S1. Host A uses its private IP
address when sending the request to router R1. Router R1 receives the request,
changes the private IP address to one of the available global addresses in the pool
and sends the request to S1. S1 responds to R1. R1 receives the response, looks up
in its NAT table and changes the destination IP address to the private IP address of
Host A.

To configure dynamic NAT, the following commands are required on R1:

1. First we need to configure the router’s inside and outside NAT interfaces:

R1(config)#int f0/0

R1(config-if)#ip nat inside

R1(config-if)#int f0/1

R1(config-if)#ip nat outside

2. Next, we need to configure an ACL that will include a list of the inside source
addresses that will be translated. In this example we want to translate all inside hosts
on the 10.0.0.0/24 network:

R1(config)#access-list 1 permit 10.0.0.0 0.0.0.255

3. We need to configure the pool of global (public) IP addresses available on the

outside interface:

R1(config)#ip nat pool STUDY-CCNA_POOL 155.4.12.1 155.4.12.3 netmask 255.255.255.0

The pool configured above consists of 3 addresses: 155.4.12.1, 155.4.12.2, and

155.4.12.3.

4. Lastly, we need to enable dynamic NAT:

R1(config)#ip nat inside source list 1 pool STUDY-CCNA_POOL

The command above tells the router to translate all addresses specified in
the access list 1 to the pool of global addresses named MY POOL.

You can list all NAT translations using the show ip nat translations command.

Generate some traffic from the PC to the server first to test:

C:\>ping 155.4.12.5

Pinging 155.4.12.5 with 32 bytes of data:

Reply from 155.4.12.5: bytes=32 time<1ms TTL=127

Reply from 155.4.12.5: bytes=32 time=3ms TTL=127

Reply from 155.4.12.5: bytes=32 time=1ms TTL=127

Reply from 155.4.12.5: bytes=32 time<1ms TTL=127

Ping statistics for 155.4.12.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 3ms, Average = 1ms

Then enter the show ip nat translations command quickly enough before the

translation has timed out:

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 155.4.12.1:16 10.0.0.100:16 155.4.12.5:16 155.4.12.5:16

In the output above you can see that the translation has been made between the
Host A’s private IP address (Inside local, 10.0.0.100) to the first available public IP
address from the pool (Inside global, 155.4.12.1) and it is connecting to the server on
the outside (Outside local and Outside global, 155.4.12.5) .
NOTE
You can remove all NAT translations from the table by using the clear ip nat translation
* command.

Port Address Translation (PAT) configuration

With Port Address Translation (PAT), a single public IP address is used for all
internal private IP addresses, but a different port is assigned to each private IP
address. This type of NAT is also known as NAT Overload and is the typical form of
NAT used in today’s networks. It is even supported by most consumer-grade routers.

PAT allows you to support many hosts with only few public IP addresses. It works by
creating dynamic NAT mapping, in which a global (public) IP address and a unique
 port number are selected. The router keeps a NAT table entry for every unique
combination of the private IP address and port, with translation to the global address
and a unique port number.

We will use the following example network to explain the benefits of using PAT:

As you can see in the picture above, PAT uses unique source port numbers on the
inside global (public) IP address to distinguish between translations. For example, if
the host with the IP address of 10.0.0.101 wants to access the server S1 on the
Internet, the host’s private IP address will be translated by R1 to 155.4.12.1:1056
and the request will be sent to S1. S1 will respond to 155.4.12.1:1056. R1 will
receive that response, look up in its NAT translation table, and forward the request to
the host.

To configure PAT, the following commands are required:

 configure the router’s inside interface using the ip nat inside command.

 configure the router’s outside interface using the ip nat outside command.
 configure an access list that includes a list of the inside source addresses that
should be translated.
 enable PAT with the ip nat inside source list ACL_NUMBER interface TYPE
overload global configuration command.

Here is how we would configure PAT for the network picture above.

First, we will define the outside and inside interfaces on R1:

 R1(config)#int Gi0/0

R1(config-if)#ip nat inside

R1(config-if)#int Gi0/1

R1(config-if)#ip nat outside

Next, we will define an access list that will include all private IP addresses we would
like to translate:

R1(config-if)#access-list 1 permit 10.0.0.0 0.0.0.255

The access list defined above includes all IP addresses from the 10.0.0.0 –
10.0.0.255 range.

Now we need to enable NAT and refer to the ACL created in the previous step and
to the interface whose IP address will be used for translations:

R1(config)#ip nat inside source list 1 interface Gi0/1 overload

To verify the NAT translations, we can use the show ip nat translations command

after hosts request a web resource from S1:

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 155.4.12.1:1024 10.0.0.100:1025 155.4.12.5:80 155.4.12.5:80

tcp 155.4.12.1:1025 10.0.0.101:1025 155.4.12.5:80 155.4.12.5:80

tcp 155.4.12.1:1026 10.0.0.102:1025 155.4.12.5:80 155.4.12.5:80

Notice that the same IP address (155.4.12.1) has been used to translate three
private IP addresses (10.0.0.100, 10.0.0.101, and 10.0.0.102). The port number of
the public IP address is unique for each connection. So when S1 responds to
155.4.12.1:1026, R1 look into its NAT translations table and forward the response to
10.0.0.102:1025

What is IPv6?
IPv6 is the newest version of the IP protocol. IPv6 was developed to overcome many
deficiencies of IPv4, most notably the problem of IPv4 address exhaustion. Unlike
IPv4, which has only about 4.3 billion (2 raised to power 32) available addresses,
IPv6 allows for 3.4 × 10 raised to power 38 addresses.

IPv6 features
Here is a list of the most important features of IPv6:

 Large address space: IPv6 uses 128-bit addresses, which means that for

each person on the Earth there are
48,000,000,000,000,000,000,000,000,000 addresses!
 Enhanced security: IPSec (Internet Protocol Security) is built into IPv6 as
part of the protocol . This means that two devices can dynamically create a secure
tunnel without user intervention.
 Header improvements: the packed header used in IPv6 is simpler than the
one used in IPv4. The IPv6 header is not protected by a checksum so routers do not
need to calculate a checksum for every packet.
 No need for NAT: since every device has a globally unique IPv6 address,
there is no need for NAT.
 Stateless address autoconfiguration: IPv6 devices can automatically
configure themselves with an IPv6 address.
 IPv6 address format
 Unlike IPv4, which uses a dotted-decimal format with each byte ranges from 0
to 255, IPv6 uses eight groups of four hexadecimal digits separated by
colons. For example, this is a valid IPv6 address:
 2340:0023:AABA:0A01:0055:5054:9ABC:ABB0

 If you don’t know how to convert hexadecimal number to binary, here is a

table that will help you do the conversion:


 IPv6 address shortening

 The IPv6 address given above looks daunting, right? Well, there are two
conventions that can help you shorten what must be typed for an IP address:
 1. a leading zero can be omitted
 For example, the address listed above
(2340:0023:AABA:0A01:0055:5054:9ABC:ABB0) can be shortened
to 2340:23:AABA:A01:55:5054:9ABC:ABB0
 2. successive fields of zeroes can be represented as two colons (::)
 For example, 2340:0000:0000:0000:0455:0000:AAAB:1121 can be written
as 2340::0455:0000:AAAB:1121

 NOTE
You can shorten an address this way only for one such occurrence. The reason is
obvious – if you had more than occurence of double colon you wouldn’t know how many
sets of zeroes were being omitted from each part.

  
 Here is a couple of more examples that can help you grasp the concept of
IPv6 address shortening:
 Long version: 1454:0045:0000:0000:4140:0141:0055:ABBB
Shortened version: 1454:45::4140:141:55:ABBB
  Long version: 0000:0000:0001:AAAA:BBBC:A222:BBBA:0001
Shortened version: ::1:AAAA:BBBC:A222:BBBA:1

Types of IPv6 addresses

Three categories of IPv6 addresses exist:

 Unicast – represents a single interface. Packets addressed to a unicast

address are delivered to a single host.
 Anycast – identifies one or more interfaces. For example, servers that
support the same function can use the same unicast IP address. Packets sent to that
IP address are forwarded to the nearest server. Anycast addresses are used for
load-balancing. Known as “one-to-nearest” address.
 Multicast – represents a dynamic group of hosts. Packets sent to this
address are delivered to many interfaces. Multicast addresses in IPv6 have a similar
purpose as their counterparts in IPv4.

NOTE
IPv6 doesn’t use the broadcast method, but multicast to all hosts on the network provides the
functional equivalent.

What are the three types of unicast addresses in IPv6?

There are three types of IPv6 unicast addresses:
 global unicast – similar to IPv4 public IP addresses. These addresses are
assigned by the IANA and used on public networks. ...
 unique local – similar to IPv4 private addresses. ...
 link local – these addresses are used for sending packets over the local
subnet.

Unicast Addresses
Figure 4-6 diagrams the three types of addresses: unicast, multicast, and anycast. We begin by
looking at unicast addresses. Don’t be intimidated by all the different types of unicast addresses. The
most significant types are global unicast addresses, which are equivalent to IPv4 public addresses,
and link-local addresses. These address types are discussed in detail in Chapters 5 and 6.
Figure 4-6 IPv6 Address Types: Unicast Addresses

A unicast address uniquely identifies an interface on an IPv6 device. A packet sent to a unicast
address is received by the interface that is assigned to that address. Similar to IPv4, a source IPv6
addresses must be a unicast address.

NOTE

Notice that there is no broadcast address shown in Figure 4-6. Remember that IPv6 does not include
a broadcast address.

This section covers the different types of unicast addresses, as illustrated in Figure 4-6. The following
is a quick preview of each type of unicast address discussed in this section:

 Global unicast: A routable address in the IPv6 Internet, similar to a public IPv4 address
(covered in more detail in Chapter 5).
 Link-local: Used only to communicate with devices on the same local link (covered in more
detail in Chapter 6).
 Loopback: An address not assigned to any physical interface that can be used for a host to
send an IPv6 packet to itself.
 Unspecified address: Used only as a source address and indicates the absence of an IPv6
address.
 Unique local: Similar to a private address in IPv4 (RFC 1918) and not intended to be
routable in the IPv6 Internet. However, unlike RFC 1918 addresses, these addresses are not
intended to be statefully translated to a global unicast address.
 IPv4 embedded: An IPv6 address that carries an IPv4 address in the low-order 32 bits of the
address.

Global Unicast Address

Global unicast addresses (GUAs), also known as aggregatable global unicast addresses, are globally
routable and reachable in the IPv6 Internet. They are equivalent to public IPv4 addresses. They play a
significant role in the IPv6 addressing architecture. One of the main motivations for transitioning to
IPv6 is the exhaustion of its IPv4 counterpart. As you can see in Figure 4-6, a GUA address is only
one of several types of IPv6 unicast addresses.

Figure 4-7 shows the generic structure of a GUA, which has three fields:
  Global Routing Prefix: The Global Routing Prefix is the prefix or network portion of the
address assigned by the provider, such as an ISP, to the customer site.

 Subnet ID: The Subnet ID is a separate field for allocating subnets within the customer site.
Unlike with IPv4, it is not necessary to borrow bits from the Interface ID (host portion) to
create subnets. The number of bits in the Subnet ID falls between where the Global Routing
Prefix ends and where the Interface ID begins. This makes subnetting simple and
manageable.

 Interface ID: The Interface ID identifies the interface on the subnet, equivalent to the host
portion of an IPv4 address. The Interface ID in most cases is 64 bits.

Link-Local Address

A link-local address is an IPv6 unicast address that can be automatically configured on any
interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in
the modified EUI-64 format. Link-local addresses are used in the neighbor discovery protocol
and the stateless autoconfiguration process. Nodes on a local link can use link-local addresses
to communicate; the nodes do not need globally unique addresses to communicate. The figure
below shows the structure of a link-local address.

IPv6 devices must not forward packets that have link-local source or destination addresses to
other links.
Figure Link-Local Address Format
2
 IPv6 Address Type Multicast

An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8 (1111 1111). An
IPv6 multicast address is an identifier for a set of interfaces that typically belong to different
nodes. A packet sent to a multicast address is delivered to all interfaces identified by the
multicast address. The second octet following the prefix defines the lifetime and scope of the
multicast address. A permanent multicast address has a lifetime parameter equal to 0; a
temporary multicast address has a lifetime parameter equal to 1. A multicast address that has
the scope of a node, link, site, or organization, or a global scope has a scope parameter of 1,
2, 5, 8, or E, respectively. For example, a multicast address with the prefix FF02::/16 is a
permanent multicast address with a link scope. The figure below shows the format of the
IPv6 multicast address.
Figure IPv6 Multicast Address Format
6

IPv6 nodes (hosts and routers) are required to join (receive packets destined for) the
following multicast groups:

 All-nodes multicast group FF02:0:0:0:0:0:0:1 (scope is link-local)

 Solicited-node multicast group FF02:0:0:0:0:1:FF00:0000/104 for each of its assigned
unicast and anycast addresses

IPv6 routers must also join the all-routers multicast group FF02:0:0:0:0:0:0:2 (scope is link-
local).

The solicited-node multicast address is a multicast group that corresponds to an IPv6 unicast
or anycast address. IPv6 nodes must join the associated solicited-node multicast group for
 every unicast and anycast address to which it is assigned. The IPv6 solicited-node multicast
address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits
of a corresponding IPv6 unicast or anycast address (see the figure below). For example, the
solicited-node multicast address corresponding to the IPv6 address 2037::01:800:200E:8C6C
is FF02::1:FF0E:8C6C. Solicited-node addresses are used in neighbor solicitation messages.
Figure IPv6 Solicited-Node Multicast Address Format
7

Not There are no broadcast addresses in IPv6. IPv6 multicast addresses are used instead
e of broadcast addresses.

 IPv6 Multicast Groups

IPv6 Multicast Groups

An IPv6 address must be configured on an interface before the interface can forward IPv6
traffic. Configuring a site-local or global IPv6 address on an interface automatically
configures a link-local address and activates IPv6 for that interface. Additionally, the
configured interface automatically joins the following required multicast groups for that link:

 Solicited-node multicast group FF02:0:0:0:0:1:FF00::/104 for each unicast and

anycast address assigned to the interface

Not The solicited-node multicast address is used in the neighbor discovery process.
e
 All-nodes link-local multicast group FF02::1
 All-routers link-local multicast group FF02::2

IPv6 Address Output Display

When IPv6 or IPv4 command output displays an IPv6 address, a long IPv6 address can
overflow into neighboring fields, causing the output to be difficult to read. The output fields
were designed to work with the longest possible IPv4 address, which has 15 characters; IPv6
addresses can be up to 39 characters long. The following scheme has been adopted in IPv4
and IPv6 commands to allow the appropriate length of IPv6 address to be displayed and
move the following fields to the next line, if necessary. The fields that are moved are kept in
alignment with the header row.

The following example displays eight connections. The first six connections feature IPv6
addresses; the last two connections feature IPv4 addresses.
Device# where
Conn Host Address Byte Idle Conn Name
1 test5 2001:DB8:3333:4::5 6 24 test5
2 test4 2001:DB8:3333:44::5
6 24 test4
3 2001:DB8:3333:4::5 2001:DB8:3333:4::5 6 24 2001:DB8:3333:4::5
4 2001:DB8:3333:44::5
2001:DB8:3333:44::5
6 23 2001:DB8:3333:44::5
5 2001:DB8:3000:4000:5000:6000:7000:8001
2001:DB8:3000:4000:5000:6000:7000:8001
6 20
2001:DB8:3000:4000:5000:6000:
6 2001:DB8:1::1 2001:DB8:1::1 0 1 2001:DB8:1::1
7 10.1.9.1 10.1.9.1 0 0 10.1.9.1
8 10.222.111.222 10.222.111.222 0 0 10.222.111.222

Connection 1 contains an IPv6 address that uses the maximum address length in the address
field. Connection 2 shows the IPv6 address overflowing the address field and the following
fields moved to the next line, but in alignment with the appropriate headers. Connection 3
contains an IPv6 address that fills the maximum length of the hostname and address fields
without wrapping any lines. Connection 4 shows the effect of both the hostname and address
fields containing a long IPv6 address. The output is shown over three lines keeping the
correct heading alignment. Connection 5 displays a similar effect as connection 4 with a very
long IPv6 address in the hostname and address fields. Note that the connection name field is
actually truncated. Connection 6 displays a very short IPv6 address that does not require any
change in the display. Connections 7 and 8 display short and long IPv4 addresses.

Not The IPv6 address output display applies to all commands that display IPv6 addresses.
e

Simplified IPv6 Packet Header

The basic IPv4 packet header has 12 fields with a total size of 20 octets (160 bits) (see the
figure below). The 12 fields may be followed by an Options field, which is followed by a
data portion that is usually the transport-layer packet. The variable length of the Options field
adds to the total size of the IPv4 packet header. The shaded fields of the IPv4 packet header
shown in the figure below are not included in the IPv6 packet header.
Figure IPv6 Packet Header Format
9

The table below lists the fields in the basic IPv6 packet header.

Table 2 Basic IPv6 Packet Header Fields

Field Description

Version Similar to the Version field in the IPv4 packet header,

except that the field lists number 6 for IPv6 instead of
number 4 for IPv4.

Traffic Class Similar to the Type of Service field in the IPv4 packet
header. The Traffic Class field tags packets with a traffic
class that is used in differentiated services.

Flow Label A new field in the IPv6 packet header. The Flow Label
field tags packets with a specific flow that differentiates
the packets at the network layer.

Payload Length Similar to the Total Length field in the IPv4 packet
header. The Payload Length field indicates the total
length of the data portion of the packet.

Next Header Similar to the Protocol field in the IPv4 packet header.
The value of the Next Header field determines the type
of information following the basic IPv6 header. The type
of information following the basic IPv6 header can be a
 transport-layer packet, for example, a TCP or UDP
packet, or an Extension Header, as shown in the figure
immediately above.

Hop Limit Similar to the Time to Live field in the IPv4 packet
header. The value of the Hop Limit field specifies the
maximum number of devices that an IPv6 packet can
pass through before the packet is considered invalid.
Each device decrements the value by one. Because no
checksum is in the IPv6 header, the device can
decrement the value without needing to recalculate the
checksum, which saves processing resources.

Source Address Similar to the Source Address field in the IPv4 packet
header, except that the field contains a 128-bit source
address for IPv6 instead of a 32-bit source address for
IPv4.

Destination Address Similar to the Destination Address field in the IPv4

packet header, except that the field contains a 128-bit
destination address for IPv6 instead of a 32-bit
destination address for IPv4.

Following the eight fields of the basic IPv6 packet header are optional extension headers and the
data portion of the packet. If present, each extension header is aligned to 64 bits. There is no
fixed number of extension headers in an IPv6 packet. The extension headers form a chain of
headers. Each extension header is identified by the Next Header field of the previous header.
Typically, the final extension header has a Next Header field of a transport-layer protocol, such
as TCP or UDP. The figure below shows the IPv6 extension header format.

Figure IPv6 Extension Header Format

10
The table below lists the extension header types and their Next Header field values.

Table 3 IPv6 Extension

Header Types
Header Type Next Header Description
Value

Hop-by-hop options header 0 This header is processed by all hops in the

path of a packet. When present, the hop-
by-hop options header always follows
immediately after the basic IPv6 packet
header.

Destination options header 60 The destination options header can follow

any hop-by-hop options header, in which
case the destination options header is
processed at the final destination and also
at each visited address specified by a
routing header. Alternatively, the
destination options header can follow any
Encapsulating Security Payload (ESP)
header, in which case the destination
options header is processed only at the
final destination.

Routing header 43 The routing header is used for source

 routing.

Fragment header 44 The fragment header is used when a

source must fragment a packet that is
larger than the maximum transmission unit
(MTU) for the path between itself and a
destination. The Fragment header is used
in each fragmented packet.

Authentication header 51 The Authentication header and the ESP

and 50 header are used within IP Security
Protocol (IPsec) to provide authentication,
ESP header
integrity, and confidentiality of a packet.
These headers are identical for both IPv4
and IPv6.

Upper-layer headers 6 (TCP) The upper-layer (transport) headers are the

17 (UDP) typical headers used inside a packet to
transport the data. The two main transport
protocols are TCP and UDP.

Mobility headers 135 Extension headers used by mobile nodes,

correspondent nodes, and home agents in
all messaging related to the creation and
management of bindings.

Anycast IPv6 Addresses

An IPv6 anycast address is an identifier for a set of interfaces (typically belonging to
different nodes). A packet sent to an anycast address is delivered to one of the interfaces
identified by that address (the nearest interface), according to the routing protocols' measure
of distance. It uses the same formats as a unicast address, so one cannot differentiate between
a unicast and an anycast address simply by examining the address. Instead, anycast addresses
are defined administratively.

For more information about IPv6 addressing, see RFC 3513, Internet Protocol Version 6
(IPv6) Addressing Architecture.
IPv6 interface identifier
The second part of an IPv6 unicast or anycast address is typically a 64-bit interface
identifier used to identify a host’s network interface. A 64-bit interface ID is created
by inserting the hex value of FFFE in the middle of the MAC address of the network
card. Also, the 7th Bit in the first byte is flipped to a binary 1 (if the 7th bit is set to 0 it
means that the MAC address is a burned-in MAC address). When this is done, the
interface ID is commonly called the modified extended unique identifier 64 (EUI-
64).

For example, if the MAC address of a nework card is 00:BB:CC:DD:11:22 the

interface ID would be 02BBCCFFFEDD1122.

Why is that so?

Well, first we need to flip the seventh bit from 0 to 1. MAC addresses are in hex
format. The binary format of the MAC address looks like this:

hex 00BBCCDD1122

binary 0000 0000 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010

We need to flip the seventh bit:

binary 0000 0010 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010

Now we have this address in hex:

hex 02BBCCDD1122

Next we need to insert FFFE in the middle of the address listed above:

hex 02BBCCFFFEDD1122

So, the interface ID is now 02BB:CCFF:FEDD:1122.

Another example, this time with the MAC address of 00000C432A35.

1. Convert to binary and flip the seventh bit to one:

binary: 0000 0010 0000 0000 0000 1100 0100 0011 0010 1010 0011 0101

2. Convert back to hex:

hex: 02000C432A35

3. Insert FFFE in the middle:

interface ID: 02000CFFFE432A35

IPv6 transition options

 IPv4 and IPv6 networks are not interoperable and the number of devices that use
IPv4 number is still large. Some of these devices do not support IPv6 at all, so the
migration process is necessary since IPv4 and IPv6 will likely coexist for some time.

Many transition mechanisms have been proposes.

1. IPv4/IPv6 Dual Stacks – each device on the network is configured with both an

IPv4 and IPv6 address. When two devices want to communicate, they first agree on
which IP version to use.
2. NAT64 – creates mapping between two address types. e.g. by mapping multiple
IPv6 addresses to one IPv4 address.
3. Tunneling – Pv4 packets are tunneled over IPv6 infrastructure or vice versa.
NOTE
Some methods of the IPv4-IPV6 transition have been deprecated, but they are still mentioned in
the older books. Some of these methods are NAT-PT and NAPT-PT.

IPv6 routing protocols

Like IPv4, IPv6 also supports routing protocols that enable routers to exchange
information about connected networks. IPv6 routing protocols can be internal
(RIPng, EIGRP for IPv6…) and external (BGP).

As with IPv4, IPv6 routing protocols can be distance vector and link-state. An
example of a distance vector protocol is RIPng with hop count as the metric. An
example of a link-state routing protocol is OSPF with cost as the metric.

IPv6 supports the following routing protocols:

 RIPng (RIP New Generation)

 OSPFv3
 EIGRP for IPv6
 IS-IS for IPv6
 MP-BGP4 (Multiprotocol BGP-4)

How to configure IPv6

Cisco routers do not have IPv6 routing enabled by default. To configure IPv6 on a
Cisco routers, you need to do two things:

1. enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global

configuration command. This command globally enables IPv6 and must be the first
command executed on the router.
2. configure the IPv6 global unicast address on an interface using the ipv6
address address/prefix-length [eui-64] command. If you omit omit the eui-
64 parameter, you will need to configure the entire address manually. After you enter
this command, the link local address will be automatically derived.

 
 Here is an IPv6 configuration example:

R1(config)#ipv6 unicast-routing

R1(config)#int Gi0/0

R1(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64

We can verify that the IPv6 address has been configured by using the show ipv6
interface Gi0/0 command:

R1#show ipv6 interface Gi0/0

GigabitEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::201:42FF:FE65:3E01

No Virtual link-local address(es):

Global unicast address(es):

2001:BB9:AABB:1234:201:42FF:FE65:3E01, subnet is 2001:BB9:AABB:1234::/64 [EUI]

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF65:3E01

MTU is 1500 bytes

....

From the output above we can verify two things:

1. the link local IPv6 address has been automatically configured. Link local IP
addresses begin with FE80::/10 and the interface ID is used for the rest of the
address. Because the MAC address of the interface is 00:01:42:65:3E01, the
calculated address is FE80::201:42FF:FE65:3E01.
2. the global IPv6 address has been created using the modified EUI-64 method.
Remember that IPv6 global addresses begin with 2000::/3. So in our case, the IPv6
global address is 2001:BB9:AABB:1234:201:42FF:FE65:3E01.

We will also create an IPv6 address on another router. This time we will enter the
whole address:

R2(config-if)#ipv6 address 2001:0BB9:AABB:1234:1111:2222:3333:4444/64

 Notice that the IPv6 address is in the same subnet as the one configured on R1
(2001:0BB9:AABB:1234/64). We can test the connectivity between the devices
using ping for IPv6:

R1#ping ipv6 2001:0BB9:AABB:1234:1111:2222:3333:4444

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:0BB9:AABB:1234:1111:2222:3333:4444, timeout is 2

seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

As you can see from the output above, the devices can communicate with each
other.

RIPng
RIPng is an extension of RIP developed for support of IPv6. Here are some of its
features:

 just like RIP for IPv4, it uses hop count as the metric
 sends updates every 30 seconds
 RIPng messages use the UDP port 521 and the multicast address of FF02::9

The configuration of RIPng is requires at least two steps:

1. enable RIPng using the global configuration command ipv6 router rip tag. The tag
is used to differentiate between multiple RIP processes. It does not have to be the
same on all routers in order to exchange routing information..
2. enable the routing protocol on the interface using the ipv6 rip tag enable. The tag
has to match the one used in the ipv6 router rip tag command.

Here is an example:

We have done a similar configuration on the second router. To verify that routers are
indeed exchanging route information using RIPng we can use the show ipv6
route command:
In the picture above, we can see that the router has received a route to the
network 2001:BBBB:CCCC:DDDD::/64.

Differences between IPv4 and IPv6

The following table summarizes the major differences between IPv4 and IPv6:

Feature IPv4 IPv6

Address length 32 bits 128 bits

Address representation 4 decimal numbers from 0-255 8 groups of  4 hexadecimal

separated by periods digits separated by colons

Address types unicast, multicast, broadcast unicast, multicast, anycast

Packet header 20 bytes long 40 bytes long, but simpler than

IPv4 header

Configuration manual, DHCP manual, DHCP, auto-

configuration

IPSec support optional built-in