Part 4: IPv4 Addressing

Address Structure

2
IPv4 Address Structure
Network and Host Portions
• An IPv4 address is a 32-bit hierarchical address that is made up of a network portion
and a host portion.

• When determining the network portion versus the host portion, you must look at
the 32-bit stream.
• A subnet mask is used to determine the network and host portions.
IPv4 Address Structure
The Subnet Mask
• To identify the network and host portions of an IPv4 address, the subnet mask is
compared to the IPv4 address bit for bit, from left to right.

• The actual process used to

identify the network and
host portions is called
ANDing.
IPv4 Address Structure
The Prefix Length
• A prefix length is a less cumbersome method used to identify a subnet mask
address.
Prefix
Subnet Mask 32-bit Address
• The prefix length is the Length
number of bits set to 1 in the 255.0.0.0 11111111.00000000.00000000.00000000 /8
subnet mask.
255.255.0.0 11111111.11111111.00000000.00000000 /16

255.255.255.0 11111111.11111111.11111111.00000000 /24

• It is written in “slash
notation” therefore, count the 255.255.255.128 11111111.11111111.11111111.10000000 /25

number of bits in the subnet 255.255.255.192 11111111.11111111.11111111.11000000 /26

mask and prepend it with a
slash. 255.255.255.224 11111111.11111111.11111111.11100000 /27

255.255.255.240 11111111.11111111.11111111.11110000 /28

255.255.255.248 11111111.11111111.11111111.11111000 /29

255.255.255.252 11111111.11111111.11111111.11111100 /30

IPv4 Address Structure
Determining the Network: Logical AND
• A logical AND Boolean operation is used in determining the network address.
• Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other combination results
in a 0.
• 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0
• 1 = True and 0 = False

• To identify the network address,

the host IPv4 address is logically
ANDed, bit by bit, with the subnet
mask to identify the network
address.
IPv4 Address Structure
Network, Host, and Broadcast Addresses
• Within each network are three types of IP addresses:
• Network address
• Host addresses
• Broadcast address

Host
Network Portion Host Bits
Portion
Subnet mask 255 255 255 0
255.255.255.0 or /24 11111111 11111111 11111111 00000000
Network address 192 168 10 0
All 0s
192.168.10.0 or /24 11000000 10100000 00001010 00000000
First address 192 168 10 1
All 0s and a 1
192.168.10.1 or /24 11000000 10100000 00001010 00000001
Last address
192 168 10 254
192.168.10.254 All 1s and a 0
11000000 10100000 00001010 11111110
or /24
Broadcast address
192 168 10 255
192.168.10.255 All 1s
11000000 10100000 00001010 11111111
or /24
IPv4 Unicast, Broadcast, and
Multicast

8
IPv4 Unicast, Broadcast, and Multicast
Unicast
• Unicast transmission is sending a packet to one destination IP address.

• For example, the PC at 172.16.4.1 sends a unicast packet to the printer at

172.16.4.253.
IPv4 Unicast, Broadcast, and Multicast
Broadcast
• Broadcast transmission is sending a packet to all other destination IP addresses.

• For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts.
IPv4 Unicast, Broadcast, and Multicast
Multicast
• Multicast transmission is sending a packet to a multicast address group.

• For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group
address 224.10.10.5.
Types of IPv4 Addresses

12
Types of IPv4 Addresses
Public and Private IPv4 Addresses
• As defined in in RFC 1918, public IPv4 addresses are globally routed between
internet service provider (ISP) routers.

• Private addresses are common blocks of Network Address

RFC 1918 Private Address Range
addresses used by most organizations to and Prefix
assign IPv4 addresses to internal hosts. 10.0.0.0/8 10.0.0.0 - 10.255.255.255

172.16.0.0/12 172.16.0.0 - 172.31.255.255

• Private IPv4 addresses are not unique
and can be used internally within any 192.168.0.0/16 192.168.0.0 - 192.168.255.255

network.

• However, private addresses are not globally routable.

Types of IPv4 Addresses
Routing to the Internet
• Network Address Translation (NAT) translates private IPv4 addresses to public IPv4
addresses.

• NAT is typically enabled

on the edge router
connecting to the
internet.

• It translates the internal

private address to a
public global IP address.
Types of IPv4 Addresses
Special Use IPv4 Addresses
Loopback addresses
• 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254)
• Commonly identified as only 127.0.0.1
• Used on a host to test if TCP/IP is operational.

Link-Local addresses
• 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254)
• Commonly known as the Automatic Private IP Addressing (APIPA) addresses or self-
assigned addresses.
• Used by Windows DHCP clients to self-configure when no DHCP servers are
available.
Types of IPv4 Addresses
Legacy Classful Addressing
RFC 790 (1981) allocated IPv4 addresses
in classes
• Class A (0.0.0.0/8 to 127.0.0.0/8)
• Class B (128.0.0.0 /16 – 191.255.0.0 /16)
• Class C (192.0.0.0 /24 – 223.255.255.0 /24)
• Class D (224.0.0.0 to 239.0.0.0)
• Class E (240.0.0.0 – 255.0.0.0)

• Classful addressing wasted many IPv4

addresses.

Classful address allocation was replaced with

classless addressing which ignores the rules of
classes (A, B, C).
Types of IPv4 Addresses
Assignment of IP Addresses

• The Internet Assigned Numbers Authority (IANA) manages and allocates blocks of
IPv4 and IPv6 addresses to five Regional Internet Registries (RIRs).

• RIRs are responsible for

allocating IP addresses to ISPs
who provide IPv4 address
blocks to smaller ISPs and
organizations.
Network Segmentation

18
Network Segmentation
Broadcast Domains and Segmentation
• Many protocols use broadcasts or multicasts (e.g., ARP use broadcasts to locate
other devices, hosts send DHCP discover broadcasts to locate a DHCP server.)
• Switches propagate broadcasts out all interfaces except the interface on which it
was received.

• The only device that stops

broadcasts is a router.
• Routers do not propagate
broadcasts.
• Each router interface
connects to a broadcast
domain and broadcasts are
only propagated within that
specific broadcast domain.
Network Segmentation
Problems with Large Broadcast Domains
• A problem with a large broadcast domain is
that these hosts can generate excessive
broadcasts and negatively affect the network.

• The solution is to reduce the size of the

network to create smaller broadcast domains
in a process called subnetting.

• Dividing the network address 172.16.0.0 /16

into two subnets of 200 users each: 172.16.0.0
/24 and 172.16.1.0 /24.
• Broadcasts are only propagated within the
smaller broadcast domains.
Network Segmentation
Reasons for Segmenting Networks
• Subnetting reduces overall network traffic and improves network performance.
• It can be used to implement security policies between subnets.
• Subnetting reduces the number of devices affected by abnormal broadcast traffic.

• Subnets are used for a variety of reasons including by:

Location Group or Function Device Type

Subnet an IPv4 Network

22
Subnet an IPv4 Network
Subnet on an Octet Boundary
• Networks are most easily subnetted at the octet boundary of /8, /16, and /24.

• Notice that using longer prefix lengths decreases the number of hosts per subnet.

Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of hosts

nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
/8 255.0.0.0 16,777,214
11111111.00000000.00000000.00000000
nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
/16 255.255.0.0 65,534
11111111.11111111.00000000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 11111111.11111111.11111111.00000000
254
Subnet an IPv4 Network
Subnet on an Octet Boundary (Cont.)
• In the first table 10.0.0.0/8 is subnetted using /16 and in the second table, a /24
mask.
Subnet Address Host Range Subnet Address
Host Range
(256 Possible (65,534 possible hosts per Broadcast (65,536 Possible Broadcast
(254 possible hosts per subnet)
Subnets) subnet) Subnets)

10.0.0.0/16 10.0.0.1 - 10.0.255.254 10.0.255.255 10.0.0.0/24 10.0.0.1 - 10.0.0.254 10.0.0.255

10.0.1.0/24 10.0.1.1 - 10.0.1.254 10.0.1.255
10.1.0.0/16 10.1.0.1 - 10.1.255.254 10.1.255.255
10.0.2.0/24 10.0.2.1 - 10.0.2.254 10.0.2.255
10.2.0.0/16 10.2.0.1 - 10.2.255.254 10.2.255.255
… … …
10.3.0.0/16 10.3.0.1 - 10.3.255.254 10.3.255.255 10.0.255.0/24 10.0.255.1 - 10.0.255.254 10.0.255.255
10.4.0.0/16 10.4.0.1 - 10.4.255.254 10.4.255.255 10.1.0.0/24 10.1.0.1 - 10.1.0.254 10.1.0.255

10.5.0.0/16 10.5.0.1 - 10.5.255.254 10.5.255.255 10.1.1.0/24 10.1.1.1 - 10.1.1.254 10.1.1.255

10.1.2.0/24 10.1.2.1 - 10.1.2.254 10.1.2.255
10.6.0.0/16 10.6.0.1 - 10.6.255.254 10.6.255.255
… … …
10.7.0.0/16 10.7.0.1 - 10.7.255.254 10.7.255.255
10.100.0.0/24 10.100.0.1 - 10.100.0.254 10.100.0.255
... ... ... ... ... ...
10.255.0.1 - 10.255.255.1 - 10.255.255.25
10.255.0.0/16 10.255.255.255 10.255.255.0/24
10.255.255.254 10.2255.255.254 5
Subnet an IPv4 Network
Subnet within an Octet Boundary
• Refer to the table to see six ways to subnet a /24 network.

Subnet Mask in Binary # of

Prefix Length Subnet Mask # of hosts
(n = network, h = host) subnets
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 2 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 4 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 8 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 16 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 32 6
11111111.11111111.11111111.11111000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 64 2
11111111.11111111.11111111.11111100
Subnet a Slash 16 and a Slash 8
Prefix

26
Subnet a Slash 16 and a Slash 8 Prefix
Create Subnets with a Slash 16 prefix
Prefix Length Subnet Mask Network Address (n = network, h = host) # of subnets # of hosts
nnnnnnnn.nnnnnnnn.nhhhhhhh.hhhhhhhh
/17 255.255.128.0 2 32766
• The table highlights all 11111111.11111111.10000000.00000000
nnnnnnnn.nnnnnnnn.nnhhhhhh.hhhhhhhh
the possible scenarios for /18 255.255.192.0
11111111.11111111.11000000.00000000
4 16382

subnetting a /16 prefix. /19 255.255.224.0

nnnnnnnn.nnnnnnnn.nnnhhhhh.hhhhhhhh
11111111.11111111.11100000.00000000
8 8190

nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
/20 255.255.240.0 16 4094
11111111.11111111.11110000.00000000
nnnnnnnn.nnnnnnnn.nnnnnhhh.hhhhhhhh
/21 255.255.248.0 32 2046
11111111.11111111.11111000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh
/22 255.255.252.0 64 1022
11111111.11111111.11111100.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnh.hhhhhhhh
/23 255.255.254.0 128 510
11111111.11111111.11111110.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 256 254
11111111.11111111.11111111.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 512 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 1024 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 2048 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 4096 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 8192 6
11111111.11111111.11111111.11111000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 16384 2
11111111.11111111.11111111.11111100
Subnet a Slash 16 and a Slash 8 Prefix
Create 100 Subnets with a Slash 16 prefix
Consider a large enterprise that requires at least 100
subnets and has chosen the private address
172.16.0.0/16 as its internal network address.

• The figure displays the number of subnets that can

be created when borrowing bits from the third octet
and the fourth octet.
• Notice there are now up to 14 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).

To satisfy the requirement of 100 subnets for the

enterprise, 7 bits (i.e., 27 = 128 subnets) would need to
be borrowed (for a total of 128 subnets).
Subnet a Slash 16 and a Slash 8 Prefix
Create 1000 Subnets with a Slash 8 prefix
Consider a small ISP that requires 1000 subnets for
its clients using network address 10.0.0.0/8 which
means there are 8 bits in the network portion and
24 host bits available to borrow toward
subnetting.
• The figure displays the number of subnets that can be
created when borrowing bits from the second and
third.
• Notice there are now up to 22 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).

To satisfy the requirement of 1000 subnets for the

enterprise, 10 bits (i.e., 210=1024 subnets) would
need to be borrowed (for a total of 128 subnets)
Subnet to Meet Requirements

30
Subnet to Meet Requirements
Subnet Private versus Public IPv4 Address Space
Enterprise networks will have an:
• Intranet - A company’s internal network
typically using private IPv4 addresses.
• DMZ – A companies internet facing servers.
Devices in the DMZ use public IPv4 addresses.

• A company could use the 10.0.0.0/8 and subnet

on the /16 or /24 network boundary.

• The DMZ devices would have to be configured

with public IP addresses.
Subnet to Meet Requirements
Minimize Unused Host IPv4 Addresses and Maximize Subnets

There are two considerations when planning subnets:

• The number of host addresses required for each network
• The number of individual subnets needed

Subnet Mask in Binary # of

Prefix Length Subnet Mask # of hosts
(n = network, h = host) subnets
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 2 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 4 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 8 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 16 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 32 6
11111111.11111111.11111111.11111000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 64 2
11111111.11111111.11111111.11111100
Subnet to Meet Requirements
Example: Efficient IPv4 Subnetting
• In this example, corporate headquarters has
been allocated a public network address of
172.16.0.0/22 (10 host bits) by its ISP
providing 1,022 host addresses.

• There are five sites and therefore five

internet connections which means the
organization requires 10 subnets with the
largest subnet requires 40 addresses.

• It allocated 10 subnets with a /26 (i.e.,

255.255.255.192) subnet mask.
VLSM

34
VLSM
IPv4 Address Conservation
Given the topology, 7 subnets are required (i.e, four LANs and three WAN links) and the
largest number of host is in Building D with 28 hosts.

• A /27 mask would provide 8 subnets of 30 host IP addresses and therefore support
this topology.
VLSM
IPv4 Address Conservation (Cont.)
However, the point-to-point WAN links only require two
addresses and therefore waste 28 addresses each for a total of
84 unused addresses.

• Applying a traditional subnetting scheme to this scenario is not very efficient and is
wasteful.

• VLSM was developed to avoid wasting addresses by enabling us to subnet a subnet.

VLSM
VLSM
• The left side displays the traditional subnetting
scheme (i.e., the same subnet mask) while the right
side illustrates how VLSM can be used to subnet a
subnet and divided the last subnet into eight /30
subnets.

• When using VLSM, always begin by satisfying the host

requirements of the largest subnet and continue
subnetting until the host requirements of the smallest
subnet are satisfied.

• The resulting topology with VLSM applied.

VLSM
VLSM Topology Address Assignment
• Using VLSM subnets, the LAN and inter-router networks can be addressed without
unnecessary waste as shown in the logical topology diagram.
Structured Design

39
Structured Design
IPv4 Network Address Planning
IP network planning is crucial to develop a scalable solution to an enterprise network.
• To develop an IPv4 network wide addressing scheme, you need to know how many subnets are
needed, how many hosts a particular subnet requires, what devices are part of the subnet,
which parts of your network use private addresses, and which use public, and many other
determining factors.

Examine the needs of an organization’s network usage and how the subnets will be
structured.
• Perform a network requirement study by looking at the entire network to determining how each
area will be segmented.
• Determine how many subnets are needed and how many hosts per subnet.
• Determine DHCP address pools and Layer 2 VLAN pools.
Structured Design
Device Address Assignment
Within a network, there are different types of devices that require addresses:
• End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6
clients can obtain address information using DHCPv6 or SLAAC.
• Servers and peripherals – These should have a predictable static IP address.
• Servers that are accessible from the internet – Servers must have a public IPv4 address, most
often accessed using NAT.
• Intermediary devices – Devices are assigned addresses for network management, monitoring,
and security.
• Gateway – Routers and firewall devices are gateway for the hosts in that network.

When developing an IP addressing scheme, it is generally recommended that you have a

set pattern of how addresses are allocated to each type of device.
Part 4 Summary

42
Part 5: IPv6 Addressing
IPv4 Issues

44
IPv4 Issues
Need for IPv6
• IPv4 is running out of addresses. IPv6 is
the successor to IPv4. IPv6 has a much
larger 128-bit address space.
• The development of IPv6 also included
fixes for IPv4 limitations and other
enhancements.
• With an increasing internet population,
a limited IPv4 address space, issues
with NAT and the IoT, the time has
come to begin the transition to IPv6.
IPv4 Issues
IPv4 and IPv6 Coexistence
Both IPv4 and IPv6 will coexist in the near future and the transition will take
several years.
The IETF has created various protocols and tools to help network administrators
migrate their networks to IPv6. These migration techniques can be divided into
three categories:
• Dual stack -The devices run both IPv4 and IPv6 protocol stacks simultaneously.
• Tunneling – A method of transporting an IPv6 packet over an IPv4 network. The IPv6 packet is
encapsulated inside an IPv4 packet.
• Translation - Network Address Translation 64 (NAT64) allows IPv6-enabled devices to communicate with
IPv4-enabled devices using a translation technique similar to NAT for IPv4.

Note: Tunneling and translation are for transitioning to native IPv6 and should only be used where
needed. The goal should be native IPv6 communications from source to destination.
IPv6 Address Representation

47
IPv6 Address Representation
IPv6 Addressing Formats
• IPv6 addresses are 128 bits in length and written in hexadecimal.
• IPv6 addresses are not case-sensitive and can be written in either lowercase or
uppercase.
• The preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each
“x” consisting of four hexadecimal values.
• In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or
four hexadecimal values.
• Examples of IPv6 addresses in the preferred format:
2001:0db8:0000:1111:0000:0000:0000:0200
2001:0db8:0000:00a3:abcd:0000:0000:1234
IPv6 Address Representation
Rule 1 – Omit Leading Zero
The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s
(zeros).
Examples:
• 01ab can be represented as 1ab
• 09f0 can be represented as 9f0
• 0a00 can be represented as a00
• 00ab can be represented as ab

Note: This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address
would be ambiguous.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
No leading zeros 2001 : db8 : 0 : 1111 : 0 : 0 : 0 : 200
IPv6 Address Representation
Rule 2 – Double Colon
A double colon (::) can replace any single, contiguous string of one or
more 16-bit hextets consisting of all zeros.
Example:
• 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1

Note: The double colon (::) can only be used once within an address, otherwise there would be
more than one possible resulting address.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
Compressed 2001:db8:0:1111::200
IPv6 Address Types

51
IPv6 Address Types
Unicast, Multicast, Anycast

There are three broad categories of IPv6 addresses:

• Unicast – Unicast uniquely identifies an interface on an IPv6-enabled device.
• Multicast – Multicast is used to send a single IPv6 packet to multiple destinations.
• Anycast – This is any IPv6 unicast address that can be assigned to multiple devices. A
packet sent to an anycast address is routed to the nearest device having that
address.

Note: Unlike IPv4, IPv6 does not have a broadcast address. However, there is an IPv6
all-nodes multicast address that essentially gives the same result.
IPv6 Address Types
IPv6 Prefix Length

Prefix length is represented in slash notation and is used to indicate the network
portion of an IPv6 address.
The IPv6 prefix length can range from 0 to 128. The recommended IPv6 prefix length for
LANs and most other types of networks is /64.

Note: It is strongly recommended to use a 64-bit Interface ID for most networks. This is because
stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes
subnetting easier to create and manage.
IPv6 Address Types
Types of IPv6 Unicast Addresses

Unlike IPv4 devices that have only a single

address, IPv6 addresses typically have two
unicast addresses:

• Global Unicast Address (GUA) – This is similar

to a public IPv4 address. These are globally
unique, internet-routable addresses.
• Link-local Address (LLA) - Required for every
IPv6-enabled device and used to
communicate with other devices on the same
local link. LLAs are not routable and are
confined to a single link.
IPv6 Address Types
A Note About the Unique Local Address
The IPv6 unique local addresses (range fc00::/7 to fdff::/7) have some
similarity to RFC 1918 private addresses for IPv4, but there are significant
differences:
• Unique local addresses are used for local addressing within a site or between a
limited number of sites.
• Unique local addresses can be used for devices that will never need to access
another network.
• Unique local addresses are not globally routed or translated to a global IPv6
address.

Note: Many sites use the private nature of RFC 1918 addresses to attempt to
secure or hide their network from potential security risks. This was never the
intended use of ULAs.
IPv6 Address Types
IPv6 GUA

IPv6 global unicast addresses (GUAs) are globally unique and routable on the IPv6
internet.
• Currently, only GUAs with the first three bits of 001 or 2000::/3 are being assigned.

• Currently available GUAs begins with a decimal 2 or a 3 (This is only 1/8th of the total
available IPv6 address space).
IPv6 Address Types
IPv6 GUA Structure
Global Routing Prefix:
 The global routing prefix is the prefix, or network, portion of the address that
is assigned by the provider, such as an ISP, to a customer or site. The global
routing prefix will vary depending on ISP policies.
Subnet ID:
 The Subnet ID field is the area between the Global Routing Prefix and the
Interface ID. The Subnet ID is used by an organization to identify subnets
within its site.
Interface ID:
 The IPv6 interface ID is equivalent to the host portion of an IPv4 address. It is
strongly recommended that in most cases /64 subnets should be used, which
creates a 64-bit interface ID.
Note: IPv6 allows the all-0s and all-1s host addresses can be assigned to a device. The all-0s address is
reserved as a Subnet-Router anycast address, and should be assigned only to routers.
IPv6 Address Types
IPv6 LLA
An IPv6 link-local address (LLA) enables a device to communicate with other IPv6-
enabled devices on the same link and only on that link (subnet).
• Packets with a source or destination LLA cannot be routed.

• Every IPv6-enabled network interface must have an LLA.

• If an LLA is not configured manually on an interface, the device will automatically create one.

• IPv6 LLAs are in the fe80::/10 range.

GUA and LLA Static Configuration

59
GUA and LLA Static Configuration
Static GUA Configuration on a Router

Most IPv6 configuration and verification commands in the Cisco IOS are similar to their
IPv4 counterparts. In many cases, the only difference is the use of ipv6 in place of ip
within the commands.
• The command to configure an IPv6 GUA on an interface is: ipv6 address ipv6-
address/prefix-length.
• The example shows commands to configure a GUA on the G0/0/0 interface on R1:

R1(config)# interface gigabitethernet 0/0/0

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
GUA and LLA Static Configuration
Static GUA Configuration on a Windows Host

• Manually configuring the IPv6

address on a host is similar to
configuring an IPv4 address.
• The GUA or LLA of the router
interface can be used as the
default gateway. Best practice is
to use the LLA.

Note: When DHCPv6 or SLAAC is used,

the LLA of the router will automatically be
specified as the default gateway address.
GUA and LLA Static Configuration
Static GUA Configuration of a Link-Local Unicast Address

Configuring the LLA manually lets you create an address that is recognizable and
easier to remember.
• LLAs can be configured manually using the ipv6 address ipv6-link-local-address
link-local command.
• The example shows commands to configure a LLA on the G0/0/0 interface on
R1
R1(config)# interface gigabitethernet 0/0/0
R1(config-if)# ipv6 address fe80::1:1 link-local
R1(config-if)# no shutdown
R1(config-if)# exit

Note: The same LLA can be configured on each link as long as it is unique on that
link. Common practice is to create a different LLA on each interface of the router to
make it easy to identify the router and the specific interface.
Dynamic Addressing for IPv6 GUAs

63
Dynamic Addressing for IPv6 GUAs
RS and RA Messages
Devices obtain GUA addresses dynamically through Internet Control Message Protocol
version 6 (ICMPv6) messages.
 Router Solicitation (RS) messages are sent by host devices to discover IPv6
routers
 Router Advertisement (RA) messages are sent by routers to inform hosts on how
to obtain an IPv6 GUA and provide useful network information such as:
 Network prefix and prefix length
 Default gateway address
 DNS addresses and domain name
 The RA can provide three methods for configuring an IPv6 GUA :
 SLAAC
 SLAAC with stateless DHCPv6 server
 Stateful DHCPv6 (no SLAAC)
Dynamic Addressing for IPv6 GUAs
Method 1: SLAAC

• SLAAC allows a device to configure a GUA without the services of DHCPv6.

• Devices obtain the necessary information to configure a GUA from the ICMPv6 RA
messages of the local router.
• The prefix is provided by the RA and the device uses either the EUI-64 or random
generation method to create an interface ID.
Dynamic Addressing for IPv6 GUAs
Method 2: SLAAC and Stateless DHCP

An RA can instruct a device to use both SLAAC and stateless DHCPv6.

The RA message suggests devices use the following:

• SLAAC to create its own IPv6 GUA

• The router LLA, which is the RA source IPv6 address, as the default gateway
address

• A stateless DHCPv6 server to obtain other information such as a DNS server address
and a domain name
Dynamic Addressing for IPv6 GUAs
Method 3: Stateful DHCPv6
An RA can instruct a device to use stateful DHCPv6 only.
Stateful DHCPv6 is similar to DHCP for IPv4. A device can automatically receive a GUA,
prefix length, and the addresses of DNS servers from a stateful DHCPv6 server.
The RA message suggests devices use the following:

• The router LLA, which is the RA source IPv6 address, for the default gateway
address.

• A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and
other necessary information.
Dynamic Addressing for IPv6 GUAs
EUI-64 Process vs. Randomly Generated

• When the RA message is either

SLAAC or SLAAC with stateless
DHCPv6, the client must
generate its own interface ID.
• The interface ID can be created
using the EUI-64 process or a
randomly generated 64-bit
number.
Dynamic Addressing for IPv6 GUAs
EUI-64 Process

The IEEE defined the Extended Unique Identifier (EUI) or modified EUI-64 process
which performs the following:
• A 16 bit value of fffe (in hexadecimal) is inserted into the middle of the 48-bit
Ethernet MAC address of the client.
• The 7th bit of the client MAC address is reversed from binary 0 to 1.
• Example:

48-bit MAC fc:99:47:75:ce:e0

EUI-64 Interface ID fe:99:47:ff:fe:75:ce:e
0
Dynamic Addressing for IPv6 GUAs
Randomly Generated Interface IDs
Depending upon the operating system, a device may use a randomly generated
interface ID instead of using the MAC address and the EUI-64 process.
Beginning with Windows Vista, Windows uses a randomly generated interface ID
instead of one created with EUI-64.
C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:50a5:8a35:a5bb:66e1
Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1
Default Gateway . . . . . . . . . : fe80::1
C:\>

Note: To ensure the uniqueness of any IPv6 unicast address, the client may use a
process known as Duplicate Address Detection (DAD). This is similar to an ARP
request for its own address. If there is no reply, then the address is unique.
Dynamic Addressing for IPv6 LLAs

71
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs

• All IPv6 interfaces must have an IPv6 LLA.

• Like IPv6 GUAs, LLAs can be configured dynamically.
• The figure shows the LLA is dynamically created using the fe80::/10 prefix and
the interface ID using the EUI-64 process, or a randomly generated 64-bit
number.
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs on Windows
Operating systems, such as Windows, will typically use the same method for both a
SLAAC-created GUA and a dynamically assigned LLA.
EUI-64 Generated Interface ID:
C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:fc99:47ff:fe75:cee0
Link-local IPv6 Address . . . . . : fe80::fc99:47ff:fe75:cee0
Default Gateway . . . . . . . . . : fe80::1
C:\>

Random 64-bit Generated Interface ID:

C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:50a5:8a35:a5bb:66e1
Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1
Default Gateway . . . . . . . . . : fe80::1
C:\>
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs on Cisco Routers

Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the
interface. By default, Cisco IOS routers use EUI-64 to generate the interface ID for
all LLAs on IPv6 interfaces.
Here is an example of a LLA dynamically configured on the G0/0/0 interface of R1:

R1# show interface gigabitEthernet 0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4221-2x1GE, address is 7079.b392.3640 (bia 7079.b392.3640)
(Output omitted)
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::7279:B3FF:FE92:3640
2001:DB8:ACAD:1::1
Dynamic Addressing for IPv6 LLAs
Verify IPv6 Address Configuration
Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the
interface. By default, Cisco IOS routers use EUI-64 to generate the interface ID for
all LLAs on IPv6 interfaces.
Here is an example of a LLA dynamically configured on the G0/0/0 interface of R1:

R1# show interface gigabitEthernet 0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4221-2x1GE, address is 7079.b392.3640 (bia 7079.b392.3640)
(Output omitted)
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::7279:B3FF:FE92:3640
2001:DB8:ACAD:1::1
IPv6 Multicast Addresses

76
IPv6 Multicast Addresses
Assigned IPv6 Multicast Addresses

IPv6 multicast addresses have the prefix ff00::/8. There are two types of IPv6
multicast addresses:

• Well-Known multicast addresses

• Solicited node multicast addresses

Note: Multicast addresses can only be destination addresses and not source addresses .
IPv6 Multicast Addresses
Well-Known IPv6 Multicast Addresses

Well-known IPv6 multicast addresses are assigned and are reserved for predefined
groups of devices.
There are two common IPv6 Assigned multicast groups:
• ff02::1 All-nodes multicast group - This is a multicast group that all IPv6-enabled devices join. A packet
sent to this group is received and processed by all IPv6 interfaces on the link or network.

• ff02::2 All-routers multicast group - This is a multicast group that all IPv6 routers join. A router becomes
a member of this group when it is enabled as an IPv6 router with the ipv6 unicast-routing global
configuration command.
IPv6 Multicast Addresses
Solicited-Node IPv6 Multicast

• A solicited-node multicast address

is similar to the all-nodes
multicast address.
• A solicited-node multicast address
is mapped to a special Ethernet
multicast address.
• The Ethernet NIC can filter the
frame by examining the
destination MAC address without
sending it to the IPv6 process to
see if the device is the intended
target of the IPv6 packet.
Subnet an IPv6 Network

80
Subnet an IPv6 Network
Subnet Using the Subnet ID

IPv6 was designed with subnetting in mind.

• A separate subnet ID field in the IPv6 GUA is used to create subnets.
• The subnet ID field is the area between the Global Routing Prefix and the
interface ID.
Subnet an IPv6 Network
IPv6 Subnetting Example

Given the 2001:db8:acad::/48 global

routing prefix with a 16 bit subnet ID.
• Allows 65,536 /64 subnets
• The global routing prefix is the
same for all subnets.
• Only the subnet ID hextet is
incremented in hexadecimal for each
subnet.
Subnet an IPv6 Network
IPv6 Subnet Allocation

The example topology requires five subnets, one for each LAN as well as for the serial
link between R1 and R2.

The five IPv6 subnets were allocated, with the subnet ID field 0001 through 0005. Each
/64 subnet will provide more addresses than will ever be needed.
Subnet an IPv6 Network
Router Configured with IPv6 Subnets

The example shows that each of the router interfaces on R1 has been
configured to be on a different IPv6 subnet.

R1(config)# interface gigabitethernet 0/0/0

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface serial 0/1/0
R1(config-if)# ipv6 address 2001:db8:acad:3::1/64
R1(config-if)# no shutdown
Part 5 Summary

85
Part 6: Basic Router Configuration
Configure Initial Router Settings

87
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname

• Secure privileged EXEC mode. Router(config)# enable secret password

• Secure user EXEC mode. Router(config)# line console 0

Router(config-line)# password password
Router(config-line)# login
• Secure remote Telnet / SSH
access. Router(config)# line vty 0 4
Router(config-line)# password password
• Encrypt all plaintext Router(config-line)# login
passwords. Router(config-line)# transport input {ssh | telnet}

• Provide legal notification and Router(config)# service password encryption

save the configuration.
Router(config)# banner motd # message #
Router(config)# end
Router# copy running-config startup-config
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config
Configure Interfaces

90
Configure Interfaces
Configure Router Interfaces
Configuring a router interface includes issuing the following commands:

Router(config)# interface type-and-number

Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

• It is a good practice to use the description command to add

information about the network connected to the interface.
• The no shutdown command activates the interface.
Configure Interfaces
Configure Router Interfaces Example
The commands to configure interface G0/0/0 on R1 are shown
here:

R1(config)# interface gigabitEthernet 0/0/0

R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up
Configure Interfaces
Configure Router Interfaces Example (Cont.)
The commands to configure interface G0/0/1 on R1 are shown
here:

R1(config)# interface gigabitEthernet 0/0/1

R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,
changed state to up
Configure Interfaces
Verify Interface Configuration
To verify interface configuration use the show ip interface brief
and show ipv6 interface brief commands shown here:

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#
Configure Interfaces
Configure Verification Commands
The table summarizes show commands used to verify interface configuration.

Commands Description

show ip interface brief Displays all interfaces, their IP addresses, and their
show ipv6 interface brief current status.
show ip route Displays the contents of the IP routing tables stored in
show ipv6 route RAM.
show interfaces Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.

show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router.
Configure Interfaces
Configure Verification Commands (Cont.)
View status of all interfaces with the show ip interface brief and show ipv6 interface
brief commands, shown here:

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1#

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#
Configure Interfaces
Configure Verification Commands (Cont.)
Display the contents of the IP routing tables with the show ip route and show ipv6
route commands as shown here:
R1# show ip route
< output omitted>
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1
L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1
R1#

R1# show ipv6 route

<output omitted>
C 2001:DB8:ACAD:10::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:10::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:FEED:224::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:FEED:224::1/128 [0/0]
via GigabitEthernet0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1#
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show interfaces gig0/0/0
Display statistics for all GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
interfaces with the show Description: Link to LAN
interfaces command, as Internet address is 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
shown here: reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1180 packets input, 109486 bytes, 0 no buffer
Received 84 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles

<output omitted>

R1#
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ip interface g0/0/0
Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
show ip interface Address determined by setup command
command, as shown here: MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled

<output omitted>

R1#
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ipv6 interface g0/0/0
Display IPv6 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the IPv6 is enabled, link-local address is
FE80::868A:8DFF:FE44:49B0
show ipv6 interface No Virtual link-local address(es):
command shown here: Description: Link to LAN
Global unicast address(es):
2001:DB8:ACAD:10::1, subnet is 2001:DB8:ACAD:10::/64
Joined group address(es):
FF02::1
FF02::1:FF00:1
FF02::1:FF44:49B0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds

R1#
Configure the Default Gateway

101
Configure the Default Gateway
Default Gateway on a Host
• The default gateway is used
when a host sends a packet to a
device on another network.
• The default gateway address is
generally the router interface
address attached to the local
network of the host.
• To reach PC3, PC1 addresses a
packet with the IPv4 address of
PC3, but forwards the packet to
its default gateway, the G0/0/0
interface of R1.
Note: The IP address of the host and the
router interface must be in the same network.
Configure the Default Gateway
Default Gateway on a Switch
MEDIA IS WORKING ON A
• A switch must have a
CORRECTED VERSION OF THE
default gateway address
GRAPHIC FROM 10.3.2.
configured to remotely
IT IS WRONG ON AR, AND ON THE
manage the switch from
GLOBAL BUG LIST
another network.
• To configure an IPv4
default gateway on a
switch, use the ip default-
gateway ip-address STOP
global configuration
command.
Part 6 Summary

104