CCNA Summary

1

2

Course Introduction

3

Cisco Career Certifications

Professional

CCIE

CCNP

CCNAAssociate

http://www.cisco.com/go/certifications

Recommended Training Through

Cisco Learning Partners

Required Exam

CCNA Cisco Certified Network Associate

Expert

CCNA Exam 640-802

4

Cisco Different Certifications Fields

CCIE Routing

and Switching

CCNP

CCNA

Network Implementation Network Design

None

CCNP

CCDA

or

CCNA

CCIE

Service Provider

CCIP

CCNA

Network Service Provider

CCIE

Security

CCSP

CCNA

Network Security Voice Networks

CCIE

Service Provider

CCIP

CCNA

Storage Networking

CCIE

Voice

CCVP

CCNA CCNA

None

CCIE

Storage Networking

5

Course Topics

- Introduction , OSI & TCP/IP

- OSI & TCP/IP Layers

- IP Addressing & Subnetting

- Introduction to Cisco IOS

- Routing

- Access lists

- Switching

- WAN

6

• Network:

is basically all the components (H/W &

S/W) involved in connecting computer across

small and large distance

• Importance of Networks:

Easy access and sharing of information

Sharing of expensive devices and network

resources

Modern Technologies (IP telephony, Video

on Demand, ….etc)

Networking Technologies

7

Network components

• Network has three main components

Computers (servers and hosts)

- Source of applications (network aware applications)

- ex: HTTP (Hyper Text Transmission Protocol),

FTP (File Transfer Protocol),

SNMP (Simple Network Management Protocol)

Telnet

Network Devices

- Devices that interconnect different computers together

- ex: Repeaters, hub, bridge, switch, router, NIC and modems

Connectivity

- Media that physically connect the computers and network devices

- ex: Wireless and cables

8

Network Types

• LAN (Local Area Network):

It is a group of network components that work

within small area

• WAN (Wide Area Network):

It is a group of LANs that are interconnected

within large area

9

Reference Models

- describe data transfer standards

- a framework (guideline) for network

implementation and troubleshooting

- Reference model types :

- OSI

- TCP/IP

10

Reference Models

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

Application

Transport

Internet

Network

Access

11

The OSI Reference model

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

Transmission example:-

AB

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

Segment

Packet

Frame

Bits

User Data

12

Encapsulation Process

13

The Application Layer-7 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

This layer deals with

networking applications.

Examples:

Email

Web browsers

Each application uses a

certain service from

Transport Layer

(reliable or unreliable)

PDU - User Data

14

The Presentation Layer-6 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

This layer is responsible

for presenting the data in

the required format which

may include:

Encryption

Compression

PDU - Formatted Data

15

The Session Layer-5 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

This layer establishes, manages,

and terminates sessions between

two communicating hosts.

Example:

Client Software

( Used for logging in)

PDU - Formatted Data

16

The Transport Layer-4 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

- This layer breaks up the data

from the sending host and then

reassembles it in the receiver.

(segmentation)

- It also is used to insure reliable

data transport across the

network

(reliability and flow control)

PDU - Segments

17

The Network Layer-3 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

- Logical addressing (IP address)

- Best Path Determination

(routing)

PDU - Packets

18

The Data Link Layer-2 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

This layer provides reliable

transit of data across a physical

link hop by hop .

Makes decisions based on

physical addresses

(usually MAC addresses)

PDU - Frames

19

The Physical Layer-1 Layer

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

This is the physical media

through which the data,

represented as electronic

signals, is sent from the source

host to the destination host.

Examples:

UTP

Coaxial (like cable TV)

Fiber optic

PDU - Bits

20

TCP/IP model

Application

Transport

Internet

Network

Access

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

21

Hierarchical Network Model

22

22

The Physical Layer

23

Physical Layer Responsibilities

Description of LAN/WAN cables & connectors

Description of LAN/WAN standards

(maximum length, bit rates, pin assignment, voltage levels)

Physical Layer Devices

24

LAN Physical Layer

Ethernet cables :

- Copper ( UTP , STP , Coaxial )

- Fiber

25

Unshielded Twisted Pair (UTP) Cable

CAT5 CAT 5e , CAT6

RJ-45

prevents EMI , RFI

to avoid attenuation

26

Using UTP cable to connect devices

1- straight cable

2- cross cable

3- roll over cable

27

Through or Crossover cables -Straight

PC

router

switch

hub

modem

Cross

cable

straight

cable

Cross

cable

28

Shielded Twisted Pair (STP) Cable

29

Coaxial Cable

thick coaxial , thin coaxial (200 m)

30

Fiber Optic Cable

31

Fiber Optic Connectors

single mode fiber

multimode fiber

32

WAN Physical Layer

serial cables

33

WAN Terminologies

DTE : DCE :

34

Transmission modes

- Full duplex :

devices can send , receive data at the

same time (two ways for transmission)

- Half duplex:

one circuit for transmission , so only one

device can use the bus (send or receive)

at a time , if two devices sent at the same

time collision occurs .

35

devices 1 Layer

Repeater-1

A repeater is a network device used to regenerate a signal.

Repeaters regenerate analog or digital signals distorted by

transmission loss due to attenuation. Rule : no more than four

repeaters can be used between hosts on a LAN.

36

Hub-2

Hubs takes data bits from

input port and forward it to

all other ports

A Hub is a multi-port

Repeater

repeater and hub work in

half duplex mode

37

37

The Data-Link Layer

38

Link Layer Responsibilities-Data

Description of H/W addressing

MAC (Media Access Control) address

frame format

Error detection between hop to hop

Data-Link layer standards :

LAN: Ethernet, Token Ring, FDDI

WANs: HDLC, PPP, ISDN, X.25, Frame-Relay, ATM

39

Ethernet Overview

- Ethernet is now the dominant LAN technology in the world.

- Ethernet is not one technology but a family of LAN

technologies.

- Ethernet specifications support different media,

bandwidths, and other Layer 1 and 2 variations.

40

MAC Address

- MAC address is 48 bits in length and expressed as twelve

hexadecimal digits.

- MAC addresses are burned into read-only memory (ROM) of the NIC

- each NIC has a unique MAC address

- MAC address can represent unicast , broadcast and multicast

ex. A34C.52BD.1234

41

Host can not send

whenever bus is busy

CSMA/CD operation in half duplex media

42

Ethernet Frame Structure

DataTypeIEEE802.2

43

devices2 Layer

• A layer 2 device is a device that understand MAC,

for example:

NIC (Network Interface Card)

Bridge :

- address learning

- forwarding decisions are based on software

- bridge is used for LAN segmentation

Switch:

- a multi-port bridge

- forwarding decisions are based on hardware ASIC

(faster than bridge)

44

• Transparent Bridge and Switche has 3 main functions Address learning

Forward/filter decision

Loop avoidance

Ethernet Switches and Bridges

All ports of the

Switch and Bridge

are members in

single broadcast

domain, and

multiple collision

domains

45

Address Learning-1

Switch learns which MAC’s are connected to which

ports by checking the frame source MAC address .

46

Forwarding-2

- Forwarding is done by checking the destination MAC address

-- If the destination MAC is unknown unicast or broadcast or multicast

the frame will be flooded (sent out of all switch ports)

- for the known unicast, switch will forward frame through the learned port only

47

Types of frame errors

1 – CRC error :

Frame contents changed during transmission

2 – Runt frame :

Frame size is less than 64 byte

3 – Giant Frame :

Frame size is larger than 1518 byte

48

Store and Forward

Complete frame is received

and checked before

forwarding.

Forwarding modes

Cut-Through

• Switch checks destination

address and immediately

begins forwarding frame.

Fragment-Free

• Switch checks

the first 64 bytes, then

begins forwarding frame.

49

loops2 Remove Layer -3

MAC port

A

A

3

1• Solution : using Spanning tree protocol (STP)

50

Frame creation

Destination

MAC

Source

MAC

Source

IP

Destination

IP

Burned

on the NIC

- ARP

- Proxy ARP

- Static

- Dynamic

(RARP ,

BOOTP ,

DHCP)

DNS

51

Source MAC-

Burned

on the NIC

52

Source IP-

1- by static configuration

53

Source IP-DHCP :-

- Dynamic host configuration

protocol

- DHCP allows a host to obtain

an IP address dynamically

without the network

administrator having to set

up an individual profile for

each device.

- a range of IP addresses on a

DHCP server is defined .

- the entire network

configuration of a computer

can be obtained in one

message from the server.

54

Destination IP-

• Application specified in the TCP/IP suite

• Means to translate human-readable names into IP addresses

DNS :

55

Destination MAC-

- ARP :

- each PC

form an

ARP table

containing

the learned

MAC’s

56

Destination MAC-

A

Router R

Broadcast Message to all:

If your IP address matches “B”

then please tell me your

Ethernet address

B

A

B

Yes, I know the destination

network, let me give you my

Ethernet address

I take care, to forward

IP packets to B

Proxy ARP :-

57

57

The Transport Layer

58

The Transport Layer

reliable

service

unreliable

service

Flow Control

- Windowing (PAR):

2error in

2

2 2

3

3

60

Flow Control- Windowing (PAR):

61

Addressing4 Layer

• Port Numbers :

• Port numbers are classified to

Well Known port (0-1023):

it identifies different applications,

ex:FTP(20,21), Telnet(23), SMTP(25), DNS(53), HTTP(80)

User defined port (1024-65535):

it is given randomly by the operating system for

each session initiated by the hot

62

Multiplexing applications

12.0.0.1

12.0.0.213.0.0.1

web server

1

2

3

13.0.0.112.0.0.1 1200 801

13.0.0.112.0.0.1 1500 80

13.0.0.112.0.0.2 1200 80

2

3

Source IP Destination IP Source port Destination port

TCP Header

UDP Header

65

65

The Application Layer

66

• File transfer

– FTP

– TFTP

• E-mail

– Simple Mail Transfer Protocol

• Remote login

– Telnet

• Network management

– Simple Network Management Protocol

• Name management

– Domain Name System

TCP/IP Application Layer Overview

67

Port Numbers

68

68

The TCP/IP Internet Layer

69

Internet Layer

• Internet Layer is responsible for the following:

Support of logical addressing for network components

Routing (Finding the best path for data)

Layer 3 devices

• Internet Layer protocols are

IP (Internet Protocol)

ICMP (Internet Control Management Protocol)

ARP (Address Resolution Protocol), RARP (Revere ARP)

Routing Protocols ex. OSPF , EIGRP ,

• IP has the following characteristics

Provide Logical addressing

Provide connectionless “best effort” delivery of data

70

IP Packet

IP packets consist of the data from upper layers plus an IP

header. The IP header consists of the following:

71

IP addressing

- Each host in the network must have a unique IP address

because duplicate addresses would make routing impossible

- IP Addressing is a hierarchical structure as the IP address

combines two identifiers into one number .

the first part identifies the network address , the second part,

called the host part, identifies which particular machine

it is on the network.

- IP address is a 32 bit (4 bytes= 4 octets) address that is

mainly divided to network part (representing the network ID

where the device is located in) & Host part (representing the

ID of the host)

- It is represented in a dotted decimal form, where each octet

is transformed to its decimal value.

ex. 192.168.1.3

72

IP Address Classes

IP addresses are divided into classes to define the large,

medium, and small networks.Class A addresses are assigned to larger networks.

Class B addresses are used for medium-sized networks,

Class C for small networks,

Class D for Multicasting

Class E for Experimental purposes

73

Identifying Address Classes

Note : for Class A , networks 0 & 127 are reserved (class A range 1 - 126)

74

Public IP Addresses

- Unique addresses are required for each device on a network

- Originally, an organization known as the Internet Assigned

Numbers Authority (IANA) handled this procedure.

- No two machines that connect to a public network can have

the same IP address because public IP addresses are global

and standardized.

75

Private IP Addresses

Private IP addresses are another solution to the problem of

the impending exhaustion of public IP addresses.As

mentioned, public networks require hosts to have unique IP

addresses.

However, private networks that are not connected to the

Internet may use any host addresses, as long as each host

within the private network is unique.

76

IP address types

• IP address could be one of three categories

Network address

Host address

Broadcast address

77

Network / Broadcast Addresses

- Network address :

the first IP address in it which all host part bits = 0

- Broadcast address:

the last IP address in the network which all host part bits = 1

no. of host bits

- other addresses are host addresses = 2 - 2

- Here are some examples:

Class Network Address Broadcast Address

A 12.0.0.0 12.255.255.255

B 172.16.0.0 172.16.255.255

C 192.168.1.0 192.168.1.255

78

Subnet Mask

- 32 bit mask ( 1’s followed by 0’s )

- Used by routers and hosts to determine the number of

network- significant bits ( identified by 1’s )

and host- significant bits in an IP address (identified by 0’s)

- example :Class Network Address Default subnet mask

A 12.0.0.0 255.0.0.0 or /8

B 172.16.0.0 255.255.0.0 or /16

C 192.168.0.0 255.255.255.0 or /24

79

Octet Values of a Subnet Mask

• Subnet masks like IP addresses can be represented in the dotted decimal format like 255.255.255.0.

80

Subnetting

- Subnetting a network means to use the subnet mask to divide the

network and break a large network up into smaller, more efficient and

manageable segments, or subnets.

- Subnetting is done by taking part of host bits then add it to

the network part

Network part Host part

Subnet

bits

Network part Host part

IP

address

81

Subnetting Example

Divide network 192.168.1.0/24 into 4 subnets

bits2 subnets need 4 Solution:

192.168.1 . 0

11 1111 00to 00 0000 00. 1 .168.192

11 1111 01to 00 0000 01. 1 .168.192

11 111110to 00 0000 10. 1 .168.192

11 111111to 00 0000 11. 1 .168.192

subnet mask is 255.255.255.192 or /26

The first subnet is 192.168.1.0/26

The second subnet is 192.168.1.64/26

The third subnet is 192.168.1.128/26

The fourth subnet is 192.168.1.192/26

0 - 63

64 - 127

128 - 191

192 - 255

82

Divide network 192.168.1.0/24 into 4 subnets

Solution :

- 4 subnets need 2 bits

- subnet mask = 255.255.255.192

- interesting octet is 192

- hop count = 256 – 192 = 64

- The first subnet is 192.168.1.0/26

- The second subnet is 192.168.1.64/26

- The third subnet is 192.168.1.128/26

- The fourth subnet is 192.168.1.192/26

83

Determine if this IP is network address or host

address or broadcast address

172.16.5.0/23

Solution :

- subnet mask = 255.255.254.0

- interesting octet is 254

- hop count = 256 – 254 = 2

- The first subnet is 172.16.0.0/23

- The second subnet is 172.16.2.0/23

- The third subnet is 172.16.4.0/23

- The fourth subnet is 172.16.6.0/23

So 172.16.5.0/23 is a host address 172.16.5.0/23

84

- Which IP address should be assigned to PC B ?

A . 192.168.5.5

B . 192.168.5.32

C . 192.168.5.40

D . 192.168.5.63

E . 192.168.5.75 192.168.5.33/27

?

A

B

Answer : C

85

- Given the choices below, which address

represents a unicast address?

Answer : E

A . 224.1.5.2

B . FFFF. FFFF. FFFF.

C . 192.168.24.59/30

D . 255.255.255.255

E . 172.31.128.255/18

86

ICMP

D:\>ping 192.110.1.140

Pinging 192.110.1.140 with 32 bytes of data:

Request timed out

Internet control message protocol verifies

network devices connectivity (Ping)

87

devices3 Layer

Router :- best path determination

- creating routing table

- connecting different LANs

All interfaces of the

router are members

in multiple broadcast

domains, and

multiple collision

domains

88

Find number of broadcast domains and number

of collision domains

Solution :

no. of broadcast domains = 2

no. of collision domains = 4

89

90

90

Operating Cisco IOS Software

91

Cisco Software components

• Cisco IOS (Internetwork Operating System)

It is the operating system that manages the hardware

platform it is working on.

• Configuration File

It is a program file that contains commands that

reflect how the router will react.

92

Router Internal Components

Configuration

file

IOS

Current

Config.

93

Router2600 External Components of a

94

Computer/Terminal Console Connection

95

HyperTerminal Session Properties

96

Setup mode

- Permit the administrator to install a minimal configuration for a router

( appeared if no saved configuration , Ctrl-C to skip )

97

Other Router Modes

98

IOS Features

• Support context help and abbreviations ( ? )

• Support of auto complete ( Tab button )

• Support syntax error detection

99

Context help features

100

Configuring Router Identification

101

Configuring a Router Password

102

Configuring Interfaces

Router#config t

RouterA(config)# interface serial 0/0

RouterA(config-if)# ip address 192.168.1.1 255.255.255.252

RouterA(config-if)# no shutdown

RouterA(config-if)# clock rate 56000 (required for serial DCE only)

RouterB(config)# int serial 0/1

RouterB(config-if)# ip address 192.168.1.2 255.255.255.252

RouterB(config-if)# no shutdown

RouterB(config-if)# exit

RouterB(config)# exit

Router#

To know which interface is the DCE :

RouterA# show controller s0/0

S0/0S0/1

192.168.1.1/30192.168.1.2/30

103

monitoring and debuggingshow commands are typed in the privileged EXEC mode (enable mode)

#show interface – Displays all the statistics for all the interfaces

#show interface s0/1 – Displays statistics for interface Serial 0/1

#show ip interface brief – Displays a summary about interfaces

#show controllers s0/0 – Displays information-specific to the

interface hardware

#show flash – Displays info about flash memory and what IOS in it

#show start – Displays the saved configuration located in NVRAM

#show run – Displays the configuration currently running in RAM

#show version – Displays info about the router and the IOS

#show ARP – Displays the ARP table of the router

#erase start – erase the saved configuration file in NVRAM

#reload – restart the router

#copy run start – save the current configuration in RAM into the NVRAM

104

show flash command

105

• Displays the current and saved configuration

config and -show running

config Commands-show startup

106

show interfaces Command

107

• Shows the cable type of serial cables

Serial Interface show controller

Command

108

Using Telnet to Connect to

Remote Devices

Telnet is used to check all the TCP/IP stack

109

Using the ping and trace

Commands

Ping commands tests the connectivity and path to a remote device

( test layer 3 in TCP/IP )

110

Interpreting the Interface Status

Layer 1 status Layer 2 status

- Serial0/1 is administratively down , line protocol is down

interface is shut down

- Serial0/1 is down , line protocol is down

interface or cable H/W failure ( no keep-alives )

- Serial0/1 is up , line protocol is down

different encapsulation type ( PPP , HDLC , FR ) or no clock rate

on the DCE device.

Interface

is working

properly

Other interface status :

S0/1S0/0

111

show version Command

112

Configuration Register Values

0x2100

0x2101

0x2102 to

0x210F

The configuration register value set the boot option

The value 0x2142 is used to bypass the NVRAM

113

Boot system command

- beside the configuration register you can

use the boot system command to force

booting location.

Router(config)# boot system flash

Router(config)# boot system rom

Router(config)# boot system tftp

114

Discovering Neighbors with CDP

• CDP runs on routers with Cisco IOS

to get information about the direct

connected Cisco devices.

• Summary information

includes:

– Device identifiers

– Address list

– Port identifier

– Capabilities list

– Platform

115

Using the show cdp

neighbors Command

RouterA# show cdp neighbors detail

provide also the neighbors ip addresses.

116

Cisco IOS copy Command

#

#

#

#

#

#

To save IOS image or

configuration file

TFTP

application

FLASH

Managing configuration file with

TFTP application

wg_ro_a#copy tftp flashAddress or name of remote host [10.1.1.1]?

Source filename []? c2500-js-l_120-3.bin

Destination filename [c2500-js-l_120-3.bin]?

Accessing tftp://10.1.1.1/c2500-js-l_120-3.bin...

Erase flash: before copying? [confirm]

Erasing the flash filesystem will remove all files! Continue? [confirm]

Erasing device... eeeee (output omitted) ...erased

Erase of flash: complete

Loading c2500-js-l_120-3.bin from 10.1.1.1 (via Ethernet0):

!!!!!!!!!!!!!!!!!!!!

(output omitted)

[OK - 10084696/20168704 bytes]

Verifying checksum... OK (0x9AA0)

10084696 bytes copied in 309.108 secs (32636 bytes/sec)

wg_ro_a#

118

Managing configuration file with

TFTP applicationwg_ro_a# copy run tftp

Address or name of remote host []? 10.1.1.1

Destination filename [running-config]? wgroa.cfg

.!!


wg_ro_a# copy tftp run

Address or name of remote host []? 10.1.1.1

Source filename []? wgroa.cfg

Destination filename [running-config]?

Accessing tftp://10.1.1.1/wgroa.cfg...

Loading wgroa.cfg from 10.1.1.1 (via Ethernet0): !

[OK - 1684/3072 bytes]


119

120

© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-120

Introducing

Routing

121121

To route, a router needs to do the following:

• Discover the connected networks .

• Select the best paths (routes) to these networks.

• Maintain and verify routing information using a routing table.

What Is Routing ?

122122

• Routing table contains the best paths discovered by a “ routing protocol “

Routing table

123123

• Static Route

a route (path)

that a network

administrator

enters into the

router manually

• Dynamic Route

a route (path) that

a network routing

protocol discovers

automatically and

adjusted when

topology changes

Routing Protocols

124124

Routing Protocols

Static Dynamic

Direct

connected

Static

route

Default

route

IGP EGP

(EGP ,

BGP)

Distance

vector

(RIPv1 ,

IGRP)

Link

state

(OSPF ,

ISIS)

Hybrid

(EIGRP ,

RIPv2)

125125

Autonomous Systems: Interior or

Exterior Routing Protocols

126126

Routing table creation

Routing table contains only the decisions of

the best routing protocol and the best

paths to reach networks.

- The best routing protocol is elected based

on its administrative distance.

- The best paths depend on its metric

127127

Administrative Distance

it is a value between ( 0 – 255 ) that reflects the

truthfulness of routing protocol (the best protocol

has the least admin. distance)

OSPF

110

128128

Selecting the

Best Route with Metrics

- The best path

has the least

metric.

- each routing

protocol use a

metric type

(hop count , BW ,

delay , load ,

reliability , MTU)

129129

Static routing protocol

1- Direct connected networks :- Direct connected networks are automatically detected

by the router without configuration

- symbol in routing table is “ C ”

- admin. Distance = 0

10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0

10.0.0.0

11.0.0.0

11.0.0.0

12.0.0.0

12.0.0.0

13.0.0.0

C

C C

C

C

C

130130


2- Static route :

- manually you can define a path to reach a certain network

- symbol in routing table is “ S ”

- admin. Distance = 1192.168.1.0/24

192.168.1.0 S0

12.0.0.1/812.0.0.2/8

OR 192.168.1.0 12.0.0.2

Internet

131131


3- Default route :- This route allows the stub network to reach all known networks beyond router A (gateway of last resort)

- symbol in routing table is “ S* ”

192.168.1.0/24

12.0.0.1/812.0.0.2/8

12.0.0.1

Internet S0

132132

Displaying the routing table

router# show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 12.0.0.0 is directly connected, Serial0

S* 0.0.0.0/0 is directly connected, Serial0

133133

Dynamic routing protocols

Distance Vector Routing Protocols :- each router detects its direct connected networks and

form its initial routing table

- routers pass periodic copies of routing table to neighbor

routers and learn the best paths to all networks

( the paths with the least metric ) and form the final

routing table (convergence)

- after convergence periodic updates (full routing table) are

sent to indicate any change in the topology .

134134

Distance Vector Routing

Protocols

10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0

10.0.0.0 11.0.0.0 12.0.0.0

11.0.0.0

12.0.0.0

13.0.0.0

12.0.0.0

10.0.0.0

13.0.0.0

13.0.0.0

11.0.0.0

10.0.0.0

135135

Routing loops

10.0.0.0

10.0.0.0 E0 16

down

10.0.0.0 S0 16

10.0.0.0 S1 3

10.0.0.0 S0 2

- when network 10.0.0.0 fails , router A will mark its metric

by 16 (a max. hop count value to avoid counting to infinity)

and send its routing table to B after the periodic interval.

- before B sends its periodic update to C , router C sent its

routing table to B containing a path to 10.0.0.0 with a better

metric so B think that 10.0.0.0 can be reached by C while C

depends on B for that so loop occurs .

136136

Routing loops solutions

- Split Horizon :

route learned from an interface can not be

sent back on the same interface

10.0.0.0

10.0.0.0 E0 16

down

10.0.0.0 S0 16 10.0.0.0 S0 2

137137


- Hold-down Timers :- router that informed with a failed route don’t accept any

update about it for a time equal to the hold down timer so

by the end of the timer all routers would know that route

failed ( it is useful in flapping networks ).

- hold finish if :

– The hold-down timer expires.

– Another update is received with a better metric.

10.0.0.0

10.0.0.0

10.0.0.0

138138


- Triggered Updates :instead of sending updates after a time interval , router

sends the update as soon as a route fails or any change

occurs so other routers immediately modify their routing

tables ( this is the most used solution ).

139139

Properties of Distance Vector

Routing Protocols

- simple configuration

- low processing / memory usage

- bandwidth waste due to the periodic updates

- unreliable (no ack. for the protocol messages)

- updates are sent broadcast on all active interfaces so it may affect the hosts PCs

- classful :

do not include the subnet mask with the route advertisement and often sends a summary routes

- These are examples of distance vector protocols:

• RIP version 1 (RIPv1)

• IGRP

140140

1RIP v- distance vector routing protocol

- symbol in routing table is “ R ”

- admin. Distance = 120

- metric is hop count , metric 16 means unreachable

- full routing tables are flooded in the network till

convergence occurs (use Bellman Ford algorithm)

- after convergence , periodic updates are sent every

30 seconds

- at change , triggered update is sent

- support load balancing if many paths to the same network

exist with an equal metric

- Classful

141141

- Starts the RIP routing process

Router(config)#router rip

Router(config-router)#network direct connected network

- Advertise about the connected networks

RIP Configuration

Router# debug ip rip

142142

RIP Configuration Example

143143

Verifying the RIP Configuration

144144

Displaying the

IP Routing Table

145145

146146

State Routing Protocols-Link

10.0.0.1/8

12.0.0.1/812.0.0.2/8 13.0.0.2/8

13.0.0.1/8

15.0.0.1/814.0.0.1/8

14.0.0.2/811.0.0.2/811.0.0.1/8

Operation :-

- each router will discover its direct connected neighbors

using the “hello protocol“ (layer-3 protocol)

- each router will form a packet called link state advertisement

(LSA)

10.0.0.1/8

11.0.0.1/8

12.0.0.1/8

State , Cost C

AL S

147147


- each router will flood its LSA to all neighbors on special

multicast address then neighbors continue flooding of

the LSA’s to each other.

- each router will form the link state database (LSDB) from

the received LSA’s so all routers will have the same

LSDB form.

10.0.0.1/8

11.0.0.1/8

12.0.0.1/8

11.0.0.2/8

14.0.0.2/8

12.0.0.2/8

13.0.0.2/8

13.0.0.1/8

14.0.0.1/8

15.0.0.1/8

A

B

C

D

148148


- every router will form the Link State Tree that describe

the actual connection of the network topology then apply

the Dijekstra algorithm on the tree to form the routing table.

after convergence: -

no periodic updates

at change: -

partial triggered update for the affected route is sent so all

routers repeat the link state process.

149149


150150

tate RoutingS-Benefits of Link

– Fast convergence:

changes are reported immediately by the source affected (partial triggered updates)

– Robustness against routing loops:• Routers know the topology.

• Link-state packets are sequenced and acknowledged (reliable protocol)

– Lower bandwidth waste:

no periodic updates

– classless

151151

tate S-of Linkdisadvantages

Routing

– Significant demands for resources:

• Memory (three tables: adjacency, topology, forwarding)

• CPU (Dijkstra’s algorithm can be intensive, especially when a lot of instabilities are present.)

– Complex configuration

– Requires very strict network design (multiple areas)

152152

OSPF

• Open standard

• Shortest path first (SPF) algorithm

• Link-state routing protocol

• Use Dijkstra’s algorithm

• Administrative Distance = 110

• Metric called cost = 10^8 / BW

• Hop-count is unlimited

• Symbol in routing table is O

• Loop free protocol

• Classless routing protocol

153153

OSPF (Cont.)

• discover neighbors and maintain neighbor relationship using

hello protocol

• send hello every 10 seconds in point-to-point and broadcast

multi-access networks on multicast address 224.0.0.5 to reach

neighbors only

• dead interval = 4 hello timer (40 sec)

• send LSA’s (updates) on multicast address 224.0.0.5 (all

OSPF routers) and 224.0.0.6 (DR and BDR routers)

•Every OSPF router receives LSA updates it’s Link State

Database (LSDB) by copy of this LSA and flood it to all OSPF

neighbors except the one that send it, and then runs the

Dijkstra OSF algorithm to the new LSDB to draw the new

topology tree then form the routing table.

154154

OSPF (Cont.)

• After convergence :

no periodic updates are sent except a periodic refreshment

message for LSDB every 30 minutes

• At change :

OSPF sends a triggered update for the affected route so

OSPF process repeated again

• OSPF tables :

1- neighbor table :

contains neighbor router ID’s and maintained by Hello’s

2- topology table :

all paths to all networks

3- routing table :

best paths to all networks

155155

OSPF Hierarchical Routing

• OSPF supports Hierarchical multiple area design

• Multiple areas minimizes routing update traffic and limits the frequent SPF calculations and tends scalability to infinity

• Area 0 is the backbone area and all other areas must be connected to area 0

156156

Router ID

• every router in OSPF environment is identified by RID

• RID is 32 bit value, it is selected to be :

1- the highest IP address of loopback interface if exist(logical interface that is always up)

to configure loopback interface :

(config)# interface loopback no.(config-if)# ip address ip mask

2- if no loopback interfaces the RID will take the highest IP of the active physical interfaces when the OSPF process get started

255.255.255.255

157157

OSPF operation

1- in point to point topology : - neighbor discovery :

by sending hello messages periodically on multicast 224.0.0.5

• - for OSPF routers to be neighbors they must have:

- the same area ID

- same hello and dead intervals

- same authentication password

- route discovery :

exchange LSA’s on 224.0.0.5 so as each router has the same LSDB

- route selection :

form the routing table

158158

Broadcast Multiple Access (BMA) Operation :-2

- Neighbor Discovery : as in point to point

- DR & BDR Election:

: Designated Router is a router that has DR -

1- highest priority (range 0 – 255 , default = 1)

2- if equal priorities , DR is the highest RID

that has the second highest priority : Backup DR is a routerBDR-

or RID

Note:

- if anew router with highest priority added ,it won’t be the DR

directly (non-preemptive)

- router with priority=0 can’t be the DR or BDR

- the routers that are not DR or BDR called drothers

OSPF operation

159159

OSPF operation in BMA (cont.)

224.0.0.5Hello

new

Hellounicast

Unicast updatehere is my routing table

Ack.

Update to 224.0.0.6

here is my routing table

to other routers

- Route Selection:

- The router will form

a topology table

from all routing

tables it receives.

- Then apply the

Dijekstra algorithm

on the tree to

extract the routing

table

- Route Discovery:

form the adjacency with DR & BDR on 224.0.0.6

DR

Update to 224.0.0.5

update

160160

OSPF operation in BMA (cont.)

224.0.0.6update

new

Ack.

Ack.

- Other routers repeat

the OSPF process

(SPF tree)

DR

- At change :

to other routers

Update to 224.0.0.5

update

161

Configuring Single-Area OSPF

Router(config-router)#network network wildcard-mask area area-id

• Assigns networks to a specific OSPF area

Router(config)#router ospf process-id

• Defines OSPF as the IP routing protocol

162

OSPF Configuration Example

0

0

255 area 0

255 area 0

RouterA(config)# interface serial 0/2

RouterA(config-if)# bandwidth 64 (a value in kbps)

163

OSPF Configuration Example

164

Router#show ip ospf interface

Verifying the OSPF

Configuration

• Displays area ID and adjacency information

Router#show ip protocols

• Verifies that OSPF is configured

Router#show ip route

• Displays all the routes learned by the router

Router#show ip ospf neighbor

• Displays OSPF neighbor information on a per-interface basis

165165

OSPF debug Commands

Router#debug ip ospf events

OSPF:hello with invalid timers on interface Ethernet0

hello interval received 10 configured 10

net mask received 255.255.255.0 configured 255.255.255.0

dead interval received 40 configured 30

Router# debug ip ospf packet

OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117

aid:0.0.0.0 chk:6AB2 aut:0 auk:

Router#debug ip ospf packet

OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116

aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0

166166

167167

Hybrid Routing Protocols

168168


Determining IP Routes

Enabling EIGRP

169169

EIGRP (Enhanced IGRP)

- advanced distance vector protocol.

- Cisco proprietary.

- maintain neighbor relationship using hello protocol.

- send hello every 5 sec. on fast link (>1.54Mbps).

- send hello every 60 sec. on slow link (<1.54Mbps).

- dead interval = 3 * hello interval.

- rapid convergence by using DUAL algorithm ( store a backup

route for each best route).

- support multiple network layer protocols (IP, IPX, Apple talk).

- support equal and unequal load balancing between many

paths to the same destination network.

- admin. Distance = 90 for internal routes.

- symbol ( D ) in routing table.

170170

- Max. hop count = 224.

- Classless

- Reliable protocol.

- Have the same operation in all topologies.

- Use composite metric

- EIGRP routers to be neighbors:

1- Must have the same AS (autonomous system) number.

2- Must have the same K-values. (the same metric equation constants)

EIGRP (cont.)

– Bandwidth

– Delay

– Reliability

– Loading

– MTU

171171

- Neighbor table: List of all neighbors.

- Topology table: list of all routes to destination networks.

- Routing table: list of best routes to all destination networks.

- Successor ( S ): best route to destination network , stored in routing table and topology.

- Feasible successor (FS): backup route to destination network, stored in topology table.

- Feasible distance (FD): metric between source and destination network.

- Advertised distance (AD): metric between my neighbor and the destination network .

EIGRP terminologies

- FD = next hop metric + AD.S

FS

AD

FD

172172

EIGRP operation

224.0.0.10Hello

new

Hellounicast

Unicast updatehere is my routing table

Ack.

Update to 224.0.0.10

here is my routing table

Ack.

- The router will form

a topology table

from all routing

tables it receives.

- Then apply the

DAUL algorithm on

topology table to

extract the routing

table (S) and

calculate the

backup routes (FS).

At start up :-

173173

At change:-

EIGRP operation (cont.)

224.0.0.10update

Ack.

1- New network appear :

After convergence:-

No periodic updates are sent

174174

2- Network failure:

EIGRP operation (cont.)

- If there is a backup route (FS) :

224.0.0.10update

Ack.

The FS will be the new

successor for this rote

- If there is no backup route (FS) :

224.0.0.10query

Ack.

Yes / no

Ack.reply

Does any one know

another route to the

failed network

175175

Configuring EIGRP

Router(config-router)# network network-number [wild card mask]

• Selects participating attached networks

Router(config)# router eigrp autonomous-system

• Defines EIGRP as the IP routing protocol

176176

EIGRP Configuration Example

To advertise details (work as classles) we need to add command

(config-router)# no auto-summary

or advertise network by network using the wild card mask[wild card mask]number-networkrouter)# network -Router(config

177177

Verifying the EIGRP Configuration

Router# show ip protocols

Router# show ip route eigrp

Router# show ip eigrp traffic

Router# show ip eigrp neighbors

Router# show ip eigrp topology

• Displays the neighbors discovered by IP EIGRP

• Displays the IP EIGRP topology table (S & FS)

• Displays the number of IP EIGRP packets sent and received

• Displays current EIGRP entries in the routing table (S only)

• Displays the parameters and current state of the active routing protocol process

178178

debug ip eigrp Command

Router#debug ip eigrp

IP-EIGRP: Processing incoming UPDATE packet

IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -

256000 104960

IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -

256000 104960

IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -

256000 104960

IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1

IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200








179179

EIGRP Load Balancing

Router(config)# router eigrp 100

Router(config-router)#traffic share-balance

Router(config-router)# variance multiplier

- Configuration :

Metric 20

Metric 40

Metric 60

180180

2RIP v

• Advanced distance vector protocol.

• No periodic updates, only partial triggered updates.

• Updates are sent on multicast 224.0.0.9

• Classless.

• Admin. Distance = 120

• Symbol ( R ) in routing table.

• Metric = hop count.

Router(config)# router rip

Router(config-router)#network direct connected network

Router(config-router)# version 2

- Configuration :

181181


Route Summarization

182182

-It is grouping block of subnets and advertise them as a

single network address.

(single IP address represent group of contiguous subnets).

Route summarization

183183

• Advantages of route summarization:

- reduce the size of routing table for the router who know

the summary only.

- summary requires less bandwidth.

- router that know the summary don’t affected by network

instability.

Route summarization (cont.)

184184

-It is grouping of major networks into one address

Classless Inter domain Routing

(CIDR)

8.0.0.0/8

9.0.0.0/8

10.0.0.0/8

11.0.0.0/8

0000 10 00 . 0 . 0 . 0

0000 10 01 . 0 . 0 . 0

0000 10 10 . 0 . 0 . 0

0000 10 11 . 0 . 0 . 0

CIDR 8 . 0 . 0 . 0 / 6

EX :

185185

Summarizing Routes in a

Discontiguous Network

– RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets.

– OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets.

186186


Implementing Variable

Length Subnet Masks

(VLSM)

187187

- VLSM means that in a single class A, B, or C network,

more than one subnet mask is used.

- VLSM allows some subnets to be smaller and some

subnets to be larger, which reduce the waste in IP

addresses.

- VLSM allows you to apply different subnet masks to the

same class address.

- Steps :

- begin with the largest subnet

- continue giving addresses with the suitable subnet mask

Variable Length

Subnet Mask (VLSM)

188188

VLSM example

60 host

60 host

60 host

2 hosts

2 hosts

2 hosts

s1

s3

s2s5

s4

s6

- For s1, s2 , s3 to support 60

host we need 6 bits

- so subnet mask is

255.255.255.192

- hop count = 256-192 = 64

- s1 address 192.168.1.0 /26

s2 address 192.168.1.64 /26

s3 address 192.168.1.128 /26

- starting from address 192.168.1.192 give addresses to s4 , s5 , s6

- 2 hosts need 2 bits

- new subnet mask is 255.255.255.252 , hop count = 256-252 = 4

- s4 address 192.168.1.192 /30

s5 address 192.168.1.196 /30

s6 address 192.168.1.200 /30

VLSM is supported only by the

classless routing protocols

Divide network

192.168.1.0 /24

189189

190190


Managing IP Traffic with

Access Lists (ACL)

191191

• Manage IP traffic as network access grows

• Filter packets as they pass through the router

Access control list (ACL)

192192

- ACL is a set of commands that are grouped under certain

name or number to control traffic flow (permit or deny).

- Access list is configured on the router then activated on

interfaces.

• ACL processing:

- statements are checked from up to down.

- once a match found, no further checking.

- if no match found, the packet will be dropped due to the “ implicit deny “ statement at the end of the ACL.

- ACL must contain at least one permit statement otherwise all packets will be dropped.

- in any ACL , you can not add statement between statements (any new statements can only be added to the end of ACL).

- you can have one ACL per interface per protocol per direction.

ACL Structure

193193

Note :

- in numbered ACL, you can not delete a certain statement , only delete the whole ACL.

- In named ACL, you can delete a certain statement between statements.

ACL types

ACL

Standard ACL

Numbered

1 - 99

1300 - 1999

Named

Extended ACL

NamedNumbered

100 - 199

2000 - 2699

194194

Standard ACLs

- Configuration :

•Activates the list on an interface

•Sets inbound or outbound testing

•removes ACL from the interfacenumber-ACLgroup -no ip access

Router(config-if)# ip access-group ACL-number{in | out}

• IP standard ACLs use 1 to 99

• default wildcard mask = 0.0.0.0 (exactly match the ip address)

• 12.0.0.1 0.0.0.0 = host 12.0.0.1 & 0.0.0.0 255.255.255.255 = any

• no access-list ACL-number removes entire ACL

Router(config)# access-list ACL-number{permit|deny} source ip [w.c.mask]

- It filters the packets based on the source ip address

195195

Standard IP ACL example

12.0.0.0

A

- Deny traffic from host 172.16.4.13 to host A and permit

all other traffic.

Note:

commands

order is

important

= host 172.16.4.13

= any

196196

• control telnet access to router :

we want to restrict the telnet access from host 10.1.1.1 to

the router.

10 . 1 . 1 . 1

(config)# access-list 1 deny host 10.1.1.1

(config)# access-list 1 permit any

(config)# line vty 0 4

(config-line)# access-class 1 in

Standard ACL (cont.)

197197

Router(config)# ip access-list standard name

Router(config-std-nacl)# {permit|deny} source ip [ w.c.mask ]

Router(config-std-nacl)# no {permit|deny} source ip [w.c.mask ]

Router(config-if)# ip access-group name {in | out}

Standard Named IP ACL

• Permit or deny statements have no prepended number.

• “no” removes the specific test from the named ACL.

• Activates the named IP ACL on an interface.

198198

Host X

192.168.5.1/24Server

192.168.1.1/24

192.168.2.0/24

AC

B

- we want to restrict the user X from accessing the server.

C(config)# access-list 1 deny host 192.168.5.1

C(config)# access-list 1 permit any

C(config)# interface e0

C(config-if)# ip access-group 1 out

- Rule:

• Standard ACL is placed as close as possible to destination.

Placement of standard ACL

e0

199199

Extended ACL

- It is more flexible than standard ACL.

- extended ACL can match on:

1- source IP , destination IP.

2- TCP/IP protocols ( IP, TCP, UDP, ICMP,…….).

3- protocol information ( port no. ).

200200

Router(config-if)# ip access-group access-list-number

{in | out}

Extended IP ACL Configuration

• Activates the extended list on an interface

• Sets parameters for this list entry

Router(config)# access-list access-list-number

{permit | deny} protocol

source ip source-wildcard [operator port]

destination ip destination-wildcard [operator port]

201201

• Note:

- 0.0.0.0 is called host mask.

- 12.0.0.1 0.0.0.0 = host 12.0.0.1

- 0.0.0.0 255.255.255.255 = any

- The operator and port values :

(eq) operator means equal

(Lt) operator means less than or equal.

(gt) operator means greater than or equal.

range 10 – 80 ---- all ports between 10 , 80

- eq 80 = eq http ---- put the port number or name

Extended ACL

202202

Extended ACL example

– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0– Permit all other traffic.

1

in

internet

203203

Extended ACL example

– Deny only Telnet from subnet 172.16.4.0– Permit all other traffic.

internet

1

in

204204

Router(config)# ip access-list extended name

Router(config-ext-nacl)# {permit | deny}

{ip access list test conditions}

Router(config-ext-nacl)# no {permit | deny}

{ip access list test conditions}

Router(config-if)# ip access-group name {in | out}

• Alphanumeric name string must be unique.

• Permit or deny statements have no prepended number.

• “no” removes the specific test from the named ACL.

• Activates the named IP ACL on an interface.

Extended Named ACL

205205

Host X

192.168.5.1/24

Server

192.168.1.1/24

192.168.2.0/24

AC

B

- We want to restrict the user X from accessing the server

- Rule:

• Extended ACL is placed as close as possible to source.

Placement of Extended ACL

206206

Monitoring ACL Statements

wg_ro_a#show access-lists

Standard IP access list 1

permit 10.2.2.1

permit 10.3.3.1

permit 10.4.4.1

permit 10.5.5.1

Extended IP access list 101

permit tcp host 10.22.22.1 any eq telnet

permit tcp host 10.33.33.1 any eq ftp

permit tcp host 10.44.44.1 any eq ftp-data

router# show {protocol} access-list {access-list number}

router# show access-lists {access-list number}

207207

router# show ip interfaces e0

Ethernet0 is up, line protocol is up

Internet address is 10.1.1.11/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is 1

Proxy ARP is enabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is

disabled

IP Feature Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is

disabled

<text ommitted>

Verifying ACLs

208208


Scaling the Network

with NAT and PAT

209209

- Address translation allows you to translate your internal private address to a public address before the packets leave your local network to the public network.

- NAT terminologies:

1- Inside local IP: an internal device that has a private IP.

2- Inside global IP: an internal device that has a public IP.

3- Outside local IP: an outside device that has a private IP.

4- Outside global IP: an outside device that has a public IP.

- Types of Address Translation:

• Static Translation.

• Dynamic Translation.

Network address translation

(NAT)

210210

Static NAT

10.0.0.112.0.0.112.0.0.110.0.0.1

10.0.0.1 12.0.0.1

NAT table is

formed

manually

translating

private IPs to

public IPs.

- Static NAT is used when outside users are trying to

access your internal resources

211211

Configuring Static Translation

• Establishes static translation between an inside local address and an inside global address

Router(config)# ip nat inside source static local-ip global-ip

• Marks the interface as connected to the inside

Router(config-if)# ip nat inside

• Marks the interface as connected to the outside

Router(config-if)# ip nat outside

212212

Static NAT Example

213213

- the router is given a pool of IPs that contains global IPs,

so every user tries to access a public network will be

given an IP from the pool.

- To configure Dynamic NAT:

1- Define the pool of IPs.

2- Define which inside addresses are allowed to be

translated. (ACL)

Dynamic NAT

214214

Configuring Dynamic NAT

• Establishes dynamic source translation, specifying the ACL that was defined in the prior step.

Router(config)# ip nat inside source

list access-list-number pool pool-name

• Defines a pool of global addresses to be allocated as needed.

Router(config)# ip nat pool name start-ip end-ip{netmask netmask | prefix-length prefix-length}

• Defines a standard IP ACL permitting those inside local addresses that are to be translated.

Router(config)# access-list access-list-number permit

source ip [source-wildcard]

215215

Dynamic NAT Example

216216

- Static or dynamic NAT provide only one to one translation while PAT supports many to one translation using port numbers.

port address translation (PAT)

internet

13.0.0.1

10.0.0.1

10.0.0.2

10.0.0.1 13.0.0.1 2000 80

10.0.0.2 13.0.0.1 3000 80

12.0.0.1 13.0.0.1 2000 80

12.0.0.1 13.0.0.1 3000 80

Inside local ipInside local

portinside global ip

inside global

port

10.0.0.210.0.0.210.0.0.1 2000

30002000 12.0.0.1

12.0.0.112.0.0.1 2000

30004000

217217

Configuring PAT

• Establishes dynamic source translation, specifying the ACL that was defined in the prior step

Router(config)# ip nat inside source list

access-list-number interface interface overload

• Defines a standard IP ACL that will be permit the inside local addresses that are to be translated

Router(config)# access-list access-list-number permit

source-ip source-wildcard

218218

Dynamic NAT Example

overload

219219

PAT Example

220220

Displaying Information with show

Commands

• Displays translation statistics

Router# show ip nat statistics

• Displays active translations

Router# show ip nat translations

Router#show ip nat translation

Pro Inside global Inside local Outside local Outside global

--- 172.16.131.1 10.10.10.1 --- ---

Router#show ip nat statistics

Total active translations: 1 (1 static, 0 dynamic; 0 extended)

Outside interfaces:

Ethernet0, Serial2.7

Inside interfaces:

Ethernet1

Hits: 5 Misses: 0

…

221221

Using the debug ip nat

Command

Router#debug ip nat

NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]

NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]

NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]

NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]

NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828]

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]

NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]

222222

223223


Switching

224224


Spanning Tree

Protocol

IEEE 802.1D

225225

loops2 Layer

MAC port

A

A

3

1• Solution : using Spanning tree protocol (STP)

226226

- provides a loop-free redundant network topology by

placing certain ports in the blocking state (logical blocking)

- STP protocol enables switches to become aware

of each other so they can negotiate a loop free path.

- when the used path fails the STP opens the blocked port

(activate the other path)

Spanning Tree Protocol

227227

1- BPDU Flooding:

- BPDUs (bridge protocol data unit) are flooded from each

switch to the other switches on a well known multicast

MAC address.

- every switch will take a copy of the BPDU and resend it to

other switches.

- every switch will form a database from all the BPDUs.

- BPDU is sent every two seconds.

Spanning Tree Operation

Port IDaccumulated

path cost

bridge ID

(BID)BPDU

228228

- Root bridge is the bridge with the lowest bridge ID

- Bridge ID =

2- Root Bridge election

2 bytes

default = 32768

Spanning Tree Operation (cont.)

priority Bridge MAC address

- Root bridge has the lowest priority ,

if equal priorities then it has the lowest MAC address

- after election, the root bridge only sends the BPDUs every 2 sec.

6 bytes

229229

3- Root port election: (RP)

- each non-root switch will elect the best port to reach the root

switch.

- Root port is the port having:

1- the lowest accumulative path cost to the root switch.

2- If equal costs, it is the port that closer to the second

lowest switch BID.

3- if equal , it is the port that has the lowest serial number


230230


RP

5

RP

RP4

6

8

7

3

21 A

B C

D

assume BID of

A < B < C < D A

is Root bridge

to get RP :

which port is

closer to A ?

(compare 4,6)

(compare 3,5)

(compare 7,8)

root bridge

231231

4- Designated port election: (DP)

- DP has the lowest accumulative path cost from the root switch on every LAN segment.

5- Blocked Port: (BP)

- It is the port that neither RP nor DP.

- BP will logically blocked till any change happen.


232232


RP

5

RP

RP4

6

8

3

21 A

B C

D

blocked port BP

is not RP or DP

(port 8)

to get DP :

which port is

closer to A ?

(compare 1,3)

(compare 2,4)

(compare 5,7)

(compare 6,8)

root bridge

7

DPDP

DP DP

BP

233233

after convergence :

• ports are either forwarding (RP , DP) or blocked (BP)

• a blocked port keeps listening to BPDUs, if for 20 sec.

(Max. age time =10 BPDUs) hasn’t receive a BPDU,

then the port will automatically change its state

(move to listening state).

at change :

• the first switch which feels the change sends a BPDU

called TCN (Topology change notification) destined the

root switch indicating the change.

• the Root switch sends a configuration BPDU with TCN

flag to all switches then the STP will be recalculated.

• if a new switch added with a lower priority , it will be the

root switch


234234

• Spanning tree transits each port through several

different states:

Spanning Tree Port States

STP convergence

time is from

30 sec. to 50 sec.

235235

w)1.802Rapid STP (IEEE

• RSTP significantly speeds the recalculation of the spanning tree when the network topology change.

• to enhance the convergence time, RSTP :

1- elects a backup port for every RP or DP.

2- merges the Blocking state and Listening state into one state called Discarding state.

236236

tree command-the show spanning

237

Configuring the Root Bridge

238238


Virtual LANs (VLAN)

239239

Before VLANs:

- All switch ports are in single broadcast domain

After VLANs:

- each VLAN is a single broadcast domain and one logical subnet.

- VLANs provides:

1- Segmentation

2- Flexibility

3- Security

Virtual LANs (VLANs)

240240

VLAN = Broadcast Domain = Logical Network (Subnet)

VLAN Overview

• Segmentation

• Flexibility

• Security

241241

• Traffic can be transferred between only the same VLANs

on different switches.

• To transfer traffic between different Vlans , a router should

be used

• Trunks carry traffic for multiple VLANs.

VLAN Operation

242242

1- Static VLAN membership:

- assign certain port to a certain VLAN ( port based VLAN )

- by default, all ports of the switch are assigned to VLAN 1

(native VLAN).

2- Dynamic VLAN membership:

- assign certain MAC to a certain VLAN ( MAC based VLAN )

- even if the PC changes its port on the switch , the PC still be

connected to its VLAN.

- This is done by using VMPS ( VLAN membership policy

server ).

VLAN membership

243243

1- Access port:

- It is a port which is member in only one Vlan.

ex: a switch port that connected to a pc.

2- Trunk port:

- switch port that is member in all Vlans by default.

ex: a switch port that connected to another switch.

VLAN connection (Port) types

244244

Vlan 1

Vlan 2

Vlan 1

Vlan 2

- if host B sends a broadcast to Vlan 2, the frames will be passed to

port 4 on switch F over the trunk link .

- the switch F will broadcast the frames to all ports 5,6 although port

6 is not a member in Vlan 2 because it doesn’t know the source

VLAN of the frame.

- Solution:

trunk add a field that identify the source Vlan ID to the frame

4

Trunking problem

A

B2

3

1 5

6

C

DE F

AB

C,D

123

12

all

CD

A,B

564

12

all

MAC port VLAN MAC port VLAN

Trunk

245245

- to provide inter VLAN communication , frame tagging is

used to identify the frame source VLAN .

- Tagging methods:

1- ISL (Inter switch Link) for Ethernet.

2- IEEE 802.1q (dot1q) for Ethernet.

3- LANE for ATM.

4- IEEE 802.10 for FDDI.

- so for Ethernet we concerns on ISL and dot1q methods.

VLAN trunking Methods

246246

ISL (Inter switch link)-1

- Cisco proprietary

- It encapsulates the original Ethernet frame with 30 bytes.

- 26 bytes header (contains 10 bits Vlan id) and 4 bytes trailer

- Vlan range: 0 – 1023 Vlan

- Vlan 1 - 1001 for Ethernet.

- Vlan 1002 - 1023 reserved .

( ex : 1002 - 1005 for token ring and FDDI )

- ISL is not supported now by Cisco.

247247

- add 4 bytes tagging to the Ethernet frame and recalculate

new CRC.

- Vlan ID is 12 bits inside the Tag field so, the Vlan range is

0 - 4095.

- dot1q makes less overhead on frame than ISL.

- dot1q can support both tagged and untagged frames,

where the untagged Vlan traffic belongs to the Native Vlan

- by default, Native Vlan is VLAN 1.

- Native Vlan is a management Vlan where all management

traffic between switches are sent through it.

( BPDU, STP, VTP,….. ).

q)1q (dot1.802IEEE -2

248248

- We have to use a router to route between different VLANs.

Method 1:

- Inter VLAN routing using access ports.

- Disadvantage:

for each Vlan you need 1 router interface and 1 switch port.

Inter VLAN routing

Vlan1

Vlan2

Vlan3

Vlan1

Vlan2

Vlan3

VLAN configuration:

1- Create VLAN.

2- Naming VLAN (optional).

3- Assign ports to VLAN.

249249

To create and name VLAN:

- New method

(config)# vlan <vlan id>

(config-vlan)# name <name>

- Old method

# vlan database

(vlan)# vlan <valn id> [name <name>]

To assign port to vlan:

(config)# int <int. name>

(config-if)# switchport mode access

(config-if)# switchport access vlan <vlan id>

VLAN configuration

250

To create and name VLAN:

Global Mode

Database Mode

VLAN configuration

To assign port to vlan:

(config)#interface fastethernet 0/2

(config-if)#switchport mode access

(config-if)#switchport access vlan 3

251251

- Method 2:

- Router on stick:

Inter VLAN routing (cont.)

- Router sub-interface e0/0.1 configuration:

Router(config)# int e0/0.1

Router(config-if)# encapsulation {isl | dot1q} <vlan id>

Router(config-if)# ip address <ip> <mask>

Vlan1

Vlan2

Vlan3

trunk

e0/0.1e0/0.2e0/0.3

fa1/1

- Switch port fa1/1 configuration:

Switch(config)# int fa1/1

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk encapsulation {isl | dot1q}

252

Routing Between VLANs

Q Trunks1.802with

VLAN 3VLAN 2

3

3

253253

Verifying a VLAN

switch# show vlan [brief | id vlan-id | name vlan-name]

254254

Configuring the Switch IP Address

(config)# interface vlan 1

(config-if)# ip address <ip address> <mask>

(config-if)# no shutdown

• Configures an IP address and subnet mask for the switch VLAN1 interface to allow ping and telnet to switch

switch# show interfaces vlan 1

Vlan1 is up, line protocol is up

Hardware is CPU Interface, address is 0008.a445.9b40

(bia 0008.a445.9b40)


255255

switch(config)# ip default-gateway <ip address>

• Configures the switch default gateway for the 2950 series switches

Configuring the Switch Default Gateway

Setting Duplex Options

switch(config)# interface fa0/1

switch(config-if)# duplex {auto | full | half}

Switch# show interfaces fa0/1

256

Per VLAN Spanning Tree PVST+

257257

Verifying STP for a VLAN

258258

Verifying a Trunkswitch# show interfaces fa0/11 switchport

Name: Fa0/11

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: down

Administrative Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

switch# show interfaces fa0/11 trunk

Port Mode Encapsulation Status

Native vlan

Fa0/11 desirable 802.1q trunking

Port Vlans allowed on trunk

Fa0/11 1-4094

Port Vlans allowed and active in management

domain

Fa0/11 1-13

259259

• Cisco introduces an easy administration method to transfer Vlan

information between switches connected on the same domain

without repeating commands on all switches.

• VTP manages addition, deletion, and modification of Vlan

information in a certain VTP domain.

• VTP has a messaging system that advertises VLAN

configuration information from one switch to all others

• maintains VLAN configuration consistency throughout a common

administrative domain

• sends advertisements on trunk ports only

VTP (VLAN Trunknig Protocol)

- VTP domain:

Area with common VLAN requirements

(all switches have the same function and VLAN policy).

The switch can only be in one VTP domain.

260260

- VTP Modes:

1- server mode: default mode on switch

- can add, delete, modify Vlans

- generate VTP messages to apply this configuration on the

other switches.

2- client mode:

- can not add, delete, modify Vlans

- accept VTP messages and apply it on itself then forward it

- can not generate VTP messages

3- transparent mode:

- can add, delete, modify Vlans locally (by console

configuration) and can not generate VTP messages

- forward VTP messages without applying it on itself

VTP modes

261261

• VTP advertisements are sent as multicast frames.

• VTP servers and clients are synchronized to the latest

revision number (highest number overrides lower ones).

• VTP advertisements are sent every 5 minutes or when

there is a change.

VTP Operation

262262

• Increases available bandwidth by reducing unnecessary flooded traffic

• Example: Station A sends broadcast, and broadcast is flooded only

toward any switch with ports assigned to the red VLAN

VTP Pruning

263263

VTP configuration

New Method

switch(config)# vtp mode [ server | client | transparent ]

switch(config)# vtp domain <domain-name>

switch(config)# vtp password <password>

switch(config)# vtp pruning

switch(config)# end

switch# vlan database

switch(vlan)# vtp [ server | client | transparent ]

switch(vlan)# vtp domain <domain-name>

Old Method

264

Switch(config)#vtp domain ICND

Switch(config)#vtp mode transparent

Switch#show vtp status

VTP Version : 2

Configuration Revision : 0

Maximum VLANs supported locally : 64

Number of existing VLANs : 17

VTP Operating Mode : Transparent

VTP Domain Name : ICND

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F

0xAA

Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05

Switch#

VTP Troubleshooting

265

DTP (Dynamic Trunking Protocol)

• It negotiates a common trunking mode between two

switches by sending periodic messages every 30 sec.

• The router can never participating in DTP.

• #show dtp

Trunk ?

(config-if)# switchport {mode dynamic {auto | desirable} | nonegotiate}

266266

DTP Mode Generate DTP

frames

Trunking

Access

Trunk

Dynamic

desirable

Dynamic auto

Nonegotiate

Yes in case that other side:

-Trunk.

-Desirable.

-Auto.

Yes in case that other side:

-Trunk.

-Desirable.

267267

Managing the MAC Address Table

switch# show mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

All 0008.a445.9b40 STATIC CPU

All 0100.0ccc.cccc STATIC CPU

All 0100.0ccc.cccd STATIC CPU

All 0100.0cdd.dddd STATIC CPU

1 0008.e3e8.0440 DYNAMIC Fa0/2

Total Mac Addresses for this criterion: 5

Setting a Static MAC Address

switch(config)# mac-address-table static

<mac-address> vlan <vlan-id>

interface <interface-id>

268268

Configuring Port Security

switch(config-if)# switchport port-security

[mac-address <mac-address>] | [maximum value] |

[violation {protect |restrict | shutdown}]

switch(config)# interface fa0/1

switch(config-if)# switchport mode access

switch(config-if)# switchport port-security

switch(config-if)# switchport port-security maximum 1

switch(config-if)# switchport port-security mac-address

0008.eeee.eeee

switch(config-if)# switchport port-security violation

shutdown

269269

switch# show port-security interface <interface-id>

Verifying Port Security on the Catalyst 2950 Series

switch# show port-security interface fastethernet 0/5

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 20 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address : 0000.0000.0000

Security Violation Count : 0

270270

271271


Introducing Wide Area

Networks

272272

WAN Overview

- WANs connects remote sites over large geographical area by using the infrastructure of the service provider.

- WANs are a L2 technologies concern by hop-to-hop delivery

- Connection requirements vary depending on user requirements, cost, and availability.

273273

• Provider assigns connection parameters to subscriber

Interfacing Between

WAN Service Providers

274274

- DTE: data terminal equipment, It is a source of data.

- DCE: data communication (circuit) equipment, a device that

terminates a connection and provides clocking &

synchronization for the connection.

- Demarcation point: this is where the responsibility of the

service provider is passed to you (logical boundary)

- CPE: customer premises equipment, this is your own

network equipments which include DTE & DCE.

- Local loop: this is the connection from the carrier’s switch to

the demarcation point.

- CO switch : central office switch (WAN switch)

- Toll network: this is the carrier infrastructure.

terminologiesWAN

275275

WAN connections

WAN connection types

Dedicated

(leased line)Broadband

(Satellite,

Wireless,

cable modem,

DSL)

Packet switching

(X.25 , Frame relay

, ATM)

Circuit switching

(analog modem ,

ISDN)

276276

Serial Point-to-Point Connections

277277


Configuring Serial Point-

To-Point Encapsulation

278278

• supports only single-protocol environments

HDLC Frame Format

• uses a proprietary data field to supportmultiprotocol environments (but is a Cisco proprietary)

• default encapsulation method on Cisco routers

279279

Router(config-if)# encapsulation hdlc

• enables HDLC encapsulation

• uses the default encapsulation on synchronous

serial interfaces

Configuring HDLC Encapsulation

280280

• Overview:

- data link layer protocol used on point to point WAN

connections.

- used in dedicated and circuit switching technologies

- works with synchronous & asynchronous serial

connections.

- support multiple network layer protocols.

- open standard by IETF. (RFC 1332, 1661 & 2153)

- PPP frame format :

Point to point protocol (PPP)

Flag address control protocol Payload FCS

281281

1- Link control protocol (LCP) :

- responsible for negotiating & maintaining a PPP connection

including some options (establish, configure, negotiate

options, test, terminate the PPP connection).

- LCP options are:

authentication, compression, multilink, call back,

error detection

2- Network control protocol:

- negotiate the upper layer protocols that will be used during

the PPP connection.

PPP components

282282

PPP operation

Open connection

OK

Negotiate options

What is my IP ?

Your IP is ….

What is my IPX ?

No IPX

LCP

NCP

283283

1- Authentication:

a- PPP authentication protocol (PAP):

- 2 way handshaking

- 1 way authentication

PPP options

client server

284284

PAP configuration:-

Client configuration :

(config-if)# encapsulation ppp

(config-if)# ppp authentication pap

(config-if)# ppp pap sent username <client username>

password <password>

Server configuration:

(config)# username <client username> password <password>

(config-if)# encapsulation ppp

(config-if)# ppp authentication pap

1- Authentication (cont.)

285285

b- Challenge handshake authentication protocol (CHAP):

- 3 way handshaking.

- 2 way authentication.


286286

(config)# hostname <local name>

(config)# username <remote name> password <password>

(config-if)# ppp authentication chap

CHAP configuration:-


Router(config-if)#ppp authentication

{chap | chap pap | pap chap | pap}

• Enables PAP or CHAP authentication

287287

CHAP Configuration Example :-


288288

Router#show interface s0

Serial0 is up, line protocol is up

Hardware is HD64570


MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation PPP, loopback not set, keepalive set (10 sec)

LCP Open

Open: IPCP, CDPCP

Last input 00:00:05, output 00:00:05, output hang never

Last clearing of "show interface" counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

38021 packets input, 5656110 bytes, 0 no buffer

Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

38097 packets output, 2135697 bytes, 0 underruns

0 output errors, 0 collisions, 6045 interface resets

0 output buffer failures, 0 output buffers swapped out

482 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Verifying the HDLC and PPP encapsulation configuration :-


289289

• debug ppp authentication shows successful CHAP output.

Verifying PPP Authentication :-


290290

- B.W aggregation by combining multiple physical

interfaces into one link (logically).

- splitting L3 packets & send fragments over parallel links.

- Configuration:

(config-if)# ppp multilink.

2- Multilink :

PPP options (cont.)

291291

3- Call back:

- enable a router to place a call and request call back.

- once the request is made, the call disconnect and the other router (server) dial the router (client) back.

4- Compression:

- to improve the throughput on slower links.

- PPP compression support :

1- Stack

2- Predictor

3- MPPC (Microsoft point to point)

4- TCP header

PPP options (cont.)

292292

5- Error detection:

- using LQM (link quality monitor)

- getting a ratio between corrupted frames and the total no. of frames sent.

- if this ratio is more than certain reference no., the link will be dropped.

6- Looped link detection:

- using Magic no.

- every router have a magic no.

- if the router receives a frame have its own magic no., then the link is looped & would go down.

PPP options (cont.)

293293

#debug ppp negotiation.

#debug ppp authentication.

Troubleshooting

# show interface s0/0.

the status of interface, encapsulation, LCP state, NCP state.

294294

295295


Frame Relay

296

Frame Relay topology

•connections made by virtual circuits

•connection-oriented service

297297

- FR is a data link layer protocol packet switching technology.

- defines only the interaction between the CPE and the FR

switch.

- FR is a multiple access technology depending on the virtual

circuit concept.

- FR is a connection oriented protocol through the FR feature

called LMI.

- Encapsulation protocol is LAPF , LAPF types are :

1- Cisco

2- IETF

- note : the same encapsulation type must be used in the

source and destination routers

Frame Relay overview

298

• Frame Relay default: nonbroadcast multiaccess (NBMA)

Frame Relay Topologies

299299

- DLCI number :

- DLCI ( data link connection identifier ) is the VCID of the FR (the L2 path address)

- DLCI no. is a local significant

- different DLCI’s on the same path doesn’t affect the connection

Frame Relay addressing

DLCI 100

DLCI 200

DLCI 300

DLCI 400

300300

• LMI (Local Management Interface) :

- signaling protocol between the router and the FR switch.

- used for management purpose and allows directly connected devices to share the information about the status of VCs as well as their configuration.

- It is used so as a router can get its local DLCI from the FR switch.

- LMI types:

1- Cisco

2- ANSI (Annex-D)

3- Q.933a (Annex-A) (ITU-T)

- Note :

different LMI type on the same path doesn’t affect the connection

Frame Relay management

301

- LMI status :

1- Active : connection using this DLCI is all right

2- Inactive : there is a problem in the remote site

3- Deleted : there is a problem in your local site

Frame Relay management (cont.)

302302

- To map between destination ip and its DLCI :

1- manual resolution :

mapping between the DCLI no. and the next hop ip address

using configuration.

(config-if)# frame-relay map <protocol> <next hop address>

<dlci no.> [broadcast] [ietf]

2- Dynamic Resolution. (Inverse ARP) :

allows the router to automatically discover the address of

next hop on each VC that in active state.

Frame Relay Address Mapping

303

LMI Signaling and Inverse ARP

304

Inverse ARP (cont.)

305

– Use LMI to get locally significant DLCI from the Frame Relay switch.

– Use Inverse ARP to map the local DLCI to the remote router network layer address.

Inverse ARP (cont.)

306

Reachability Issues with Routing

Updates

• Problem:

– Broadcast traffic must be replicated for each active connection.

– Split-horizon rule prevents routing updates received on

an interface from being forwarded out the same interface.

307

Resolving Reachability Issues

• split horizon can cause problems in NBMA environments.

• solution: sub-interfaces can resolve split-horizon issues.

• a single physical interface simulates multiple logical interfaces.

• each corresponding peers are in a separate subnet

• don’t assign ip address to the main interface

Use sub-interfaces

308

Configuring Subinterfaces

– Point-to-point :

• Subinterfaces act like leased lines.

• Each point-to-point subinterface requires its own subnet.

• Point-to-point is applicable to hub-and-spoke topologies.

•

– Multipoint :

• Subinterfaces act like NBMA networks, so they do not resolve the

split-horizon issues.

• Multipoint can save address space because it uses a single subnet.

• Multipoint is applicable to partial mesh and full mesh topologies.

309309

(config)# int s0/0

(config-if)# encapsulation frame-relay [cisco / ietf]

(config-if)# frame-relay lmi-type { cisco / q933a / ansi }

(config-if)# frame-relay map <protocol> <next hop address>

<dlci no.> [broadcast] [ietf]

Sub-interface configuration:

(config)# int s0/0.1 [ point-to-point / multipoint ]

(config-subif)# frame-relay interface dlci <dlci no.>

Frame Relay configuration

310

Configuring a Static Frame Relay

Map

311

Point -to-Configuring Point

Subinterfaces

312

Multipoint Subinterfaces

Configuration Example

313

Verifying Frame Relay Operation

Router#show interfaces name

• Displays information about Frame Relay DLCIs and the LMI

Router#show frame-relay lmi [int.name]

• Displays LMI statistics

Router#show frame-relay map

• Displays the current Frame Relay map entries

Router#show frame-relay pvc [int.name [dlci]]

• Displays PVC statistics

Router#show frame-relay traffic

• Displays Frame Relay traffic statistics

314

show interfaces Example

– Displays line, protocol, DLCI, and LMI information

Router#show interfaces s0Serial0 is up, line protocol is up

Hardware is HD64570


MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)

LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up

LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0

LMI DLCI 1023 LMI type is CISCO frame relay DTE

FR SVC disabled, LAPF state down

Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5

Last input 00:00:02, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

<Output omitted>

315

– Displays LMI information

Router#show frame-relay lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO

Invalid Unnumbered info 0 Invalid Prot Disc 0

Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Status Message 0 Invalid Lock Shift 0

Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100

Num Update Status Rcvd 0 Num Status Timeouts 0

relay lmi Example-show frame

316

– Displays PVC traffic statistics

relay pvc Example-show frame

Router#show frame-relay pvc 100

PVC Statistics for interface Serial0 (Frame Relay DTE)

DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

input pkts 28 output pkts 10 in bytes 8398

out bytes 1198 dropped pkts 0 in FECN pkts 0

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0

in DE pkts 0 out DE pkts 0

out bcast pkts 10 out bcast bytes 1198

pvc create time 00:03:46, last time pvc status changed 00:03:47

317

– Displays the route maps, either static or dynamic

Router# show frame-relay mapSerial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,

broadcast,, status defined, active

relay map Example-show frame

318318

Troubleshooting Basic Frame Relay

Operations

• Displays LMI debug information

Router#debug frame-relay lmiFrame Relay LMI debugging is onDisplaying all Frame Relay LMI dataRouter#1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8C 8B1w2d:1w2d: Serial0(in): Status, myseq 1401w2d: RT IE 1, length 1, type 11w2d: KA IE 3, length 2, yourseq 140, myseq 1401w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8D 8C1w2d:1w2d: Serial0(in): Status, myseq 1421w2d: RT IE 1, length 1, type 01w2d: KA IE 3, length 2, yourseq 142, myseq 1421w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0

319319

Frame Relay Traffic Shaping

• CIR : committed information rate

• EIR : excessive information rate

• Rate < CIR , DE = 0

• CIR < Rate < EIR , DE = 1

• Rate > EIR , Frame will be dropped

• DE : discard eligibility

• FECN : forward explicit congestion notification

• BECN : backward explicit congestion notification

DE FECN BECNLAPF

320320

321

802.11b 802.11g 802.11a

Ratified 1999 2003 1999

Frequency band 2.4 GHz 2.4 GHz 5 GHz

No of channels 3 3 Up to 12

Transmission DSSS DSSS OFDM OFDM

Data rates

[Mbps]

1, 2, 5.5,

11

1, 2, 5.5,

11

6, 9, 12, 18,

24, 36, 48,

54

6, 9, 12, 18,

24, 36, 48, 54

Throughput

[Mbps]Up to 6 Up to 22 Up 28

Differences between WLAN standards

322

In IEEE 802.11 terminology, any group of wireless devices is known as a service set.

The devices must share a common service set identifier (SSID), which is a text string

included in every frame sent.

If the SSIDs match across the sender and receiver, the two devices can communicate.

This is a summary of the different WLAN topologies:

Ad hoc mode:

This mode is called Independent Basic Service Set

(IBSS). Mobile clients connect directly without an

intermediate access point.

Infrastructure mode: In infrastructure mode, where

clients connect through an access point, there are two

modes:

— Basic Service Set (BSS): Mobile clients use a single

access point for connectivity to each other or to wired

network resources.

— Extended Services Set (ESS): In this mode, two or

more Basic Service Sets are connected by a common

distribution system. An Extended Services Set generally

includes a common SSID to allow roaming from access

point to access point without requiring client

configuration.

CCNA Summary

Documents

boot system

generate vtp

input queue

routing loops

maintain neighbor

state routing

spanning tree

managing configuration