Network+ Study Guide (N10-002

Types of Networks Peer to Peer - A peer to peer network is one in which lacks a dedicated server and every computer acts as both a client and a server. This is a good networking solution when there are 10 or less users that are in close proximity to each other. A peer to peer network can be a security nightmare, because the people setting permissions for shared resources will be users rather than administrators and the right people may not have access to the right resources. ore importantly the wrong people may have access to the wrong resources, thus, this is only recommended in situations where security is not an issue. Client/Server - This type of network is designed to support a large number of users and uses dedicated server!s to accomplish this. "lients log in to the server!s in order to run applications or obtain files. #ecurity and permissions can be managed by 1 or more administrators which cuts down on network users medling with things that they shouldn$t be. This type of network also allows for convenient backup services, reduces network traffic and provides a host of other services that comes with the network operating system%&'#(. Centrali ed - This is also a client!server based model that is most often seen in )&*+ environments, but the clients are ,dumb terminals,. This means that the client may not have a floppy drive, hard disk or "-.' and all applications and processing occur on the server!s. As you can imagine, this re/uires fast and expensive server!s. #ecurity is very high on this type of network. Network Topolo!ies "us - This topology is an old one and essentially has each of the computers on the network daisy-chained to each other. This type of network is usually peer-to-peer and uses Thinnet %10base0( cabling. *t is configured by connecting a ,T-connector, to the network adapter and then connecting cables to the T-connectors on the computers on the right and left. At both ends of the chain, the network must be terminated with a 10 ohm impedance terminator. *f a failure occurs with a host, it will prevent the other computers from communicating with each other. issing terminators or terminators with an incorrect impedance will also cause problems.

As you can see if computer 21 sends a packet to computer 23, it must pass through computers 20 and 24, creating excess traffic. A-5A&TA67#8 "heap, simple to set up. -*#A-5A&TA67#8 7xcess network traffic, a failure may affect many users, problems are difficult to troubleshoot. Star - The star topology uses twisted pair %10baseT or 100baseT( cabling and re/uires that all devices are connected to a hub.

A-5A&TA67#8 centrali9ed monitoring, failures do not affect others unless it is the hub, easy to modify. -*#A-5A&TA67#8 *f the hub fails then everything connected to it is down. This is like if you were to burn down the phone company$s central office, then anyone connected to it wouldn$t be able to make any phone calls. #in! - The ring topology looks the same as the star, except that it uses special hubs and ethernet adapters. The ring topology is used with Token .ing networks. A-5A&TA67#8 7/ual access. -*#A-5A&TA67#8 -ifficult to troubleshoot, network changes affect many users, failures affect many users. $y%rid - :ybrid topologies are combinations of the above and are common on very large networks. ;or example, a star bus network has hubs connected in a row %like a bus network( and has computers connected to each hub as in the star topology.

&es' - *n a true mesh topology every node has a connection to every other node in the network. A full mesh network can be very expensive, but provides redundancy in case of a failure between links. (ireless - As the name implies, wireless networks allow computers to comunicate without the use of cables. *777 <00.11b defines two pieces of e/uipment, a wireless station, which is usually a =" or a >aptop with a wireless network interface card %&*"(, and an Access =oint %A=(,which acts as a bridge between the wireless stations and -istribution #ystem %-#( or wired networks. An <00.11b wireless network adapter can operate in two modes, Ad-:oc and *nfrastructure. *n infrastructure mode, all your traffic passes through a wireless ?access point?. *n Ad-hoc mode your computers talk directly to each other and do not need an access point at all. <00.11b delivers data throughput of 11 bps. A-5A&TA67#8 @orld-wide acceptance. .anges over 110 feet. ;reedom to move about and no cables %obvious(. -*#A-5A&TA67#8 #usceptible to interference from obAects such as microwave ovens and cordless phones.

C)"*+NG The table below lists some of the various cable types. Cable Type Also Known As Connector RG-8 or RG-11, 10Base5 AUI/DIX Thicknet coax 10Base& RG-58, thinnet coax B'( connector 10BaseT (at *, !, 5 t+iste, %air R--!5 100Base-TX (at 5 t+iste, %air R--!5

Maximum Length 500 meters(1 !0 "t# 185 meters( 0) "t# 100 meters(*&8 "t# 100 meters(*&8 "t# & 1i2ometers( 5 & "eet#

Speed 10 m$%s 10 m$%s 10 m$%s 100 m$%s

100Base-.X

.i$er /%tic

0T, 0(

&00 m$%s

1000Base-T - Gi3a$it (AT5/(AT5e 4thernet

R--!5

100 meters(*&8 "t#

1 3$%s

80&511$

6ire2ess / 6i.i

'o ca$2in35 Uses Access 7oint (A7# "or connection

1508 "eet

11 m$%s

This next table lists the transmission speeds of Transmission Medium Thicknet Thinnet cat & t+iste, %air cat * t+iste, %air cat ! t+iste, %air cat 5 t+iste, %air .i$er /%tic 80&511$

the various cable types. Transmission Speed 10m$%s 10 m$%s ! m$%s 10 m$%s 1 m$%s 1000 m$%s 100 m$%s - 1 3$%s 11 m$%s

&is,ellaneous Ca%le +nfo #hielded twisted pair %#T=( differs from )T= in that it has a foil Aacket that helps prevent crosstalk. "rosstalk is signal overflow from an adAacent wire. The 1-3-4 rule8 this rule states that a 10base0 network can have 1 cable segments connected with 3 repeaters, but only 4 of these segments can be occupied by computers. There is also a maximum of 40 computers per segment. Thicknet cables are 0.1 inches thick and have a 10 ohm impedance. Thinnet cables are 0.01 inches thick and have a 10 ohm impedance. =lenum grade cabling is re/uired if the cabling will be run between the ceiling and the next floor %this is called the plenum(. =lenum grade cabling is resistant to fire and does not emit poisonous gasses when burned. Thicknet is often used as a backbone. A transceiver with a vampire tap penetrates the core of the cable. ;rom the transceiver a -B-11 connector plugs into the A)* port on a given device. ;iber 'ptic cabling has an built in security as you can$t intercept data as you can with other cable mediums.

Network $ardware Below are some of the common hardware devices found on a network. &'T78 The higher the network device is in the '#* layer the more intelligent the device is. Network +nterfa,e Card- - A &etwork *nterface "ard, often abbreviated as &*", is an expansion board you insert into a computer so the computer can be connected to a network. ost &*"s are designed for a particular type of network, protocol and media, although some can serve multiple networks. $u%- - A hub is used to connect computers on an ethernet network. #epeater- - Boosts signals in order to allow a signal to travel farther and prevent attenuation. Attentuation is the degradation of a signal as it travels farther from its origination. .epeaters do not filter packets and will forward broadcasts. Both segments must use the same access method, which means that you can$t connect a token ring segment to an 7thernet segment. .epeaters can connect different cable types. "rid!e - ;unctions the same as a repeater, but can also divide a network in order to reduce traffic problems. A bridge can also connect unlike network segments %ie. token ring and ethernet(. Bridges create routing tables based on the source address. *f the bridge can$t find the source address it will forward the packets to all segments. Bridging methods8 o o o Transparent - 'nly one bridge is used. #ource-.oute - Bridging address tables are stored on each =" on the network #panning Tree - =revents looping where there exists more than one path between segments

Swit,' - A switch prevents traffic Aams by ensuring that data goes straight from its origin to its proper destination, with no wandering in between. #witches remember the address of every node on the network, and anticipate where data needs to go. *t only operates with the computers on the same >A&. *t isn$t smart enough to send data out to the internet, or across a @A&. These functions re/uire a router. #outer - A router is similar to a switch, but it can also connect different logical networks or subnets and enable traffic that is destined for the networks on the other side of the router to pass through. .outers can connect networks that use disimilar protocols. .outers also typically provide improved security functions over a switch. )nroutable protocols can$t be fowarded. Gateway - 'ften used as a connection to a mainframe or the internet. 6ateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol stack off of the packet and adds the appropriate stack for the other side. &ode. - The modem is a device that converts digital information to analog by '-ulating it on the sending end and -7 odulating the analog information into digital information at the receiving end. ost modern modems are internal, however, they can be internal or external. 7xternal modems are connected to the back of the system board via a .#-040 serial connection. *nternal modems are installed in one of

the motherboard$s ="* or *#A expansion slots depending on the modem. The modem contains an .C-11 connection that is used to plug in the telephone line. odems have different transmission modes as follows8 o o #implex - #ignals can be passed in one direction only. :alf -uplex - :alf duplex means that signals can be passed in either direction, but not in both simultaneously. :alf-duplex modems can work in full-duplex mode. ;ull -uplex - ;ull duplex means that signals can be passed in either direction simultaneously.

odems can also be classified by their speed which is measured by the BA)- rate. 'ne baud is one electronic state change per second. #ince a single state change can involve more than a single bit of data, the Bits =er #econd%B=#( unit of measurement has replaced it as a better expression of data transmission speed. "ommon modem speeds are 5.43 at 0<.< kbps, 5.43D at 44.E kbps and 5.F0 at 1E Gbps. +S/N )dapter - *#-& service is an older, but still viable technology offered by phone companies in some parts of the ).#. *#-& re/uires an *#-& adapter instead of a modem, and a phone line with a special connection that allows it to send and receive digital signals. CS0//S0 - A "#)!-#) %"hannel #ervice )nit ! -ata #ervice )nit( is a piece of e/uipment that connects a leased line from the telephone company to the customer$s e/uipment %such as a router(. Although "#)!-#)$s look similar to modems, they are not modems, and they don$t modulate or demodulate between analog and digital. All they really do is interface between a 1EG, T1, or T4 line and serial interface %typically a 5.41 connector( that connects to the router. any newer routers have 1EG or T1 "#)!-#)s build into them. (ireless ),,ess Point - A @ireless Access =oint is a radio fre/uency transceiver which allows your wireless devices to connect with your home network and to the internet. A wireless access point will support up to 40 wireless devices. The data rate through this wireless network is 11 egaBits per second. Pro1y - A proxy server acts as a middle-man between clients and the *nternet providing security, administrative control, and caching services. @hen a user makes a re/uest for an internet service and it passes filtering re/uirements, the proxy server looks in its local cache of previously downloaded web pages. *f the item is found in cache, the proxy server forwards it to the client. This reduces bandwidth through the gateway. *f the page is not in the cache, the proxy server uses &etwork Address Translation %&AT( to use one of its own *= addresses to re/uest the page from the appropriate server. 2irewall - 7ither a hardware or software entity that protects a network by stopping network traffic from passing through it. *n most cases, a firewall is placed on the network to allow all internal traffic to leave the network %emails to the outside world, web access, etc.(, but stop unwanted traffic from the outside world from entering the internal network.

3S+ 4 *ayer &odel The '#* networking model is divided into H layers. 7ach layer has a different responsibility, and all the layers work together to provide network data communication.

P'ysi,al - The =hysical layer is the specification for the hardware connection, the electronics, logic circuitry, and wiring that transmit the actual signal. *t is only concerned with moving bits of data on and off the network medium. ost network problems occur at the =hysical layer. /ata *ink - The -ata >ink layer is the interface between the upper ,software, layers and the lower ,hardware, =hysical layer. 'ne of its main tasks is to create and interpret different frame types based on the network type in use. The -ata >ink layer is divided into two sub-layers8 the edia Access "ontrol % A"( sub-layer and the >ogical >ink "ontrol %>>"( sub-layer. o o >>" sub-layer starts maintains connections between devices %e.g. server workstation(. A" sub-layer enables multiple devices to share the same medium. A" sublayer maintains physical device % A"( addresses for communicating locally %the A" address of the nearest router is used to send information onto a @A&(.

Network - The &etwork layer addresses messages and translates logical addresses and names into physical addresses. *t also manages data traffic and congestion involved in packet switching and routing. *t enables the option of specifying a service address %sockets, ports( to point the data to the correct program on the destination computer. Transport - The Transport layer provides flow control, error handling, and is involved in correction of transmission!reception problems. *t also breaks up large data files into smaller packets, combines small packets into larger ones for transmission, and reassembles incoming packets into the original se/uence. Session - The #ession layer handles security and name recognition to enable two applications on different computers to communicate over the network. anages dialogs between computers by using simplex%rare(, half-duplex or full-duplex. The phases involved in a session dialog are as follows8 establishment, data-transfer and termination. Presentation- The =resentation layer determines data exchange formats and translates specific files from the Application layer format into a commonly recogni9ed data format. *t provides protocol conversion, data translation, encryption, characterset conversion, and graphics-command expansion. )ppli,ation - The Application layer represents user applications, such as software for file transfers, database access, and e-mail. *t handles general network access, flow control, and error recovery. =rovides a consistent neutral interface for software to access the network and advertises the computers resources to the network. emori9e the following sentence8

:ere is an idiotic, yet easy way to remember the H layers.

)ll People Seem To Need /ata Processing. The first letter of each word corresponds to
the first letter of the layers starting with Application and ending with the physical layer.

:ere are some examples of items that operate at each layer8

Layer A%%2ication 7resentation 0ession Trans%ort 'et+ork Data ;ink 7h9sica2

Device Gate+a9 Gate+a9 Gate+a9 Gate+a9 Ro:ters, ;a9er * 0+itches 'et+ork Inter"ace (ar,, Bri,3es, ;a9er & 0+itches <:$, Re%eater, ca$2in3

2ra.e Types A frame type is the format of the packet that your 'perating #ystem will use to communicate over your network. Below is a table of the different types8 80&51 Internet+orkin3 ;o3ica2 2ink contro2 - ;;( a,,s hea,er in"ormation that i,enti"ies the :%%er 2a9er 80&5& %rotoco2s sen,in3 the "rame5 4thernet - =e,ia Access (ontro2 (=A(# s:$-2a9er :ses (arrier 0ense =:2ti%2e Access 80&5* +ith (o22ision Detection((0=A/(D# 80&5! Token $:s ;A' 80&55 Token Rin3 BU0 80&5 =etro%o2itan Area net+ork (=A'# 80&5) Broa,$an, 80&58 .i$er o%tic 80&5> Inte3rate, ?oice/Data 80&510 'et+ork 0ec:rit9 80&511 6ire2ess 'et+orks 80&51& Deman, 7riorit95 ;ike 100@G-An9 ;A' Proto,ols =rotocols are the special set of rules that end points use in a telecommunication connection when they communicate. These rules allow computers with dissimilar operating sytems, network topologies, hardware, etc. to communicate. &ext is a description of some of the more common protocols8 TCP/+P - T"=!*= is the protocol suite of the internet and will be covered in the next section. +P5/SP5 - These protocols were developed by &ovell and are!were used with &ovell &etware. *=+ is the fastest routable protocol and is not connection oriented. *=+ addresses are up to < characters in hexadecimal format. #=+ is connection oriented. Net"eui - #tands for ,&etB*'# 7xtended )ser *nterface,. *t is the standard protocol used by icrosoft$s operating systems. *t is &etB7)* that allows the ,shares$ between machines. *n reference to the &etB*'# distinction, &etB*'# is the applications programming interface and &etB7)* is the transport protocol. &etB7)* is a non-routable protocol meaning it will not allow communication through a router. )ppletalk - AppleTalk is the name given to the set of protocol and networking standards created by Apple "omputer for use with the acintosh family of computers. AppleTalk is routable and automatically handles such things as assigning of workstation and network addresses, message routing between networks, etc.

TCP/+P TCP/+P Proto,ol Suite The T"=!*= protocol suite is made of many other protocols that perform different functions. Below is a list of some of them8 TCP - T"= breaks data into manageable packets and tracks information such as source and destination of packets. *t is able to reroute packets and is responsible for guaranteed delivery of the data. +P - This is a connectionless protocol, which means that a session is not created before sending data. *= is responsible for addressing and routing of packets between computers. *t does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as T"=. 0/P - A connectionless, datagram service that provides an unreliable, best-effort delivery. +C&P - *nternet "ontrol essage =rotocol enables systems on a T"=!*= network to share status and error information such as with the use of =*&6 and T.A"7.T utilities. S&TP - )sed to reliably send and receive mail over the *nternet. 2TP - ;ile transfer protocol is used for transferring files between remote systems. ust resolve host name to *= address to establish communication. *t is connection oriented %i.e. verifies that packets reach destination(. T2TP - #ame as ;T= but not connection oriented. )#P - provides *=-address to A" address resolution for *= packets. A A" address is your computer$s uni/ue hardware number and appears in the form 00-A0-;1-0HE3-71 %for example(. 7ach computer stores an A.= cache of other computers A.=-*= combinations. P3P6 - =ost 'ffice =rotocol. A ='=4 mail server holds mail until the workstation is ready to receive it. +&)P - >ike ='=4, *nternet essage Access =rotocol is a standard protocol for accessing e-mail from your local server. * A= %the latest version is * A=3( is a client!server protocol in which e-mail is received and held for you by your *nternet server. T7*N7T - =rovides a virtual terminal or remote login across the network that is connection-based. The remote server must be running a Telnet service for clients to connect. $TTP - The :ypertext Transfer =rotocol is the set of rules for exchanging files %text, graphic images, sound, video, and other multimedia files( on the @orld @ide @eb. *t is the protocol controlling the transfer and addressing of :TT= re/uests and responses. $TTPS - #ignifies that a web page is using the #ecure #ockets >ayer %##>( protocol and is providing a secure connection. This is used for secure internet business transactions.

NTP - &etwork Time =rotocol is a protocol that is used to synchroni9e computer clock times in a network of computers. SN&P - #tands for #imple &etwork anagement =rotocol and is used for monitoring and status information on a network. #& = can be used to monitor any device that is #& = capable and this can include computers, printers, routers, mainframes, gateways and many more.

TCP/+P Ports =orts are what an application uses when communicating between a client and server computer. #ome common ports are8 01 ;T= 04 T7>&7T 01 # T= EF T;T= <0 :TT= 110 ='=4

TCP/+P )ddressin! 7very *= address can be broken down into 0 parts, the &etwork *-%netid( and the :ost *-%hostid(. All hosts on the same network must have the same netid. 7ach of these hosts must have a hostid that is uni/ue in relation to the netid. *= addresses are divided into 3 octets with each having a maximum value of 011. @e view *= addresses in decimal notation such as 103.41.E0.1<1, but it is actually utili9ed as binary data. *= addresses are divided into 4 classes as shown below8 Class Range A 1-1& B 1&8-1>1 ( 1>&-&&* N3T7- 10H.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The following address ranges are reserved for private networks8 10.0.0.0 - 10.013.013.013 1H0.1E.0.0 - 1H0.41.013.013 1F0.1E<.0.0 - 1F0.1E<.013.013 *= addresses can be class A, B or ". "lass A addresses are for networks with a large number of hosts. The first octet is the netid and the 4 remaining octets are the hostid. "lass B addresses are used in medium to large networks with the first 0 octets making up the netid and the remaining 0 are the hostid. "lass " is for smaller networks with the first 4 octets making up the netid and the last octet comprising the hostid. The &etwork *- and the :ost *- are determined by a subnet mask. The default subnet masks are as follows8 CLASS D !A"LT S"#$ T % &! S"#$ TS % &! '&STS ( R S"#$ T (2ass A &55505050 1& 1 ,))),&1! (2ass B &555&555050 1 ,*8! 5,5*!

(2ass ( &555&555&5550

&,0>),15&

&5!

@hat if you wanted more than 1 subnet? #ubnetting allows you to create multiple logical networks that exist within a single "lass A, B, or " network. *f you don$t subnet, you will only be able to use one network from your "lass A, B, or " network. @hen subnetting is employed, the multiple networks are connected with a router which enables data to find its way between networks. 'n the client side, a default gateway is assigned in the T"=!*= properties. The default gateway tells the client the *= address of the router that will allow their computer to communicate with clients on other networks. +Pv8 The previous information on T"=!*= has referred to *=v3, however, this addressing scheme has run out of available *= addresses due to the large influx of internet users and expanding networks. As a result, the powers that be had to create a new addressing scheme to deal with this situation and developed *=vE. This new addressing scheme utili9es a 10< bit address %instead of 40( and utili9es a hex numbering method in order to avoid long addresses such as 140.E3.43.0E.E3.11E.134.1H.1.4.H.33.100.111.001.1. The hex address format will appear in the form of 4;;78B008<008088" for example. /$CP -:"= stands for -ynamic :ost "onfiguration =rotocol and provides a solution that automatically assigns *= addresses to computers on a network. @hen a client is configured to receive an *= address automatically, *t will send out a broadcast to the -:"= server re/uesting an address. The server will then issue a ,lease, and assign it to that client. The time period that a lease will last can be specified on the server. #ome of the benefits of -:"= include the following8 =revents users from making up their own *= addresses. =revents incorrect gateway or subnet masks from being entered by your helpdesk. -ecreases amount of time spent configuring computers especially in environments where computers get moved around all the time. :andy in situations where you have a large sales staff that only have to work 1 day a week. 'n that one day they bring their laptops and they can Aust plug them into the network and they are all set.

-:"= clients will attempt to renew their leases when I10 of the lease has expired. The client will send a message to the server that assigned the lease. Assuming the -:"= server isn$t on fire or anything it will return a message with the new lease. *f the server is unavailable, then the client can continue functioning as it has I10 remaining still. The client will continue as normal until the lease reaches I<H.1 used at which time it broadcast to all -:"= servers and attempt to get a new lease. *f the client receives a reAection message or the lease expires then the client must start all over again and will get a different *= address. *f the lease expires and the client is unable to get a new one then the user will not be able to communicate over the network. N7T"+3S There are several different methods of resovling names to *= addresses. Before getting into the different methods, it is important to understand the role of &etB*'#. @hen talking about &etbios, we typically refer to the concept of &etbios name which is the name assigned to your computer. &etbios allows applications to talk to each other using protocols such as

T"=!*= that support &etbios. &etbios is typically seen in other forms such as &etbeui and &etBT. These are the main functions that &etbios serves8 #tarting and stopping sessions. &ame registration #ession layer data transfer%reliable( -atagram data transfer%unreliable( =rotocol driver and network adapter management functions.

N7T"+3S Na.in!A &etbios name is either a uni/ue name or a group name, the difference being that a uni/ue name is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. &etbios name resolution resolves a computer$s &etbios name to an *= address. icrosoft offers several different ways to resolve &etbios names and each will be disscussed below. *o,al "road,ast - *f the destination host is local, then first the &etbios name cache is checked and a broadcast is not sent. *f it is not found here, then a name /uery broadcast is sent out that includes the destination &etbios name. 7ach computer that receives the broadcast checks to see if it belongs to the name re/uested. The computer that owns the name then uses A.= to determine the A" address of the source host. 'nce obtained a name /uery response is sent. &'T78 #ome routers do not support the fowarding of these broadcasts as they use )-= ports 14H and 14<. N7T"+3S Na.e Server - @hen using a &etbios name server, the cache is checked first and if the name is not found the destination host$s name is sent to the name server. After the name server resolves the name to an *= address, it is returned to the source host. @hen the source host receives the information it uses A.= to resolve the *= address of the destination host to it$s A" address. icrosoft uses @*&# as a &7TB*'# name server. *&$3STS 2ile - An lmhosts file is a text file that is used to manually configure &etbios names. *n order to work, each entry in the lmhosts file must be uni/ue, have a valid *= address for the &etbios name and be spelled correctly. 'n large networks configuring > :'#T# files on all clients is not feasible, so these are not used much anymore. $osts 2ile - The hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. *f the host name can$t be resolved and no other alternative name resolution processes are in place, the user will receive an error. 'nce the host name is parsed from the host file, A.= takes over and attempts to resolve the *= address to a A" address. >ike the lmhosts method, this is static name resolution. /NS ore on this later...

(+NS icrosoft$s definition of @*&# is ,An enhanced &etB*'# &ame #erver%&B&#( designed by icrosoft to eliminate broadcast traffic associated with the B-node implementation of &etB*'# over T"=!*=. *t is used to register &etB*'# names and resolve them to *= addesses for both local and remote hosts., *f a @*&# server is configured, then name resolution re/uests are sent directly to it and in turn the @*&# server will send the *= address to the

re/uesting client. *f the @*&# server can$t resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary @*&# server can be configured to prevent such situations. @*&# is dynamically updated which gets rid of the need for lmhosts files. *f a client is configured to use @*&# then it will register it$s name and *= address with the @*&# server. @hen the computer is turned off, it releases its lease on that name which may be used by a different computer. @ith @indows 0000, icrosoft has introduced -ynamic -&# %--&#( which may be the beginning of the end for @*&# and &7TB*'#. /NS T"=!*= networks used to use hosts files to resolve *= addresses to host names or domain names. &etworks began growing to the point where the administration and the traffic needed to maintain this file became unbearable and -&# was born. A -&# client%aka resolver( sends re/uests to the -&# nameserver which responds with the re/uested info, another server to /uery or a failure message. This process is very similar to calling information. Jou call them with a name, they check their database and give you the phone number. There are a variety of roles a nameserver can satisfy within the 9one that they are responsible for8 Pri.ary Na.eserver - 6athers -&# information from local files and is a focal point for adding hosts and domains. Se,ondary Na.eserver - 6athers the data for its$ 9one%s( from another -&# server. #econdary nameservers provide redundancy, traffic on primary server and /uicker access for locations that are remote in regards to the primary server. Ca,'in! 3nly Na.eserver - These do not have a 9one that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the server was last started.

&ameservers are distributed into tiers called domains. /o.ainsicrosoft discusses domains in terms of a hierarchical ,domain name space, which they refer to as being like a tree structure. There are several different domain levels as listed below8 #oot level do.ains - The top of the tree. Top level do.ains - These are divided into different categories. "om, net, mil, edu, org and gov are the most common. Se,ond level do.ains - These domains make up the rest of networks as all subdomains are categori9ed under this heading. #o if you visit *ntel$s site, you are visiting the sub-domain intel.com. @ithin intel.com many other sub-domains may also exist. $osts - :osts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.

/NS #e,ordsBelow are some of the common -&# records and their purpose8 ) - The A-record is used for hosts on a network. *t is used to translate human friendly domain names such as ,www.mcmcse.com, into an *=-addresses such as 00E.EH.H0.3<.

CN)&7 - "&A 7 %canonical name( records are used to create aliases. 'ften computers on the *nternet have multiple functions such as web server, ;T= server, mail server etc. To mask this, "&A 7-records can be used to give a single computer multiple names %aliases(. ;or example computer ,xy9.com, may be both a webserver and an ftp-server, so two "&A 7-records are defined8 ,www.xy9.com, K ,xy9.com, and ,ftp.xy9.com, K ,xy9.com,. &5 - + %mail exchanger( records identify mail server%s( responsible for a domain name. @hen sending an e-mail to ,userLxy9.com,, your mail server must first look up the + record for ,xy9.com, to see which mail server actually handles mail for ,xy9.com,. NS - &# %name server( records identify -&# servers responsible %authoritative( for a 9one. PT# - =T. %pointer( records map *= addresses to domain names which is the reverse of A-records.

N)T/+CS &AT stands for &etwork Address Translation and is a commonly used *= translation and mapping technology. )sing a device %such as a router( or piece of software that implements &AT allows an entire home or office network to share a single internet connection over a single *= address. A single cable modem, -#> modem, or even 1Ek modem could connect all the computers to the internet simultaneously. Additionally, &AT keeps your home network fairly secure from hackers. &AT is built in to the most common *nternet "onnection #haring technologies around. icrosoft$s implementation of &AT is called *nternet "onnection #haring %*"#( and is supported by @indows F<#7 and @indows 0000. *"# is a &AT based routing application, designed to share an *nternet connection among multiple computers connected via a >A&. *"# can handle both dial-up and broadband based *nternet connections. *"# can handle networks with clients running any operating system, as long as the '# supports the T"=!*= protocol. The clients can have their T"=!*= information assigned manually or they can run as -:"= clients, obtaining their T"=!*= settings from *"#$ built-in -:"= server. Trou%les'ootin! TCP/+P T"=!*= offers several tools that are helpful in the troubleshooting process and provide information to help locate and correct problems. #ome of these are listed below8 )#P - =rovides a mapping from the logical 40-bit T"=!*= address to the physical 3<bit A" address %i.e. translates a *= address into A" address(. T7*N7T - =rovides a virtual terminal or remote login across the network that is connection-based and handles its own session negotiation. The remote server must be running a Telnet service for clients to connect. -efaults settings are =ort 04 5T100 terminal emulation. N"TST)T - *s used to troubleshoot connectivity problems between 0 computers communicating via &etBT, by displaying protocol statistics and current connections. &BT#TAT examines the contents of the &etB*'# name cache and gives A" address. T#)C7#T - By sending out *" = packets, it determines the path taken by a data packet to reach it?s destination and can help determine at what point a network connection is now longer active. "an help troubleshoot network response time issues.

N7TST)T - -isplays in-depth detail about T"=!*= protocol status and statistics. (+N+PC2G - -isplays current T"=!*= configurations on @indows workstations%see also *="'&;*6 on @indows &T(. +PC3N2+G - Below are the ipconfig switches that can be used at a command prompt. - ipconfig /all will display all of your *= settings. - ipconfig /renew forces the -:"= server, if available to renew a lease. - ipconfig /release forces the release of a lease. P+NG - )ses *" = to verify a connection to a remote host by sending echo re/uests and ,listening, for reply packets. NS*3390P - This tool /ueries a -&# database for information about -&# obAects and can be used to troubleshoot name resolution problems.

6eneral troubleshooting strategy includes the following steps8 1. 7stablish the symptoms 0. *dentify the affected areas 4. 7stablish what has changed 3. #elect the most probable cause 1. *mplement a solution E. Test the result H. .ecogni9e the potential effects of the solution <. -ocument the solution Basic T"=!*= troubleshooting steps include8 1. =ing 10H.0.0.1 - This is the loopback address and verifies that the computer that you are pinging from can communicate via T"=!*= with its own ethernet adapter. 0. =ing own *= address - 5erifies that a valid *= address was entered for this computer. 4. =ing default gateway - Typically this would be the near side of a router. *f you can ping this address, then you should be able to ping other hosts on your same subnet. 3. =ing far side of router - This will verify that the routing table is correct. 1. =ing remote host - *f this works then it would appear that there are valid communications. E. *f you are unable to connect to a host via host or domain name, see if you can connect to it using its *= address. *f so, then you are likely having name resolution problems and should check your -&# configuration. ;or the exam troubleshooting section, you will need to know how to solve various problems based on information such as =*&6!T.A"7.T!*="'&;*6 output, topology type, operating system, network configuration, visual indicators %link lights, collision lights(, etc. There will most likely be diagrams that you will have to glean information from.

()N Te,'nolo!ies This section outlines some common @A& technologies you will need to know8 Pa,ket and Cir,uit Swit,'in! - =acket switching refers to protocols in which messages are divided into packets before they are sent. 7ach packet is then transmitted individually and can even follow different routes to its destination. 'nce all the packets forming a message arrive at the destination, they are recompiled into the original message. ost modern @ide Area &etwork %@A&( protocols, including T"=!*= and ;rame .elay are based on packet-switching technologies. *n contrast, normal telephone service is based on a circuit-switching technology, in which a dedicated line is allocated for transmission between two parties. "ircuit-switching is ideal when data must be transmitted /uickly and must arrive in the same order in which it is sent. This is the case with most real-time data, such as live audio and video. =acket switching is more efficient and robust for data that can withstand some delays in transmission, such as e-mail messages and @eb pages. +S/N - *ntegrated #ervices -igital &etwork %*#-&( is comprised of digital telephony and data-transport services offered by regional telephone carriers. *#-& involves the digitali9ation of the telephone network, which permits voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone wires. There are 0 types of *#-& channels8 o o B %bearer( - Transfers data at E3Gbps. An *#-& usually contains 0 B channels for a total of 10<kbps. - %data( - :andles signalling at either 1EGbps or E3Gbps%sometimes limited to 1EGbps( which enables the B channel to strictly pass data

2//+ - ;iber -istributed -ata *nterface %;--*( is an appealing choice for high-speed data networking. 7ssentially, it is a very high-speed token ring network connected by optical fibers. @ith a data transfer rate of 100 bps, the ring can support up to 100 nodes with as much as 0 km of spacing between adAacent nodes. )T& - AT stands for Asynchronous Transfer ode and is a high-speed, packetswitching techni/ue that uses short fixed length packets called cells. AT can transmit voice, video, and data over a variable-speed >A& and @A& connections at speeds ranging from 1.133 bps to as high as E00 bps. AT is capable of supporting a wide range of traffic types such as voice, video, image and data. 2ra.e #elay - ;rame relay is a secure, private network that utili9es a logical path or ?virtual circuit? to allocate bandwidth for high performance transmissions. ;rame relay is the premier high-speed packet-switching protocol communicating data, imaging, and voice between multiple locations. ;rame relay is available in a range of bandwidths from 1E Gbps to full T1 %1.13 bps(. T-1/T-6 - A T-1 is a dedicated phone connection supporting data rates of 1.133 bps. A T-1 line actually consists of 03 individual channels, each of which supports E3Gbits per second. 7ach E3Gbit!second channel can be configured to carry voice or data traffic. ost telephone companies allow you to buy Aust some of these individual channels, known as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to the *nternet and for *nternet #ervice =roviders %*#=s( connecting to the *nternet backbone. The *nternet backbone itself consists of faster T-4 connections. T-1 comes in either copper or fiber optics.

S3N7T - #'&7T and #-: are a set of related standards for synchronous data transmission over fiber optic networks. #'&7T is short for #ynchronous 'ptical &7Twork and #-: is an acronym for #ynchronous -igital :ierarchy. #'&7T is the )nited #tates version of the standard and #-: is the international version. #'&7T defines a base rate of 11.<3 bps and a set of multiples of the base rate known as ,'ptical "arrier levels., %'"x(. #peeds approaching 30 gigabits per second are possible.

The following table displays information about the various @A& connection types. Connection Speed Medium Description Dial)up connection Ra%i,29 $ein3 re%2ace, $9 "aster U% to 5 1$%s T+iste, %air *(&TS+ techno2o3ies5 T+iste,-%air, coaxia2 ;ar3e com%an9 to I07 T), 155!! =$%s ca$2e, or o%tica2 "i$er I07 to Internet in"rastr:ct:re T+iste,-%air, coaxia2 ;ar3e com%an9 to I07 T)5*1& =$%s ca$2e, or o%tica2 "i$er I07 to Internet in"rastr:ct:re Digital Subscriber Line &5 1$%s to 8 <ome, sma22 $:siness, an, enter%rise access T+iste,-%air *DSL+ =$%s :sin3 existin3 %hone 2ines 51& 1$%s to Cable modem (oaxia2 ca$2e <ome, $:siness, schoo2 access 5& =$%s I07 to Internet in"rastr:ct:re T). !!5)* =$%s (oaxia2 ca$2e 0ma22er 2inks +ithin Internet in"rastr:ct:re I07 to Internet in"rastr:ct:re &C), 5158! =$%s /%tica2 "i$er 0ma22er 2inks +ithin Internet in"rastr:ct:re ;ar3e com%an9 $ack$one &C). 15555& =$%s /%tica2 "i$er Internet $ack$one Asynchronous Trans/er &&508 =$%s /%tica2 "i$er Internet $ack$one Mode *ATM+ #e.ote ),,ess Proto,ols and Servi,es This section describes some of the various protocols and services used for remote and secure connections. #)S - .A# stands for ,.emote Access #ervice,, icrosoft$s term for modem pools. This service provides dial-in access to networks and to the *nternet. PPP - =oint-to-point =rotocol %===( is a method for connecting a personal computer to the *nternet using a standard phone line and a modem. The difference between === and other, older dial-up procedures is that a === setup will establish a direct *nternet connection that allows the =" to use T"=!*= %*nternet-based( applications. PPTP - The =oint to =oint Tunneling =rotocol %==T=( provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol 5irtual =rivate &etwork%5=&( by encapsulating === packets into *= datagrams. #etting )p ==T= re/uires a ==T= "lient, ==T= #erver and a &etwork Access #erver%&A#(. ==T= does not support the Appletalk protocol. +Pse, - *=#ec is a suite of *nternet-standard protocols that allow secure, encrypted communications between two computers over an insecure network. *=#ec provides end-to-end security, meaning that the *= packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer.

*2TP - >0T= creates a tunnel through a public network that is authenticated on both ends, uses header compression, and relies on *=#ec for encryption of data passed through the tunnel. >0T= works like ==T= in that it creates a ,tunnel,, but uses *=#ec encryption in order to support non-*= protocols and authentication. SS* - ##> %#ecure #ockets >ayer( uses a techni/ue called public-key cryptography to provide encrypted connections. This enables you to move information across the *nternet with confidence that it will not be intercepted or modified in transit. This is heavily used in e-commerce and can be identified by a ).> that begins with :TT=#. 9er%eros - This form of security has been evolving in the )nix world for a long time and is now becoming a standard. Gerberos provides mutual authentication between a client and a server or between servers before a network connection is opened between them. .ather than sharing a password, computers share a cryptographic key, and they use knowledge of this key to verify each other$s identities. Gerberos security only works with computers running Gerberos security software.

Network &ana!e.ent This section discusses network management, storage and recovery concepts8 :*)N - A virtual >A& is a local area network with a definition that maps workstations on some other basis than geographic location %for example, by department, type of user, or primary application(. The virtual >A& controller can change or add workstations and manage loadbalancing and bandwidth allocation more easily than with a physical picture of the >A&. &etwork management software keeps track of relating the virtual picture of the local area network with the actual physical picture. 2ault Toleran,e - ;ault-tolerance describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. ;ault tolerance can be provided with software, or embedded in hardware, or provided by some combination. This is an important component of disaster recovery which is being included more and more in operating system software. ;or example, @indows 0000 includes .A*- and tape backup functions although additional hardware is re/uired. Network )tta,'ed Stora!e - &etwork Attached #torage, or &A#, is a data storage mechanism that uses special devices connected directly to the network media. These devices are assigned an *= address and can then be accessed by clients via a server that acts as a gateway to the data, or in some cases allows the device to be accessed directly by the clients without an intermediary. #ome of the big advantages of &A# include the expandabilityM need more storage space, add another &A# device and expand the available storage. &A# also brings an extra level of fault tolerance to the network. *n a direct attached storage environment, a server going down means that the data that that server holds is no longer available. @ith &A#, the data is still available on the network and accessible by clients. ;ault tolerant measures such as .A*- can be used to make sure that the &A# device does not become a point of failure. Network &onitor - Tracks usage of network resources%good for establishing a network baseline(. Perfor.an,e &onitor - Tracks usage of various resources over time%good for establishing a general baseline(.

/ia!nosti, Tools

Tone Generator - )sed to test cabling. *dentifies which cable or wire is being tested by generating different tones. T/# (Ti.e /o.ain #efle,to.eter;- #ends a signal down a cable and measures the distance that the signal travelled before bouncing back%like sonar(. )sed to find opens and shorts in cables. 3s,illos,ope - Tests cable by determining where there are shorts, crimps or attenuation. Proto,ol )naly ers - This tool is used to monitor network traffic and display packet and protocol statistics and information. 3pti,al Testers - A tool used to monitor and troubleshoot the performance of a fiber optic network. Cri.pin! Tools - "rimping tools are used to connect cabling to their appropriate connectors. There are different crimping tools for different types of connections. Pun,' /own Tool - A punch down tool is used to connect cabling such as telephone and ethernet to wall Aacks.

""&A #tudy &otes for 7xam E30-E0H

'#* odel >A& -esign &etwork -evices Bridging!#witching 5>A&s >an =rotocols T"=!*= *=+!#=+ @A& =rotocols ;rame .elay *#-& AT === "isco *'# #ecurity .outing .*= '#=; *6.= and 7*6.= 'ther .outing *nfo Additional >inks

The '#* model is a layered model and a conceptual standard used for defining standards to promote multi-vendor integration as well as maintain constant interfaces and isolate changes of implementation to a single layer. *t is &'T application or protocol specific. *n order to pass any "isco exam, you need to know the '#* model inside and out. The '#* odel consists of H layers. Description Device 7ro?i,es net+ork access "or a%%2ications, "2o+ contro2 an, error reco?er95 7ro?i,es comm:nications ser?ices to a%%2ications $9 A%%2ication i,enti"9in3 an, esta$2ishin3 the a?ai2a$i2it9 o" other com%:ters as +e22 Gate+a9 as to ,etermine i" s:""icient reso:rces exist "or comm:nication %:r%oses5 Layer

3S+ &odel-

(rotocol '(7, 0=B, 0=T7, .T7, 0'=7, Te2net, A%%2eta2k

7resentation 7er"orms %rotoco2 con?ersion, encr9%tion an, ,ata com%ression 0ession A22o+s & a%%2ications to comm:nicate o?er a net+ork $9 o%enin3 a session an, s9nchroniAin3 the in?o2?e, com%:ters5 <an,2es connection esta$2ishment, ,ata trans"er an, connection re2ease Re%acka3es messa3es into sma22er "ormats, %ro?i,es error "ree ,e2i?er9 an, error han,2in3 ":nctions

Gate+a9 an, '(7, A.7, TDI re,irectors Gate+a9 'etBios 'etB4UI, T(7, 07X, an, '6;ink I7, I7X, '6;ink, 'etB4UI

Trans%ort

Gate+a9

'et+ork

<an,2es a,,ressin3, trans2ates 2o3ica2 a,,resses an, names to %h9sica2 Ro:ter an, a,,resses, ro:tin3 an, tra""ic mana3ement5 $ro:ter

7acka3es ra+ $its into "rames makin3 it transmita$2e across a net+ork 2ink an, inc2:,es a c9c2ica2 re,:n,anc9 check((R(#5 It consists o" the ;;( s:$2a9er an, the =A( s:$2a9er5 The =A( s:$2a9er is im%ortant BBData ;ink to remem$er, as it is res%onsi$2e "or a%%en,in3 the =A( a,,ress o" the next ho% to the "rame hea,er5 /n the contrar9, ;;( s:$2a9er :ses Destination 0er?ice Access 7oints an, 0o:rce 0er?ice Access 7oints to create 2inks "or the =A( s:$2a9ers5 7h9sica2 2a9er +orks +ith the %h9sica2 me,ia "or transmittin3 an, recei?in3 ,ata $its ?ia certain enco,in3 schemes5 It a2so inc2:,es 7h9sica2 s%eci"ications "or certain mechanica2 connection "eat:res, s:ch as the a,a%tor connector5

0+itch, $ri,3e 'one an, $ro:ter

=:2ti%2exer an, re%eater

'one

:ere is an easy way to memori9e the order of the layers8 )ll People Seem To Need /ata Processing. The first letter of each word corresponds to the first letter of one of the layers. *t is a little corny, but it works. The table above mentions the term , A" Address,. A A" address is a 3< bit address for uni/uely identifying devices on the network. #omething likes 00-00-10-44-;A-B", we call this way of presenting the address a 10 hexadecimal digits format. The first E digits specify the manufacture, while the remainders are for the host itself. A.= =rotocol is used to determine the *= to A" mapping. And of course, A" addresses cannot be duplicated in the network or problems will occur. -ata encapsulation takes place in the '#* model. *t is the process in which the information in a protocol is wrapped in the data section of another protocol. The process can be broken down into the following steps8 )ser information -N data -N segments -N packets!datagrams -N frames -N bits. @hen discussing the '#* model it is important to keep in mind the differences between ,"onnection-oriented, and ,"onnectionless, communications. A connection oriented communication has the following characteristics8 A session is guaranteed. Acknowledgements are issued and received at the transport layer, meaning if the sender does not receive an acknowledgement before the timer expires, the packet is retransmitted. =hrases in a connection-oriented service involves "all #etup, -ata transfer and "all termination.

All traffic must travel along the same static path. A failure along the static communication path can fail the connection. A guaranteed rate of throughput occupies resources without the flexibility of dynamic allocation. .eliable K #>'@ %this is always the case in networking(. *n contrast, a connectionless communication has the following characteristics8 'ften used for voice and video applications. &' guarantee nor acknowledgement. -ynamic path selection. -ynamic bandwidth allocation. )nreliable K ;A#T. (Note: Connectionless communication does have some reliability PROV !"! by upper layer Protocols#$

*)N /esi!n7t'ernet @hen we talk about a >A&, 7thernet is the most popular physical layer >A& technology today. *ts standard is defined by the *nstitute for 7lectrical and 7lectronic 7ngineers as *777 #tandard <00.4, but was originally created by -igital *ntel +erox %-*+(. According to *777, information for configuring an 7thernet as well as specifying how elements in an 7thernet network interact with one another is clearly defined in <00.4. ;or half-duplex 7thernet 10BaseT topologies, data transmissions occur in one direction at a time, leading to fre/uent collisions and data retransmission. *n contrast, full-duplex devices use separate circuits for transmitting and receiving data and as a result, collisions are largely avoided. A collision is when two nodes are trying to send data at the same time. 'n an 7thernet network, the node will stop sending when it detects a collision, and will wait for a random amount of time before attempting to resend, known as a Aam signal. Also, with full-duplex transmissions the available bandwidth is effectively doubled, as we are using both directions simultaneously. Jou )#T remember8 to enAoy full-duplex transmission, we need a switch port, not a hub, and &*"s that are capable of handling full duplex. 7thernet?s media access control method is called "arrier sense multiple access! collision dectect %"# A!"-(. Because of 7thernets collision habits it is also known as the ?best effort delivery system.? 7thernet cannot carry data over 111< bytes, anything over that is broken down into ?travel si9e packets.? "lick here for a website with tons of information related to ethernet. 2ast 7t'ernet ;or networks that need higher transmission speeds, there is the ;ast 7thernet standard called *777 <00.4u that raises the 7thernet speed limit to 100 bpsO 'f course, we need new cabling to support this high speed. *n 10BaseT network we use "at4 cable, but in 100BaseT network we need "at 1 cables. The three types of ;ast 7thernet standards are 100BA#7-T+ for use with level 1 )T= cable, 100BA#7-;+ for use with fiber-optic cable, and 100BA#7-T3 which utili9es an extra two wires for use with level 4 )T= cable. Gi!a%it 7t'ernet 6igabit 7thernet is an emerging technology that will provide transmission speeds of 1000mbps. *t is defined by the *777 standard The 1000BA#7-+ %*777 <00.49(. Cust like all

other <00.4 transmission types, it uses 7thernet frame format, full-duplex and media access control technology. Token #in! Token .ing is an older standard that isn$t very widely used anymore as most have migrated to some form of 7thernet or other advanced technology. .ing topologies can have transmission rates of either 3 or 1Embps. Token passing is the access method used by token ring networks, whereby, a 4bit packet called a token is passed around the network. A computer that wishes to transmit must wait until it can take control of the token, allowing only one computer to transmit at a time. This method of communication aims to prevent collisions. Token .ing networks use multistation access units % #A)s( instead of hubs on an 7thernet network. ;or extensive information on Token .ing, visit "isco$s website.

Network /evi,es

*n a typical >A&, there are various types of network devices available as outlined below. $u% .epeat signals received on each port by broadcasting to all the other connected ports. #epeaters )sed to connect two or more 7thernet segments of any media type, and to provide signal amplification for a segment to be extended. *n a network that uses repeater, all members are contending for transmission of data onto a single network. @e like to call this single network a collision domain. 7ffectively, every user can only enAoy a percentage of the available bandwidth. 7thernet is subAect to the ,1-3-4, rule regarding repeater placement, meaning we can only have five segments connected using four repeaters with only three segments capable of accommodating hosts. "rid!e A layer 0 device used to connect different networks types or networks of the same type. *t maps the 7thernet addresses of the nodes residing on each segment and allows only the necessary traffic to pass through the bridge. =acket destined to the same segment is dropped. This ,store-and-forward, mechanism inspects the whole 7thernet packet before making a decision. )nfortunately, it cannot filter out broadcast traffic. Also, it introduces a 00 to 40 percent latency when processing the frame. 'nly 0 networks can be linked with a bridge. Swit,' "an link up four, six, eight or even more networks. "ut-through switches run faster because when a packet comes in, it forwards it right after looking at the destination address only. A store-and-forward switch inspects the entire packet before forwarding. ost switches cannot stop broadcast traffic. #witches are layer 0 devices. #outers "an filter out network traffic also. :owever, they filter based on the protocol addresses defined in '#* layer 4%the network layer(, not based on the 7thernet packet addresses. &ote that protocols must be routable in order to pass through the routers. A router can determine the most efficient path for a packet to take and send packets around failed segments. "router :as the best features of both routers and bridges in that it can be configured to pass the unroutable protocols by imitating a bridge, while not passing broadcast storms by acting as a router for other protocols. Gateway 'ften used as a connection to a mainframe or the internet. 6ateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol

stack off of the packet and adds the appropriate stack for the other side. 6ateways operate at all layers of the '#* model without making any forwarding decisions. The goal of >A& segmentation is to effectively reduce traffic and collisions by segmenting the network. *n a >A& segmentation plan, we do not consider the use of gateways and hubs at all and the focus turns to device such as switches and routers.

"rid!in!/Swit,'in!"rid!e - A layer 0 device used to connect different networks types or networks of the same type. *t maps the 7thernet addresses of the nodes residing on each segment and allows only the necessary traffic to pass through the bridge. =acket destined to the same segment is dropped. This ,store-and-forward, mechanism inspects the whole 7thernet packet before making a decision. )nfortunately, it cannot filter out broadcast traffic. Also, it introduces a 00 to 40 percent latency when processing the frame. 'nly 0 networks can be linked with a bridge. Swit,' - #witches are layer 0 devices that can link up four, six, eight or even more networks. #witches are the only devices that allow for microsegmentation. "ut-through switches run faster because when a packet comes in, it forwards it right after looking at the destination address only. A store-and-forward switch inspects the entire packet before forwarding. ost switches cannot stop broadcast traffic. #witches are considered dedicated data link device because they are close to a 100 I of the bandwidth. @hile bridging does most of its work by hardware, switches use fabric!software to handle most of its work. Store-and-forward - The entire frame is received before any forwarding takes place. The destination and!or the source addresses are read and filters are applied before the frame is forwarded. >atency occurs while the frame is being receivedM the latency is greater with larger frames because the entire frame takes longer to read. 7rror detection is high because of the time available to the switch to check for errors while waiting for the entire frame to be received. This method discards frames smaller than E3 bytes %runts( and frames larger than 111< bytes %giants(. Cut-T'rou!' - The switch reads the destination address before receiving the entire frame. The frame is then forwarded before the entire frame arrives. This mode decreases the latency of the transmission and has poor error detection. This method has two forms, ;astforward and fragment-free. 2ast-forward swit,'in! - ;ast-forward switching offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. Because fast-forward switching does not check for errors, there may be times when frames are relayed with errors. Although this occurs infre/uently and the destination network adapter discards the fault frame upon receipt. *n networks with high collision rates, this can negatively affect available bandwidth. 2ra!.ent 2ree Swit,'in! - )se the fragment-free option to reduce the number of collisions frames forwarded with errors. *n fast-forward mode, latency is measured from the first bit received to the first bit transmitted, or first in, first out %;*;'(. ;ragment-free switching filters out collision fragments, which are the maAority of packets errors, before forwarding begins. *n a properly functioning network, collision fragments must be smaller then E3 bytes. Anything greater than E3 byes is a valid packet and is usually received without error. ;ragment-free switching waits until the received packet has been determined not to be a collision fragment before forwarding the packet. *n fragment-free, latency is measured as ;*;'.

Spannin!-Tree Proto,ol - Allows duplicate switched!bridged paths without incurring the latency effects of loops in the network. The #panning-Tree Algorithm, implemented by the #panning-Tree =rotocol, prevents loops by calculating stable spanning-tree network topology. @hen creating a fault-tolerant network, a loop-free path must exist between all nodes in the network The #panning-Tree Algorithm is used to calculate a loop-free paths. #panning-tree frames, called bridge protocol data units %B=-)s(, are sent and received by all switches in the network at regular intervals and are used to determine the spanning-tree topology. A switch uses #panningTree =rotocol on all 7thernet-and ;ast 7thernet-based 5>A&s. #panning-tree protocol detects and breaks loops by placing some connections in standby mode, which are activated in the event of an active connection failure. A separate instance #panning-Tree =rotocol runs within each configured 5>A&, ensuring topologies, mainly 7thernet topologies that conform to industry standards throughout the network. These modes are as follows8 Blocking- &' frames forwarded, B=-)s heard. >istening ? &o frames forwarded, listening for frames >earning- &o frames forwarded, learning addresses. ;orwarding- ;rames forwarded, learning addresses. -isabled- &o frames forwarded, no B=-)s heard.

The state for each 5>A& is initially set by the configuration and later modified by the #panning-Tree =rotocol process. Jou can determine the status, cost and priority of ports and 5>A&s, by using the show spantree command. After the port-to-5>A& state is set, #panning-Tree =rotocol determines whether the port forwards or blocks frames.

:*)NsA 5>A& is a logical grouping of devices or users. These devices or users can be grouped by function, department application and so on, regardless of their physical segment location. 5>A& configuration is done at the switch via switching fabric. A 5>A& can be used to reduce collisions by separating broadcast domains within the switch. *n other words, 5>A&s create separate broadcast domains in a switched network. ;rame tagging at layer 0 does this. ;rame tagging is a gaining recognition as the standard for implementing 5>A&s, and is recogni9ed by *777 <00.1/. ;rame tagging uni/uely assigns a 5>A& *- to each frame. This identifier is understood and examined by each switch prior to any broadcasts or transmissions to other switches, routers, and end-stations devices. @hen the frame exits the network backbone, the switch removes the identifier before the frame is transmitted to the target end station. This effectively creates an environment with fewer collisions. The key to this is that ports in a 5>A& share broadcasts, while ports not in that 5>A& cannot share the broadcasts. Thus users in the same physical location can be members of different 5>A&s. @e can plug existing hubs into a switch port and assign them a 5>A& of their own to segregates users on the hubs. ;rame filtering examines particular information about each frame. A filtering table is developed for each switchM this provides a high level of administrative control because it can examine many attributes of each frame. ;rame filtering is slowly being erased and replaced by the frame tagging method. 5>A&s can be complicated to set up. 5>A&s use layer 0 addressing, meaning that routers are re/uired between separate 5>A&s. The advantage of deploying layer 0 addresses is that layer 0 addressing is faster to process. *t is also /uite common for administrators to set up multiple 5>A&s with multiple access lists to control access. >ayer 4 routing provides the

ability for multiple 5>A&s to communicate with each other, which means that users in different locations can reside on the same 5>A&. This is a flexible approach to network design. 5>A&s are configured on the switch three ways, port centric, static and dynamically. *n portcentric 5>A&s, all the nodes connected to ports in the same 5>A& are assigned the same 5>A& *-. =ackets do not ?leak? into other domains, and are easily administered and provide great security between 5>A&s. #ome say that static configured 5>A&s are the same as port centric, because static 5>A&s use the port centric method for assigning them to switch ports. -ynamic 5>A&s are ports on a switch that can automatically determine their 5>A& assignments. -ynamic 5>A& functions are based on A" addresses, logical addressing, or protocol type of the data packets. @hen a station is initially connected to an unassigned switch port, the appropriate switch checks the A" entry in the management database and dynamically configures the port with the corresponding 5>A& configuration. The maAor high points of this method are less administration overhead, of course only after the first administration of the database within the 5>A& management software. 5>A& #witching 5>A& "onsiderations

*an Proto,ols-

The following sections will introduce the core >A& protocols that you will need to know for the exam. TCP/+P7very *= address can be broken down into 0 parts, the &etwork *-%netid( and the :ost *-%hostid(. All hosts on the same network must have the same netid. 7ach of these hosts must have a hostid that is uni/ue in relation to the netid. *= addresses are divided into 3 octets with each having a maximum value of 011. @e view *= addresses in decimal notation such as 103.41.E0.1<1, but it is actually utili9ed as binary data so one must be able to convert addresses back and forth. The following table explains how to convert binary into decimal and visa versa8 6hen con?ertin3 $inar9 ,ata to ,ecima2, a Decimal #inary C0C is eD:a2 to 05 C1C is eD:a2 to the n:m$er 1&8 10000000 that corres%on,s to the "ie2, it is in5 .or ! 01000000 exam%2e, the n:m$er &1* +o:2, $e *& 00100000 11010101 in $inar9 notation5 This is ca2c:2ate, as "o22o+sE 1 00010000 1&88 !8081 808!8081F&1*5 Remem$er 8 00001000 that this on29 re%resents 1 octet o" 8 $its, ! 00000100 +hi2e a ":22 I7 a,,ress is *& $its ma,e :% o" & 00000010 ! octets5 This $ein3 tr:e, the I7 a,,ress &1*51&85 851*0 +o:2, 2ook 2ike 11010101 1 00000001 10000000 01000100 100000105

*= addresses are divided into 4 classes as shown below8 Class Range

A B ( D 4

1-1& 1&8-1>1 1>&-&&* &&!-&*> =:2ticastin3 &!0-&55 4x%erimenta2

I7 a,,resses can $e c2ass A, B or (5 (2ass A a,,resses are "or net+orks +ith a 2ar3e n:m$er o" hosts5 The "irst octet is the neti, an, the * remainin3 octets are the hosti,5 (2ass B a,,resses are :se, in me,i:m to 2ar3e net+orks +ith the "irst & octets makin3 :% the neti, an, the remainin3 & are the hosti,5 A c2ass ( is "or sma22er net+orks +ith the "irst * octets makin3 :% the neti, an, the 2ast octet com%risin3 the hosti,5 The 2ater t+o c2asses arenGt :se, "or net+orks5

A subnet mask blocks out a portion of an *= address and is used to differentiate between the hostid and netid. The default subnet masks are as follows8 Class De/ault Subnet % o/ Subnets % o/ 'osts (er Subnet (2ass A &55505050 1& 1 ,))),&1! (2ass B &555&555050 1 ,*8! 5,5*! (2ass ( &555&555&5550 &,0>),15& &5! *n these cases, the part of the *= address blocked out by 011 is the netid. *n the table above, the it shows the default subnet masks. @hat subnet mask do you use when you want more that 1 subnet? >ets say, for example, that you want < subnets and will be using a class " address. The first thing you want to do is convert the number of subnets into binary, so our example would be 00001000. oving from left to right, drop all 9eros until you get to the first ,1,. ;or us that would leave 1000. *t takes 3 bits to make < in binary so we add a ,1, to the first 3 high order bits of the 3th octet of the subnet mask%since it is class "( as follows8 11111111.11111111.11111111.11110000 K 011.011.011.030. There is our subnet mask. >ets try another one...>ets say that you own a chain of stores that sell spatulas in &ew Jork and you have stores in 00 different neighborhoods and you want to have a separate subnet on your network for each neighborhood. *t will be a class B network. ;irst, we convert 00 to binary - 00010100. @e drop all 9eros before the first ,1, and that leaves 10100. *t takes 1 bits to make 00 in binary so we add a ,1, to the first 1 high order bits which gives8 11111111.11111111.11111000.00000000 K 011.011.03<.0. The following table shows a comparison between the different subnet masks. Mas0 % o/ Subnets Class A 'osts Class # 'osts Class C 'osts 1>& & !,1>!,*0& 1 ,*8& & &&! &,0>),150 8,1>0 *0 &!0 1! 1,0!8,5)! !,0>! 1! &!8 *0 5&!,&8 &,0! &5& & & &,1!& 1,0&& & &5! 1& 1*1,0)0 510 In?a2i, &55 &5! 5,5*! &5! In?a2i, &ote8 10H.x.x.x is reserved for loopback testing on the local system and is not used on live systems. T"=!*= =orts - =orts are what an application uses when communicating between a client and server computer. #ome common T"=!*= ports are8 00 ;T=--ATA 01 ;T= 04 T7>&7T

01 # T= EF T;T= H0 6'=:7. <0 :TT= 110 ='=4 14H &etB*'# name service 14< &etB*'# datagram service 14F &etB*'# 1E1 #& = Jou need to understand Buffering, #ource /uench messages and @indowing. Buffering allows devices to temporarily store bursts of excess data in memory. :owever, if data keep arriving at high speed, buffers can go overflow. *n this case, we use source /uench messages to re/uest the sender to slow down. @indowing is for flow-control purpose. *t re/uires the sending device to send a few packets to the destination device and wait for the acknowledgment. 'nce received, it sends the same amount of packets again. *f there is a problem on the receiving end, obviously no acknowledgement will ever come back. The sending source will then retransmits at a slower speed. This is like trial and error, and it works. &ote that the window si9e should never be set to 0 - a 9ero window si9e means to stop transmittion completely. 4"' ?s *= addressing tutorial is Aust superior. *t covers basic *= addressing options as well as subnetting and 5># !"*-.. +P5/SP5*=+ will also be an important issue to consider in network management given the fact there many companies still use &etware servers. There are two parts to every *=+ &etwork address - the &etwork *- and the :ost *-. The first < hex digits represent the network *-, while the remaining hex digits represent the host *-, which is most likely the same as the A" address, meaning we do not need to manually assign node addresses. &ote that valid hexadecimal digits range from 0 through F, and hexadecimal letters range from A through ;. ;;;;;;;; in hexadecimal notation K 30F0FEH0F1 in decimal. #e/uenced =acket 7xchange%#=+( belongs to the Transport layer, and is connectionoriented. *t creates virtual circuits between hosts, and that each host is given a connection *- in the #=+ header for identifying the connection. #ervice Advertisement =rotocol%#A=( is used by &et@are servers to advertise network services via broadcast at an interval of every E0 minutes by default.

()N Proto,ols*n general, there are three broad types of @A& access technology. @ith >eased >ines, we have point-to-point dedicated connection that uses pre-established @A& path provided by the *#=. @ith "ircuit #witching such as *#-&, a dedicated circuit path exist only for the duration of the call. "ompare to traditional phone service, *#-& is more reliable and is faster. @ith =acket #witching, all network devices share a single point-to-point link to transport packets across the carrier network - this is known as virtual circuits. @hen we talk about "ustomer premises e/uipment%"=7(, we are referring to devices physically located at the subscriber?s location. -emarcation is the place where the "=7 ends and the local loop begins. A "entral 'ffice%"'( has switching facility that provides point of presence for its service. -ata Terminal 7/uipment%-T7( are devices where the switching

application resides, and -ate "ircuit-terminating 7/uipment%-"7( are devices that convert user data from the -T7 into the appropriate @A& protocol. A router is a -T7, while a -#)!"#) device or modem are often being referred to as -"7s. 2ra.e #elay;rame .elay has the following characteristics8 successor to +.01 has less overhead than +.01 because it relies on upper layer protocols to perform error checking. #peed in between the range of 1E Gbps to 0.0H< bps. uses -ata >ink "onnection *dentifiers%->"*( to identify virtual circuits, with ->"* number between 1E and 100H. uses >ocal anagement *nterfaces%> *( to provide info on the ->"* values as well as the status of virtual circuits. "isco routers support "isco%-efault(, A&#* and PF44a. to set up frame relay, we need to set the encapsulation to frame-relay in either the "isco%-efault( mode or the *7T; mode, although "isco encapsulation is re/uired to connect two "isco devices. > * type is configurable, but by default it is being auto-sensed. generally transfer data with permanent virtual circuits %=5"s(, although we can use switched virtual circuits %#5"s( as well. #5" is for transferring data intermittently. =5" does not have overhead of establishing and terminating a circuit each time communication is needed. "ommitted *nformation .ate%"*.( is the guaranteed minimum transfer rate of a connection "isco has a web page that describes the configuration and troubleshooting of ;rame relay at http8!!www.cisco.com!warp!public!101!14.html +S/N*#-& has the following characteristics8 @orks at the =hysical, -ata >ink, and &etwork >ayers. 'ften used in backup --. -ial on -emand .outing. akes use of existing telephone. #upports simultaneous data and voice. ax speed at 101 Gbps with === ultilink. "all setup and data transfer is faster than typical modems. B.* has 0 x E3 1Gbps B "hannels for data and one 1E Gbps - "hannel for control =.* has 04 x B "hannels and one - "hannel in the )#, or 40 x B "hannel and one "hannel in 7urope. 7 protocol specifies *#-& on existing telephone network * protocol specifies "oncepts, terminology, and #ervices P protocol specifies switching and signaling *#-& .eference =oints include .%between non *#-& e/uipment and TA(, #%between user terminals and &T0(, T%between &T* and &T0 devices( and )%between &T* devices and >ine Termination 7/uipment in &orth America( router always connected by the ) interface into &T1 B.* interface is considered Terminal 7/uipment type 1 T71 T71 is built into the *#-& standards &eeds to have Terminal Adapter TA to use T70

"isco has a web page with links about the configuration and troubleshooting of *#-& here ATM: AT stands for Asynchronous Transfer ode and is a high-speed, packet-switching techni/ue that uses short fixed length packets called cells which are about 14 bits in length. AT can transmit voice, video, and data over a variable-speed >A& and @A& connections at speeds ranging from 1.133 bps to as high as E00 bps. * recently read that the new standard may be 06bps. AT $s speed is derived from the use of short fixed length cells, which reduce delays, and the variance of delay for delay-sensitive services such as voice and video. AT is capable of supporting a wide range of traffic types such as voice, video, image and data. PPP: As an improvement to #erial >ine *nternet =rotocol %#>*=(, =oint-to-=oint =rotocol %===( was mainly for the transfer of data over slower serial interfaces. *t is better than #>*= because it provides multiprotocol support, error correction as well as password protection. *t is a -ata >ink >ayer protocol used to encapsulate higher protocols to pass over synchronous or asynchronous communication lines. === is capable of operating across any -T7!-"7 device, most commonly modems, as long as they support duplex circuits. There are 4 components to ===8 :->"%:igh-level -ata >ink "ontrol( - 7ncapsulates the data during transmission and is a link layer protocol which is also the default "isco encapsulation protocol for synchronous serial links. :->" is supposed to be an open standard, but "isco$s version is proprietary, meaning it can only function with "isco routers. >"=%>ink "ontrol =rotocol( - 7stablishes, tests and configures the data link connection. &"=s%&etwork "ontrol =rotocols( - )sed to configure the different communication protocols, allowing them on the same line simultaneously. icrosoft uses 4 &"=s for the 4 protocols at the &etwork >ayer %*=, *=+ and &etB7)*( === communication occurs in the following manner8 === sends >"= frames to test and configure the data link. &ext, authentication protocols are negotiated to determine what sort of validation is used for security. Below are 0 common authentication protocols8 =A= is similar to a network login but passwords are sent as clear text. *t is normally only used on ;T= sites. ":A= uses encryption and is a more secure way of sending passwords. Then &"= frames are used to setup the network layer protocols to be used. ;inally, :->" is used to encapsulate the data stream as it passes through the === connection. =oint-to-=oint Tunneling =rotocol%==T=( provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol 5irtual =rivate &etwork%5=&( by encapsulating === packets into *= datagrams. There are 4 steps to setup a secure communication channel8 1. === connection and communication to the remote network are established. 0. ==T= creates a control connection between the client and remote ==T= server 4. ==T= creates the *= datagrams for === to send. The packets are encrypted by === and sent through the tunnel to the ==T= server which decrypts the packets, disassembles the *= datagrams and routes them to the host. #etting

)p ==T= re/uires a ==T= "lient, ==T= #erver and a &etwork Access #erver%&A#(. There is a very helpful web site with detailed tutorials on *#-&, ;rame .elay, +.01, AT other serial @A& technologies located here. and

Cisco IOS:

"isco routers use the *nternetworking 'perating #ystem%*'#( which stores the configuration information in &on-5olatile .A %&5.A ( and the *'# itself is stored in flash. The *'# can be accessed via Telnet, console connection%such as hyperterminal( or dialin connection. Jou can also configure the router as a web server and then access a web-based configuration panel via http. There are a variety of sources for booting include ;lash memory, T;T= and .' . *t is always recommended that new image of *'# be loaded on a T;T= server first, and then copy the image from the T;T= server to the flash memory as a backup mechanism. The copy command such as ,copy tftp flash, allows us to copy the *'# image from T;T= server to the ;lash memory. And of course, we can always do the reverse. &ow, we need to inform the router to boot from the correct source. The following commands are examples of what we should type in depending on the situation. Typically, it is a good idea to specify multiple boot options as a fall back mechanism. boot system flash QfilenameR boot system tftp QfilenameR Qtftp server *= addressR boot system rom After the boot up process we can prepare to login. The )ser 7+7" is the first mode we encounter. *t gives us a prompt of ,.outerN,. To exit this mode means to log out completely, this can be done with the logout command. *f we want to proceed to the =rivileged 7+7", we need to use the enable 7+7" command. 'nce entered, the prompt will be changed to ?.outer2,. To go back to user 7+7" mode, we need to use the disable command. &ote that all the configuration works re/uires the administrator to be in the =rivileged mode first. =ut it this way, =rivileged 7+7" mode includes support for all commands in user mode plus those that provide access to global and system settings. The setup command facility is for making maAor changes to the existing configurations, such as adding a protocol suite, modifying a maAor addressing scheme changes, or configuring a newly installed interface. *f you aren$t big on reading manuals, finding out the way to access help information is a )#T. To display a list of commands available for each command mode, we can type in a ? mark. *'# also provides context-sensitive help feature to make life easier. *n order to pass this exam, you will need to be able to find your away around the *'#. @e will list some the information here, but there is too much to list all of it. Jou will definitely need access to a router or get the software listed at the beginning of this study guide so that you can practice. )seful editing commands include8 Command (urpose Reca22 comman,s in the histor9 $:""er startin3 +ith the (rt2-7 most recent comman,5 (rt2-' Ret:rn to more recent comman,s in the histor9 $:""er a"ter reca22in3 comman,s +ith (rt2-7 or the :% arro+

(rt2-B (rt2-. (rt2-A (rt2-4 4sc B 4sc . (rt2-R or (rt2-;

ke95 =o?e the c:rsor $ack one character =o?e the c:rsor "or+ar, one character =o?e the c:rsor to the $e3innin3 o" the comman, 2ine =o?e the c:rsor to the en, o" the comman, 2ine =o?e the c:rsor $ack one +or, =o?e the c:rsor "or+ar, one +or, Re,is%2a9 the c:rrent comman, 2ine

Jou will find most of the *'# commands at the following 0 links8 .outer and #witch "ommands http8!!www.cisco.com!warp!cpropub!31!tutorial.htm

Security:

Access >ists allow us to implement some level of security on the network by inspecting and filtering traffic as it enters or exits an interface. 7ach router can have many access lists of the same or different types. :owever, only one can be applied in each direction of an interface at a time %keep in mind that inbound and outbound traffic is determined from the router$s perspective(. The two maAor types of access lists that deserve special attention are the *= Access >ists and the *=+ Access >ists. #tandard *= access lists can be configured to permit or deny passage through a router based on the source host$s *= address. 7xtended *= access list uses destination address, *= protocol and port number to extend the filtering capabilities. Access can be configured to be Audged based on a specific destination address or range of addresses, on an *= protocol such as T"= or )-=, or on port information such as http, ftp, telnet or snmp. @e use access list number to differentiate the type of access list. *n standard *= access lists we have numbers from 1 through FF, and in extended *= access lists we have numbers from 100 through 1FF8 1->> 100-1>> &00-&>> *00-*>> 00- >> )00-)>> 800-8>> >00->>> 0tan,ar, I7 4xten,e, I7 7rotoco2 t9%e-co,e D4(net A%%2eta2k 0tan,ar, !8-$it =A( A,,ress 0tan,ar, I7X 4xten,e, I7X

1000-10>> I7X 0A7 1100-11>> 4xten,e, !8-$it =A( A,,ress

1&00-1&>> I7X 0:mmar9 A,,ress

@hen dealing with Access "ontrol >ists or preparing for your ""&A exam, you have to deal with a 40-bit wild card address in dotted-decimal form, known as your inverse mask. By "isco?s definition it is called inverse, but you can think of it as the ?reverse? of your subnet mask in most cases. @hen dealing with your wild card mask, you have two values that you are working with. >ike subnetting you have a 0 as ,off, and a 1 as the ,on, value. @ild cards deal with the 0 value as ?match? and the 1 value as ,ignore,. @hat do * mean by ignore or match? *f you have studied A">s you should know that your goal is to set criteria to deny or permit and that is where your *nverse mask comes into play. *t tells the router which values to seek out when trying to deny or permit in your definition. *f you have dealt with subnetting you know that most of your address ended with an even number. @ith your inverse mask you will end up with an odd number. There are several different ways to come up with your inverse maskM the easiest is to subtract your subnet mask from the all routers broadcast address of 011.011.011.011. 71a.ple- Jou have a subnet mask of 011.011.011.0. To get your wild card mask all you have to do is8 011.011.011.011. -011.011.011.0 0.0.0.011 Then you can apply it to the definition, whether using a standard or extended A">. Standard e1a.pleRouter(config$% access&list ' deny ()*#(*#(#* *#*#*#+,, :ow you would read this list. @ith this wild card you told the router to ?match? the first three octets and you don?t care what?s going on in the last octet. 71tended e1a.pleRouter(config$% access&list (*' permit ()-#(*#+#* *#*#*#+,, ()*#(*#(#* *#*#*#+,, e. -* :ow you would read this list? @ith this wild card you have told the router to match The first three octets and you don?t care what?s going on in the last octet. Thank of it this way. *f you had broken the decimal form down to binary. The wild card mask would look like this. 00000000.00000000.00000000.11111111 As you know the ?1? means ignore and ?0? means match. #o in that last octet it could have been any value on that subnet line ranging from 0-011. ;or more information on *= Access >ists, read "onfiguring *= Access >ists ;or *=+ access list configuration, read "ontrol Access to *=+ &etworks

Routing:

There are 0 main types of routing, which are static and dynamic, the third type of routing is called :ybrid. #tatic routing involves the cumbersome process of manually configuring and maintaining route tables by an administrator. -ynamic routing enables routers to ,talk, to each other and automatically update their routing tables. This process occurs through the

use of broadcasts. &ext is an explanation of the various routing protocols. RIP: .outing *nformation =rotocol%.*=( is a distance vector dynamic routing protocol. .*= measures the distance from source to destination by counting the number of hops%routers or gateways( that the packets must travel over. .*= sets a maximum of 11 hops and considers any larger number of hops unreachable. .*=$s real advantage is that if there are multiple possible paths to a particular destination and the appropriate entries exist in the routing table, it will choose the shortest route. .outers can talk to each other, however, in the real routing world, there are so many different routing technologies available, that it is not as simple as Aust enabling .outing *nformation =rotocol %.*=(. ;or information on .*= configuration, read "onfiguring .*= OSPF: 'pen #hortest =ath ;irst %'#=;( is a link-state routing protocol that converges faster than a distance vector protocol such as .*=. @hat is convergence? This is the time re/uired for all routers to complete building the routing tables. .*= uses ticks and hop counts as measurement, while '#=; also uses metrics that takes bandwidth and network congestion into making routing decisions. .*= transmits updates every 40 seconds, while '#=; transmits updates only when there is a topology change. '#=; builds a complete topology of the whole network, while .*= uses second handed information from the neighboring routers. To summari9e, .*= is easier to configure, and is suitable for smaller networks. *n contrast, '#=; re/uires high processing power, and is suitable if scalability is the main concern. @e can tune the network by adAusting various timers. Areas that are tunable include8 the rate at which routing updates are sent, the interval of time after which a route is declared invalid, the interval during which routing information regarding better paths is suppressed, the amount of time that must pass before a route is removed from the routing table, and the amount of time for which routing updates will be postponed. 'f course, different setting is needed in different situation. *n any case, we can use the ,show ip route, command to display the contents of routing table as well as how the route was discovered. ;or commands and methods to configure '#=; read "onfiguring '#=; on "isco .outers IGRP and EIGRP: .*= and '#=; are considered ,open,, while *6.= and 7*6.= are "isco proprietary. *nterior 6ateway .outing =rotocol%*6.=( is a distance vector routing protocol for the interior networks, while 7nhanced *nterior 6ateway .outing =rotocol %7*6.=( is a hybrid that combines distance vector and link-state technologies. -o not confuse these with &>#=. >ink #ervices =rotocol %&>#=( is a proprietary link-state routing protocol used on &ovell &et@are 3.+ to replace #A= and .*=. ;or *6.=, the metric is a function of bandwidth, reliability, delay and load. 'ne of the characteristics of *6.= is the deployment of hold down timers. A holddown timer has a value of 0<0 seconds. *t is used to prevent routing loops while router tables converge by preventing routers from broadcasting another route to a router which is off-line before all routing tables converge. ;or 7*6.=, separate routing tables are maintained for *=, *=+ and AppleTalk protocols. :owever, routing update information is still forwarded with a single protocol. (Note: R Pv+/ O0P1 and " 2RP include the subnet mas3 in routing updates which allows for V405 (Variable 4ength 0ubnet 5as3$/ hence V405 is not supported by R P&( or 2RP#$

;or more information about *6.=, read "onfiguring *6.= ;or a detailed guideline on configuring 7*6.=, read "onfiguring *= 7nhanced *6.=

Other Routing Info:

*n the routing world, we have the concept of autonomous system A#, which represents a group of networks and routers under a common management and share a common routing protocol. A#s are connected by the backbone to other A#s. ;or a device to be part of an A#, it must be assigned an A# number that belongs to the corresponding A#. .oute poisoning intentionally configure a router not to receive update messages from a neighboring router, and sets the metric of an unreachable network to 1E. This way, other routers can no longer update the originating router$s routing tables with faulty information. :old-downs prevent routing loops by disallowing other routers to update their routing tables too /uickly after a route goes down. *nstead, route can be updated only when the holddown timer expires, if another router advertises a better metric, or if the router that originally advertised the unreachable network advertises that the network has become reachable again. &ote that hold down timers need to work together with route poisoning in order to be effective. #plit hori9on simply prevents a packet from going out the same router interface that it entered. =oison .everse overrides split hori9on by informing the sending router that the destination is inaccessible, while Triggered )pdates send out updates whenever a change in the routing table occurs without waiting for the preset time to expire.

#outer and Swit,' Co..ands By Camison #chmidt This reference guide provides router and switch commands to help you prepare for "isco$s ""&A certification exam. This guide covers *'# version 11 and higher. @e will try to get 5># and #upernetting commands added for the new E30-<01 ""&A exam.

.')T7. "'
.outer "ommands #how "ommands "atalyst "ommands

A&-#

T7#&+N)* C3NT#3*S"onfig2 terminal editing - allows for enhanced editing commands "onfig2 terminal monitor - shows output on telnet session "onfig2 terminal ip netmask-format hexadecimalSbit-countSdecimal - changes the format of subnet masks $3ST N)&7"onfig2 hostname .')T7.T&A 7 ")NN7#"onfig2 banner motd 2 TJ=7 7##A67 :7.7 2 - 2 can be substituted for any character, must start and finish the message

/7SC#+PT+3NS"onfig2 description T:*# *# T:7 #')T: .')T7. - can be entered at the "onfig-if level C*3C9"onfig2 clock time9one "entral -E 2 clock set hh8mm8ss dd month yyyy - 7xample8 clock set 13841800 01 August 0004 C$)NG+NG T$7 #7G+ST7#"onfig2 config-register 0x0100 - .' onitor ode "onfig2 config-register 0x0101 - .' boot "onfig2 config-register 0x0100 - Boot from &5.A "33T S<ST7&"onfig2 boot system tftp ;*>7&A 7 #7.57.T*= - 7xample8 boot system tftp 0E00Tios.bin 1F0.1E<.13.0 "onfig2 boot system .' "onfig2 boot system flash - Then - "onfig2 reload C/P"onfig2 cdp run - Turns "-= on "onfig2 cdp holdtime 1<0 - #ets the time that a device remains. -efault is 1<0 "onfig2 cdp timer 40 - #ets the update timer.The default is E0 "onfig2 int 7thernet 0 "onfig-if2 cdp enable - 7nables cdp on the interface "onfig-if2 no cdp enable - -isables "-= on the interface "onfig2 no cdp run - Turns "-= off $3ST T)"*7"onfig2 ip host .')T7.T&A 7 *&TTAddress - 7xample8 ip host lab-a 1F0.1E<.1.1 -or"onfig2 ip host .T.T&A 7 *&TTA--1 *&TTA--0 *&TTA--4 - 7xample8 ip host lab-a 1F0.1E<.1.1 001.04.3.0 1FF.0.4.0 - %for e0, s0, s1( /3&)+N N)&7 S7#:+C7S"onfig2 ip domain-lookup - Tell router to lookup domain names "onfig2 ip name-server 100.00.0.0 - >ocation of -&# server "onfig2 ip domain-name cisco.com - -omain to append to end of names C*7)#+NG C30NT7#S2 clear interface 7thernet 0 - "lears counters on the specified interface 2 clear counters - "lears all interface counters 2 clear cdp counters - "lears "-= counters ST)T+C #30T7S"onfig2 ip route &etTAdd #&T ask &extT:opTAdd - 7xample8 ip route 1F0.1E<.11.0 011.011.011.0 001.1.1.0 "onfig2 ip route 0.0.0.0 0.0.0.0 &extT:opTAdd - -efault route -or"onfig2 ip default-network &etTAdd - 6ateway >A& network +P #30T+NG"onfig2 ip routing - 7nabled by default

"onfig2 router rip -or"onfig2 router igrp 100 "onfig2 interface 7thernet 0 "onfig-if2 ip address 100.0.4.0 011.011.011.0 "onfig-if2 no shutdown

+P5 #30T+NG"onfig2 ipx routing "onfig2 interface 7thernet 0 "onfig2 ipx maximum-paths 0 - aximum e/ual metric paths used "onfig-if2 ipx network 000 encapsulation sap - Also &ovell-7ther, #&A=, A.=A on 7thernet. 7ncapsulation :->" on serial "onfig-if2 no shutdown )CC7SS *+STSI7 0tan,ar, 1->> I7 4xten,e, 100-1>> I7X 0tan,ar, 800-8>> I7X 4xten,e, >00->>> I7X 0A7 .i2ters 1000-10>> +P ST)N/)#/"onfig2 access-list 10 permit 144.0.0.0 0.0.0.011 - allow all src ip?s on network 144.0.0.0 -or"onfig2 access-list 10 permit host 144.0.0.0 - specifies a specific host -or"onfig2 access-list 10 permit any - allows any address "onfig2 int 7thernet 0 "onfig-if2 ip access-group 10 in - also available8 out +P 75T7N/7/"onfig2 access-list 101 permit tcp 144.10.0.0 0.0.011.011 100.4.0.0 0.0.0.011 e/ telnet -protocols8 tcp, udp, icmp, ip %no sockets then(, among others -source then destination address -e/, gt, lt for comparison -sockets can be numeric or name %04 or telnet, 01 or ftp, etc( -or"onfig2 access-list 101 deny tcp any host 144.0.04.4 e/ www -or"onfig2 access-list 101 permit ip any any "onfig2 interface 7thernet 0 "onfig-if2 ip access-group 101 out +P5 ST)N/)#/"onfig2 access-list <01 permit 044 AA4 - source network!host then destination network!host -or-

"onfig2 access-list <01 permit -1 -1 - ?-1? is the same as ?any? with network!host addresses "onfig2 interface 7thernet 0 "onfig-if2 ipx access-group <01 out

+P5 75T7N/7/"onfig2 access-list F01 permit sap 3AA all 3BB all - =ermit protocol srcTadd socket destTadd socket -?all? includes all sockets, or can use socket numbers -or"onfig2 access-list F01 permit any any all any all -=ermits any protocol with any address on any socket to go anywhere "onfig2 interface 7thernet 0 "onfig-if2 ipx access-group F01 in +P5 S)P 2+*T7#"onfig2 access-list 1000 permit 3aa 4 - ?4? is the service type -or"onfig2 access-list 1000 permit 3aa 0 - service type of ?0? matches all services "onfig2 interface 7thernet 0 "onfig-if2 ipx input-sap-filter 1000 - filter applied to incoming packets -or"onfig-if2 ipx output-sap-filter 1000 - filter applied to outgoing packets N)&7/ )CC7SS *+STS"onfig2 ip access-list standard >*#T&A 7 -can be ip or ipx, standard or extended -followed by the permit or deny list "onfig2 permit any "onfig-if2 ip access-group >*#T&A 7 in -use the list name instead of a list number -allows for a larger amount of access-lists PPP S7T0P"onfig-if2 encapsulation ppp "onfig-if2 ppp authentication chap pap -order in which they will be used -only attempted with the authentification listed -if one fails, then connection is terminated "onfig-if2 exit "onfig2 username >ab-b password 10431E -username is the router that will be connecting to this one -only specified routers can connect -or"onfig-if2 ppp chap hostname .')T7. "onfig-if2 ppp chap password 10431E -if this is set on all routers, then any of them can connect to any other

-set same on all for easy configuration +S/N S7T0P"onfig2 isdn switch-type basic-1ess - determined by telecom "onfig2 interface serial 0 "onfig-if2 isdn spid1 0H011131E3 - isdn ?phonenumber? of line 1 "onfig-if2 isdn spid0 0H011131E1 - isdn ?phonenumber? of line 0 "onfig-if2 encapsulation === - or :->", >A=--. - 3 #teps to setting up *#-& with --. 15 "onfigure switch type "onfig2 isdn switch-type basic-1ess - can be done at interface config "onfigure static routes "onfig2 ip route 104.3.41.0 011.011.011.0 1F0.4.1.1 - sends traffic destined for 104.3.41.0 to 1F0.4.1.1 "onfig2 ip route 1F0.4.1.1 011.011.011.011 bri0 - specifies how to get to network 1F0.4.1.1 %through bri0( "onfigure *nterface "onfig-if2 ip address 1F0.4.1.1 011.011.011.0 "onfig-if2 no shutdown "onfig-if2 encapsulation ppp "onfig-if2 dialer-group 1 - applies dialer-list to this interface "onfig-if2 dialer map ip 1F0.4.1.E name >ab-b 1111010 connect to lab-b at 1111010 with ip 1F0.4.1.E if there is interesting traffic can also use ?dialer string 1111010? instead if there is only one router to connect to #pecify interesting traffic "onfig2 dialer-list 1 ip permit any -or"onfig2 dialer-list 1 ip list 101 - use the access-list 101 as the dialer list 'ther 'ptions "onfig-if2 hold-/ueue H1 - /ueue H1 packets before dialing "onfig-if2 dialer load-threshold 101 either -load needed before second line is brought up -?101? is any number 1-011, where I load is x!011 %ie 101!011 is about 10I( -can check by in, out, or either "onfig-if2 dialer idle-timeout 1<0 -determines how long to stay idle before terminating the session -default is 100

&5

*5

!5

55

2#)&7 #7*)< S7T0P"onfig2 interface serial 0 "onfig-if2 encapsulation frame-relay - cisco by default, can change to ietf "onfig-if2 frame-relay lmi-type cisco - cisco by default, also ansi, /F44a "onfig-if2 bandwidth 1E "onfig-if2 interface serial 0.100 point-to-point - subinterface

"onfig-if2 ip address 100.1.1.1 011.011.011.0 "onfig-if2 frame-relay interface-dlci 100 -maps the dlci to the interface -can add B.'A-"A#T and!or *7T; at the end "onfig-if2 interface serial 1.100 multipoint "onfig-if2 no inverse-arp - turns *A.= offM good to do "onfig-if2 frame-relay map ip 100.1.1.0 3< ietf broadcast -maps an *= to a dlci %3< in this case( -re/uired if *A.= is turned off -ietf and broadcast are optional "onfig-if2 frame-relay map ip 100.1.1.4 13 broadcast S$3( C3&&)N/S #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how #how access-lists - all access lists on the router cdp - cdp timer and holdtime fre/uency cdp entry U - same as next cdp neighbors detail - details of neighbor with ip add and ios version cdp neighbors - id, local interface, holdtime, capability, platform portid cdp interface - int?s running cdp and their encapsulation cdp traffic - cdp packets sent and received controllers serial 0 - -T7 or -"7 status dialer - number of times dialer string has been reached, other stats flash - files in flash frame-relay lmi - lmi stats frame-relay map - static and dynamic maps for =5"?s frame-relay pvc - pvc?s and dlci?s history - commands entered hosts - contents of host table int f0!0E - stats of f0!0E interface 7thernet 0 - show stats of 7thernet 0 ip - ip config of switch ip access-lists - ip access-lists on switch ip interface - ip config of interface ip protocols - routing protocols and timers ip route - -isplays *= routing table ipx access-lists - same, only ipx ipx interfaces - .*= and #A= info being sent and received, *=+ addresses ipx route - ipx routes in the table ipx servers - #A= table ipx traffic - .*= and #A= info isdn active - number with active status isdn status - shows if #=*-s are valid, if connected mac-address-table - contents of the dynamic table protocols - routed protocols and netTaddresses of interfaces running-config - dram config file sessions - connections via telnet to remote device startup-config - nvram config file terminal - shows history si9e trunk a!b - trunk stat of port 0E!0H version - ios info, uptime, address of switch vlan - all configured vlan?s

#how vlan-membership - vlan assignments #how vtp - vtp configs C)T)*<ST C3&&)N/S ;or &ative *'# - &ot "at'# S(+TC$ )//#7SS"onfig2 ip address 1F0.1E<.10.0 011.011.011.0 "onfig2 ip default-gateway 1F0.1E<.10.1 /0P*75 &3/7"onfig2 interface 7thernet 0!1 - ?fastethernet? for 100 bps ports "onfig-if2 duplex full - also, half S auto S full-flow-control S(+TC$+NG &3/7"onfig2 switching-mode store-and-forward - also, fragment-free &)C )//#7SS C3N2+GS"onfig2 mac-address-table permanent aaab.000f.ffef e0!0 - only this mac will work on this port "onfig2 mac-address-table restricted static aaab.000f.ffef e0!0 e0!4 -port 4 can only send data out port 0 with that mac -very restrictive security "onfig-if2 port secure max-mac-count 1 - allows only 1 mac addresses mapped to this port :*)NS"onfig2 vlan 10 name ;*&A&"7 "onfig2 interface 7thernet 0!4 "onfig-if2 vlan-membership static 10 T#0N9 *+N9S"onfig-if2 trunk on - also, off S auto S desirable S nonegotiate "onfig-if2 no trunk-vlan 0 -removes vlan 0 from the trunk port -by default, all vlans are set on a trunk port C3N2+G0#+NG :TP"onfig2 delete vtp - should be done prior to adding to a network "onfig2 vtp server - the default is server, also client and transparent "onfig2 vtp domain "amp - name doesn?t matter, Aust so all switches use the same "onfig2 vtp password 1043 - limited security "onfig2 vtp pruning enable - limits vtp broadcasts to only switches affected "onfig2 vtp pruning disable 2*)S$ 0PG#)/7"onfig2 copy tftp8!!1F0.1.1.1!configname.ios opcode - ?opcode? for ios upgrade, ? nvram? for startup config /7*7T7 ST)#T0P C3N2+G"onfig2 delete nvram

(isco I/0 (omman, ;ine Inter"ace T:toria2

Abstract
The "oc:s o" this ,oc:ment is to intro,:ce a ne+ (isco Internet+orkin3 /%eratin3 09stem (I/0# :ser to the I/0 comman, 2ine inter"ace ((;I#5 A"ter rea,in3 this ,oc:ment, a ne+ :ser +i22 :n,erstan, ho+ to :se the I/0 (;I to con"i3:re an, mana3e an I/0 ro:ter5 .or easier re"erence, Ta$2e 1 ,is%2a9s a co22ection o" im%ortant terms an, acron9ms that are :se, thro:3ho:t the ,oc:ment5 Table , ) 1lossary &/ 2mportant Terms And Acronyms "sed 2n This Tutorial
(isco I/0 (;I 4X4( .2ash '@RA= RA= - (isco Internet+orkin3 /%eratin3 09stem - (omman, ;ine Inter"ace - (omman, 2ine session to the ro:ter (co:2, $e conso2e, mo,em, or te2net# - 'on-@o2ati2e =emor9 :se, to store I/0 so"t+are ima3e - 'on-@o2ati2e RA= :se, to store ro:ter con"i3:ration - Ran,om Access =emor9

CL2 Architecture
A (isco I/0 ro:ter comman, 2ine inter"ace can $e accesse, thro:3h either a conso2e connection, mo,em connection, or a te2net session5 Re3ar,2ess o" +hich connection metho, is :se,, access to the I/0 comman, 2ine inter"ace is 3enera229 re"erre, to as an 4X4( session5 As a sec:rit9 "eat:re, (isco I/0 se%arates 4X4( sessions into t+o ,i""erent access 2e?e2s - :ser 4X4( 2e?e2 an, %ri?i2e3e, 4X4( 2e?e25 User 4X4( 2e?e2 a22o+s a %erson to access on29 a 2imite, amo:nt o" $asic monitorin3 comman,s5 7ri?i2e3e, 4X4( 2e?e2 a22o+s a %erson to access a22 ro:ter comman,s (e535 con"i3:ration an, mana3ement# an, can $e %ass+or, %rotecte, to a22o+ on29 a:thoriAe, :sers the a$i2it9 to con"i3:re or maintain the ro:ter5 .or exam%2e, +hen an 4X4( session is starte,, the ro:ter +i22 ,is%2a9 a CRo:terHC %rom%t5 The ri3ht arro+ (H# in the %rom%t in,icates that the ro:ter is at the :ser 4X4( 2e?e25 The :ser 4X4( 2e?e2 ,oes not contain an9 comman,s that mi3ht contro2 (e535 re2oa, or con"i3:re# the o%eration o" the ro:ter5 To 2ist the comman,s a?ai2a$2e at the :ser 4X4( 2e?e2, t9%e a D:estion mark (G# at the Ro:terH %rom%t5 (This "eat:re is re"erre, to as context sensitive help5# (ritica2 comman,s (e535 con"i3:ration an, mana3ement# reD:ire that the :ser $e at the %ri?i2e3e, 4X4( 2e?e25 To chan3e to the %ri?i2e3e, 4X4( 2e?e2, t9%e Cena$2eC at the Ro:terH %rom%t5 I" an ena$2e %ass+or, is con"i3:re,, the ro:ter +i22 then %rom%t "or that %ass+or,5 6hen the correct ena$2e %ass+or, is entere,, the ro:ter %rom%t +i22 chan3e to CRo:terIC in,icatin3 that the :ser is no+ at the

%ri?i2e3e, 4X4( 2e?e25 To s+itch $ack to :ser 4X4( 2e?e2, t9%e C,isa$2eC at the Ro:terI %rom%t5 T9%in3 a D:estion mark (G# at the %ri?i2e3e, 4X4( 2e?e2 +i22 no+ re?ea2 man9 more comman, o%tions than those a?ai2a$2e at the :ser 4X4( 2e?e25 The text $e2o+ i22:strates the %rocess o" chan3in3 4X4( 2e?e2s5 Router> enable Password: [enable password] Router# disable Router> Note: For security reasons, the router will not echo the password that is entered. Also, be advised that if configuring a router via telnet, the password is sent in clear text. Telnet does not offer a method to secure packets. /nce an 4X4( session is esta$2ishe,, comman,s +ithin (isco I/0 are hierarchica229 str:ct:re,5 In or,er to s:ccess":229 con"i3:re the ro:ter, it is im%ortant to :n,erstan, this hierarch95 To i22:strate this hierarch9, .i3:re 1 %ro?i,es a sim%2e hi3h-2e?e2 schematic ,ia3ram o" some I/0 comman,s5

!igure , ) 2&S CL2 hierarchy (omman, o%tions an, a%%2ications ?ar9 ,e%en,in3 on %osition +ithin this hierarch95 Re"errin3 to the ,ia3ram in "i3:re 1, con"i3:ration comman, o%tions +i22 not $e a?ai2a$2e :nti2 the :ser has na?i3ate, to the con"i3:ration $ranch o" the I/0 (;I str:ct:re5 /nce in the con"i3:ration $ranch, a :ser ma9 enter s9stem 2e?e2 con"i3:ration comman,s that a%%29 to the entire ro:ter at the 32o$a2 con"i3:ration 2e?e25 Inter"ace s%eci"ic con"i3:ration comman,s are a?ai2a$2e once the :ser has s+itche, to the %artic:2ar inter"ace con"i3:ration 2e?e25 =ore ,etai2e, in"ormation an, exam%2es on ho+ to na?i3ate thro:3h the I/0 (;I hierarch9 are o""ere, in the Router Con/iguration section5 To assist :sers in na?i3ation thro:3h I/0 (;I, the comman, %rom%t +i22 chan3e to re"2ect the %osition o" a :ser +ithin the comman, hierarch95 This a22o+s :sers to easi29 i,enti"9 +here +ithin the comman, str:ct:re the9 are at an9 3i?en

moment5 Ta$2e & is a s:mmar9 o" comman, %rom%ts an, the corres%on,in3 2ocation +ithin the comman, str:ct:re5 Table - ) 2&S Command (rompt Summary
Ro:terH Ro:terI Ro:ter(con"i3#I - User 4X4( mo,e - 7ri?i2e3e, 4X4( mo,e - (on"i3:ration mo,e (notice the I si3n in,icates this is on29 accessi$2e at %ri?i2e3e, 4X4( mo,e5# - Inter"ace 2e?e2 +ithin con"i3:ration mo,e5

Ro:ter(con"i3-i"#I Ro:ter(con"i3- Ro:tin3 en3ine 2e?e2 +ithin con"i3:ration mo,e5 ro:ter#I Ro:ter(con"i3-2ine#I - ;ine 2e?e2 (?t9, tt9, as9nc# +ithin con"i3:ration mo,e5

CL2 ditor !eatures

Context Sensitive 'elp (isco I/0 (;I o""ers context sensiti?e he2%5 This is a :se":2 too2 "or a ne+ :ser $eca:se at an9 time ,:rin3 an 4X4( session, a :ser can t9%e a D:estion mark (G# to 3et he2%5 T+o t9%es o" context sensiti?e he2% are a?ai2a$2e - +or, he2% an, comman, s9ntax he2%5 6or, he2% can $e :se, to o$tain a 2ist o" comman,s that $e3in +ith a %artic:2ar character seD:ence5 To :se +or, he2%, t9%e in the characters in D:estion "o22o+e, imme,iate29 $9 the D:estion mark (G#5 Do not inc2:,e a s%ace $e"ore the D:estion mark5 The ro:ter +i22 then ,is%2a9 a 2ist o" comman,s that start +ith the characters that +ere entere,5 The "o22o+in3 is an exam%2e o" +or, he2%E
Router# co? configure connect copy

(omman, s9ntax he2% can $e :se, to o$tain a 2ist o" comman,, ke9+or,, or ar3:ment o%tions that are a?ai2a$2e $ase, on the s9ntax the :ser has a2rea,9 entere,5 To :se comman, s9ntax he2%, enter a D:estion mark (G# in the %2ace o" a ke9+or, or ar3:ment5 Inc2:,e a s%ace $e"ore the D:estion mark5 The ro:ter +i22 then ,is%2a9 a 2ist o" a?ai2a$2e comman, o%tions +ith JcrH stan,in3 "or carria3e ret:rn5 The "o22o+in3 is an exam%2e o" comman, s9ntax he2%E
Router# configure ? memory networ o$erwrite%networ terminal *cr> Configure Configure &$erwrite Configure from NV memory from a !"!P networ #ost NV memory from !"!P networ from t#e terminal

#ost'()

Command Syntax Chec0 I" a comman, is entere, im%ro%er29 (e535 t9%o or in?a2i, comman, o%tion#, the ro:ter +i22 in"orm the :ser an, in,icate +here the error has occ:rre,5 A caret s9m$o2 (K# +i22 a%%ear :n,erneath the incorrect comman,, ke9+or,, or ar3:ment5 The "o22o+in3 exam%2e ,is%2a9s +hat ha%%ens i" the ke9+or, CethernetC is s%e22e, incorrect295

Router+config,#interface et#ernat . /n$alid input detected at 0-0 mar er1 Command Abbreviation (omman,s an, ke9+or,s can $e a$$re?iate, to the minim:m n:m$er o" characters that i,enti"ies a :niD:e se2ection5 .or exam%2e, 9o: can a$$re?iate the Ccon"i3:reC comman, to Ccon"C $eca:se Ccon"i3:reC is the on29 comman, that $e3ins +ith Ccon"C5 Lo: co:2, not a$$re?iate the comman, to CconC $eca:se more than one comman, co:2, "it this criteria5 The ro:ter +i22 iss:e the "o22o+in3 error messa3e i" 9o: ,o not s:%%29 eno:3h characters5 cisco+config,#i . 2mbiguous command: 3i3 'ot Keys .or man9 e,itin3 ":nctions, the I/0 (;I e,itor %ro?i,es hot ke9s5 The "o22o+in3 ta$2e 2ists some e,itin3 shortc:ts that are a?ai2a$2e5 Table . ) Summary &/ 'ot Keys
De2ete Backs%ace TAB (tr2-A (tr2-R (tr2-U (tr2-6 (tr2-M U% Arro+ Do+n Arro+ - Remo?es one character to the ri3ht o" the c:rsor5 - Remo?es one character to the 2e"t o" the c:rsor5 - .inishes a %artia2 comman,5 - =o?es the c:rsor to the $e3innin3 o" the c:rrent 2ine5 - Re,is%2a9s a 2ine5 - 4rases a 2ine5 - 4rases a +or,5 - 4n,s con"i3:ration mo,e an, ret:rns to the 4X4(5 - A22o+s :ser to scro22 "or+ar, thro:3h "ormer comman,s5 - A22o+s :ser to scro22 $ack+ar, thro:3h "ormer comman,s5

Router Con/iguration
ntering Con/igurations 7erha%s the $est +a9 to i22:strate I/0 (;I na?i3ation is $9 +a2kin3 thro:3h a sim%2e ro:ter con"i3:ration5 The comments in the exam%2e ,o not attem%t to ex%2ain the meanin3 o" each in,i?i,:a2 comman,, $:t rather inten, to ,is%2a9 +here con"i3:ration comman,s are entere, +ithin the I/0 comman, str:ct:re5 7a9 %artic:2ar attention to ho+ the comman, %rom%t chan3es as the :ser na?i3ates thro:3h the I/0 (;I hierarch95 A2so notice that 32o$a2 %arameters are con"i3:re, at the 32o$a2 con"i3:ration 2e?e2 (in,icate, $9 the CRo:ter(con"i3#IC %rom%t# +hereas inter"ace s%eci"ic comman,s are entere, a"ter s+itchin3 to the %artic:2ar inter"ace (in,icate, $9 the CRo:ter(con"i3-i"#IC %rom%t#5 G2o$a2 %arameters an, inter"ace %arameters are ,isc:sse, ":rther in the Displaying Con/igurations section :n,er Router Management5
Router> enable - s+itches to %ri?i2e3e, 4X4( 2e?e2

Router# configure terminal Router+config,# enable secret cisco Router+config,# ip route )1)1)1) )1)1)1) ()1(1(14 Router+config,# interface et#ernet) Router+config%if,# ip address 5)151515 (661)1)1) Router+config%if,# no s#utdown Router+config%if,# e7it Router+config,# interface serial) Router+config%if,# ip address ()1(1(1( (661)1)1) Router+config%if,# no s#utdown Router+config%if,# e7it Router+config,# router rip Router+config%router,# networ Router+config%router,# networ 5)1)1)1) ()1)1)1)

- s+itches to 32o$a2 con"i3:ration 2e?e2 - con"i3:res ro:ter +ith an ena$2e secret (32o$a2# - con"i3:res a static I7 ro:te (32o$a2# - s+itches to con"i3:re the ethernet0 inter"ace - con"i3:res an I7 a,,ress on ethernet0 (inter"ace# - acti?ates ethernet0 (inter"ace# - exits $ack to 32o$a2 con"i3:ration 2e?e2 - s+itches to con"i3:re the seria20 inter"ace - con"i3:res an I7 a,,ress on seria20 (inter"ace# - acti?ates seria20 (inter"ace# - exits $ack to 32o$a2 con"i3:ration 2e?e2 - s+itches to con"i3:re RI7 ro:tin3 en3ine - a,,s net+ork 10505050 to RI7 en3ine (ro:tin3 en3ine# - a,,s net+ork &0505050 to RI7 en3ine (ro:tin3 en3ine# - exits $ack to 32o$a2 con"i3:ration 2e?e2 - exits o:t o" con"i3:ration 2e?e2 - sa?es con"i3:ration into '@RA= - ,isa$2es %ri?i2e3e, 4X4( 2e?e2 - in,icates :ser is $ack to :ser 4X4( 2e?e2

Router+config%router,# e7it Router+config,# e7it Router# copy running%config startup% config Router# disable Router>

In the a$o?e exam%2e, notice ho+ the exit comman, is :se, to $ack :% a 2e?e2 +ithin the I/0 hierarch95 .or exam%2e, i" in the inter"ace con"i3:ration 2e?e2 (i5e5 Ro:ter (con"i3-i"#I %rom%t#, t9%in3 exit +i22 %:t the :ser $ack in the 32o$a2 con"i3:ration 2e?e2 (i5e5 Ro:ter (con"i3#I %rom%t#5 Ta0ing 2nter/aces &ut &/ Shutdown Ro:ters shi% "rom the "actor9 +ith a22 inter"aces ,eacti?ate,5 Deacti?ate, inter"aces are re"erre, to as $ein3 in a sh:t,o+n state5 Be"ore an inter"ace can $e :se,, it m:st $e taken o:t o" the sh:t,o+n state5 To take an inter"ace o:t o" sh:t,o+n, t9%e Cno sh:t,o+nC at the a%%ro%riate inter"ace con"i3:ration 2e?e25 The exam%2e a$o?e inc2:,es these comman,s "or $oth the ethernet an, seria2 inter"aces5 Removing Commands 3 Resetting De/ault 4alues I/0 %ro?i,es an eas9 +a9 to remo?e comman,s "rom a con"i3:ration5 To remo?e a comman, "rom the con"i3:ration, sim%29 na?i3ate to the %ro%er 2ocation an, t9%e CnoC "o22o+e, $9 the comman, to $e remo?e,5 The "o22o+in3 exam%2e ,is%2a9s ho+ to remo?e an I7 a,,ress "rom the ethernet0 inter"ace5
Router> enable Router# configure terminal Router+config,# interface et#ernet) Router+config%if,# no ip address Router+config%if,# e7it Router+config,# e7it - s+itches to %ri?i2e3e, 4X4( 2e?e2 - s+itches to 32o$a2 con"i3:ration 2e?e2 - s+itches to con"i3:re the ethernet0 inter"ace - remo?es I7 a,,ress - exits $ack to 32o$a2 con"i3:ration 2e?e2 - exits o:t o" con"i3:ration 2e?e2

Router# disable Router>

- ,isa$2es %ri?i2e3e, 4X4( 2e?e2 - %rom%t in,icates :ser is $ack to :ser 4X4( 2e?e2

0ome con"i3:ration comman,s in I/0 are ena$2e, $9 ,e"a:2t an, assi3ne, a certain ,e"a:2t ?a2:e5 6hen 2e"t at the ,e"a:2t ?a2:e, these comman,s +i22 not $e ,is%2a9e, +hen the con"i3:ration is 2iste,5 I" the ?a2:e is a2tere, "rom the ,e"a:2t settin3, iss:in3 a CnoC "orm o" the comman, +i22 restore the ?a2:e to the ,e"a:2t settin35 Saving Con/igurations A (isco I/0 ro:ter stores con"i3:rations in t+o 2ocations - RA= an, '@RA=5 The r:nnin3 con"i3:ration is store, in RA= an, is :se, $9 the ro:ter ,:rin3 o%eration5 An9 con"i3:ration chan3es to the ro:ter are ma,e to the r:nnin3con"i3:ration an, take e""ect imme,iate29 a"ter the comman, is entere,5 The start:%-con"i3:ration is sa?e, in '@RA= an, is 2oa,e, into the ro:terNs r:nnin3con"i3:ration +hen the ro:ter $oots :%5 I" a ro:ter 2oses %o+er or is re2oa,e,, chan3es to the r:nnin3 con"i3:ration +i22 $e 2ost :n2ess the9 are sa?e, to the start:%-con"i3:ration5 To sa?e the r:nnin3-con"i3:ration to the start:% con"i3:ration, t9%e the "o22o+in3 "rom %ri?i2e3e, 4X4( mo,e (i5e5 at the CRo:terIC %rom%t5#
Router# copy running%config startup%config

Note: rior to !!.x software, the command to save the running"configuration to the startup"configuration was different. #se the following command if your $%& version is prior to !!.x:
Router#write memory

2M(&RTA$T5 6hen editing a con/iguration7 SA4 the con/iguration o/ten8

Router Management
I/0 s:%%orts man9 ,i""erent t9%es o" sho+ comman,s5 This section co?ers a "e+ o" the common sho+ comman,s :se, to $oth mana3e an, tro:$2eshoot a ro:ter5 The sco%e o" this ,oc:ment is not to instr:ct ho+ to :se these comman,s to tro:$2eshoot a ro:ter, $:t to make the :ser a+are that these mana3ement o%tions exist5 .or s%eci"ic in"ormation a$o:t tro:$2eshootin3 a net+ork :sin3 these comman,s, re"er to the a%%ro%riate troubleshooting ,oc:ment5 Displaying Con/igurations To ,is%2a9 the r:nnin3-con"i3:ration, t9%e the "o22o+in3 comman, in %ri?i2e3e, 4X4( mo,eE
Router#s#ow running%config

To ,is%2a9 the start:%-con"i3:ration that is store, in '@RA=, t9%e the "o22o+in3 comman, in %ri?i2e3e, 4X4( mo,eE
Router#s#ow startup%config

The "o22o+in3 is the sho+ r:nnin3-con"i3 o:t%:t "rom the exam%2e :se, in the Router Con/iguration section5 Current configuration: 8 $ersion 551( 8 #ostname cisco 8 enable password cisco 8 interface 9t#ernet) ip address 5)151515 (661)1)1) 8 interface :erial) ip address ()1(1(1( (661)1)1) 8 router rip networ 5)1)1)1) networ ()1)1)1) 8 ip route )1)1)1) )1)1)1) ()1(1(14 8 line $ty ) ; password telnet login 8 end 6hen ,is%2a9in3 a con"i3:ration, the exc2amation marks (O# ":nction as 2ine se%arators to make rea,in3 easier5 Re"errin3 to the a$o?e exam%2e, notice ho+ comman,s entere, at the inter"ace con"i3:ration 2e?e2 a%%ear in,ente, :n,erneath the res%ecti?e inter"ace (e535 inter"ace 4thernet0#5 ;ike+ise, comman,s entere, :n,erneath the ro:tin3 en3ine con"i3:ration 2e?e2 a%%ear in,ente, :n,erneath the ro:tin3 en3ine (e535 ro:ter ri%#5 G2o$a2 2e?e2 comman,s are not in,ente,5 This t9%e o" ,is%2a9 a22o+s a :ser to easi29 i,enti"9 +hich con"i3:ration %arameters are set at the 32o$a2 con"i3:ration 2e?e2 an, +hich are set at the ?ario:s con"i3:ration s:$-2e?e2s5 Note: $f an interface was in a shutdown state, the word 'shutdown' would appear indented under the particular interface in shutdown state. Also, commands that are enabled by default are not displayed in the configuration listing. Displaying So/tware 4ersion And More

The sho+ ?ersion comman, %ro?i,es a 2ot o" in"ormation in a,,ition to the ?ersion o" so"t+are that is r:nnin3 on the ro:ter5 The "o22o+in3 in"ormation can $e co22ecte, +ith the sho+ ?ersion comman,E
0o"t+are @ersion Bootstra% @ersion 09stem :%-time 09stem restart in"o 0o"t+are ima3e name Ro:ter T9%e an, 7rocessor t9%e - I/0 so"t+are ?ersion (store, in "2ash# - Bootstra% ?ersion (store, in Boot R/=# - Time since 2ast re$oot - =etho, o" restart (e535 %o+er c9c2e, crash# - I/0 "i2ename store, in "2ash - =o,e2 n:m$er an, %rocessor t9%e - =ain 7rocessor RA= =emor9 t9%e an, a22ocation (0hare,/=ain# - 0hare, 7acket I// $:""erin3 0o"t+are .eat:res - 0:%%orte, %rotoco2s / "eat:re sets <ar,+are Inter"aces - Inter"aces a?ai2a$2e on ro:ter (on"i3:ration Re3ister - Boot:% s%eci"ications, conso2e s%ee, settin3, etc5

The "o22o+in3 is a sam%2e o:t%:t o" a sho+ ?ersion comman,5 Router# s#ow $ersion Cisco /nternetwor &perating :ystem :oftware /&: +tm, 4<)) :oftware +C4<;)%=%>,? Version 551(+<,P? :@2R9A PB2!"&R>? R9B92:9 :&"!C2R9 +fc5, Copyrig#t +c, 5DE<%5DDF by cisco :ystems? /nc1 Compiled >on 5(%>ay%DF 56:)F by teG /mage te7t%base: )7<)))EE2)? data%base: )7<)F6C))) R&>: :ystem Hootstrap? Version 5515+F,2I [ uong +F,2I]? 92RBJ A9PB&J>9N! R9B92:9 :&"!C2R9 +fc(, Router uptime is 5 wee ? 5 day? 4E minutes :ystem restarted by power%on :ystem image file is 3flas#:c4<;)%G%mKL55(%<LP1bin3? booted $ia flas# @ost configuration file is 34<))L;%confg3? booted $ia tftp from 5F51<D1E415D; cisco 4<;) +R;F)), processor +re$ision )7)), wit# 5)F6()MN(466(M bytes of memory1 Processor board /A )4)E;F4) R;F)) processor? /mplementation 44? Re$ision 51) Hridging software1 :uperB2! software copyrig#t 5DD) by >eridian !ec#nology Corp,1

I1(6 software? Version (1)? N9!(? H"9 and O&:/P compliant1 !N4(F) 9mulation software1 Primary Rate /:AN software? Version 51)1 ( 9t#ernetN/999 E)(14 interface+s, DF :erial networ interface+s, ; C#anneliKed !5NPR/ port+s, AR2> configuration is <; bits wide wit# parity disabled1 5(6M bytes of non%$olatile configuration memory1 5<4E;M bytes of processor board :ystem flas# +ReadNCrite, Configuration register is )7(5)( Displaying 2nter/ace States To ?ie+ in"ormation a$o:t a %artic:2ar inter"ace, :se the sho+ inter"ace comman,5 The sho+ inter"ace comman, %ro?i,es the "o22o+in3 2ist o" im%ortant in"ormationE
Inter"ace 0tate (e535 U7, D/6', ;//74D# 7rotoco2 a,,resses Ban,+i,th Re2ia$i2it9 an, ;oa, 4nca%s:2ation t9%e 7acket Rates 4rror Rates 0i3na2in3 0tat:s (i5e5 D(D,D0R,DTR,RT0,(T0#

The "o22o+in3 is an exam%2e o" a Csho+ inter"ace seria20C o:t%:tE Router#s#ow interface serial ) :erial) is up? line protocol is down @ardware is PQ/CC :erial /nternet address is 5)15151(N(; >!Q 56)) bytes? HC 56;; Mbit? ABJ ()))) usec? rely (66N(66? load 5N(66 9ncapsulation "R2>9%R9B2J? loopbac not set? eepali$e set +5) sec, B>/ enR sent ()F<)4? B>/ stat rec$d 554F56? B>/ upd rec$d )? A!9 B>/ down B>/ enR rec$d )? B>/ stat sent )? B>/ upd sent ) B>/ ABC/ 5)(4 B>/ type is C/:C& frame relay A!9 Hroadcast Rueue )N<;? broadcasts sentNdropped )N)? interface broadcasts <(E6< Bast input 5w? output )):)):)E? output #ang ne$er Bast clearing of 3s#ow interface3 counters ne$er

/nput Rueue: )NF6N) +siKeNma7Ndrops,S !otal output drops: ) Pueueing strategy: weig#ted fair &utput Rueue: )N<;N) +siKeNt#res#oldNdrops, Con$ersations )N5 +acti$eNma7 acti$e, Reser$ed Con$ersations )N) +allocatedNma7 allocated, 6 minute input rate 5))) bitsNsec? 5 pac etsNsec 6 minute output rate ) bitsNsec? ) pac etsNsec 5)5((F( pac ets input? D5(66;EE bytes? ) no buffer Recei$ed D5< broadcasts? ) runts? ) giants 5E65D input errors? ) CRC? 5FFD< frame? ) o$errun? ) ignored? F(4 abort (E454( pac ets output? 54F5()55 bytes? ) underruns ) output errors? ) collisions? 4545F interface resets ) output buffer failures? ) output buffers swapped out 4 carrier transitions ACA'up A:R'up A!R'up R!:'up C!:'up

1ems 9 'cl Router details as on :,),-)-::.

gems_hcl>en gems_hcl#sh int ser0 Serial0 is up, line protocol is up Hardware is PowerQUICC Serial Description !! lin" to HC! in#inet,Chennai Internet address is $0%$&'%(%)*+,0 -ac"up inter#ace -.I0, #ailure dela/ 0 sec, secondar/ disa1le dela/ 0 sec, "ic"in load not set, "ic"out load not set 23U $000 1/tes, -4 *,( 51it, D!6 (0000 usec, relia1ilit/ (00+(00, t7load )0+(00, r7load (*+(00 8ncapsulation HD!C, loop1ac" not set 5eepali9e set :$0 sec; !ast input 00 00 0,, output 00 00 00, output hang ne9er !ast clearing o# <show inter#ace< counters ne9er Input =ueue 0+)0+0+0 :si>e+ma7+drops+#lushes;? 3otal output drops 0 Queueing strateg/ weighted #air @utput =ueue 0+$000+A'+0 :si>e+ma7 total+threshold+drops; Con9ersations 0+$$+(0A :acti9e+ma7 acti9e+ma7 total; .eser9ed Con9ersations 0+0 :allocated+ma7 allocated; B9aila1le -andwidth A(' "ilo1its+sec 0 minute input rate &(000 1its+sec, '' pac"ets+sec 0 minute output rate ('A000 1its+sec, 0' pac"ets+sec )0)A& pac"ets input, ()&,00(& 1/tes, 0 no 1u##er .ecei9ed (&0 1roadcasts, 0 runts, 0 giants, 0 throttles $ input errors, 0 C.C, $ #rame, 0 o9errun, 0 ignored, 0 a1ort **,$$ pac"ets output, '(&,**&& 1/tes, 0 underruns 0 output errors, 0 collisions, $ inter#ace resets

0 output 1u##er #ailures, 0 output 1u##ers swapped out 0 carrier transitions DCDCup DS.Cup D3.Cup .3SCup C3SCup gems_hcl#sh int 1ri0 -.I0 is stand1/ mode, line protocol is down Hardware is PQUICC -.I Description ISDD 1ac"up #or !! lin" to HCl In#inet,Chennai Internet address will 1e negotiated using IPCP 23U $000 1/tes, -4 A' 51it, D!6 (0000 usec, relia1ilit/ (00+(00, t7load $+(00, r7load $+(00 8ncapsulation PPP, loop1ac" not set !ast input ne9er, output ne9er, output hang ne9er !ast clearing o# <show inter#ace< counters 00 ,$ () Input =ueue 0+)0+0+0 :si>e+ma7+drops+#lushes;? 3otal output drops 0 Queueing strateg/ weighted #air @utput =ueue 0+$000+A'+0 :si>e+ma7 total+threshold+drops; Con9ersations 0+0+$A :acti9e+ma7 acti9e+ma7 total; .eser9ed Con9ersations 0+0 :allocated+ma7 allocated; B9aila1le -andwidth '* "ilo1its+sec 0 minute input rate 0 1its+sec, 0 pac"ets+sec 0 minute output rate 0 1its+sec, 0 pac"ets+sec 0 pac"ets input, 0 1/tes, 0 no 1u##er .ecei9ed 0 1roadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 C.C, 0 #rame, 0 o9errun, 0 ignored, 0 a1ort 0 pac"ets output, 0 1/tes, 0 underruns 0 output errors, 0 collisions, 0 inter#ace resets 0 output 1u##er #ailures, 0 output 1u##ers swapped out 0 carrier transitions gems_hcl#sh run -uilding con#iguration%%% Current con#iguration 00)* 1/tes E 9ersion $(%( ser9ice timestamps de1ug uptime ser9ice timestamps log uptime no ser9ice passwordFencr/ption E hostname gems_hcl E ena1le secret 0 G$GHQ0IGJCu-oI#003K$!6aL@-Ucc% E username all memor/Fsi>e iomem (0 ip su1netF>ero no ip domainFloo"up ip host delhi $0%A0%(%$(A ip host mum1ai $0%$(&%(%(,( ip host "ol $0%)A%(%$0( ip host pune $0%$,(%(%,( ip host ahm $0%$,0%(%,' ip host h/d $0%$&0%(%)' ip host 1an $0%$&,%(%00 ip host ra/ala $0%$&'%(%*(

E isdn switchFt/pe 1asicFnet, E E E inter#ace !oop1ac"0 ip address $0%$&'%)%$($ (00%(00%(00%(0( E inter#ace 3unnel0 description ISDD-BC5 3UDD8! 3@ CB2SMHC!.@U38. ip address '%'%'%( (00%(00%(00%0 tunnel source -.I0 tunnel destination $0%$&'%(%0* E inter#ace 3unnel$ description 3unnel #rom Hems to 2um1ai HDKC ip address $00%$00%$00%$ (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%$(&%A%($) E inter#ace 3unnel( description tunnel to Chennai HDKC ip address $00%$00%$00%0 (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%$&'%)%&) E inter#ace 3unnel, description 3unnel to delhi HDKC ip address $00%$00%$00%& (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%A0%)%0) E inter#ace 3unnel' description 3unnel to 5ol"atta HDKC ip address $00%$00%$00%$, (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%)A%A%$$, E inter#ace 3unnel0 description 3unnel to -angalore HDKC ip address $00%$00%$00%$) (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%$&,%)%'$ E inter#ace 3unnelA description 3unnel #rom H82S to Naipur HDKC ip address $00%$00%$00%(( (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%)0%,%$A$ E inter#ace 3unnel) description 3unnel to Bhemada1ad HDKC ip address $00%$00%$00%(0 (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%$,0%'%(0

E inter#ace 3unnel* description OOO3unnel 3o Surat HDKCOOO ip address $00%$00%$00%(& (00%(00%(00%(0( tunnel source !oop1ac"0 tunnel destination $0%$,$%,%$$, E inter#ace -.I0 description ISDD 1ac"up #or !! lin" to HCl In#inet,Chennai ip address negotiated encapsulation ppp dialer idleFtimeout $0000 dialer string (*0$)(0( dialer string (*(&&,,& dialer holdF=ueue A0 dialer loadFthreshold $0 either dialerFgroup $ isdn switchFt/pe 1asicFnet, ppp chap hostname che$cam$M9pn ppp chap password ) $0')0)0K000'0A0A0&0B,8 ppp pap sentFusername che$cam$M9pn password ) 0&'0'0$K$C$A0,$K080($0 ppp multilin" E inter#ace Kast8thernet0 ip address $0%$&'%'%$&, (00%(00%(00%('* secondar/ ip address $&(%$A*%(0%(00 (00%(00%(00%0 speed auto E inter#ace Serial0 description !! lin" to HC! in#inet,Chennai 1andwidth *,( 1ac"up dela/ 0 0 1ac"up inter#ace -.I0 ip address $0%$&'%(%)* (00%(00%(00%(0( downFwhenFlooped E router rip networ" $0%0%0%0 networ" $&(%$A*%(0%0 E ip classless ip route 0%0%0%0 0%0%0%0 $0%$&'%(%)) ip route 0%0%0%0 0%0%0%0 -.I0 $00 ip route $0%(%0%0 (00%(00%(00%0 3unnel$ ip route $0%$0%0%0 (00%(00%(00%0 3unnel$ ip route $0%$A%0%0 (00%(00%(00%0 3unnel$ ip route $0%$)%(%0 (00%(00%(00%0 3unnel$ ip route $0%'$%$%0 (00%(00%(00%0 3unnel$ ip route $0%&0%$%0 (00%(00%(00%0 3unnel$ ip route $0%&)%A%0 (00%(00%(00%0 3unnel$ ip route $0%$$$%0%0 (00%(00%(00%0 3unnel$ ip route $0%$$'%$'%0 (00%(00%(00%0 3unnelA ip route $0%$(,%*%0 (00%(00%(00%0 3unnel, ip route $0%$(&%A%,( (00%(00%(00%((' $0%$&'%(%)) ip route $0%$0,%$%0 (00%(00%(00%0 3unnel$

ip route $0%$0,%A%0 (00%(00%(00%0 3unnel$ ip route $0%$0,%$$%0 (00%(00%(00%0 3unnel' ip route $0%$A$%$%0 (00%(00%(00%0 3unnel$ ip route $0%$A$%)%0 (00%(00%(00%0 3unnel$ ip route $0%$)$%$'%0 (00%(00%(00%0 3unnel) ip route $0%$&0%$'%0 (00%(00%(00%0 3unnel* ip route $0%($)%(%0 (00%(00%(00%0 3unnel$ ip route $0%($)%)%0 (00%(00%(00%0 3unnel0 ip route $,(%AA%0%0 (00%(00%0%0 $0%$&'%0%&A permanent ip route $,(%*$%0%0 (00%(00%0%0 $0%$&'%0%&A permanent ip route $,(%$0(%0%0 (00%(00%0%0 $0%$&'%0%&A permanent ip route $,(%$')%0%0 (00%(00%0%0 $0%$&'%0%&A permanent ip route $,(%(00%0%0 (00%(00%0%0 $0%$&,%0%0 permanent ip route $00%$%0%0 (00%(00%0%0 3unnel$ ip route $)(%$A%0%0 (00%(00%0%0 3unnel$ ip route $&(%$A*%0%0 (00%(00%(00%0 $0%$&'%(%)) ip route $&(%$A*%0%0 (00%(00%(00%0 -.I0 00 ip route $&(%$A*%$%0 (00%(00%(00%0 $0%$&'%(%)) ip route $&(%$A*%$%0 (00%(00%(00%0 -.I0 00 ip route $&(%$A*%(%0 (00%(00%(00%0 $&(%$A*%(0%$)0 ip route $&(%$A*%'%0 (00%(00%(00%0 ,%,%,%$ ip route $&(%$A*%0%0 (00%(00%(00%0 (%(%(%$ ip route $&(%$A*%*%0 (00%(00%(00%0 $%$%$%$ ip route $&(%$A*%,0%0 (00%(00%(00%0 $0%$&'%(%)) ip route $&(%$A*%,0%0 (00%(00%(00%0 -.I0 00 ip route (00%$%(%0 (00%(00%(00%0 3unnel$ ip route (00%$%(%) (00%(00%(00%(00 3unnel$ ip route (00%$%A%0 (00%(00%(00%0 3unnel$ ip route (00%$%)%0 (00%(00%(00%0 3unnel$ ip route (00%$%*%0 (00%(00%(00%0 3unnel$ ip route (00%$%&%0 (00%(00%(00%0 3unnel$ ip route (00%$%$$%0 (00%(00%(00%0 3unnel$ ip route (00%(%,%0 (00%(00%(00%0 3unnel$ ip route (00%(%'%0 (00%(00%(00%0 3unnel$ ip route (00%(%0%0 (00%(00%(00%0 3unnel$ ip route (00%(%A%0 (00%(00%(00%0 3unnel$ ip route (00%,%(%0 (00%(00%(00%0 3unnel( ip route (00%,%'%0 (00%(00%(00%0 3unnel$ ip route (00%,%0%0 (00%(00%(00%0 3unnel$ ip route (00%,%A%0 (00%(00%(00%0 3unnel$ ip route (0(%)$%$'*%$A( (00%(00%(00%(00 $&(%$A*%(0%$)0 ip route (0(%)$%$'*%$A' (00%(00%(00%(00 (0(%)$%$'*%$A( ip route (0,%&0%)0%$,) (00%(00%(00%(00 -.I0 ip route (0,%&0%*)%$,' (00%(00%(00%(00 -.I0 no ip http ser9er E logging trap alerts logging $&(%$A*%(%$)' accessFlist $ permit an/ dialerFlist $ protocol ip permit E line con 0 login line au7 0 line 9t/ 0 '

e7ecFtimeout , 0 password HemhclEM#(0(00 login E no scheduler allocate end

1ems ) $et;indiaRouter details as on :,),-)-::.

User Bccess Jeri#ication Password camsindia>en Password camsindia#sh int 1ri0 -.I0 is stand1/ mode, line protocol is down Hardware is PQUICC -.I Internet address will 1e negotiated using IPCP 23U $000 1/tes, -4 A' 51it, D!6 (0000 usec, relia1ilit/ (00+(00, t7load $+(00, r7load $+(00 8ncapsulation PPP, loop1ac" not set !ast input 00 0( 00, output ne9er, output hang ne9er !ast clearing o# <show inter#ace< counters 00 0) (0 Input =ueue 0+)0+0+0 :si>e+ma7+drops+#lushes;? 3otal output drops 0 Queueing strateg/ weighted #air @utput =ueue 0+$000+A'+0 :si>e+ma7 total+threshold+drops; Con9ersations 0+$+$A :acti9e+ma7 acti9e+ma7 total; .eser9ed Con9ersations 0+0 :allocated+ma7 allocated; 0 minute input rate 0 1its+sec, 0 pac"ets+sec 0 minute output rate 0 1its+sec, 0 pac"ets+sec A&( pac"ets input, 0A&0 1/tes, 0 no 1u##er .ecei9ed 0 1roadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 C.C, 0 #rame, 0 o9errun, 0 ignored, 0 a1ort A&( pac"ets output, 0A&0 1/tes, 0 underruns 0 output errors, 0 collisions, 0 inter#ace resets 0 output 1u##er #ailures, 0 output 1u##ers swapped out ( carrier transitions camsindia#sh int ser0 Serial0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is (0(%)$%$'&%00+,0 -ac"up inter#ace -.I0, #ailure dela/ $0 sec, secondar/ disa1le dela/ 0 sec, "ic"in load not set, "ic"out load not set 23U $000 1/tes, -4 $0'' 51it, D!6 (0000 usec, relia1ilit/ (00+(00, t7load $+(00, r7load ,+(00 8ncapsulation HD!C, loop1ac" not set 5eepali9e set :$0 sec; !ast input 00 00 00, output 00 00 00, output hang ne9er !ast clearing o# <show inter#ace< counters ne9er Input =ueue 0+)0+0+0 :si>e+ma7+drops+#lushes;? 3otal output drops 0

Queueing strateg/ weighted #air @utput =ueue 0+$000+A'+0 :si>e+ma7 total+threshold+drops; Con9ersations 0+'+(0A :acti9e+ma7 acti9e+ma7 total; .eser9ed Con9ersations 0+0 :allocated+ma7 allocated; 0 minute input rate $&000 1its+sec, 0 pac"ets+sec 0 minute output rate $$000 1its+sec, A pac"ets+sec (0)' pac"ets input, &0'))0 1/tes, 0 no 1u##er .ecei9ed $A 1roadcasts, 0 runts, 0 giants, 0 throttles (')A( input errors, 0 C.C, 0 #rame, 0 o9errun, 0 ignored, (')A( a1ort ($0) pac"ets output, 'A$0'( 1/tes, 0 underruns 0 output errors, 0 collisions, $ inter#ace resets 0 output 1u##er #ailures, 0 output 1u##ers swapped out , carrier transitions DCDCup DS.Cup D3.Cup .3SCup C3SCup camsindia#sh run -uilding con#iguration%%% Current con#iguration E 9ersion $(%$ ser9ice timestamps de1ug uptime ser9ice timestamps log uptime ser9ice passwordFencr/ption E hostname camsindia E ena1le secret 0 G$GIpI-GrmQoorPaB*uND,0"(U!LK$ E username camsindia password ) $,(($($K000&$0)8AD)0)8A()0 username go"ulnath password ) $,0)','00-0-0')D username m9" password ) 00(,$A0-0B08$K0('&)0$B$K E E E E memor/Fsi>e iomem (0 ip su1netF>ero ip nameFser9er (0(%)$%$''%A) ip nameFser9er (0(%)$%$(*%((0 ip nameFser9er (0(%)$%$(*%,, ip nameFser9er (0(%)$%$,A%$A) E isdn switchFt/pe 1asicFnet, E E E inter#ace Serial0 1ac"up dela/ $0 0 1ac"up inter#ace -.I0 ip address (0(%)$%$'&%00 (00%(00%(00%(0( E inter#ace -.I0 ip address negotiated ip nat outside

encapsulation ppp no ip routeFcache dialer idleFtimeout ,000 dialer string 0($&)*)) dialerFgroup $ isdn switchFt/pe 1asicFnet, ppp pap sentFusername camsisdn password ) $($B0'$B0$000&$0)8(*(0(0(0 ppp multilin" E inter#ace Kast8thernet0 ip address (0(%)$%$'*%$A$ (00%(00%(00%('0 ip nat inside speed auto E ip classless ip route 0%0%0%0 0%0%0%0 (0(%)$%$'&%'& ip route 0%0%0%0 0%0%0%0 -.I0 ip route $&(%$A*%0%0 (00%(00%(00%0 (0(%)$%$'*%$A( ip route (0(%)$%$'*%$A, (00%(00%(00%(00 (0(%)$%$'*%$A( ip route (0(%)$%$'*%$A' (00%(00%(00%(00 (0(%)$%$'*%$A( ip route (0(%)$%$'*%$A0 (00%(00%(00%(00 (0(%)$%$'*%$A( no ip http ser9er E accessFlist $ permit an/ accessFlist $0$ permit icmp an/ an/ accessFlist $0$ permit tcp (0(%)$%$'&%0 0%0%0%(00 host (0(%)$%$'&%00 e= telnet accessFlist $0$ permit tcp $&(%$A*%(%0 0%0%0%(00 host (0(%)$%$'&%00 e= telnet accessFlist $0$ den/ ip an/ host (0(%)$%$'&%00 accessFlist $0$ permit ip an/ an/ accessFlist $0$ permit tcp host (0(%)$%$'*%$A( an/ e= www accessFlist $0$ permit tcp an/ an/ accessFlist $0( permit tcp (0(%)$%$'&%0 0%0%0%(00 host (0(%)$%$'&%00 e= telnet accessFlist $0( permit tcp $&(%$A*%(%0 0%0%0%(00 host (0(%)$%$'&%00 e= telnet accessFlist $00 permit icmp an/ an/ accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 an/ e= smtp accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 an/ e= pop, accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 an/ e= www accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 an/ e= domain accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 an/ e= '', accessFlist $00 permit udp $&(%$A*%0%0 0%0%(('%(00 host $&(%$A*%(0%$00 e= $A0' accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host $&(%$A*%(0%$00 e= $'&' accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host $&(%$A*%(0%$00 e= *0*0 accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host (0(%)$%$'*%$A( e= (0A accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host (0(%)$%$'*%$A( e= &00 accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host (0(%)$%$'*%$A( e= (0& accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host (0(%)$%$'*%$A( e= $*(0* accessFlist $00 permit tcp $&(%$A*%0%0 0%0%(('%(00 host (0(%)$%$'*%$A( e= $*$*$ accessFlist $$0 den/ icmp an/ host (0(%)$%$'*%$A, echoFrepl/ accessFlist $$0 den/ icmp an/ host (0(%)$%$'*%$A( echoFrepl/ accessFlist $$0 permit ip an/ an/ accessFlist $,0 den/ ip $0%0%0%0 0%(00%(00%(00 an/ accessFlist $,0 den/ ip $)(%$A%0%0 0%$0%(00%(00 an/ accessFlist $,0 den/ ip $&(%$A*%0%0 0%0%(00%(00 an/ accessFlist $,0 den/ udp an/ host (0(%)$%$'*%$A( e= $*(A' accessFlist $,0 den/ tcp an/ host (0(%)$%$'*%$A( e= $*(A'

accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= domain accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= domain accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(0* accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*$*$ accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*(0* accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*$*$ accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*(,' accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*(,, accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(,' accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(,, accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*($$ accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*$&$ accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*($$ accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*$&$ accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= 000 accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (0A accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= &00 accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (0& accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (0) accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (0* accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $'&' accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= &&&& accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $A0' accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (A' accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= (A0 accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(,$ accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= isa"mp accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= (0& accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(A, accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= $*(A( accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*(A, accessFlist $,0 permit udp an/ host (0(%)$%$'*%$A( e= $*(A( accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= smtp accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A, e= smtp accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= pop, accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= www accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= '', accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A, e= '', accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A( e= *'', accessFlist $,0 permit tcp an/ host (0(%)$%$'*%$A, e= *'', accessFlist $,0 permit icmp an/ an/ accessFlist $,0 permit ip an/ an/ accessFlist $00 den/ tcp an/ host (0(%)$%$'*%$A( e= $A0 accessFlist $00 permit tcp an/ an/ dialerFlist $ protocol ip permit E line con 0 e7ecFtimeout , 0 transport input none line au7 0 line 9t/ 0 ' e7ecFtimeout , 0 password ) $,(($($K000&$0)8AB0'A-A(A,), login E

end