Professional Documents
Culture Documents
Cisco Certified Simplified
Cisco Certified Simplified
CISCO CERTIFIED
NETWORK ASSOCIATE
Revision 1.0
Netmax Technologies is an independent entity from Cisco Systems, Inc. and is not affiliated with Cisco Systems, Inc. in any
manner. This study guide and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc. Cisco, Cisco
Systems, CCDA, CCNA, CCDP, CCNP, CCIE, CCSI the Cisco Systems logo and the CCIE logo are
trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks
are trademarks of their respective owners.
__________________________________________________________________________
_______________________________________________________________________________
INTRODUCTION
Routers manufactured by Cisco Systems currently carry the vast majority of Internet
traffic worldwide. Cisco routers are powerful devices specifically designed to move
information quickly and efficiently between networks. The comprehensive family of
Cisco routers range in size and capacity from small, modular access routers designed to
power small offices and departments to powerful models designed to enable entire cities.
COURSE INTRODUCTION
In this course we are going a study a lot of technologies and our objective will be:
Create large sized LAN network
Implement WAN connectivity between multiple locations
Routing traffic between different locations
Secure networks and Control traffic flow
Connect organization to ISP
Implement new protocols like IPv6
Wi-Fi LAN networks
To achieve all these objectives we must know about following technologies
Switching
VLAN, Inter VLAN, Frame Tagging, Spanning Tree, Port Security, Ether Channel
Routing
Static, Dynamic, RIP, EIGRP, OSPF
Wan
Point-to-point Leased lines, Radio Links, Frame Relay
Security
Access-lists, CBAC, VPN, NAT
To perform all these tasks on Router and Switches some prerequisites are required
OSI and TCP/IP model
IPv4 basics & Subnetting
Router and Switch Administration
IPv6: Implementation & Migration
The course is divided in 14 Chapters. The details are given in the Contents table.
__________________________________________________________________________
COURSE CONTENTS
Introduction
Networks and its Components.
OSI Model...
NIC and its Operation..
Ethernet Most common technology .
LAN segmentation in Ethernet
Cisco Hierarchical Model
TCP/IP...
TCP/IP model..
Application Layer Protocols
Transport layer TCP/UDP ..
Internet Protocols.
Other protocols.....
IP addressing & Subnetting
IP Addressing Rules
Subnetting
VLSM.
Zero Subnet.
IP Classless.
Router Administration..
Router Architecture
Router Interfaces and Ports
Types of Router
Router Access Methods.
Router Modes.
Router Commands
Configuring Passwords..
Managing Configuration.
Banners...
Router Clock & NTP..
Logging .
Interface Configuration..
__________________________________________________________________________
4
Display Interface Status.
Telnet, SSH, SDM.
Advanced Router Management
Router boot sequence.
Router booting sources...
Configuration register.
Breaking passwords....
Backup & Upgrade IOS .
Backup & restore Configuration.
Resolving Hostnames..
Managing Telnet .
Using CDP..
IP routing..
Introduction..
IP routing process..
Types of Routing..
Static..
Dynamic..
Static Routing..
Default Routing..
Floating Static Route..
Configuration using SDM
Types of Dynamic Routing.
Distance Vector.
Link State..
Distance vector operation.
Loop Avoidance methods.
Link State Operation.
Autonomous Systems.
Routing Information Protocol
Basic Configuration
Passive interfaces.
Debugging RIP.
Configuration using SDM
Enhanced Interior Gateway Routing Protocol
Protocol Dependent Module
Reliable Transport Protocol
Diffusing Update Algorithm (DUAL)
Basic Configuration
Bandwidth metric tuning
Successor and Feasible successor
Advertised distance and Feasible distance
Open Shortest Path First.
__________________________________________________________________________
5
OSPF features.
Hierarchical model.
OSPF terms..
Router ID..
LSA flooding..
Designated Router
Backup designated router
Configuration.
Display Information & debugging
Configuration using SDM
Redistribution..
Route Summarization.
LAN Switching.
Switch Operation.
Types Of switches.
Selection Criteria for selection of switch
Basic switch administration
VLAN ..
Frame tagging.
VLAN Trunking Protocol
Inter VLAN ...
Cisco Network Assistant.
Voice VLAN .
Spanning Tree Protocol.
STP terms.
Operation.
Port-fast.
Uplink-fast.
Backbone-fast .
RSTP.
Port Security.
Ether Channel.
Using CAN.
Access Control Lists.
Security Threats.
IOS security solutions.
Access Control Lists.
Types of ACL.
Standard ACL.
Named ACL.
VTY control using ACL.
Extended ACL.
Time Based ACL.
__________________________________________________________________________
6
CBAC.
ACL configuration using SDM
Network Address Translation.
Introduction.
NAT terms.
Static NAT.
Port based Static NAT.
Dynamic NAT.
Dynamic NAT using Overload
NAT using SDM.
Wireless Technologies.
Wireless Basics.
NIC working.
802.11 Standards.
Service Set.
Service Set Identifier.
Independent basic service set
Basic service set.
Extended service set
Cisco Unified Wireless Solutions
Wireless Security..
WEP.
WPA/WPA2.
802.1X.
Internet Protocol version 6.
Introduction.
Changes in comparison to IPv4
IPv6 Header Format.
IPV6 addressing.
Auto-configuration.
Basic Configuration on Router
Static routing.
Dynamic routing .
RIPng.
EIGRPv6.
OPSFv3.
Migration to IPv6.
Dual Stacking..
IPv6 to IPv4 Tunnel
NAT-PT.
Wide Area Networks.
__________________________________________________________________________
7
WAN technologies.
Selection Criteria for WAN networks
WAN terms.
WAN encapsulation.
Point to Point WAN technologies
Steps to setup P-t-P wan.
p-t-p topologies.
Router Configuration
Modem Configuration
HDLC & PPP.
PPP authentication.
Frame Relay basics.
Point to point frame relay
Multi-point Frame relay.
Frame relay traffic shaping
Configuration using SDM.
__________________________________________________________________________
Software
__________________________________________________________________________
Design Considerations
Server software and Client software should be compatible.
Protocol stack must be same.
Connectivity can be performed via switch/hub etc.
If NIC standards are different then translational bridge is required.
If media is different then Trans-Receiver is required.
__________________________________________________________________________
10
_________________________________________________________________________
OSI Model
OSI model is the layer approach to design, develop and implement networks. OSI model provides
following advantages: Designing of network will be standards based.
Development time of new technologies will be reduced.
Devices from multiple vendors can communicate with each other.
Implementation and troubleshooting of network will be easier.
Application Layer: -
__________________________________________________________________________
11
Application layer accepts data and forward into the protocol stack. It creates user
interface between application software and protocol stack.
Presentation Layer: This layer decides presentation format of the data. It also able to performs other
function like compression/decompression and encryption/decryption.
Session Layer: This layer initiate, maintain and terminate sessions between different applications. Due
to this layer multiple application software can be executed at the same time.
Transport Layer: Transport layer is responsible for connection oriented and connection less
communication. Transport layer also performs other functions like :Positive Acknowledgement & Response
Error checking
Flow Control
Buffering
Windowing
Multiplexing
Sequencing
__________________________________________________________________________
12
Sender
Receiver
Send
Error checking
Transport layer generates cyclic redundancy check (CRC) by using a polynomial and
forward the CRC value to destination in data. The other end will generate CRC
according to data and match the generated CRC value with received value. If both
are same, then data is accepted otherwise discarded.
Flow Control
__________________________________________________________________________
13
Flow control is used to control the flow of data during communication. For this
purpose following methods are used: Buffering
Buffer is the temporary storage area. All the data is stored in the buffer memory and
when communication ability is available the data is forward to another.
Windowing
Windowing is the maximum amounts of the data that can be send to destination
without receiving Acknowledgement. It limits the size of buffer.
Multiplexing
Multiplexing is used for multiple applications on same IP.
Sequencing
Transport layer add sequence number to data, so that out of sequence data can be
detected and rearranged in proper manner.
Positive Acknowledgement and Response
When data is send to destination, the destination will reply with Acknowledgement
to indicate the positive reception of data. If Acknowledgement is not received
within a specified time then the data is resend from buffer memory.
Network Layer
This layer performs function like logical addressing and path determination. Each
networking device has a physical address that is MAC address. But logical addressing is
easier to communicate on large size network.
Logical addressing
Logical addressing defines network address and host address. This type of addressing is
used to simplify implementation of large network. Some examples of logical addressing
are: - IP addresses, IPX addresses etc.
Path determination
Network layer has different routing protocols like RIP, EIGRP, BGP, and ARP etc. to perform
the path determination for different routing protocol.
Its other responsibilities are:
Fragmentation
Header checksum
Quality of Service
Protocol Identification
__________________________________________________________________________
14
Logical Link Control defines the encapsulation that will be used by the NIC to delivered
data to destination. Some examples of Logical Link Control are ARPA (Ethernet),
802.11 wi-fi.
Media Access Control defines methods to access the shared media and establish the
identity with the help of MAC address. Some examples of Media Access Control are
CSMA/CD, Token Passing.
Physical Layer
Physical Layer is responsible to communicate bits over the media this layer deals with the
standard defined for media and signals. This layer may also perform modulation and
demodulation as required.
______________________________________________________________
Devices at different Layers
Physical Layer Devices
Hub, Modem, Media, DCE (Data comm. Equipment)
CSU/DSU, Repeater, Media converter
__________________________________________________________________________
15
______________________________________________________________________________
Data Encapsulation
__________________________________________________________________________
16
LAN Technologies
_____________________________________________________________________________________
Ethernet
Ethernet is the most popular LAN technology. It can support verity of media like copper (UTP,
Coaxial, fiber optic). This technology supports wide range of speed from 10mbps to 10000 mbps.
__________________________________________________________________________
17
Ethernet frame
Preamble An alternating 1,0 pattern provides a 5MHz clock at the start of each packet, which
allows the receiving devices to lock the incoming bit stream.
Start Frame Delimiter (SFD)/Synch The preamble is seven octets and the SFD is one octet
(synch). The SFD is 10101011, where the last pair of 1s allows the receiver to come into the
alternating 1,0 pattern somewhere in the middle and still sync up and detect the beginning of the
data.
Length or type 802.3 uses a length field, but the Ethernet frame uses a type field to identify the
network layer protocol. 802.3 cannot identify the upper-layer protocol and must be used with a
proprietary LAN-IPX, for example
__________________________________________________________________________
18
CSMA/CD
This algorithm runs when a collision occurs
__________________________________________________________________________
19
Varieties of Ethernet
10Mbit/s Ethernet
10BASE2 (also called ThinNet or Cheapernet): 50-ohm coaxial cable connects machines together,
each machine using a T-adaptor to connect to its NIC. Requires terminators at each end. For many
years this was the dominant Ethernet standard 10 Mbit/s.
10BASE-T: runs over four wires (two twisted pairs) on a Category 3 or Category 5 cable. A hub or
switch sits in the middle and has a port for each node. This is also the configuration used for
100BASE-T and gigabit Ethernet. 10 Mbit/s.
Fast Ethernet
100BASE-T: A term for any of the three standard for 100 Mbit/s Ethernet over twisted pair cable.
100BASE-TX: Uses two pairs, but requires Category 5 cable. Similar star-shaped configuration to
10BASE-T. 100 Mbit/s.
100BASE-FX: 100 Mbit/s Ethernet over fibre.
Gigabit Ethernet
1000BASE-T: 1 Gbit/s over Category 5e copper cabling.
__________________________________________________________________________
20
1000BASE-SX: 1 Gbit/s over fiber.
1000BASE-LX: 1 Gbit/s over fiber. Optimized for longer distances over single-mode fiber.
1000BASE-CX: A short-haul solution (up to 25 m) for running 1 Gbit/s Ethernet over special copper
cable. Predates 1000BASE-T, and now obsolete.
10-gigabit Ethernet
The 10-gigabit Ethernet family of standards encompasses media types for single-mode fibre (long
haul), multi-mode fibre (up to 300 m), copper backplane (up to 1 m) and copper twisted pair (up
to 100 m). It was first standardised as IEEE Std 802.3ae-2002, but is now included in IEEE Std
802.3-2008.
10GBASE-T: designed to support copper twisted pair was specified by the IEEE Std 802.3an-2006
which has been incorporated into the IEEE Std 802.3-2008.
____________________________________________________________________
Ethernet Cabling
Coaxial cabling
T connector, Terminator, BNC connector, Coaxial cable, 10 base2 lan cards
UTP Cabling
In the UTP, we have used different topology to create the network.
__________________________________________________________________________
21
In any Ethernet UTP topology we have to use one of the two types of cables
Straight cable
Cross cable
Structure Cabling
Requirement: Rack, patch panel, Switch/ Hub( Rack Mounable), patch cord,
I/O connector, I/O box, UTP cable
Tool: - Punching tool
__________________________________________________________________________
22
_____________________________________________________________________
Problems of Ethernet technology
In Ethernet only one pc is able to send data at a time, due to this the bandwidth of
ethernet will be shared.
Not an equal access technology.
One pc will send data, which will be received by the all devices of network. Due to
this data communication will not be secured.
Collision will occur in the network and collision will lead to other problems like
latency, delay and reduce throughput.
Latency time duration to send packet from start to end.
Throughput speed to send data (output)
All PCs will have single broadcast domain. Due to this the bandwidth will be
reduced.
_____________________________________________________________________
LAN Segmentation of Ethernet Network
There are three methods to perform LAN segmentation
(1)
LAN segmentation using bridge.
(2)
LAN segmentation using switches.
(3)
LAN segmentation using Routers.
Collision domain
A group of pc, in which collision can occur, is called a collision domain.
Broadcast domain
A group of pc in which broadcast message is delivered is called broadcast domain.
LAN segmentation using bridge.
Existing
__________________________________________________________________________
23
New
1st collision domain 2nd collision domain
1 broadcast domain
Working of Bridge: Working of Bridge explains in following steps: (i) Bridge can receives a frame in the buffer memory.
(ii) The source MAC address of frame this stored to the bridging table.
Port number
MAC address
1
2
3
(iii)
According to the destination MAC address the frame will be forwarded or drop
(a) If destination MAC address of the frame is known then frame is forwarded to the
particular port.
(b) If destination MAC address is unknown by bridging table then frame is forwarded to
the all port except receiving port.
(c) If destination MAC address is broadcast MAC address ff.ff.ff.ff.ff.ff.
(d) If destination MAC address exist on the same port from which port received then
frame is dropped.
__________________________________________________________________________
24
1 Broadcast domain
TIP: Switchs working is similar to the bridge.
Advantages of Switches: (1) Bandwidth will not be shared and overall throughput will depend on wire speed of
the switch. Wire speed is also called switching capacity measured in mbps or gbps.
(2) Any time access technology.
(3) One to one communication so that network will be more secures.
(4) Switches will perform micro segmentation and no collision will occur in network.
__________________________________________________________________________
25
We have to install router between multiple switches to divide the broadcast domain. Each
broadcast domain has to used different network address and router will provide inter
network communication between them.
__________________________________________________________________________
26
Router Administration
In this chapter we will study hardware architecture, Router Booting behavior, Command Line Usage and
administration.
Pc Architecture
K/B
Controller
Processor
Keyboard
Memory controller
I/O
Controller
Display
Card
V.D.U
RAM
Serial
Parallel
USB
BIOS
ROM
HDD
FD
CDD
Sound
Card
CMOS
RAM
Router Architecture
LAN
Processor
I/O
Controller
Memory
Controller
WAN
RAM
Ports
BIOS
ROM
Flash
RAM
O/S
IOS
NVRAM
Components of ROUTER
__________________________________________________________________________
27
Router operation
When a pc has to send data to a different network address, then data will be forwarded to the
router. It will analysis IP address of the data and obtain a route from the routing table. According
to the route data will be dropped, If route not available.
Processor
Speed: - 20 MHz to 1GHz
Architecture: - RISC
Reduce Instruction set computer
Manufacturers: - Motorola, IBM, Power PC, Texas, Dallis, Intel.
Flash RAM
Flash Ram is the permanent read/write memory. This memory is used to store one or more copies
of router o/s. Router o/s is also called IOS (Internetwork Operating System).
NVRAM
NVRAM is a Non Volatile Random Access Memory. It is used to store the configuration of the
Router. The size of NVRAM is 8 KB to 512 KB.
RAM
Ram of the router is divided into two logical parts.
(i)
Primary RAM
(ii)
Shared RAM
Primary RAM
__________________________________________________________________________
28
Shared RAM
Shared RAM is used as a buffer memory to shared the data received from different
interfaces. Size of ram in a router may vary from 2 mb to 512 mb.
The types of memory that may be present in a ram are: DRAM
Dynamic RAM
EDORAM
Extended Data Out RAM
SDRAM
Synchronous Dynamic RAM
BIOS ROM
The BIOS ROM is the permanent ROM. This memory is used to store following program & Routines:
Boot strap loader (doing booting)
Power on self test routines
Incomplete IOS
ROM Monitor (ROM-MON)
_______________________________________________________________
Router Interfaces
Interface
Ethernet
Connector
RJ45
color
yellow
Speed
Use
10 mbps
To connect Ethernet LAN
Using UTP media
AUI
DB15
yellow
10 mbps
Fast Ethernet
Serial
RJ45
yellow
100 mbps
DB60
blue
E1-2 mbps
T1-1.5 mbps
Technology like Leased
Lines, Radio link, Frame
Relay, X.25, ATM
Smart Serial
SS
blue
__________________________________________________________________________
29
BRI ISDN
RJ45
VOIP
orange
RJ11
white
192 kbps
____________________________________________________________
Router Ports
Port
Console
Connector
RJ45
Color
sky blue
Speed
9600bps
Details
Used for configuration
using PC
Auxiliary
RJ45
black
depend on
Modem
To connect remote
router using PSTN line
_____________________________________________________________
Other interfaces:(1) Token Ring
network.
RJ45
Violet
4/16 mbps
RJ45
White
E1-2048 kbps
T1-1544 kbps
(3) ADSL
RJ11
(Asynchronous Digital Subscriber Line)
Connect E1/T1lines
Types of routers:
Modular router
Chassis based router
__________________________________________________________________________
30
Step 1 Click the Start button on the Windows Taskbar, and select Programs >
Accessories > Communications > HyperTerminal. HyperTerminal launches and displays
the Connection Description dialog box.Type any name
Step 2 Select com port
Step 3 On the Port Settings tab, enter the following settings:
Speed - 9600
Data Bits - 8
Parity - none
Stop bits - 1
Flow Control - none
Step 4 Click ok
________________________________________________________
Router Access Modes
When we access router command prompt the router will display different modes. According to the
modes, privileges and rights are assigned to the user.
__________________________________________________________________________
31
User mode
In this mode, we can display basic parameter and status of the router we can test
connectivity and perform telnet to other devices. In this mode we are not configure to
manage & configure router.
Privileged mode
In this mode, we can display all information, configuration, perform administration task,
debugging, testing and connectivity with other devices. We are not able to perform here
configuration editing of the router.
The command to enter in this mode is enable. We have to enter enable
password or enable secret password to enter in this mode. Enable secret has more priority
than enable password. If both passwords are configured then only enable secret will work.
Global configuration
This mode is used for the configuration of global parameters in the router. Global
parameters applied to the entire router. The command enter in this mode is configure
terminal.
For e.g: - router hostname or access list of router
__________________________________________________________________________
32
Router(config)#router rip
Router(config)#router eigrp 10
Configuring Passwords
There are five types of password available in a router
(1) Console Password
router#configure terminal
router(config)#line console 0
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
__________________________________________________________________________
33
Managing Configuration
There are two types of configurations present in a router
(1) Startup Configuration (2) Running Configuration
Startup configuration is stored in the NVRAM. Startup configuration is used to save settings
in a router. Startup configuration is loaded at the time of booting in to the Primary RAM.
Running Configuration is present in the Primary RAM wherever we run a command for
configuration, this command is written in the running configuration.
To display running-configuration
Router#show running-configuration
To save configuration
Router#copy running-config startup-config
Or
Router#write
To abort configuration
Router#copy startup-config running-config
Configuring HostName
Router#configure terminal
Router#hostname <name>
________________________________________________________________
Configuration Interfaces
Interfaces configuration is one of the most important part of the router
configuration. By default, all interfaces of Cisco router are in disabled mode. We
__________________________________________________________________________
34
have to use different commands as our requirement to enable and configure the
interface.
Interface Numbers
Interface numbers start from 0 for each type of interface some routers will directly used
interface number while other router will use slot no/port no addressing technique.
Eth 0
Serial 0
Serial 1
Slot 1
Serial 1/0
Serial 1/1
Slot 0
Serial 0/0
t #h
i t f
(t
ll
Keep alive
Queuing strategy
Input queue detail Output queue details
Traffic rate (In packet per second,bit per second)
Input packet details
Output packet details
Modem signals (wan interface only)
M.T.U maximum transmission rate (mostly 1500 bytes)
__________________________________________________________________________
35
Configuring secondary IP
Router(config-if)#IP address 192.168.10.5 255.255.255.0
Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondary
_______________________________________________________________
Managing Command Line History
We can use CTRL+P & CTRL+N shortcuts to display command history. By default router will up to
10 commands. In the command line history, we can use following commands to edit this setting
Configuring Banners
Banners are just a message that can appear at different prompts according to the
type. Different banners are:
Message of the day (motd)-This banner appear at every access method
Example:-
Router#config terminal
Router(config)#banner <type> <delim. char>
Text Massage
<delimation char>
Router(config)#
Router#config terminal
Router(config)#banner motd $
This router is distribution 3600 router
connected to Reliance
$
__________________________________________________________________________
36
Logging configuration
Router generates the log message, which has stored in the router internal buffer and also
displayed on the console.
Download Syslog Server Software from internet & install it on PC to store syslog messages.
To display clock
Router#show clock
Router#config terminal
Router(config)#ntp server <IP address>
Router(config)#exit
To configure clock
Router#clock set hh:mm:ss day month year
Use
C:\>ping pool.ntp.org
__________________________________________________________________________
37
This message will appear when everything working fine and interface is able
to communicate with other devices. In case of Ethernet, this message will
display when interface is connected and enabled. In case of serial, this
message will display when end to end connectivity is established.
Interface is down, line protocol is down
In case of serial, this message will appear due to loss in connectivity with
modem.
Interface is up, line protocol is down
This message will appear due to the encapsulation failure. In case of
Ethernet, this message may appear when interface is not connected properly.
In case of serial, this message may appear due connectivity problem with far
end router.
Setup Mode
The router will enter in setup mode if there is no configuration is present in NVRAM. The
router will display following message
Would you like to enter in initial configuration dialog [ y / n ]:
There are two types of setup modes:
Basic setup mode
Extended setup mode
In basic mode only one interface is configured which will be used for telnet or
web access connectivity. In extended mode all interfaces are configured. At the end
we can save configuration changes or discard changes
Telnet access
Telnet is a virtual port through which we can access router command line using interfaces
PC
Switch
Router
__________________________________________________________________________
38
To accept telnet connection we have to configure following options on router:
Configure IP on interface
Configure VTY, enable secret password
On client PC test connectivity with router & use command telnet <router_ip>
__________________________________________________________________________
39
Configuration Register
Configuration Register is 16-bit value, which is stored in the NVRAM. At the time of booting
the Bootstrap Loader reads the value of configuration Register and according to the value it
configure its booting behavior.
0x2102 (IOS with Config)
With this value the router will boot from first file present in the flash memory. This
is the default value of configuration register. After loading IOS the router will also
load startup-config into running-config.
0x2101 (Incomplete IOS with Config)
The router will boot from incomplete IOS and then load the startup-config.
0x2100 (Rom Monitor)
With this router will not boot, but enters in the Rom Monitor mode.
0x2142 (IOS without Config)
The router will boot from first file in flash. But bypass the startup configuration
0x2141 (Incomplete IOS without Config)
The router will boot from Incomplete IOS but bypass the startup-config.
__________________________________________________________________________
40
__________________________________________________________________________
41
Run the tftp server s/w on pc. And copy IOS image file in the Home directory
of tftp server.
Test connectivity between router and tftp server.
On router use following commands:Router#conf ter
Router(config)#boot system tftp c1700-1s-mz.122.3.bin 10.0.0.18
Router(config)#exit
Router#copy runn start
Reload the device. Make sure that configuration register set as 0x2102.
To backup IOS
To backup Configuration
__________________________________________________________________________
42
To restore Configuration
Test connectivity and make sure TFTP server is running.
Make sure configuration file is present in home directory and note the filename.
Type commands: Router#copy tftp running-config
Remote IP: __________
Source Filename: ___________
Destination Filename[running-config]: _ Press enter here
Restore/Upgrade IOS
There are four different conditions in which we can restore/upgrade IOS.
Case 1: old IOS is present and flash is in read/write mode.
Copy IOS image in tftp servers home directory.
Test connectivity and make sure tftp server is running.
On router use commands: Router# copy tftp flash
Source file: Destination file: IP address: Erase Flash [y/n]:
Case2: Old IOS is present but flash is in read only mode.
In this case, we have to set config-register to 0x2101 to boot the router from
incomplete IOS.
After booting the flash will be read/write mode. Now use same command as in
condition case 1.
When IOS loading is complete reset config-register to 0x2102.
Case3: old IOS is not present but incomplete IOS is present in bios.
The router will automatically boot from incomplete IOS. And we have to execute
same commands as in case1 and case2.
Case4: Complete IOS and incomplete IOS is not present in router.
There are two methods to load IOS with the help of Rom Monitor mode.
Method1: Loading IOS using xmodem
In this case we have to use xmodem command and the IOS will be loaded with the
help of console cable. Tftp is not required in this case.
Enter to the Rom Monitor and type following command.
Rom Mon 1>xmodem <filename>
__________________________________________________________________________
43
When router display a message Ready to receive file then click on HyperTerminal
then Transfer>> Send file>> use browse to select file>> select protocol xmodem>>
send.
Method2: In this case we have to use tftp server in Rom Monitor.
Connect the pc tftp server make sure tftp is running and IOS image present in the
home directory.
Enter to the Rom Monitor mode and type following command.
Rom Mon>IP_ADDRESS=10.0.0.2
Rom Mon> TFTP_SERVER=10.0.0.1
Rom Mon> TFTP_FILE=<filename>
Rom Mon> DEFAULT_GATEWAY=10.0.0.1
Rom Mon> IP_SUBNET_MASK=255.0.0.0
Rom Mon> tftpdnld
When IOS transfer is completed then type command.
Rom Mon>boot
To view source from which router boots.
Router#show version
________________________________________________________________
Resolving Host Names
In router, we can communicate with the help of IP address as well as host name and
domain name. There are two methods to resolve hostname into IP address.
To display hosts
Router#show hosts
__________________________________________________________________________
44
____________________________________________________________________________________
To disconnect a user
_____________________________________________________________________________
Cisco Discovery Protocol
This protocol is by default enabled in Cisco devices. It will send periodic update after every one
minute on all interfaces. The neighbors will receive this information and store in the CDP
neighborship table. CDP is helpful in troubleshooting or to create documentation of CDP. We can
obtain following information about neighbor automatically.
(1) Hostname
(2) Device type
(3) Model/Platform
(4) IOS version
(5) Local connected interface
(6) Remote device connected interface
(7) Entry IP address etc.
__________________________________________________________________________
45
Display CDP status
Router#sh cdp
To display CDP enabled interfaces
Router#sh cdp interface
To display CDP neighbors
Router#sh cdp neighbor
Or
Router#sh cdp neighbor detail
To disable CDP from device
Router#conf ter
Router(config)#no cdp run
To disable CDP on particular interface
Router#conf ter
Router(config)#int <type> <no.>
Router(config-if)#no cdp enable
Router(cobfig-if)#exit
To change CDP timers
Router#conf ter
Router(config)#cdp timer <value> (by default 60 sec)
Router(config)#cdp holdtime <value> (by default 180 sec)
(Value in seconds)
__________________________________________________________________________
46
TCP/IP MODEL
TCP/IP is the most popular protocol stack, which consist of large no of protocol. According to the
OSI model TCP/IP consist of only four layers. TCP/IP model is modified form of DOD (Department
of Defense) model.
Application Layer
This layer contains a large no. of protocols. Each protocol is designed to act as server &
client. Some of protocol will need connection oriented. TCP and others may need connection less
UDP for data transfer.
Application layer use port no.s to identity each application at Transport layer. This layer
performs most of functions, which are specified by the Application, Presentation, and Session
layer of OSI model.
Transport Layer
Two protocols are available on Transport layer
Transmission Control Protocol
User Datagram Protocol
__________________________________________________________________________
47
Source Port and Destination Port fields together identify the two local end points of
the particular connection. A port plus its hosts IP address forms a unique end point.
Ports are used to communicate with the upper layer and distinguish different
application sessions on the host.
The Sequence Number and Acknowledgment Number fields specify bytes in the
byte stream. The sequence number is used for segment differentiation and is useful
for reordering or retransmitting lost segments. The Acknowledgment number is set
to the next segment expected.
Data offset or TCP header length indicates how many 4-byte words are contained in
the TCP header.
The Window field indicates how many bytes can be transmitted before an
acknowledgment is received.
The Checksum field is used to provide extra reliability and security to the TCP
segment.
The actual user data are included after the end of the header.
__________________________________________________________________________
48
Internet Layer
The main function of Internet layer is routing and providing a single network interface to
the upper layers protocols. Upper or lower protocols have not any functions relating to
routing. To prevent this, IP provides one single network interface for the upper layer
protocols. After that it is the job of IP and the various Network Access protocols to get
along and work together. The main protocols are used in Internet layer:1) Internet Protocol (IP)
2) Internet Control Message Protocol (ICMP)
3) Address Resolution Protocol (ARP)
4) Reverse Address Resolution Protocol (RARP)
5) Proxy ARP
Internet Protocol
This protocol works at internet layer. It is responsible for logical addressing, defining type
of service and fragmentation.
__________________________________________________________________________
49
Source Port and Destination Port fields together identify the two local end points of
the particular connection. A port plus its hosts IP address forms a unique end point.
Ports are used to communicate with the upper layer and distinguish different
application sessions on the host.
The Sequence Number and Acknowledgment Number fields specify bytes in the
byte stream. The sequence number is used for segment differentiation and is useful
for reordering or retransmitting lost segments. The Acknowledgment number is set
to the next segment expected.
Data offset or TCP header length indicates how many 4-byte words are contained in
the TCP header.
Window indicates how many bytes can be transmitted before an acknowledgment is
received.
Checksum is used to provide extra reliability and security to the TCP segment.
User data represents the actual data which are always included at end of the
header.
__________________________________________________________________________
50
IP Subnetting
In TCP/IP by default three sizes of networks are available: (1) Class A -224 PC -> 16777216
(2) Class B - 216 PC-> 65536
(3) Class C 28 PC -> 256
In subneting, we will divide class A,B & C network into small size sub networks. This
procedure is called subneting.
Subneting is performed with the help of subnet mask. There are two types of
subneting that we performed: (1)
FLSM Fixed Length Subnet Mask
(2)
VLSM Variable Length Subnet Mask
Why to Subnet
(i) Default Class Network provide us large no. of PCs in comparison to the requirement of
PCs in the network.
(ii) It is practical never possible to create a class A or class B sized network.
To reduce the broadcast of network, we have to perform LAN segmentation of
routers. In each sub network, we need different network addresses.
How to Subnet?
In this formula, we will first modify our requirement according to the no. of subnet possible
then we calculate new subnet mask and create IP range.
Example 1
Class = C
No. of subnet =5
Step1
No. of subnet possible is 2,4,8,16,32
Class= C
No. of subnets= 8
Step 2
Calculate key value
2? = No. of subnets
2? = 8
23 = 8
Step 3
Calculate new subnet mask
In class C
__________________________________________________________________________
51
Net id
24+key
24+3
27
Host id
8-key
8-3
5
11111111.11111111.11111111.11100000
255.
255.
255.
224
We add this address to make subnet mask
Step 4
Range
No. of Pc/Subnet= Total Pc/ No. of Subnet
= 256/8 =32
In Class C
x.x.x.0 x.x.x.31
(1)(30)
x.x.x.32- x.x.x.63
6495
96127
128159
160191
192223
x.x.x.224-x.x.x.255
The first IP of each subnet will be subnet id and last IP will be sub network broadcast address.
Example 2
Class= C
No. of subnet= 10
Step 1
No. of subnet= 16
Step 2
24= 16
Step 3
Net id
Host id
24+4
8-4
11111111.11111111.11111111.11110000
Subneting method 2
__________________________________________________________________________
52
Class=
No. of Pc/Sub= 8
Mask= ?
Range= ?
In this case we have to calculate the key according to the no. of per subnet according to the key
value the bits of subnet mask from right hand side are set to zero then range is calculated.
Example
Class= C
No. of Pc/Sub=5
Step 1
No. of Pc/Subnet possible 4,8,16,32,64.
New requirement
Class= C
No. of Pc/Sub= 8
Step 2
2?= No. of Pc/Sub
2?= 8
23 = 8
key 3
11111111.11111111.11111111.11111000
255.
255.
255.
248
No. of Subnet= Total Pc/(Pc/Sub)
= 256/8
Class C
255.255.255.248
200.100.100.0
.8
.16
.24
.
.
Sub
32
Pc/Sub
8
200.100.100.7
.15
.23
.31
__________________________________________________________________________
53
Example 2
Class C
No. of Pc/Sub=50
Step 1
Class= C
No. of Pc/Sub= 64
Step 2
26= 64
11111111.11111111.11111111.11000000
255.
255.
255.
192
No. of subnet= 256/64= 4
Class C
255.255.255.192
Sub
4
Pc/Sub
64
Method 3
No. of Pc/Sub= 50
New req.
No. of Pc/Sub= 64
No. of Subnet= 256/64= 4
Class= C
No. of Sub= 4
22 = 4
24+2
8-2
11111111.11111111.11111111.11000000
255.
255.
255.
192
Zero Subnet
According to the rules of IP Addressing the first subnet and last subnet is not useable due to
routing problem. In new Cisco router a command is present in default configuration. With this
command, we are able to use first and last Subnet after Subneting.
Command is
Router#config ter
Router(config)#ip subnet-zero
__________________________________________________________________________
54
Router(config)#exit
Example: - Check whether an address is valid IP, N/w address or Broadcast address. If IP is valid
then calculate its N/w & Broadcast address.
200.100.100.197
255.255.255.240
28
4
200.100.100.197
200.100.100.1100
0101
Valid IP
200.100.100.192
200.100.100.1100
0000
Network address
200.100.100.207
200.100.100.1100
1111
Broadcast address
Example: Class= B
No. of subnet= 64
26= 64
11111111.11111111.11111111.11000000
255.
255.
255.
192
No. of Pc/Sub= 65536/64= 1024
150.20.0.0 150.20.3.255
150.20.4.0 150.20.7.255
150.20.8.0 150.20.11.255
Prefix Notation of representing IP Address
IP address can be written as IP & Mask as well as IP/Prefix.
200.100.100.18
255.255.255.248
200.100.100.18/29
170.20.6.6
255.255.255.224.0
170.20.6.6/19
This method is representing IP address also called CIDR (Classless Inter Domain Routing) notation.
__________________________________________________________________________
55
No Subneting
200.100.8.X
200.100.1.X
200.100.7.X
200.100.4.X
200.100.5.X
200.100.9.X
200.100.6.X
200.100.3.X
200.100.2.X
FLSM
200.100.1.112-127/28
200.100.1.128-143/28
200.100.1.95-111/28
200.100.1.48-63/28
200.100.1.80-95/28
200.100.1.64-79/28
200.100.1.32-47/28
200.100.0-15/28
200.100.1.16-31/28
Remaining Subnet
144 159
160 175
176 191
__________________________________________________________________________
56
192 207
208 223
224 239
240 255
/26
/27
/28
/29
255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248
Sub
Pc/Sub
Pc/Sub
2
128
Sub
4
0 127
128 255
Pc/Sub
64
0 63
64 127
128 191
192 255
Sub
8
32
0 31
32 63
64 95
96 127
Pc/Sub
16
Sub
Pc/Sub
16
32
0 15
16 31
32 47
48 63
64 79
80 95
96 111
Sub
8
07
8 15
16 23
24 - 31
/30
255.255.255.252
Sub Pc/Sub
64
03
47
8 11
12 15
20
32-63/30
64
64-95/27
__________________________________________________________________________
57
2 IP
0-3/30
4-7/30
2
8-11/30
2
12-15/30
5
16-23/29
10
96-111/28
50
128-191/26
Remaining
24 31
112 127
If we are using VLSM and Dynamic Routing then routing be compatible to VLSM. This will happen
only if Subnet masks are also sends in the routing updates.
Super Netting
Combining small N/w to create a large size N/w is called Super Network. Super netting is mostly
used to define route summarizations in routing tables. It is not used for the implementation of
large network.
170.10.0.0
170.00001010.00000000.00000000
170.11.0.0
170.00001011.00000000.00000000
__________________________________________________________________________
58
IP Routing
When we want to connect two or more networks using different n/w addresses then we have to
use IP Routing technique. The router will be used to perform routing between the networks. A
router will perform following functions for routing.
Path determination
Packet forwarding
Routing Process
The pc has a packet in which destination address is not same as the local n/w address.
The pc will send an ARP request for default gateway. The router will reply to the ARP
address and inform its Mac address to pc.
The pc will encapsulate data, in which source IP is pc itself, destination IP is server, source
Mac is pcs LAN interface and destination Mac is routers LAN interface.
R1
10.0.0.1
PC1 10.0.0.6
172.16.0.5
S. MAC
PC1
D. IP 172.16.0.5
S. IP 10.0.0.6
D. MAC
R1
__________________________________________________________________________
59
The router will receive the frame, store it into the buffer. When obtain packet from the frame then
forward data according to the destination IP of packet. The router will obtain a route from routing table
according to which next hop IP and interface is selected
(iv) According to the next hop, the packet will encapsulated with new frame and data is send to the
output queue of the interface.
Static Routing
In this routing, we have to use IP route commands through which we can specify routes for different
networks. The administrator will analyze whole internetwork topology and then specify the route for
each n/w that is not directly connected to the router.
__________________________________________________________________________
60
AD
0
1
20
90
100
110
120
__________________________________________________________________________
61
Router(config)#ip route 150.10.0.0 25.255.0.0 160.20.1.1 8 (below 20)
Router(config)#exit
Default Routing
Default routing means a route for any n/w. these routes are specify with the help of following syntax: Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>
Or
<exit interface>
This type of routing is used in following scenario.
Scenario 2
Internet connectivity
On Internet, million of n/ws are present. So we have to specify default routing on our router.
Default route is also called gateway of last resort. This route will be used when no other routing
protocol is available.
ISP
__________________________________________________________________________
62
200.100.100.11
R1
172.16.0.5
R2
10.0.0.0
_____________________________________________________________________
Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing
information to the neighbor router. This protocol will send its routing information to the neighbor
router. The neighbors will analyze the information and write new routes to the routing table.
The routers will pass routing information receive from one router to other router also. If
there are more than one path available then routes are compared and best path is selected. Some
examples of dynamic protocol are: RIP, IGRP, EIGRP, OSPF
__________________________________________________________________________
63
Autonomous system
Autonomous system is the group of contiguous routers and n/w, which will share their routing
information directly with each other. If all routers are in single domain and they share their information
directly with each other then the size of routing updates will depend on the no. of n/w present in the
Internetwork. Update for each n/w may take 150 200 bytes information.
For example: - if there are 1000 n/ws then size of update will be
200*1000 = 200000 bytes
The routing information is send periodically so it may consume a large amount of bandwidth in our n/w.
Border Routing
Exterior Routing
Interior Routing
AS 400
AS 200
AS 500
Domain
Protocols
Interior Routing
RIP
IGRP
EIGRP
OSPF
Exterior Routing
BGP
EXEIGRP
__________________________________________________________________________
64
Operation: (1) Each Router will send its directly connected information to the neighbor router. This
information is send periodically to the neighbors.
(2) The neighbor will receive routing updates and process the route according to following
conditions: (i) If update of a new n/w is received then this information is stored in routing table.
(ii) If update of a route is received which is already present in routing table then route
will be refresh that is route times is reset to zero.
(iii) If update is received for a route with lower metric then the route, which is already
present in our routing table. The router will discard old route and write the new
route in the routing table.
(iv) If update is received with higher metric then the route that is already present in
routing table, in this case the new update will be discard.
(3) A timer is associated with each route. The router will forward routing information on all
interfaces and entire routing table is send to the neighbor. There are three types of timers
associated with a route.
(i) Route update timer
It is the time after which the router will send periodic update to the neighbor.
(ii) Route invalid timer
It is the time after which the route is declared invalid, if there are no updates for the
route. Invalid route are not forwarded to neighbor routers but it is still used to forward the
traffic.
(iii) Route flush timer
It is the time after which route is removed from the routing table, if there are no
updates about the router.
__________________________________________________________________________
65
Hop Count:It is the no. of Hops (Routers) a packet has to travel for a destination n/w.
Bandwidth : Bandwidth is the speed of link & path with higher bandwidth is preferred to send
data.
Load : Load is the amount of traffic present in the interface. Paths with lower load and high
throughput
is used to send data.
Reliability : Reliability is up time of interface over a period of time.
Delay : Delay is the time period b/w a packet is sent and received by the destination.
MTU : Maximum Transmission Unit It is the maximum size of packet that can be sent in a frame
mostly
MTU is set to 1500.
__________________________________________________________________________
66
Maximum Hop Count
This method limits the maximum no. of hops a packet can travel. This method does not solve loop
problem. But it reduce the loop size in the n/w. Due to this method the end to end size of a n/w
is also limited.
Flash Updates/Triggered Updates
In this method a partial update is send to the all neighbors as soon as there is topology change.
The router, which receives flash updates, will also send the flash updates to the neighbor routers.
Split Horizon
Split Horizon states a route that update receive from an interface can not be send back to same
interface.
Poison Reverse
This method is the combination of split Horizon and Flash updates. It implements the rule that
information received from the interface can not be sent back to the interface and in case of
topology change flash updates will be send to the neighbor.
Hold Down
If a route changes frequently then the route is declared in Hold Down state and no updates are
received until the Hold Down timer expires.
__________________________________________________________________________
67
Default 4
* Does not support VLSM
* Does not support Autonomous system
Configuring RIP
Router#conf ter
Router(config)#router rip
Router(config-router)#network <own net address>
Router(config-router)#network <own net address>
--------------------------Router(config-router)#exit
172.16.0.6
10.0.0.1
172.16.0.5
175.2.1.1
R1
200.100.100.12
Router(config-router)#network 10.0.0.0
Router(config-router)#network 172.16.0.0
Router(config-router)#network 200.100.100.0
175.2.0.0 via 172.16.0.6
__________________________________________________________________________
68
__________________________________________________________________________
69
RIP version 2
RIP version 2 supports following new features: (1) Support VLSM (send mask in updates)
(2) Multicast updates using address 224.0.0.9
(3) Support authentication
RIP Debugging
To debug RIP routing
Router#debug ip rip
To disable debug routing
Router#no debug ip rip
Or
Router#no debug all
Or
Router#undebug all
_____________________________________________________________________
Interior Gateway Routing Protocol
Features: * Cisco proprietary
* Distance vector
* Timers
Update 90 sec
Invalid 270 sec
Hold time 280 sec
Flush 630 sec
* Loop control
All methods
* Max hop count
100 upto 255
__________________________________________________________________________
70
* Metric (24 bit composite)
Bandwidth (default)
Delay (default)
Load
Reliability
MTU
* Broadcast updates to address 255.255.255.255
* Unequal path cost load balancing
* Automatic route summarization
* Support AS
* Does not support VLSM
Configuring IGRP
Router(config)#router igrp <as no>(1 65535)
Router(config-router)#network <net address>
Router(config-router)#network <net address>
Router(config-router)#exit
_____________________________________________________________________
Link State Routing
This type of routing is based on link state. Its working is explain as under
(1) Each router will send Hello packets to all neighbors using all interfaces.
(2) The router from which Hello reply receive are stored in the neighborship table. Hello
packets are send periodically to maintain the neighbor table.
(3) The router will send link state information to the all neighbors. Link state information
from one neighbor is also forwarded to other neighbor.
(4) Each router will maintain its link state database created from link state advertisement
received from different routers.
(5) The router will use best path algorithm to store the path in routing table.
__________________________________________________________________________
71
_____________________________________________________________________
Enhanced Interior Gateway Routing Protocol
Features: * Cisco proprietary
* Hybrid protocol
Link State
Distance Vector
* Multicast Updates using
Address 224.0.0.10
* Support AS
* Support VLSM
* Automatic Route Summarization
* Unequal path cost load balancing
__________________________________________________________________________
72
Configuring EIGRP
Basic Configuration
Router(config)#router eigrp <as no>
Router(config-router)#network <net addr.>
Router(config-router)#network <net addr.>
Router(config-router)#exit
modem
2048 k
Serial E1
2048 k
256 k
sync
__________________________________________________________________________
73
Display Commands
Router#clear ip route *
Flush routing table.
Debug IGRP
Debug EIGRP
Router#debug ip eigrp
Router#debug ip eigrp summary
__________________________________________________________________________________________
* Hierarchical model
* Metric
Bandwidth
* Equal path cost load balancing
* Support authentication
* Unlimited hop count
OSPF Terminology
Already known topics in this: (1) Hello packets
(2) LSA (Link State Advertisement)
(3) Neighbor
(4) Neighbor table
(5) Topology table (LSA database)
__________________________________________________________________________
74
Router ID
Router ID is the highest IP address of router interfaces. This id is used as the identity of the
router. It maintaining stale databases. The first preference for selecting router ID is given
to the Logical interfaces. If logical interface is not present then highest IP of physical
interface is selected as router id.
Area
Area is the group of routers & n/ws, which can share their routing information
directly with each other.
Adjacency
A router is called adjacency when neighbor relationship is established. We can
also say adjacency relationship is formed between the routers.
__________________________________________________________________________
75
Area Router
A router, which has all interfaces member of single area, is called area router.
Backbone Area
Area 0 is called backbone area. All other areas must connect to the backbone area for
communication.
Backbone Router
A router, which has all interfaces members of area 0, is called backbone router.
Designated Router
A router with highest RID (router id) will be designated router for a particular interface. This
router is responsible for receiving LSA from non-DR router and forward LSA to the all DR router.
__________________________________________________________________________
76
This problem is solved with the help of electing a router as designated router and backup
designated router.
0.0.255.255
255.255.255.255
- Subnet mask
Wild mask
255.255.255.255
- 0.255.255.192
0 . 0 . 0 . 63
__________________________________________________________________________
77
Router(config-if)#exit
NOTE: The subnet mask 255.255.255.255 is called host mask. It is recommended to use this mask
due to which minimum IP address will be wasted.
Example
Area 0
R1 200.100.100.33/30
200.100.100.34/30R2
200.100.100.66/27
200.100.100.160/26
R1
Router(config)#router ospf 33
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
__________________________________________________________________________
78
Router(config-router)#network 200.100.100.64 0.0.0.31 area 0
Router(config-router)#exit
R2
Router(config)#router ospf 2
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
Router(config-router)#network 200.100.100.128 0.0.0.63 area 0
Router(config-router)#exit
200.100.100.5/30
R1
R2
200.100.100.6/30
200.100.100.17/30
R3
200.100.100.18/30
200.100.100.230/27
200.100.100.38/28
200.100.100.161/28
R1
Router(config-router)#network 200.100.100.4 0.0.0.3
Router(config-router)#network 200.100.100.32 0.0.0.15
R2
Router(config-router)#network 200.100.100.4 0.0.0.3
Router(config-router)#network 200.100.100.160 0.0.0.15
Router(config-router)#network 200.100.100.16 0.0.0.3
R3
Router(config-router)#network 200.100.100.16 0.0.0.3
Router(config-router)#network 200.100.100.224 0.0.0.31
__________________________________________________________________________
79
LAN Switching
Ethernet switches are used in LAN to create Ethernet networks. Switches forward the traffic on the basis
of MAC address. Switches maintain a switching table in which MAC addresses and Port No are used to
perform switching decision. Working of bridge and switch is similar to each other.
Classification of switches
Switches are classified according to the following criteria: -
Features of switch
- No. of ports
- Type of media
- Speed of ports
- Switching or Wire speed or Throughput
__________________________________________________________________________
80
Configuring CDP
Configuring time clock
Configuring Banners
Command line shortcuts and editing
shortcuts
Managing history
Configure logging
Boot system commands
Following function and options are not similar in router and switch.
Default hostname is Switch
Auxiliary port is not present
VTY ports are mostly 0 to 15
By default interfaces are enabled
IP address cannot be assign to interfaces
Routing configuration mode is not present
Configuring Gateway
Switch(config)#ip default-gateway <ip>
Switch(config)#exit
__________________________________________________________________________
81
rename flash:config.text flash:<anyname>
dir flash:
boot
(4) After booting switch will prompt to enter in initial configuration dialog. Enter no here
and type.
Switch>enable
Rename flash:<anyname> Flash:config.text
Configure memory
Change password and save config. Then copy run strat_config.
__________________________________________________________________________
82
Hierarchal model
After using hierarchal model the most of LAN problem will be solved but one problem still
remain same that is all hosts will be in single broadcast domain. The no of broadcasts may impact
the performance of the network. We have to implement following solution for this problem.
(1) Physical Segmentation
(2) Logical Segmentation
__________________________________________________________________________
83
By default, all ports are member of single vlan that is Vlan1. we can change vlan membership
according to our requirement.
__________________________________________________________________________
84
Trunking
When there are multiple switches then we have to use trunk links to connect one switch
with other. If we are not using trunk links then we have to connect one cable from each
VLAN to the corresponding VLAN of the other switch.
Normal
Trunking
__________________________________________________________________________
85
will perform trunking with the help of frame tagging. The trunk port will send data frames by
adding a Vlan id information to the frame, at the receiving end vlan id information is removing
from the end and according to the tag data is delivered to the corresponding vlan. There are two
protocols to perform frame tagging.
(1) Inter switch link
(2) IEEE 802.1 q
Configuring Trunking
In cisco switches all switch ports may be configured in three modes
(1) Trunk desirable (default)
(2) Trunk on
(3) Trunk off
Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport mode <trunk|access|dynamic desirable>
Switch(config-if)#exit
__________________________________________________________________________
86
Except <vlan>
VTP server
VTP server is a switch in which we can create, delete or modify Vlans. The server will send
periodic updates for VTP clients.
VTP client
On VTP client, we are not able to create, modify or delete Vlans. The client will receive
and forward vtp updates. The client will create same Vlans as defined in vtp update.
__________________________________________________________________________
87
VTP Transparent
Transparent is a switch, which will receive and forward VTP update. It is able to create,
delete and modify Vlans locally. A transparent will not send its own VTP updates and will
not learn any information from received vtp update.
Commands
Switch#conf ter
Switch(config)#vtp domain <name>
Switch(config)#vtp password <word>
Switch(config)#vtp mode <server|client|transparent>
Switch(config)#exit
By default in cisco switches the VTP mode is set as VTP server with no domain and no password.
VTP Pruning
Pruning is the VTP feature through which a trunk link can be automatically disable, for a
particular Vlan if neighbor switch does not contain ports in that Vlan. Vlan1 is not prun
eligible.
__________________________________________________________________________
88
__________________________________________________________________________
89
Configuration on Router
Router#config ter
Router(config)#interface fastethernet 0/0
Router(config-if)#no ip address
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.1
Router(config-if)#encapsulation dot1q 1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
__________________________________________________________________________
90
(2) Configure required interface as Trunk (optional)
(3) Add ports to Vlan
Configuration on Pc
Configure IP and Gateway
________________________________________________________________
Spanning Tree Protocol
When we connect multiple switches with each other and multiple path exist from one switch to
another switch then it may lead to the switching loop in the network. Multiple paths are used to
create redundancy in the network. STP is only required when multiple path exist then there is
possibility of loop in n/w.
__________________________________________________________________________
91
Working of STP
The STP will create a topology database in which one switch will be elected as root switch.
Path cost is calculated on the basis of bandwidth. The lowest path cost link will be enable
mode and another path will be disable.
STP terminology
(1) Bridge id
It is the combination of bridge priority and base mac address. In Cisco switches default
priority no. is 32768.
(2) Root Bridge
The Bridge/Switch with lowest Bridge id will become the Root Bridge. The Root Bridge
is used as the center point for calculating path cost in topology.
(3) BPDU Bridging Protocol Data Units
It is the STP information, which is exchange between the switches to create topology
and path selection.
(4) STP port mode
An STP is enabled a port may be in one of the following mode.
(i) Listening: - in this mode a port will send/receive BPD.
(ii) Learning: - a port will learn mac address table.
(iii) Forwarding: - the port will forward data based on mac address table.
__________________________________________________________________________
92
(iv) Blocking: - the port is block to send/receive data by Spanning Tree Protocol.
(v) Disable: - the port is administratively disabled.
Speed
10 Mb
100 Mb
1 Gb
10 Gb
New IEEE
Cost
100
10
1
1
Cost
100
19
4
2
__________________________________________________________________________
93
Network Security
Security Threats
CisCO IOS solutions
Classification Access Control List: Types of ACL based on Protocol: (1) IP Access Control List
(2) IPX Access Control List
(3) Appletalk Access Control List
Types of ACL based on Feature: (1) Standard ACL
(2) Extended ACL
__________________________________________________________________________
94
A Packet is received
No
The packet
is passed to
Routing
Engine
Yes
No
The packet
is dropped.
Yes
The packet
is passed to
RE
Yes
Is it
permit?
No
The packet
is dropped.
Single pc
host 192.168.10.5
192.168.10.5
192.168.10.5 0.0.0.0
__________________________________________________________________________
95
N/w
200.100.100.0 0.0.0.255
Subnet
All
200.100.100.32 0.0.0.15
any
Router
96
UDP
ICMP IGRP
__________________________________________________________________________
97
To display ACL
Router#show access-lists or
Router#show access-list <no>
Router#show ip interface
__________________________________________________________________________
98
Router
200.100.100.x
Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80
Router(config)#access-list 130 permit tcp 200.100.175.0 0.0.0.255 200.100.100.4 0.0.0.0
Eq 21
Router(config)#access-list 130 permit icmp 200.100.175.80 0.0.0.0 any
Router(config)#access-list 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23
Router(config)#access-list 130 permit udp any host 200.100.100.8 eq 53
__________________________________________________________________________
99
Reflexive ACLs
These ACLs filter IP packets depending upon upper-layer session information, and they
often permit outbound traffic to pass but place limitations on inbound traffic. You can not
define reflexive ACLs with numbered or standard IP ACLs, or any other protocol ACLs. They
can be used along with other standard or static extended ACLs, but they are only defined
with extended named IP ACLs.
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular
period by giving it a name referenced by a task. The reference function will fall under
whatever time constraints you have dictated. The time period is based upon the routers
clock, but it is highly recommended that using it in conjunction with Network Time
Protocol (NTP) synchronization.
Router#conf ter
Router(config)#time-range no-http
Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to
12:00
Router(config-time-range)#exit
Router(config)#time-range tcp-yes
Router(config-time-range)#periodic weekend 06:00 to 12:00
Router(config-time-range)#exit
Router(config)ip access-list extended time
Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
Router(config-ext-nacl)#permit tcp any any time-range tcp-yes
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group time in
Router(config-if)#do show time-range
Remarks
Remarks are the comments or remarks regarding the entries you have made in both your IP
Standard and Extended ACLs.
Router#conf ter
Router(config)#access-list 110 remark <remark words>
permit rahul from admin only to sale
Router(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255
Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255
__________________________________________________________________________
100
Security Configuration using SDM
Content Based ACL (CBAC)
__________________________________________________________________________
101
Advantage of NAT
There are two reasons due to which we use NAT: (1) Conserve Live IP address
On Internet, there are limited no of IP addresses. If our Clients wants to
communicate on Internet then it should have a Live IP address assigned by our ISP. So that
IP address request will depend on no. of PCs that we want to connect on Internet. Due to
this, there will be a lot of wastage in IP addresses. To reduce wastage, we can share live
IP addresses between multiple PCs with the help of NAT.
(2) NAT enhances the network security by hiding PC & devices behind NAT.
NAT Terms:
Inside Interface: The interface connected to inside local network
Outside Interface: The interface connected to outside internet.
Inside Local: IP address assigned to local network from Private IP range.
Inside Global: IP address assigned by ISP for Local LAN from Public IP range.
10.0.0.5
Internet
10.0.0.6
Switch
10.0.0.1
NAT
200.100.100.12
10.0.0.7
10.0.0.8
__________________________________________________________________________
102
10.0.0.5
200.100.100.12
1080
10.0.0.6
200.100.100.12
1085
10.0.0.7
200.100.100.12
1024
Port Translation
1100
10.0.0.8
200.100.100.12
1024
Types of NAT
Static NAT
This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This
NAT will forward on the traffic for the Live IP to the Local PC in the n/w.
Static NAT
200.1.1.5 = 192.168.10.6
Router
Internet
Live 200.1.1.5
__________________________________________________________________________
103
Local 192.168.10.6
Internet
Router
Web
192.168.10.6
DNS
192.168.10.7
Internet
Router
__________________________________________________________________________
104
Web Server
172.16.0.5
DNS
Full access
172.16.X.X
172.16.0.6 172.16.0.7
Configuring NAT
Router#conf ter
Router(config)#int serial 0
Router(config-if)#ip nat outside
Router(config-if)#int eth 0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3
Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80
Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53
Router(config)#access-list 30 permit any
Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240
Router(config)#ip nat inside source list 30 pool abc overload
__________________________________________________________________________
105
Point-to-Point
Circuit Switching
Leased line
MLLN
Radio Link
For 2 locations
Packet Switching
ISDN
PSTN
Cell Switching
Frame Relay
X.25
Unlimited
ATM
Maximum
Maximum
WAN Encapsulation
WAN encapsulation is used to convert a packet into frame and transfer data to WAN links,
Different type of encapsulation are designed for different WAN technologies. The general
format of WAN encapsulation is: Flag
Address
Control
FH
Data
FCS
Packet
Flag
FT
HDLC
PPP
LAPB
__________________________________________________________________________
106
ISDN
ATM
LAPD
AAL5
Step 1
Point-to-Point WAN Topology
(a) Campus n/w or Drop wire n/w
Modem
V.35
RS 232
EIA/TIA 530
Line
Line
2 wire TP
Or
4 wire TP
DB-60
Smart Serial
Serial
Router
eth
Router
RJ-45
* Distance depends on modems & mostly
up to 10-15 kms.
__________________________________________________________________________
107
G703
G704Mux
Exchange
Mux
Modem
Modem
Line
Local Loop
Local Loop
Line
Modem
Modem
V.35
RS 232, EIA/TIA 530
SS, DB-60
MLLN
MUX
Exchange
MLLN
MUX
MLLN
Modem
MLLN
Modem
Router
Router
__________________________________________________________________________
108
(d) Radio Link
Antenna
Radio
Modem
V.35
Radio
Modem
RS 232
EIA 530
DB-60
Smart Serial
Router
Router
Radio
Modem
ODU
ODU
UTP or
Coaxial
Router
Radio
Modem
Radio
Modem
IDU
IDU
Router
__________________________________________________________________________
109
Line
4 Wire
2 Wire
1
2
3
4 ------- Signal
5 ------6
7
8
172.16.0.1
192.168.5.1
172.16.0.2
10.0.0.1
__________________________________________________________________________
110
WAN Encapsulation
Two routers interfaces in Point-to-Point WAN must required to have same WAN
encapsulation. Two types of WAN encapsulation are supported in this type of network.
(1) HDLC
(2) PPP
HDLC
PPP
Same Manufacturer
PPP
Different Manufacturer
By default, Cisco routers will use Cisco HDLC encapsulation. We can change encapsulation
by following command: Router#conf ter
Router(config)#interface <type> <no>
Router(config-if)#encapsulation ppp|hdlc
____________________________________________________________________
High Level Data Link Control
HDLC is the modified form of SDLC (Synchronous Data Link Control). SDLC was
developed by IBM for router to main frame communication. HDLC is modified for router-torouter communication. Most of manufacturer has developed their proprietary HDLC
protocol. So HDLC from one manufacturer is not compatible for other.
HDLC encapsulation is designed for Point-to-Point router communication. In HDLC no
addressing is required, but still all station address is used in encapsulation. HDLC provides
only basic features and error checking for the frame.
__________________________________________________________________________
111
TCP/IP
IPX/SPX
PPP
DL
HDLC
LAPB
EE 8023 ARPA
Network
D
A
T
A
NCP
-------------------
LCP
I
K
PPP
L
-------------------N
HDLC
Physical
__________________________________________________________________________
112
Router 2
S1
Router 1
Router#config ter
Router(config)#int serial 0
Router(config-if)# encapsulation ppp
Router(config-if)# ppp authentication chap
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#hostname chd
Router(config)#username ldh password net123
Router(config)#exit
Router 2
Router#config ter
__________________________________________________________________________
113
Router(config)#int serial 1
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#ip address 10.0.0.2 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#hostname ldh
Router(config)#username chd password net123
Router(config)#exit
To display Compression
Router#show compress
__________________________________________________________________________
114
CDPCP Open
CDPCP Closed
________________________________________________________________
Packet Switching
Packet Switching is the wan technology in which all devices are connected to the packet
switching exchange. The devices will request packet switching exchange to create a virtual
connection then data is transferred over the virtual connection. It is possible to create
more than one virtual connection and transfer data over them one by one.
Frame Relay
Frame Relay is the Packet switching technology in which virtual connections are
established. The frame relay supports only permanent virtual connections. Frame used
special addresses called DLCI to create common and virtual connections.
FR SW
4 wire Tp
Line
FR
Modem
V.35
232
530
Local loop
FR
Modem
Line
__________________________________________________________________________
115
DB-60, Smart Serial
Router
Virtual Circuit
In packet switching technology there are two types of virtual
circuits: (1) Switched Virtual Circuit (SVC)
(2) Permanent Virtual Circuit (PVC)
Only PVC is supported in Frame Relay technology.
Switch
R
Cisco FR
IETF FR
Cisco
Cisco
__________________________________________________________________________
116
R
IETF FR
Non Cisco
any
CiscoSW
FR
ANSI
SW
300 for R2
400 for R1
encap: - Cisco FR
__________________________________________________________________________
117
192.168.10.1
R1
172.16.0.1
192.168.10.2
R2
172.30.0.1
R1
Router#config ter
Router(config)#int eth0
Router(config-if)#ip address 172.16.0.1 255.255.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.10.2
Router(config)#int serial 0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#frame-relay interface-dlci 300
Router(config-dlci)#exit
Router(config-if)#frame-relay map ip 192.168.10.2 300
Router(config-if)#no sh
Router(config-if)#exit
R2
Router#config ter
Router(config)#int eth0
Router(config-if)#ip address 172.30.0.1 255.255.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip route 172.16.0.0 255.255.0.0 192.168.10.1
Router(config)#int serial 0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.10.2 255.255.255.0
Router(config-if)#frame-relay interface-dlci 400
__________________________________________________________________________
118
Router(config-dlci)#exit
Router(config-if)#frame-relay map ip 192.168.10.1 400
Router(config-if)#no sh
Router(config-if)#exit
R1
Router#config ter
Router(config)#int eth0
Router(config-if)#ip address 172.16.0.1 255.255.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.10.2
Router(config)#ip route 172.20.0.0 255.255.0.0 172.16.0.2
Router(config)#ip route 172.25.0.0 255.255.0.0 10.0.0.2
Router(config)#int serial 0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface serial 0.1 point-to-point
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#frame-relay map ip 192.168.10.2 300
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface serial 0.2 point-to-point
Router(config-if)#ip address 172.16.0.1 255.255.255.0
__________________________________________________________________________
119
Router(config-if)#frame-relay map ip 172.16.0.2 400
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface serial 0.3 point-to-point
Router(config-if)#ip address 10.0.0.1 255.255.255.0
Router(config-if)#frame-relay map ip 10.0.0.2 700
Router(config-if)#no sh
Router(config-if)#exit
__________________________________________________________________________