CCNA Basic Fundamentals PDF

___________________________
CCNA
BASIC AND FUNDDAMENTALS
EBOOK
___________________________
Learn the basic and fundamentals of networking and become CCNA (Cisco Certified
Network Associate) in the most practical and effective way.
Written in tag-lish and explained in a beginner’s perspective.
This will eliminate information overload and will equipped the reader with solid
foundational knowledge in his/her CCNA career journey.
____________________________
Billy Ramirez
DEDICATION
Ang ebook na ito ay dedicated para sa mga aspriring Pinoy network engineers na gustong
matuto at makapasa bilang isang CCNA(Cisco Certified Network Associate).
My wife and my son are my inspirations for writing and completing this ebook. Cheers!
TABLE OF CONTENTS
INTRODUCTION ………………………………………………………………………. i
ABOUT THE AUTHOR ………………………………………………………………………. ii
CHAPTER I. ALL ABOUT CCNA

Lesson 1: What is CCNA? …………………………………………………………….... 1
Lesson 2: 10 Types of CCNA Certification …………………………………………….. 2
Lesson 3: Why aim for CCNA certification? …………………………………………….. 5
Lesson 4: Benefits of CCNA ………………………………………………………………. 7
Lesson 5: CCNA Exam tips and FAQs ……………………………………………... 9
CHAPTER II. NETWORK FUNDAMENTALS

Lesson 1: What is a network? ……………………………………………………...11
Lesson 2: OSI model explained …………………………………………………….. 12
Lesson 3: TCP/IP model explained …………………………………………………….. 16
Lesson 4: Ethernet technology …………………………………………………….. 19
Lesson 5: Network Cabling …………………………………………………….. 21
Lesson 6: Common network devices and their function …………………………... 26
Lesson 7: Network speed and topology ……………………………………………. 37
Lesson 8: IP Addressing Part I …………………………………………………….. 45
Lesson 9: IP Addressing Part II …………………………………………………….. 48
Lesson 10: Subnetting tutorial for beginners Part I …………………………………… 54
Lesson 11: Subnetting tutorial for beginners Part I …………………………………… 59
Lesson 12: Practice of subnetting questions ……………………………………………. 64
Lesson 13: VLSM or Variable Subnet Mask ……………………………………………. 71
Lesson 14: Basic of IPV6 ……………………………………………………………... 77
CHAPTER III. LAN SWITCHING

Lesson 1: How Cisco switch works …………………………………………………….. 87
Lesson 2: Basic Cisco switch configuration ……………………………………………. 90
Lesson 3: Basic of VLAN. VLAN Part I ……………………………………………. 93
Lesson 4: VLAN operations and configuration. VLAN Part II …………………. 97
Lesson 5: VTP or VLAN Trunking Protocol ……………………………………………. 104
Lesson 6: STP Part I. Introduction to Spanning-tree …………………………………… 112
Lesson 7: STP Part II. Different Port state in STP …………………………………… 121
Lesson 8: STP Part III. Different modes of STP and STP configuration ………… 124
Lesson 9: Etherchannel Part I. Basic of etherchannel ………………………….. 131
Lesson 10: Etherchannel Part II. Etherchannel configuration …………………. 137
CHAPTER IV. ROUTING TECHNOLOGIES

Lesson 1: Introduction to routing ……………………………………………………. 144
Lesson 2: Administrative distance and Metric ………………………………….. 148
Lesson 3: Directly connected, Static and Dynamic routes……………………………. 151
Lesson 4: Router on a stick ……………………………………………………………. 155
Lesson 5: Default routes and Floating static routes ………………………………….. 158
Lesson 6: RIP Part I. Basic of RIP …………………………………………….………160
Lesson 7: RIP Part II. How to configure RIP …………………………………….…….. 165
Lesson 8: OSPF Part I. Basic of OSPF …………………………………….…… 172
Lesson 9: OSPF Part II. How OSPF works ………………………………….……… 177
Lesson 10: OSPF Part III. Common OSPF terminologies ………………….…….. 182
Lesson 11: OSPF Part IV. Basic OSPF configuration ………………………... 186
Lesson 12: EIGRP Part I: Basic of EIGRP …………………………………………. 193
Lesson 13: EIGRP Part II. EIGRP Metrics …………………………………………. 196
Lesson 14: EIGRP Part III. EIGRP operations ………………………………… 200
Lesson 15: EIGRP Part IV. Basic EIGRP configuration ……………………….. 203
Lesson 16: BGP Part I. Basic of BGP …………………………………………. 211
Lesson 17: BGP Part II. iBGP and eBGP …………………………………………. 216
Lesson 18: BGP Part III. Basic BGP configuration ………………………………… 221
CHAPTER V. WAN TECHNOLOGIES

Lesson 1: Understanding WAN ………………………………………………….. 229
Lesson 2: WAN Topologies …………………………………………………………… 234
Lesson 3: WAN Connectivity …………………………………………………………… 237
Lesson 4: WAN Uplink connections …………………………………………………... 245
Lesson 5: QoS Part I. Basic of QoS …………………………………………………… 249
Lesson 6: QoS Part II. Classification, marking, trust boundary, traffic shaping & traffic
policing ……………………………………………………………………………. 251
Lesson 7: Basic of Point-to-Point ………………………………………………….. 255
Lesson 8: Basic of VPN …………………………………………………………... 260
CHAPTER VI. INFRASTRUCTURE SERVICES

Lesson 1: Basic of DHCP …………………………………………………………… 273
Lesson 2: First Hop Redundancy Protocols (HSRP, VRRP and GLBP) ………. 276
Lesson 3: NAT Part I. Basic of NAT or Network Address Translation ………. 289
Lesson 4: NAT Part II. Basic NAT configuration …………………………………. 295
CHAPTER VII. INFRASTRUCTURE SECURITY

Lesson 1: Basic of port security …………………………………………………... 302
Lesson 2: Securing Cisco router (Passwords and Authentication etc.) ………. 308
Lesson 3: Basic of AAA, RADIUS and TACACS+ …………………………………. 312
Lesson 4: Basic of ACL or Access Control List …………………………………. 318
CHAPTER VIII. INFRASTRUCTURE MANAGEMENT

Lesson 1: Basic parts and components of a Cisco device ……………………….. 325
Lesson 2: Understanding Cisco IOS …………………………………………………. 330
Lesson 3: Cisco IOS command modes ………………………………………… 333
Lesson 4: Different types of router memory ………………………………………… 336
Lesson 5: How to upgrade IOS of a Cisco router ……………………….……….. 338
Lesson 6: How to backup and restore Cisco router configuration …….………… 343
Lesson 7: How to configure banner on a Cisco device ……………….………. 345
Lesson 8: CDP and LLDP ………………………………………………………….. 348
Lesson 9: Basic of SNMP ………………………………………………………….. 354
Lesson 10: Basic of Syslog ………………………………………………………….. 360
Lesson 11: Basic of ICMP echo-based IP SLA ………………………………... 362
Lesson 12: Basic of SDN ………………………………………………………….. 366
Lesson 13: Basic of APIC-EM …………………………………………………. 374
Last Word …………………………………………………………………………… 378
The End
INTRODUCTION
Idol, maraming salamat sa pag-tangkilik ng ebook na ito. Sigurado at confident ako na malaki
ang maitutulong nito sa iyong CCNA and Cisco career journey.
I created this ebook para sa mga katulad mong nangangarap at gustong mag-simula na mag-
aral ng CCNA and eventually maging isang mahusay na Network Engineer.
Isa pa, dahil na rin sa request at hiling ng maraming readers ng blog. Most of them are
beginners na kagaya mo at bago pa lang magsisimula. Konti lang ang alam sa networking at
lalo na sa Cisco.
Marami ang may gusto na gumawa ako ng downloadable copy ay lahat naman ay willing mag-
invest ng kaunting halaga. That’s why this ebook was created.
This is dedicated para sa mga kagaya mong Pinoy aspiring Network Engineers.
The goal of this ebook is to help you understand the basic and fundamentals of networking and
CCNA related topics. To help you understand the concept. What they are and how they works
sa pinaka-simple at pinaka-madaling paraan na alam ko.
Kung nabasa mo na ang mga articles at FREE lessons sa blog then natulungan ka at
nagustuhan mo ang mga nai-share ko na, I’m sure idol mas magugustuhan at mas marami
kang matutunan on this ebook.I cover all CCNA related topics kasama na ang mga newly added
lessons in CCNA v3.0.
Yes idol, lahat yan ni-research, ini-organize at inayos ko na para sayo. Para maging madali at
mas maintindihan mo ang basic at fundamentals ng mga ito.
I’m confident na matapos mong basahin ang ebook na ito, you’ll gain more knowledge about the
concepts and principles of computer networking and CCNA related topics.
Kung mag-ttraining ka, online man or offline, hindi ka na ma-iinformation overload at matutulala
sa mga topics na idi-discuss sa training with the help of this ebook.
My hope and dreams are to help and inspire more Pinoy aspiring network engineers like you
idol. And this ebook is one of those ways.
Again, congrats for taking the first step.
I’m wishing you all the best in your career and journey ahead. God bless idol.
P.S. Idol, meron lang sana akong paki-usap at alam ko hindi mo ako tatanggihan dito. It took so
much time and effort for me to create and finish this ebook. Nag-sakripisyo talaga ako para mai-
present ko sayo ng maayos ang ebook na ito. Isa pa, nag-invest ka rin ng pangbili at pag-bayad
for this ebook.
Sana naman ‘wag mong hayaan na makuha or makopya lang ng iba ng ganun-ganun na lang.
Please keep it private and confidential for personal use only. Let other learn to invest in their
selves’ para mas matuto sila ng maayos. Yun lang idol. Asahan ko yan ha, maraming salamat.
i
ABOUT THE AUTHOR
Idol, as you may already know, my name is Billy Ramirez, 29 years old, the author and founder
of ccnaphilippines.com. I’m married to my beautiful wife Rowiecar and the father of a super-cute
baby boy named Billy Jr.
I’m working as a network administrator sa isang large foreign BPO na nag-ooperate dito sa
Pilipinas. Complex at malaki ang network, masalimuot kaya in return marami rin akong
natutunan.
Becoming CCNA and recently CCNP Switch and being in the networking career is very
rewarding. Financially and of course personally.
Nung nag-aral at natuto ako ng CCNA, dun na nagsimula ang maayos at magandang I.T career
ko. Nakahanap ako ng maayos na trabaho at maayos na sweldo. Bukod dun, siyempre proud
ako of accomplishing my goals and conquering my fears na meron ako nung nagsisimula pa
lang.
Napatunayan ko sa sarili ko pati na rin sa ibang tao na kaya kong i-achieve yung pangarap
kong career sa pamamagitan ng sipag, tiyaga at determinasyon.
Alam ko yan din ang pangarap mo idol. At sigurado ako na kayang-kaya mo din gaya ko.
Ginawa ko ang librong ito to help and inspire you and other aspiring Pinoy network engineers to
pursue and go for your dreams. You already did the first step, ituloy mo lang idol!
To share with you how I started, here’s my CCNA journey which was also written on the blog.
After Graduation
I got my first job on June 2008 after graduating in college. My first job was I.T Support in a small
office in Makati. Being a fresh graduate, I immediately grab the opportunity. My responsibility
was to support and maintain the computers and other devices in the office. I learned a lot on
that job since I don't have so much hands-on experience in computers back then.
I resigned after 2 years of working as an I.T Support to find higher position and much higher
salary. And I was hired as a Technical Support.
Working as Technical Support
I was hired as a Technical Support in one of the largest foreign BPO operating here in the
Philippines. It was another leap of faith in my career 'coz that was my first call center
experience. We're still doing I.T support and troubleshooting of computers but different setup
since it was through the phone with the customer (U.S and Canada) and remotely fixing issues.
During my technical support years, I was involved and became part of some training that made
me aware of bigger I.T infrastructure. I realized that in large corporations and companies, it is
not simple how computer and network work like in small ones. All access and all devices,
ii
including traffic and all data are being manage and monitored. And that's where I heard and
knew Cisco.
Through some network trainings and tutorials I became aware of "high end" devices being use
by large corporations and companies. PLUS, when I was promoted as L2, I became friends with
other knowledgeable I.T individuals that were CCNA certified and know more I.T knowledge
than me. That became my "AHA" moment and I told myself that I want to be CCNA certified too.
Being noob I was, I dig the internet for all FREE CCNA and Cisco resources. I read blogs,
articles and watch videos online to learn more. I starved for knowledge and became hungrier to
learn. Being CCNA certified or other Cisco certifications came with many benefits. I set a goal
to myself and promise to be CCNA certified.
My self-study journey
Upon realizing that I want to be a CCNA certified too, I work on my goals. So I made I plan how
I can acquired a CCNA certification without spending too much money. Enrolling in bigger
schools and private institution for full time course cost a lot. To make it short, here's what I did.
 I gathered FREE resources and self-study on free time (PDF, books, videos)
 I read, watch and practice almost every day (using GNS3 and Packet tracer)
 After 3 - 4 months of self-study, I enrolled on CCNA boot camp fast track training on
October 2012.
CCNA boot camp is a fast track training tackling all CCNA topics in just a matter of week or 5
straight days. Sometimes classes are split over consecutive weekends. Although the price is
low compared to full time courses, you'll be bombarded with information and more likely be
overwhelmed. I was. My mind almost blown given I am new to Cisco and CCNA career.
Note: Isa ito sa mga dahilan kung bakit ko ginawa ang ebook na ito. To help beginners and
other aspiring pinoy network engineers na maintindihan ang basic and fundamentals. Para hindi
na ma-overload sa information sa training.
My self-study was a great help as I heard and knew some basic information before. PLUS, the
trainer in MNET(Ms. Len) was great.
So I finished the 5 days straight of CCNA boot camp overwhelmed. Although I learned a lot, I
still forgot other important topics. I am not ready to take the exam yet.
I continue my self-study for another 2 months. Reviewing all the information and topic from the
resources I have. I scheduled my exam last January 16, 2013. One week before taking the
exam, I joined a FREE sit in class in MNET. That's one of the privilege when you enrolled to
MNET before. And that really helped refreshing the knowledge.
So I took the exam on January 16. I took the CCNA composite exam. And luckily I passed. That
day, I became CCNA certified.
iii
I am CCNA certified, now what?
As I planned way before, after passing the CCNA certification exam, I updated my resume and
applied to almost all CCNA related jobs available online. Asking several friends and contacts to
refer me to a new related career. After several interviews at several companies, I got hired as a
NOC or service desk in my present company right now. It's really an advantage if you got
certification like CCNA.
As a NOC, I became more aware of how bigger network and I.T infrastructure works. I came
across to high-end technologies and devices which I never heard before. My CCNA knowledge
helped a lot in understanding those technologies. Although not applying the knowledge hands
on, I can understand how the concept works.
After a year (2014) of working as a NOC, it came as a blessing that one of the Network
Administrator position opened in the same company I am working. And by the support and
advice of my family, girlfriend (now my wife) and some office friends, I applied on the position.
And boy, I was hired. I became a full network administrator since then.
Right now, I'm still working as a network administrator and applying all the CCNA lessons I
learned along the way. I learned so much today (I mean so much!) than what I knew before and
I'm continue learning more. I work 4 days a week with the privilege of working from home.
Yay! How good is that? I'm with a great and awesome team in a good company and I'm
enjoying what I am and where I am right now.
Thanks to God for all these blessings.
Yay! I passed the CCNP Switch exam! The journey continues.
Kagaya nga ng nai-share ko before, I decided to limit the articles and update on this blog this
year-end kasi busy sa work and I am reviewing for my next Cisco certification exam. And after
taking the CCNP Switch v2.0 exam last Tuesday, boy I made it! I passed the exam!
This is a very nice gift for Christmas and a great way to start a New Year. Yay!
I took up CCNP Switch version 2.0. This is the most updated version of CCNP Switch exam
provided by Cisco as of today. Passing this exam renewed my CCNA certification PLUS I'll carry
this CCNP Switch certification on my profile too.
This will extend both certifications for another 3 years. Para maging ganap na CCNP, I need to
take 2 additional exams which are CCNP Route and CCNP Tshoot.
I'll have that in the future. Ngayon, time to relax and enjoy muna. Time to celebrate. Wohoooh!
My CCNP Switch self-study
This time, I didn't took a formal training. I just gathered resources and did a self-study. Since
kahit papano ay may alam naman na ako, I thought na no need na to enroll for a training.
iv
Isa pa, ung mga topics at lessons naman is kasama na rin sa mga ginagawa namin sa trabaho
so hindi na ganun kahirap para mag-aral at mag-review para sa exam.
I just read CCNP Switch ebook and watch CCNP switch videos. Then practice the lab and the
exam. Self-discipline at effort din kasi gusto ko talaga matutunan yung mga hindi ko pa
nalalaman not just for the exam but for my job too.
But before it happened, as I shared before I am a very big fan of planning and settings goals.
After deciding (August 2015) that CCNP switch is the exam I'm going to take, I created a simple
plan and set my goal.
Kagaya din ng ginawa ko nung sa CCNA journey ko. I made a simple excel sheet with
schedules and kung anong lessons/topic ang aaralin ko on that given schedule. And I just
followed them.
In fact, I also put a sticky note on my laptop para lagi ko s'yang nakikita at nababasa. One way
yun para ma-push ang ating brain to achieve our goals.
I spent 2-3 hours on each schedule para manood ng CBT nuggets video or magbasa ng CCNP
switch v2.0 ebook. Then on the succeeding month, practice the lab and exams. Paulit-ulit lang.
Minsan tinatamad din pero lagi ko pinu-push yung sarili ko to stick on it.
In fact, nag-logoff ako sa facebook for almost a month nung malapit na yung exam para ma-
relax at ma-focus sa mga reviewers. Discipline at dedication lang talaga.
v
Hanggang sa dumating na nga yung araw nung exam and luckily naipasa ko naman.
I passed CCNP Switch exam. Now what?
My initial goal for taking the CCNP switch exam is to renew my previous certification, yung
CCNA nga. And now that I passed the exam, my plan is to continue the journey. No plans when
I will take the other CCNP certifications but maybe that's after a year or two na. But that doesn't
mean I'll stop studying on my own and learn.
I'm sharing all of these not to brag or mag-malaki. I'm posting this to share the lessons and
provide inspiration to others lalo na sa mga beginners at gustong pumasok sa Cisco networking
career.
I'm just normal guy like you. I'm not geek or super-techy like the others. Sabi ko nga I consider
myself as a beginner, kasi alam ko na there is so much more to learn. I just set goals and take
action. I hope you do the same. Godspeed!
The End.
I hope by sharing my own story, na-inspire at nabigyan kita ng pag-asa idol. Alam ko kayang-
kaya mo rin tuparin ang pangarap mong maging CCNA and eventually maging isang mahusay
na network engineer.
By having this ebook, you already took the first step of success idol. And I want to congratulate
you for doing that!
Matutunan mo sa librong ito ang basic and fundamentals ng CCNA at Cisco na magagamit mo
sa iyong networking career journey. Sipag, tiyaga, determinasyon at tiwala lang sa sarili idol.
With God’s help, you can do everything.
All the best in your career,
Billy Ramirez
vi
CHAPTER I: ALL ABOUT CCNA
Lesson 1: What is CCNA?
Ang CCNA or Cisco Certified Network Associate ay isa sa mga certification na ino-offer ni Cisco
para sa mga entry-level or beginner sa networking.
Ang CCNA certification din ay pwedeng magsilbing katibayan at batayan na nakaka-intindi at

nakaka-unawa ang isang I.T person ng basic at foundation ng networking specifically the
foundation of Cisco technologies.
Ito ang certification na nababagay kunin kung bago ka pa lamang magsisimula sa iyong
computer networking career.
Dito mo matututunan ang mga basic at fundamentals ng networking at ng Cisco technology.

Kung pano gumana, i-optimize, i-troubleshoot at i-maintain ang isang network at mga Cisco
devices.
Si Cisco or ang Cisco Systems Inc. ay ang pinaka-malaking company na nagbebenta or

nagmamanufacture ng mga networking devices and other technologies related to computer
networking. At ang mga certification programs nila (kagaya ng CCNA), ang isa sa mga ways
para mas matutunan natin kung pano isusupport ang kanilang product and technologies.
Bukod sa CCNA marami pang mga certification programs si Cisco kagaya ng CCENT (Cisco
Certified Entry Level), CCNP (Cisco Certified Network Professional) at CCIE (Cisco Certified
Internetwork Expert). At ang mga ito ay may kanya-kanya pang specialization.
Example: 10 different types of CCNA specialization. Ang ebook na ito ay magfofocus sa basic
and foundation level ng CCNA(Routing and Switching).
Meron din mga ibang company na nagbebenta at gumagawa ng mga networking devices and
technology at meron din silang kanya kanyang certification programs, pero since this blog is
dedicated sa mga Pinoy CCNA, more focus tayo kay CCNA or Cisco.
2 Ways to obtain CCNA certification
Sa ngayon, meron 2 paraan para ikaw ay maging CCNA certifed.
1. Maipasa mo yung ICND1 and ICND2 exam ni Cisco.
Ito yung ICND1 Interconnecting Cisco Networking Devices Part 1 and ICND2 Interconnecting
Cisco Networking Devices Part 2 .
Ibig sabihin kelangan mong maipasa ang dalawang sets ng exam na ito bago ka ma-certify
bilang CCNA. Dahil ito ay entry-level, medyo madali pero mahaba ang mga topics dito.
1
You will earn CCENT certification kapag naipasa mo ang isa sa mga ICND exams(ICND1), then
CCNA kapag pareho mong naipasa. Hindi kailangan na sabay mo silang itake. Pwede mong
itake ang ICND2 bago ma-expire ang iyong ICND1 certification. Basta ang requirements,
maipasa mo sila pareho.
Ang mga new exam numbers nito ay 100-105 ICND1 and 200-105 ICND2. Each exam costs
$150 each. Kapag naipasa mo ang 2 exams na ito, ikaw ay isa ng CCNA certified.
2. Pangalawa, maipasa mo yung CCNA composite exam.
Ito yung Interconnecting Cisco Networking Devices: Accelerated (CCNAX). New exam
number is: 200-125 or yun ngang CCNA v3.0. Ang cost ng exam ay $295. Dito naman sa
CCNAX, isang exam lang ang kailangan mong maipasa para ma-certify ka bilang CCNA.
Since ito ay associate level na, medyo mas advance and topic at discussion dito kumpara sa
ICND. Pero kasama pa rin ang basic at foundations ng networking at Cisco technology.
Para sa akin, ito ang mas practical na way para maging certified. Ito ang inaral at kinuha ko last
2013.
FYI, ang CCNA at iba pang Cisco certification ay nag-eexpire every 3 years. Kelangan mong
magtake ulit ng same certification to renew your current certification or take an upper level of
certification para ma-renew and then ma-certify to the higher level.
For example, bago ma-expire ang aking CCNA certification, I have the option to take CCNA
certification again or take the CCNP certification or pwede rin na other CCNA specialized
certification. Kung maipapasa ko ang CCNP or new CCNA exam, automatic ng mare-renew ang
aking CCNA certification plus CCNP certified or CCNA xxxx certified na rin ako. At ganun din sa
iba pang level.
Okay, so ngayong alam mo na kung ano at pano maging Cisco Certified Network Associate,
hopefully meron ka ng idea kung papaano at saan ka magsisimula.
Syempre una, kelangan mo munang mag-aral at maging familiar sa mga basic at fundamentals
lalo na kung ikaw nga ay beginner. Ang initial goal mo bilang isang beginner ay maunawaan at
maintindihan ang basic at fundamentals. Yun ang mga isshare ko dito sa ebook.
Pwede ka ring magself-study or pwede ka rin mag-enroll sa mga CCNA training bootcamp dito
sa Pilipinas. Or sa mga regular training institutions at mga malalaking universities dito sa atin.
Kahit aling options ang piliin mo sa mga ito, mas ok pa rin na meron ka ng basic at foundation
knowledge lalo na kung mag-eenroll ka sa bootcamp.
Hopefully ang ebook na ito ay makatulong para kahit papaano ay maunawan at maintindihan
mo ang mga basic at foundational knowledge na kailangan mo sa iyong networking career at
Cisco career journey.
2
Lesson 2: Types of CCNA Certification
1. CCNA Routing and Switching
This is the basic and fundamental type of CCNA Certification. This will provide you knowledge
and understanding about the basic and fundamentals of networking. Cisco CCNA Routing and
switching certification program provides the education and training required for installing,
monitoring, and troubleshooting network infrastructure products designed by the industry leader
in IP networking.
Prerequisites: None
Required Exams: 200-125 CCNA or 100-105 ICND1 and 200-105 ICND2
Recommended Training:
Interconnecting Cisco Networking Devices: Accelerated (CCNAX) or
Interconnecting Cisco Networking Devices Part 1 (ICND1)
Interconnecting Cisco Networking Devices Part 2 (ICND2)
2. CCNA Security
CCNA Security certification is a specialization field in CCNA focused more on security. You
need to study and gain knowledge about security protocols, implementing security policies and
mitigating risks of an organization. This is one of the in-demand type of CCNA certification
today.
Prerequisites: CCENT or a valid CCNA Routing and Switching or any CCIE certification
Required Exam: 210-260 IINS
Recommended Training: Implementing Cisco Network Security (IINS)
3. CCNA Wireless
A CCNA Wireless certification will validate your ability to configure, implement and support
wireless LANs using Cisco equipment.
Prerequisites: valid CCENT or a valid CCNA Routing and Switching or any CCIE certification
Required Exam(s): 200-355 WIFUND
Recommended Training: Implementing Cisco Wireless Network Fundamentals (WIFUND)
4. CCNA Service Provider
This type of CCNA certification will provide you knowledge about service provider technologies.
If you're working on Telco like PLDT or Globe this is basically the type of CCNA certification
suited for you.
Prerequisites: NA
Required Exam(s): 640-875 SPNGN1 and 640-878 SPNGN2
3
Building Cisco Service Provider Next-Generation Networks, Part 1(SPNGN1)
Building Cisco Service Provider Next-Generation Networks, Part 2(SPNGN2)
5. CCNA Industrial
This is one of the new type of CCNA certification introduced by Cisco. As per Cisco, this type
CCNA certification is for plant administrators, control system engineers and traditional network
engineers in the manufacturing, process control, and oil and gas industries, who will be involved
with the convergence of IT and Industrial networks.
Prerequisites: Cisco Industrial Networking Specialist or CCENT or CCNA R&S

Required Exam: 200-601 IMINS2
Recommended Training: Managing Industrial Networking for Manufacturing with Cisco
Technologies (IMINS2)
6. CCNA Data Center
As what the title implies, this type of CCNA certification provides skills and knowledge about
supporting data centers. If you want to work or already working in data centers this type of
CCNA certification is best for you.
Prerequisites: NA
Required Exam(s): 640-911 DCICN and 640-916 DCICT
Introducing Cisco Data Center Networking (DCICN)
Introducing Cisco Data Center Technologies (DCICT)
7. CCNA Collaboration
This is another new type of CCNA certification offered by Cisco. This will eventually take over
the CCNA Voice and Video mentioned above. This will focused on convergence of voice, video,
data and mobile applications. One of the hot and in demand type of CCNA certification today.
Prerequisites: NA
Required Exam(s): 210-060 CICD or 210-065 CIVND
Implementing Cisco Collaboration Devices (CICD) or
Implementing Cisco Video Network Devices, Part 1 (CIVND1)
Implementing Cisco Video Network Devices, Part 2 (CIVND2)
8. CCNA Cloud
Another fresh type of CCNA certification introduced by Cisco. The CCNA Cloud certification is a
job role focused certification and training program that helps Cloud engineers, Cloud
Administrators, and Network Engineers to develop, advance, and validate their cloud skill set,
and enables them to help their IT organization meet changing business demands from
technology transitions.
4
Prerequisites: NA
Required Exam(s): 210-451 CLDFND and 210-455 CLDADM
Understanding Cisco Cloud Fundamentals (CLDFND)
Introducing Cisco Cloud Administration (CLDADM)
9. CCDA (Cisco Certified Design Associate)
The CCDA is more focus on design and planning of network. As a design associate, you'll work
with planning and evaluation of the network before it puts to operations or productions.
Prerequisites: CCENT or a valid CCNA Routing and Switching or any CCIE certification
Required Exam(s): 200-310 DESGN
Recommended Training: Designing for Cisco Internetwork Solutions (DESGN) v3.0
10. CCNA Cyber Ops
This is a pretty new in the line of CCNA certification. As per Cisco, the CCNA Cyber Ops
certification prepares candidates to begin a career working with associate-level cybersecurity
analysts within security operations centers.
Prerequisites: NA
Required Exam(s): 210-250 SECFND & 210-255 SECOPS
Understanding Cisco Cybersecurity Fundamentals (SECFND)
Implementing Cisco Cybersecurity Operations (SECOPS)
The official training and resources for this certification is not yet being released by Cisco and will
be available in November or December of 2016.
There you go guys! Those are the 10 different types of CCNA certification path that we can
take. It's good to know these types of CCNA certification so can create a career plan in your
Cisco career. Having any of this certification will certainly give you edge and many benefits.
If you're starting out, I suggest you to take and focus now on CCNA Routing and Switching. This
will provide you basic and fundamental knowledge about networking. After that, you can take of
follow any of these CCNA specialization or take higher exams and certifications. Let's take one
step at a time. Cheers!
Lesson 3: Why aim for CCNA or any I.T certification?
On this ebook, we are more focus on CCNA or Cisco Certified Network Associate but not limited
to other I.T things as well. I will share valuable articles and information that can help you in your
I.T career journey especially for fellow Pinoy beginners.
Why should we aim for CCNA or other I.T certification? Is that really needed to be hired or to
earn higher salary?
5
If you're an I.T person I'm assuming that you are already aware of the certifications what I'm
talking about. Not just CCNA. Nowadays, you can't just go in the battle field of I.T workplace
without being loaded of experience and skills + this title called certified xxxxxxxx.
Now some may react, because they may know people who are not certified but had their
success and on the top of their I.T career. That is correct. I knew some people too.
But probably that's before and it would be an advantage NOW if you have the skills and
experience and you're carrying any of these certification. Especially at this point in time where
I.T people are also getting over populated. We can't deny that we need to equip ourselves with
these battle gears before going into the war.
If you tried to apply to big institution or company right now, you can see that certifications are
included on the requirements they have. You need to have this and that etc. If you check
jobstreet and other jobs portal online, certification on certain field are also included on the list of
requirements.
Believe me, it would really give you an advantage if you got these titles. You will be prioritize on
top of other applicants.
I remember before when I am still not CCNA, it's hard to get hired for the job I want or If there
was an offer, salary was too low to grab the post. But after taking and passing CCNA exam and
applying jobs again, percentage of interviews sky rocketed. Job offers coming left and right.
Salary offer became higher. There was a time when I have multiple scheduled interviews on the
same day.
And to cut the long story short, I found a new job where I can use these skills and gain new
experience plus my salary doubled from my previous job. Thanks to God! Read my CCNA and
I.T career journey here.
If you just starting out to your I.T career especially for fresh graduates, my advice is to focus on
the skills and experience you'll get on the job or role not on the salary. Accept the job that will
give you practical and hands on knowledge about the I.T field you want. Salary might be a
bonus points but you must seek knowledge and experience first.
You need to horn your skills and gain enough exposure and experience before you can land to
a good high paying position. If you're lucky enough, your company might provide FREE training
and certifications on the field related to your job role. That could save you a lot of money.
If not, you need to invest in yourselves. Invest time, effort and money to learn more. Take
certifications along the way. That will boost your career and qualifications.
That could cost money and time investments and a lot of sacrifice upfront but the rewards after
are awesome. It will pay more in terms of blessings and money. Not only for salary but you will
also earn respect and appreciation from yourself and from other I.T people.
6
Lesson 4: 8 Benefits of CCNA certification
1. Knowledge
Along with getting your CCNA certification, you'll increase your knowledge in Cisco networking
and widen your understanding of the concept on how it works. This will basically provide you in
depth knowledge that you can use in your career.
When you became CCNA certified, you'll understand the concept, basic and fundamentals of
networking. This alone can open doors of opportunities in your career in networking. Even a
fresh graduate but CCNA certified is more likely to hire than an average I.T guy with no
certification. That's how it works now.
I don't have any idea on CCNA or Cisco when I started but with determination and
perseverance I've learn a lot now. I'm still a newbie I know but what I'm pointing out is being
CCNA certified can really help your career grows.
2. Salary increase
One of the benefit of being CCNA certified is salary increase. Either on the same company
you're at or in the next company you're going into. Once you're CCNA certified, you can raise
and negotiate a higher salary than a usual I.T guy applying on the same position.
Being CCNA certified basically proves that you understand the basic and fundamentals of
networking which most of the company look for. Company is already aware that certified I.T
individual are in a “higher bracket" than those who are not.
3. Promotion
Aside from salary increase, you can easily get promoted once you became CCNA certified. This
is because in some position, certifications are really needed and even required before climbing
off the ladder.
I know some I.T persons who can't get promoted because they don't have certifications and
some who's taking certification because their company require the certification to get ahead on
the job. Being CCNA certified can really speed up your career and take one step forward.
4. Employer benefits
Another good benefits of being CCNA certified or any other Cisco certifications is that you'll be
treasure by your employer. Why? Because they will get "huge" discounts on Cisco products if
they have Cisco certified employees.
How good is that? You'll be chase by companies using Cisco devices and offer you the job in
front you. And mind you, companies using Cisco products are those large companies who can
afford the technology.
See? Once you are CCNA certified, you have the chance to work with the advance and biggest
company in the world.
7
5. Stepping stone
Once you became CCNA certified, this will serve as your stepping stone in the networking
world. More advancement of career and knowledge are available and will open for you. You are
starting with the basic and by being CCNA certified, you will open more doors of learning and
opportunities in your I.T career.
You'll have the chance to specialize in Cisco career you want to get more specific knowledge
and focus on the future job role you want. This will be the great start of your great career.
6. Career growth
Whether you're just starting up or shifting career, networking industry has offer wide areas for
career growth.
Day after day technology advances including those for businesses and governments that needs
qualified individual in handling their network operation and security. Networking industry has
more way to go.
7. Satisfaction
Of course, being CCNA certified will give you satisfaction and appreciation of your I.T career.
You'll become more inspired to learn more and to do more. This will push to study more and
step up to advance your career.
8. Respect
Getting a CCNA certificates commands a certain amount of respect from your colleagues and
employer. Some of your colleagues would have also tried to get certified, but could not get
certified.
So, this achievement of yours deserves a back-patting.
There you have it. Those are the 8 benefits of being CCNA certified I can think of right now.
I know there's a lot and there can be additional on the list.
8
Lesson 5: CCNA exam tips and FAQs
Idol, here are the most common FAQs regarding CCNA exam.
1. Paano maging CCNA certified?
Kelangan mong ipasa ang CCNA 200-120 exam OR ICND1 AND ICND2 exam.
2. Magkano ang CCNA exam?
CCNA Composite 200-125(v.30): $295

ICND1/ICND2: $150
3. Gaano katagal ang CCNA exam?
Meron kang 90 minutes.
4. Gaano kadami ang questions sa CCNA exam?
50 items. Merong multiple choice, drag and drop at simulation or lab questions. Iba iba ang mga
points ng bawat questions, depende ito sa level ng difficulty. All in all, lahat ng questions ay may
katumbas na 1000 points.
5. Ilang points ang kailangan para makapasa sa CCNA exam?
As mentioned above, total points are equal to 1000 points. Kelangan mo ng 825 points para
makapasa. So 825/1000 ang passing score. :)
6. Kelan ma-eexpire ang CCNA certification?
Ang CCNA certification ay nag-eexpire every 3 years. Para mare-certify, kelangan mong mag-
exam ulit ng CCNA or mag-take ng mga CCNA specialize exam or higher level exam gaya ng
CCNP(Switch, Route or Tshoot).
7. Saan pwede mag-training ng CCNA in the Philippines?
Kung ang plano mo ay mag-take ng full CCNA course, you need to enroll on major schools and
universities here in the Philippines. Ang full CCNA course ay medyo matagal dahil ididiscuss at
pag-aaralan ang bawat chapter ng course.
Kung ang plano mo naman ay mag CCNA bootcamp training, you can check this list of CCNA
training bootcamp in the Philippines. Ang bootcamp ay fast-track or fast-phase training na
ginagawa lamang sa loob ng 5 araw or 5 weekends(Sat or Sun).
Ang training na ito ang pinaka-practical dahil mas mura at mas mabilis. Makaka-save ka ng
pera at time. Pero gaya nga ng nabanggit, ito ay fast-track or fast-phase. Kelangan meron ka ng
basic knowledge para mas maging madali para sa'yo.
9
8. Saan pwede mag-take ng CCNA exam in the Philippines?
Here are the list of accredited CCNA exam centers in the Philippines. Nakikita n'yo sa image sa
baba ang first 5 CCNA exam centers in the Philippines, this is for Metro Manila area.
Para sa complete list ng CCNA exam centers, check this link.
Alright mga aspiring Philippine CCNAers, I hope kahit papano ay nakatulong ang maikling
article na ito para mabigyan kayo ng idea about sa CCNA exam.
Hanggang sa susunod mga idol, cheers!
10
CHAPTER II. NETWORK FUNDAMENTALS
Lesson 1: What is a network and how it works?
Ano nga ba ang network? Sa isang hindi technical na tao or hindi I.T person, kapag sinabing
networking iisipin nila na ito ay yung mga nagbebenta ng mga sabon or mga herbals at nag-
rerecuit ng mga "downlines" para kumita. Yung mga nagpapamaypay ng pera at sumisigaw ng
"power!". Haha, joke lang po. Pasintabi sa mga networkers. Mali po. Hindi po yun ang inaaral at
aaralin natin. Hindi po multi-level marketing ang tinutukoy natin dito.
In technology world, ang network ay combination or grupo ng mga computers at devices

connected together na nakaka-pag communicate sa bawat isa.
Nagkikita-kita at nagkakapag-usap sila sa pamamagitan ng mga "network standards and

protocols". Ibig sabihin, pwede silang mag-share ng mga resources at services to each other.
For example, two computers connected to each other is considered a network.
Dito sa ating example, ang dalawang computers na ito ay directly connected sa pamamagitan
ng network cable. At ito ay matatawag na natin na isang network. Maari na silang "magkita at
magusap" and then kagaya nga ng sinabi natin kanina, mag-share ng resources at services.
They can exchange data back and forth.
In a much larger view, ang network ay binubuo ng multiple computers and devices
interconnected to each other sa pamamagitan ng mga networking equipments. Halimbawa na
lang ay ang hub, switch at routers. Ididiscuss natin ang mga ito sa susunod. Here's another
example of a network having multiple computers and devices.
11
Dito naman sa example natin sa taas, makikita n'yo na multiple devices na ang connected sa
ating network. At lahat sila ay "nagkikita-kita at naguusap-usap" sa isa't isa para makapag-
process at maka-pagshare ng data or services.
Para lumaki ang ating network, pwede pa tayong mag-connect ng panibagong "hub or switch"
sa "hub or switch" na nasa gitna and then mag-connect ng panibagong mga computers at
devices. And it can goes on and on.
Ito ay simpleng example pa lamang ng isang maliit na network. Sa mga businesses at

organizations ngayon, ang network ay binubuo ng daan-daan or libo-libong computers at mga
devices connected to each other.
Network ang nagsisilbing tulay para makapag-communicate at makapag-process ng information

ang mga company at ibang institutions today. At hindi lamang limited sa isang location or lugar,
they can be inter-connected overseas or "virtually anywhere".
Dito pumapasok ang Cisco or ibang networking equiment vendor. Sa mga malalaking network
gaya ng network ng mga fortune 500 companies, governments and other organizations,
kelangan i-manage at i-maintain ang network para sa pag-unlad at security ng business or
organization. Network serve as the "backbone and nerve" of almost every company and
organizations today. We can safely say na kung walang network, wala ring civilizations like what
we have today.
Bilang isang CCNA, or let say isang network administrator, ang role at responsibility natin ay
imaintain ang network or ang connections ng mga computers at devices na ito. In a more
technical terms, tayo ang mag-mamanage ng mga "path" or daanan ng mga computer at
devices na ito kung pano sila "magkikita-kita or maguusap-usap".
Tayo ang mag-coconfigure ng mga networking devices kagaya ng Cisco switches and routers
para ma-establish ang connections nila sa isa't isa. Tayo rin ang mag-coconfigure ng mga
"standards and protocols" kung papaano sila magkikita-kita or mag-uusap usap. Yun ang mga
ididiscuss natin sa mga susunod na lessons. For now, hanggang dito na lang muna.
Lesson 2: OSI model explained.
Today ang isha-share at idi-discuss namin natin ay about sa OSI model. Sa isang CCNA or
networking begineer, mahalaga na maintindihan at maunawan natin kung ano at pano nga ba
gumagana ang OSI model. Ito ay isa sa mga foundation at fundamentals ng computer
networking.
Ang OSI or OSI model ay abbreviation ng Open Sysmtems Interconnection. Ito ay isang modelo
or standard na binuo ng ISO (International Organization for Standardization). Binuo ang OSI
model para maging reference model or standard ng communication system.
Kagaya nga ng nabanggit natin nung una, ang network ay binubuo ng grupo ng iba't ibang
networking devices and equipments galing sa iba't ibang network company or manufacturer.
Nakakapag-communicate ang mga iba't ibang devices at equipments na ito dahil dahil sa OSI
model.
12
Ang mga vendors at manufacturer ay sumusunod sa standard na ito upang sa ganun ay
"magkita-kita at makapagusap-usap" ang mga networking devices kahit galing pa sa iba't ibang
manufacturer or vendors. At ito ang function at dahilan kung bakit binuo ang OSI model.
Sa ngayon, ang OSI model ay almost obselete na dahil karamihan ay TCP/IP model na ang
ginagamit na standard or model ng communication. Idi-discuss natin 'to sa susunod. Mahalaga
na maintindihan at malaman pa rin natin ang OSI model dahil malaki ang maitutulong nito sa
ating CCNA career.
The 7 layers of OSI model
Ang OSI model ay binubuo ng 7 layers at ang mga layers na ito ay may kanya-kanyang
functions. At dahil nga almost all vendors and manufacturers of computers and networking
devices ay sumusunod sa OSI model, ang dalawang devices (kahit magka-iba pa ng
manufacturer) ay nakakapag-communicate layer by layer. Naiintindihan or nauunawaan ng
"receiving device" ang data or information na ibinabato sa kanya ng "sending device" sa
pamamagitan ng layers of the OSI model.
Ang 7 layers of the OSI model ay ang mga sumusunod.
7. Application layer
Ang application layer ang pina-last na layer sa OSI model pero ito ang pinaka-malapit sa end
user. Bakit? Dahil ang mga software or application na ginagamit natin or ginagamit ng mga
network devices ay gumagamit ng mga "protocol" na nabibilang sa application layer.
Example ay ang mga web browsers gaya ng internet explorer, google chrome at mozilla. Ang
mga ito ay gumagamit ng protocol na "http or https" na nabibilang sa application layer. Please
take note na hindi ang mga softwares or application ang nasa application layer kundi ang mga
ginagamit nitong "protocols".
Ilan sa mga protocols na example ng application layer ay ang mga sumusunod: FTP, Telnet,
DHCP, SMTP at maraming pang iba.
6. Presentation layer
Ang presentation layer ng OSI model ang concern sa presentation ng data. Sinisigurado ng
presentation layer ng maipre-present ng tama ang "format" ng data galing sa sending device
kapag nareceive na ng receiving device.
13
For example, nag-upload ka ng picture mo sa facebook na naka-JPEG format, ang presentation
layers sa network ni Facebook (or mga servers ni Facebook) ay nauunawaan na picture ang
iuupload mo dahil naka-present ito as JPEG format.
Please take note na ang mga OSI layers from sending device ay may katapat din na
corresponding layers sa receiving device. Each layer ay nag-uusap usap layer to layer. Ibig
sabihin ang presentation layer ni sending device ay nakikipag-usap or nakikipag-communicate
lang sa presentation layer ni receiving device.
5. Session layer
Ang session layer naman ang concern sa pag-eestablish at pagte-terminate ng connection

between two communicating devices. Sinisigurado muna ni session layer ng sending device na
available ang session layer ng receiving device at ready makipag-communicate.
Gumagamit ito ng "timer" upang makasigurado na ready sa communication ang both devices.
Kapag naman merong error or naputol ang communication, sinusubukan din ni session layer na
ire-establish ang connection.
Minomonitor niya rin ang connection at once complete na, ang session layer din ang nag-
teterminate ng connection.
4. Trasport layer
Ang transport layer naman ng OSI model ang naka-talaga sa flow control ng data. Ito rin ang
nagche-check ng error at nagre-recover ng data between two communicating devices. The two
common example of transport layer ang TCP (Transmission Control Protocol) at UDP (user
Datagram Protocol).
Pano naman ito gumagana? Kagaya ng example natin kanina, sabihin natin nag-upload ka ng
picture sa Facebook. Bago ito mag-appear sa timeline or sa wall mo, unti-unti muna itong
kinokopya galing sa computer or cellphone mo papunta sa server ni Facebook.
At sa process ng pagkopya or pag-upload mo ng picture, hindi itong isang bigla lang. Segment
by segment itong na-uupload or nakokopya sa Facebook. Let's say ang picture mo ay HD, at
ang size nito ay 5MB. Hindi isang bigla napupunta or na-uupload ung 5MB mong picture.
Pwedeng sa unag 5 seconds, 500KB muna ang nakopya, then sa sumunod na 15 seconds 1MB
then 2MB and so on. Kapag nakopya na lahat, si transport layer din ang bahalang magre-order
ng data kung hindi man ito na-receive in order ng receiving device.
Ico-confirm rin ng transport layer ng receiving device kay transport layer ng sending device na
data has been received successfully. Ganito umiikot ang main function ni transport layer.
3. Network layer
Ang network layer naman ang naghahandle ng logical addresses (IP address) na ginagamit ng
mga routers para ma-determine ang path from sending device to the receiving device.
14
Using the source and destination IP addresses, nalalaman ng mga routers kung san ibabato or
kung saan padadaanin ang data or "packets" from the source to the destination.
Dito pumapasok ang mga "routing protocols" gaya ng static route, EIGRP, OSPF at BGP. Idi-
discuss natin yan in the future.
2. Data Link layer
Ang data layer or "layer 2" ay concern sa destination sa local network. Kung ang "layer 3" or
network layer ang nagha-handle ng logical address or IP address, ang layer 2 naman ang
bahala sa physical address or "mac address".
Kapag naipadala na ni network layer ang packets or data sa destination network, si layer 2 na
ang bahala kung kanino mismong device or kung sang local destination ito dadalhin.
Ang packets from layer 3 ay ini-encapsulate niya into "frame" at nag-aadd siya ng header
containing the source and destination MAC addresses to let the device communicate properly.
Ang Data Link layer ay nahahati sa dalawang sub-layers:
A. LLC (Logical Link Control) - ito ang sub-layer na ginagamit ni layer 2 sa error detection
at flow control
B. MAC (Media Access Control) - ang sub-layer naman na ito ay para sa hardware
addressing and controlling the access. Itong sub-layer na ito ang naghahandle ng
physical address ng mga device known as the "MAC address". Remember that the mac
address is physical address which is burned into the NIC or communication card ni
device from its manufacturer.
1. Physical layer
Ang physical layer ng OSI model naman ang nagde-define ng physical transfer ng "bits" into the
network. Ito ang concern sa details ng connectors at network interface cards kung papaano ito
makaka-pagsend at makaka-receive ng bits from the other end. Dito pumapasok ang NIC,
network cables, voltage levels etc.
Para mas madaling matandaan or makabisado ang 7 layers of the OSI model, tandaan lang
natin ang acronym na Please Do Not Throw my Sausage Pizza Away.
Ang mga highlighted letters ay nagco-correspond din sa starting letters ng mga layer ng OSI
model from layer 7 to layer 1. Mahalaga na matandaan natin ito dahil ito ay foundation ng
networking at kasama rin ito sa mga tanong sa CCNA exam.
15
How the OSI model works
Bukod sa nga function ng bawat layer na nabanggit natin sa taas, susubukan pa natin
ipaliwanag kung pano ito gumagana in real world. Para mas maintindihan pa natin kung pano
gumagana ang OSI model, meron akong ginawang sample image. This is what happening
when a sending device is communicating to the receiving device through OSI model.
Katulad ng nakikita niyo sa sample image natin, the layers is arranged from top to bottom na
nagsisimula sa layer 7 to layer 1. Kapag ang sending device ay makikipag communicate or
magse-send ng information to other device, it goes from top to bottom din or layer 7 to layer 1.
Ang tawag dito ay encapsulation.
Ang encapsulation ay ang proseso kung saan naga-add ng mga kaukulang impormasyon ang
bawat layer ng OSI model para maintindihan or maunawaan ng katapat na OSI layers ng
receving device.
Pagpasok naman ng data or information sa OSI layers ng receiving device, it goes from bottom
to top starting in layer 1 to layer 7. Unti-unti namang inaalis ng katapat na layer sa receiving
device ang mga kaukulang impormasyon na inilagay or idinagdag ng OSI layers galing sa
sending device. Ang tawag naman sa prosesong ito ay decapsulation.
Okay mga idol, ito ang main concept kung pano gumagana ang OSI model. Hopefully
naliwanagan kayo at kahit papano ay nadagdagan ang inyong kaalaman. Mahalaga na
maintindihan natin ito dahil isa ito sa mga foundation ng networking. Hanggang sa susunod. :)
Lesson 3: TCP/IP model explained.
Nung nakaraan pinag-usapan natin ang about sa OSI model. Ang mga functions ng bawal
layers at kung papano ito gumagana in the real world. You can check back here kung hindi n'yo
pa ito nababasa. Hopefully nakatulong ito sa mga nagsisimula pa lamang.
Today, ang idi-discuss naman natin ay ang TCP/IP model. Let's go!
16
What is TCP/IP model?
Ang TCP/IP model ay isa ring standard ng communication. Ito ay naimbento noong 1970 ng
Defense Advance Research Project Agency (DARPA). Kagaya ng OSI model, ang TCP/IP
model ay isa ring guidelines sa pagde-design at pag-iimplement ng mga computer protocols.
Pero hindi katulad ng OSI model, ang TCP/IP model ay meron lamang apat na layers. Ito ay
ang Network Access/Link, Internet, Transport, and Application.
Kagaya din ng OSI model, ang TCP/IP model ay nagtatakda ng mga functions kung pano
"makakapag-usap usap or magkikita-kita" ang mga communicating devices kahit ito ay galing
pa sa iba't ibang manufacturer. Sa pagsunod sa TCP/IP model, almost every device can
comminicate to each other by properly implementing the necessary protocols.
Sa ngayon, ito na ang karaniwang ginagamit ng standard ng communication. Mostly ang OSI
reference model ay obselete na.
How the TCP/IP model works?
Para mas maintindihan pa natin kung papano gumagana ang TCP/IP model, let's have a short
discussion. Sabi ko nga, halos kapareho lang din ang process or "flow of data" ng TCP/IP
model sa OSI model. Yun nga lang, naka-group na ang ibang layers into one layer or function
dahil sa TCP/IP ang unang 3 layer ng OSI ay iisa lamang din ang function in general.
Kagaya din ng OSI model, ang TCP/IP model ay nakikipag-communicate from layer to layer
galing sa sending device to the receiving device. Ibig sabihin, ang application layer ng receiving
17
device ay naiintindihan lamang ang "data" na galing sa application layer ng sending device.
Ganun din sa ibang layers.
Kagaya ng example image natin sa itaas (taken from wikipedia), ipinapakita dito kung papano
nangyayari ang communication from sending device to the receiving device. Nakakapag-
communicate ang dalawang hosts ng layer to layer (application layer) sa tulong na rin ng ibang
mga lower layers.
Dito sa TCP/IP model, ang upper 3 layers ng OSI model ay pinag-isa na lamang (application,
presentation and session).
The 4 layers of TCP/IP model
Let's give a quick grasp sa mga layers ni TCP/IP model. Kagaya nga ng nabanggit ko mga idol,
hindi naman nagka-kalayo ang mga functions ng layer ni TCP/IP model sa mga layers ni OSI
model. Although apat lang ang layers ni TCP/IP, ang kung ico-compare natin ito kay OSI halos
pareho lang din sila, naka-group nga lamang ang kay TCP/IP model.
4. Application layer
Ang application layer ng TCP/IP model ang concer sa mga protocols na ginagamit ng mga
applications. Kasama na dito ang format at pagtatakda ng mga sessions. So kung baga, ung
layer 5-7 ni OSI, pinag-isa na lamang dito sa TCP/IP model. At kagaya nga ng nabanggit natin,
18
ang application layer ng sending device ni TCP/IP model ay may katapat din na
application layer sa receiving device.
3. Transport layer
Ang transport layer ni TCP/IP model ang concern din sa flow control at error-checking ng data.
Kagaya din ng sa OSI model ang TCP at UDP ang 2 karaniwang example ng protocol na
nabibilang dito sa transport layer ni TCP/IP model.
2. Internet layer
Internet layer naman ang katapat ng layer ng Network layer from OSI model. Kagaya ng
network layer ni OSI, si internet layer din ang bahala sa logical addressing at path determination
ng data galing kay sending device papunta kay receiving device.
1. Network access or Link layer
Ang pinaka-unang layer naman na ito ni TCP/IP model ang katapat ng first 2 layers ng OSI
model (physical ang data link layers). Dito din pumapasok ang physical addressing ang physical
connectivity gaya ng mga wiring at voltages etc.
Alright mga idol, hopefully nabigyan ko kayo ng kaunting kaalaman sa article na ito. Kagaya nga
ng nabanggit natin, halos wala naman pinag-kaiba sa functions ng mga layers sina OSI at
TCP/IP model.
In terms of number of layers ang layer name lang at syempre sa TCP/IP model almost naka-
group ang functions ng mga layers na halos same lang din naman ang ginagawa.
Although halos pareho lang sila, mahalaga na malaman ito para aware tayo at isa pa kasama
din ito sa exam ng CCNA.
Alright so hanggang dito na lang muna. Kita-kits sa susunod. :)
Lesson 4: Understanding Ethernet technology
Welcome back mga idol. Today, on this lesson, ethernet technology naman ang pag-uusapan
natin. Sabi ko nga sa mga naunang articles, start tayo sa basics para mas maunawaan at
maintindihan muna natin ang foundation ng networking.
After nito, saka natin ita-tackle ang mga topic about sa Cisco. Makakatulong ang mga basic
knowledge na ito para maintindihan ninyo ang concept of networking. Let's go!
Ang ethernet technology ang karaniwang technology or standard na ginagamit for LAN (local
area network) today. Ito ang nagde-define ng wiring and signaling for the Physical layer of
the OSI model.
19
Ethernet technology is describes as IEEE 802.3 standard. Gumagamit ito ng Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) method at kaya nitong isupport ang speed
na up to 100 Gbps. It can use coaxial, twisted pair and fiber optic cables. Ang ethernet
technology din ay gumagamit ng frames (layer 2 information) with source and destination MAC
addresses to deliver data.
Sa madaling salita mga idol, ang ethernet ay isa lamang "paraan" or standard kung paano
nakakapag-communicate ang mga networking devices. Nagtatakda din ito ng mga rules and
"codes" kung papaano makaka-pag-usap usap ang mga magkaka-ibang networking devices
specifically in local area connection.
Pero hindi katulad ng OSI model or TCP/IP model, ang ethernet technology ay bale kabuuan ng
isang local area network. Sakop nito ang OSI model pati ang TCP/IP model. Ito ang concern
kung papaano mag-tratravel ang data from one PC to another device or another PC.
Or kung papaano magno-notify ang isang PC na magse-send siya ng data at papaano naman
mag-aadvise ang isang PC na magre-receive siya ng data.
For example, before kasi talagang maging advance ang ethernet technology, sa isang network
or group of computers noon, hindi pwedeng sabay-sabay mag-send or mag-receive ang mga
network devices.
Ang mga computers ay connected lamang sa isang "line of connection" usually called "single
shared physical bus" then may limit ang haba ng wire, before it was coaxial cable. So bago
makapag-send ng data ang isang device, mag-aadvise muna siya or mag-checheck kung
walang ibang device ang nag-papadala ng data or information.
Ganun din sa pag-receive. Or para mas madali natin maintindihan, dahil nga sa CSMA/CD na
ginagamit ng ethernet technology, naiiwasan ang collision at nagiging smooth ang network
communication.
Pero since advance at marami ng natuklasan technology ngayon, it can happen na pwede ng
mag-send at mag-receive ng data ang isang device simultaneously. Idi-discuss natin ang mga
ito sa susunod.
Kagaya nga ng nabanggit natin sa taas, meron sya collision detection para maiwasan ang
collision or "pagru-rumble" ng mga data. Na-oorganize ang pag-send at pag-receive ng
information or data sa pamamagitan ng ethernet technology using CSMA/CD.
2 Ethernet Technology Network Elements
Sa ethernet technology, meron tayong dalawang major network elements. Ito ay ang mga
sumusunod:
1. Data terminal equipment (DTE)
20
Ito ay ang karaniwang mga "sender or receiver" ng information. Basically, ito rin ay mga
karaniwang "end devices" kung saan galing or let say papunta ang data or information na ating
ise-send. Ang ilang halimbawa dito ay ang mga sumusunod: PC, server, printers at iba pa.
2. Data communication equipment (DCE)
Ang pangalawa naman ay ang tinatawag nating DCE. Ito naman ay ang mga intermedate
devices na nagsisilbing "connectors" ng mga end devices sa isang network.
Kung baga, ang mga DCE ang concern sa pagdudugtong-dugtong ng mga connections ng
bawat devices. Ang halimbawa naman ng mga DCE ay ang mga network interface card,
modem, switch, router at iba pa.
Ok mga idol, sana ay naintindihan ninyo ang basic ng ethernet technology sa maiksing article
na ito. Sa susunod na article, idi-discuss naman natin ang basic ng network cabling at network
speeds na related pa rin dito sa ethernet technology.
Lesson 5: Basic of network cabling
On this lesson idol, ang basic naman ng network cabling ang ating pag-uusapan. Mahalaga din
na maintidihan natin ito dahil malaki ang maitutulong nito sa ating CCNA career. Dadaanan
lamang natin ang mga ito para magkaroon tayo ng idea, para makapag-simula na tayo sa ating
mga lessons about Cisco.
Types of network cabling
Basically meron tayong 3 common types of network cabling sa ethernet technology. Ito ay ang
mga sumusunod: coaxial, twisted pair, and fiber-optic cabling.
Usually karaniwang ginagamit ang twisted pair sa LAN pero sa malalaki at advance na mga
network, fiber-optic cabling ang ginagamit nila. Let's see kuna papaano sila nagkaka-iba iba.
1. Coaxial cabling
Ang isang coaxial cable ay merong "inner conductor" sa loob ng kanyang wire. Nababalutan ito
ng iba't ibang layer ng insulator na nababalot din ng ibang conducting shield.
This type of cabling comes in two types, thinnet and thicknet. To give you an idea how does it
look like, ito ang image na galing sa wikepedia.
21
Coaxial cable have a maximun transmission speed of 10Mbps. Before ito ang ginagamit sa
internet at network access pero gaya nga ng nabanggit natin, mostly twisted pair or fiber-optic
na ang sikat ngayon.
2. Twisted-pair cabling
Ang twisted-pair cable naman ay mayroong 4 pair of wires. The four main colors are orange,
blue, green and brown. Then each of the wire is naka-twist sa isang white wires. The wires are
twisted around each other para maiwasan ang crosstalk at outside interference.
Gaya nga ng nabanggit natin kanina, ito na ang karaniwang nakikita natin sa mga home at
small network ngayon. Karaniwang ginagamit din ang twisted-pair cable sa linya ng mga
telephono.
Makikita ninyo sa example image natin sa baba ang isang unshielded twisted-pair cable with
different "twist rates". The image is taken from wikipedia.
22
2 types of twisted-pair cabling
 Shielded twisted pair

 Unshielded twisted pair
Ang pinag-kaiba nitong dalawang klase ng twisted-pair cable ay ung shielded twisted-pair
merong additional layer of insulation to protect the data from outside interference.
Makikita n'yo rin dito sa table natin sa ibaba ang karaniwang mga twisted-pair cables. Kasama
na ang descriptions and applications ng bawat cable. This photo is taken from wikipedia.
To make it short, ang karaniwang ginagamit natin sa computer networking ay ang 3 UTP
categories:
 CAT5 - 100mbps
 CAT5E - 1000mbps
 CAT6 - more than 1000mbps
The EIA/TIA standards
Sa network cabling, meron tayong tinatawag na EIA/TIa standard. Ito ay isang set ng
telecommunication standards set by Telecommunications Industry Association (TIA), an
offshoot of the Electronic Industries Alliance (EIA).
Ang standards na ito ang nag-aaddress sa mga commercial building cabling for
telecommunications products and services.
Ang EIA/TIA standards din ang nag-define ng T568A at T568B standards.
23
T568A
Ang mag-kabilang dulo ng wire ay naka-ayos kung papaano naka-ayos katulad sa kabilang
dulo. Halimbawa sa isang twisted-pair cable, ang pins or wire 1 - 8 sa isang dulo ay naka-ayos
din at katulad ng pagkaka-sunod sunod ng pins or wire sa kabilang dulo.
T568B
Dito naman sa T568B, naka-swap ang pair 2 and 3. So sa madaling salita, ung 2nd and 3rd
pins or wire ng T568A ay naka-swap naman sa mag-kabilang dulo.
To give you more detailed, please see the image below taken from wikipedia.
3 types of UTP implementation
1. Straight through
Ito ay ginagamit sa pag-connect ng different devices. T568A then T568A din sa kabila or T568B
then T568B din sa kabilang dulo. See image above courtesy of groundcontrol. Example: PC to
Switch, Switch to Router.
24
2. Cross-over
Cross-over cable naman ang ginagamit sa pag-connect ng "same devices". Halimbawa, Switch
to Switch or PC to PC. So ang diskarte ng cable nito ay T568A then T568B sa kabilang dulo or
vice versa. See above example from groundcontrol.
3. Roll-over
Ito naman ang karaniwang ginagamit na cable sa mga console cable. Halimbawa, mag-
coconnect ka sa router through console or coconnect ka sa switch through console port.
Ang mga console cable ay naka-roll over. Ibig sabihin, ung T568A ay naka-baligtad then sa
kabilang dulo ay T568B. Yung pins 1 - 8 ay katapat naman ng pins 8 - 1 sa kabila.
3. Fiber cabling
Last sa ating basic network cabling topic ay ang fiber. Sa mga malalaking network at advance
na network, usually fiber optic cable na ang karaniwang ginagamit. This type of cabling uses
optical fibers to transmit data in the form of light signals.
Ang fiber optic cabling ay kayang mag-support ng mas mahabang linya at malayong distance
kesa sa mga network cabling na nabanggit natin sa taas. Immune din ang fiber cable sa
electromagnetic interference kaya malaki ang pinag-kaiba ng speed at quality ng
communication. Ito na ang pinaka-magandang uri ng network cabling so far pero ito rin ang
pinaka-mahal ang presyo.
Sa example image natin sa baba, makikita n'yo ang halimbawa ng isang fiber optic cable. Photo
taken from wikipedia.
25
2 types of fiber optic network cables
 Single mode fiber - uses only a single ray of light to carry data. Ito ay mas mabilis pero
syempre mas mahal.
 Multi mode fiber - uses multiple rays of light to carry data. Mas mura kesa sa single
mode fiber kaso hindi kasing bilis ng data transfer ng single mode fiber.
Alright mga idol, medyo naging mahaba ng lesson natin ngayong araw. Hopefully, naunawaan
at naintindihan n'yo ang basic at foundation ng network cabling.
Malaki ang maitutulong nito sa ating CCNA at Cisco career. Until next lesson.
Lesson 6: Understanding common networking devices and their functions
Ngayon pag-uusapan naman natin ang mga common networking devices and their functions. Ito
ay para mas maintindihan natin kung pano sila gumagana at ang mga roles nila sa computer
networking. Malaki rin ang maitutulong nito sa ating CCNA journey dahil ito ang magiging
foundation ng knowledge natin sa CCNA.
Ang mga common networking devices na ito ang makaka-salamuha natin sa ating CCNA
career kaya malaking tulong na maintindihan natin ang basic functions ng mga ito. Medyo
mahaba-habang kwentuhan 'to mga idol kaya simulan na natin.
Common networking devices and their functions
1. Hub
Ang mga hubs ay sinaunang networking devices na nagsisilbing "central point" kung saan ang
mga hosts or end devices ay naka-connect. Ito ay nag-ooperate sa layer 1 ng OSI layers. Sa
panahon ngayon, bihira na ang gumagamit ng mga hubs lalo na sa malalaki at mga advance na
mga company.
26
Maituturing na rin itong obselete dahil nga may mga mas bago at advance na networking
devices na lumabas. Tinatawag din multi-port repeater ang mga hub. Image source: Wikipedia.
How hub works in computer networking?
Kagaya nga ng nabanggit, ang hub ay nagsisilbing central point kung saan ang mga hosts or
end devices ay naka-connect. Sabihin natin na ang isang hub ay naka-connect sa router mula
sa ating ISP, then ang mga PC at iba pang devices ay naka-connect naman sa hub.
Ang mga hubs ay hindi nag-proprocess or nag-aanalyze ng traffic at ipinapadala lamang nito
lahat ng traffic sa LAHAT ng ports nito maliban sa source port. Ibig sabihin, lahat ng devices na
naka-connect sa hub ay makaka-receive ng traffic kahit hindi naman ito para sa kanila.
Karaniwan din sa mga hubs ay nag-ooperate lamang sa half-duplex. Ibig sabihin, kagaya nga
ng pinag-usapan natin noong nakaraan about network cabling, hindi pwedeng sabay na
magsend at magreceive ng traffic or data ang isang device. It's either sending muna or
receiving muna pero hindi pwedeng sabay. Isa pang dis-advantage ng hub ay meron lamang
itong isang collision domain.
Ang collision domain ay isang grupo ng mga devices kung saan pwedeng mag-collide or
mag-rumble ang mga frames or traffic. Ang hub ay isang malaking collision domain at lahat ng
devices na naka-connect dito ay member ng naturang collision domain.
2. Switches
Kagaya ng hubs, ang mga switches ay ginagamit din upang mag-connect ng iba't ibang end
devices. Karaniwan itong ginagamit upang ma-distribute ang local area connection sa mga PC
and other devices. Ngayon meron na ring mga advance switches gaya ng mga layer 3 switches,
pag-uusapan natin yan in the future.
Hindi kagaya ng mga hubs, ang mga swithces ay nag-ooperate sa layer 2 ng OSI layers. Ibig
sabihin, may kakayahan ang mga switches na mag-analyze ng traffic at gumawa ng intelligent
decision kung saan lamang ito nararapat ipadala. Maaring ipadala ito sa specific port or
destination port lamang or maari rin naman na sa lahat ng port.
Pag-uusapan natin ito pagdating sa switching topics in the future. Image source: Cisco.
27
Isa pang kagandahan sa mga switches ay bawat port nito ay isang collision domain lamang.
Kung ang hub ay isang malaking collision domain at bawat devices na naka-connect dito ay
member ng naturang collision domain, iba naman sa mga switches. Pagdating sa switch, bawat
PORT or INTERFACE ay isa lamang collision domain. Ibig sabihin, kung meron kang 48 ports
na switch, 48 collision domain ang meron ito. Dahil dito, naalis na ang posibilidad ng magkaroon
ng collision.
Hold on! There's more. Ang isang switch ay isa namang malaking broadcast domain. Ibig
sabihin, lahat ng ports nito ay member ng naturang broadcast domain.
Ang broadcast domain ay grupo ng mga devices na pwedeng maka-receive ng broadcast.

Ang broadcast naman ay ang proseso ng pagpapadala ng switch ng frames or traffic sa lahat
ng member ng broadcast domain nito or sa lahat ng kanyang ports.
Minsan tinatawag din multi-port bridge ang isang switch. Ang mga switches din ay nag-ooperate
ng duplex mode. Ibig sabihin, pwedeng sabay na mag-send at receive ang isang devices na
connected dito.
How switches works in networking?
Sa sample image natin sa itaas, ipinapakita ang basic function ng isang switch. Let me explain.
Let say si host A ay gustong maki-pagcommunicate kay host G, so mag-sesend ng request si

host A and when the packet arrives at the switch, the switch look at the destination mac-address
(which in case ay mac-address ni host G).
Isesearch ngayon ni switch sa kanyang mac-address table kung saan ang location (port) ni host
G at ipapadala lamang nito ang frames or traffic sa destination port na iyon. Kung wala sa mac-
28
address table ni switch ang mac-address ni host G, saka n'ya lamang ito ipapadala sa lahat ng
ports nya at ito ang tinatawag na broadcast.
Ganito ang nangyayari kapag bago pa lamang mag-cocommunicate si host A papunta kay host
G.
Host A: Kelangan kong maka-usap si host G, eto ang details n'ya. Ifo-forward n'ya ito ngayon sa
port or interface papunta sa switch kung saan s'ya naka-connect.
(Since si switch ay layer 2 device sa ating OSI layers or TCP/IP layers, mac-address
information ang ina-analyze at pina-process n'ya.)
Switch: Ok host A, base sa aking mac-address table, si host G ay nasa port or interface 16 ko.
Let me send your request to it (assuming na naka-pagcommunicate na si host G kay host A or
sa ibang devices before).
Pero kung hindi pa, ganito ang nangyayari.
Switch: Host A, wala sa mac-address table ko si host G, let me ask all of my ports/interfaces
except you (so mag-sesend si switch ngayon ng broadcast message sa lahat ng kanyang ports
maliban sa port ni host A). Sabi ni switch sa kanyang mga ports, hey guys sino sa inyo ang may
mac-address na ganito (xxxx:xxxx:xxxx)?
Lahat ng ports ay makaka-receive nito pero tanging ang may mac-address lamang na
(xxxx:xxxx:xxxx) ang sasagot which is host G.
Host G: Hey switch ako yan! Let me talk to host A.
Idadagdag ngayon ni switch sa kanyang mac-address table ang mac-address ni host G para sa
susunod na may maki-pagcommunicate dito alam na n'ya kung saan ipapadala agad ang
frames or traffic. And the process repeat para sa ibang mga ports at devices sa switch.
What is mac-address table?
Ang mac-address table sa madaling salita ay ang listahan ni switch ng lahat ng mac-addresses
na connected sa kanyang mga ports. Ginagamit ito ni switch sa pagdedesisyon kung saan nya
ipapadala or ifoforward ang frames or traffic.
Bawat mac-address ng devices na nagsesend ng frames kay switch ay inililista or idinadagdag

nya sa kanyang mac-address table kasama kung saang port siya connected. Sa paraang ito,
natatandaan ni switch kung kanino galing at kanino ipapadala ang mga frames or packets.
The picture below shows a sample of mac-address table from our switch.
29
3. Routers
Ang router naman ay ang networking device na nag-ooperate sa layer 3 ng OSI layers. Ito ang
concern sa pagro-route ng packets from one network to another.
Kagaya ng mga swithces, meron din capabilities ng mag-analyze at mag-filter ng traffic ang
mga routers.
Dito ibinabase ng mga router ang decision nila kung papano nila ipapadala ang packets from
source network to the destination network. Image source: Cisco ASR routers.
Kung ang isang switch ay isang malaking broadcast domain, sine-segragate naman ng router
ang broadcast dahil ang isang PORT or INTERFACE nito ang siya lamang member ng naturang
broadcast domain. Ibig sabihin, isang port lang ng router ang pwedeng maka-receive ng
broadcast galing sa switch.
30
How router works?
Kung ang mga switches ay concern sa mac-addresses ng mga devices na connected sa port
nito, ang mga routers naman ang concern sa IP addresses ng mga devices. Kagaya nga ng
nabanggit ko kanina, ito ay nag-ooperate sa layer 3 ng OSI layers.
Ginagamit ng router ang IP address information para malaman niya kung saan iro-route or
ipapadala ang packets.
Kung merong dalawang devices na nasa magka-ibang network at gustong mag-communicate,

kakailanganin ng isang router or layer 3 device para mai-route ang packet mula sa source
papunta sa destination.
Magbigay tayo ng halimbawa.
Sa sample image natin sa taas, meron tayong dalawang network (Accounting and Engineering).
Paki-ignore muna yung mga IP addresses, we will discuss about them in the next articles.
So bago maka-pagcommunicate si host A kay host F, since mag-kaibang network sila,

kinakailangan natin ng router or layer 3 device para mai-route ang mga packets papunta sa
Engineering network (192.168.2.0/24) galing sa Accounting network(192.168.1.0/24).
In a nutshell, ganito ang nangyayari. Si host A magsesend ng request kay switch na gusto niya
maki-pagcommunicate kay host F. Si switch naman, titingnan niya ngayon sa mac-address
table niya kung nakalista ang mac-address ni host F.
Kung nakapag-communicate na sila before, nakalista na ito sa mac-address table ni switch at

alam na niya na ipapadala niya ito sa port or interface kung saan naka-connect si router (see
how switch work).
Ganito naman ang nangyayari pagdating sa router.
31
Host A: Kelangan ko maka-usap si host F. Pano s'ya puntahan?
(Since ang mga router ay nag-ooperate sa layer 3, IP address ang tinitignan nila).
Router: Ok host A, let me check my routing table kung pano ka makaka-pag communicate kay
host F. Patingin ng IP address n'ya pati na rin IP address mo.
Kung ang destination IP address or IP address ni host F ay nasa routing table ni router,
ipapadala ni router ang packet sa interface na associated sa network na iyon. In this case,
another switch papunta kay Engineering network.
Router: Base sa aking routing table, ang IP address ni host F ay nasa network 192.168.2.0/24.
At base sa "routing protocols" na naka-set sakin, makakarating ka doon via EIGRP. Let me
send your request to that now (pag-uusapan natin ang mga routing protocols in the future).
Marereceive ng switch sa Engineering network side ang request at mauulit kung papaano
gumagana ang isang switch. Ichecheck ni switch (Engineering network side) ang mac-address
ni host F sa kanyang mac-address table at ipapadala n'ya ang request kung saang port ito
connected.
Kung walang route na naka-set sa routing table ni router papunta kay host F or kay Engineering
network maaring idrop ni router ang packet or depende sa naka-set na configurations.
What is routing table?
Okay, since ilang beses nating nabanggit ang salitang routing table, let me explain what it
means. Kung ang mga switch ay may mac-address table na ginagamit nila sa pag-analyze ng
frames at pag-dedecide kung saan ito ipapadala, ang mga router naman ay may routing table
na listahan ng mga "routes" kung aling mga networks or destination siya pwedeng makipag-
communicate at mag-send ng packets.
Ang mga routes ay pwedeng manually configured sa mga router or pwede ring "dynamically
learned" via routing protocols. Ididiscuss natin ang mga ito sa future articles.
Here's an example of a routing table.
32
4. Firewall
Ang firewall ay isang security device or software application na ini-install mostly sa borderline ng
isang secured network. Chine-check nito at sinasala nito ang incoming at outgoing network
communication.
Ang firewall din ang nagsisilbing first line of defense from the outside attack in a given network.
Sabi nga natin since critical ang network lalo na sa mga malalaki at high-end na businesses,
importante na secured at malinis ang ating network.
In a nutshell, si firewall ay nag-boblock ng mga unwanted traffic palabas at papasok sa ating

network kasama ang kanilang mga ports.
Let say for example, sa borderline ng isang network papasok at palabas ng internet, sinasala at
dumadaan ito karaniwan sa firewall para i-allow or i-deny ang specific traffic.
See image below for illustration.
Logically, kung magba-based tayo sa flow ng traffic, most of the time ang setup is ganito:
User <switch> <router> <firewall> <<<INTERNET>>>
Yan ay karaniwan sa devices facing internet or facing other company or organization na naka-
connect sa isang given network.
In most cases, si firewall ay nagfu-function based on a policy. And then si policy naman ay
binubuo ng mga set of rules. Tapos ang rules naman ay naglalaman or nag-titrigger ng action
na kelangan gawin once a given situation or criteria is met.
Example: Let say gusto natin i-block ang mga empleyado ng access sa isang website, example
facebook. So we can set a rule for that and then create a policy to push or run sa ating firewall.
Basically, parang ganito ang magiging logic niya.
33
Rule Name: Deny_FB
Condition: From inside <employee subnet> to outside <facebook.com> port 80 deny
That's just an analogy pero when setting up rules and policy medyo marami pang bagay ang
ginagawa at kailangan. So on that sample analogy, kapag inimplement natin yan sa firewall,
ibo-block niya yung subnet ng employee when accessing facebook via port 80. Mostly IP
address ang mga nilalagay at hindi domain or website name.
Ang firewall rules ay karaniwang binubuo ng mga sumusunod:
Source - IP or Subnet or combination of both kung saan manggagaling yung traffic
Destination - IP or subnet naman kung saan papunta or destination nung traffic
Service - karaniwang binubuo ng mga ports of a given service or application (Ex. http = port 80,
https = port 443 etc.)
Action - ito naman yung ma-titrigger if na-meet yung naka-set na criteria na binubuo ng source,
destination at ports. In most cases, this is to allow or deny that traffic.
Here’s another sample representation of firewall operations.
As you can see idol, hindi naman mahirap intindihin based on the diagram. Again, rules and
policy are exists on the firewall para ma-check ang outgoing at incoming connections sa ating
network.
Since ang firewall ay hindi naman talagang kasama sa CCNA exam at sa role ng CCNA, hindi
na natin papahabain pa. I just explained the basic and fundamentals para magka-idea kayo
kung ano at san ginagamit ang firewalls.
I hope you now have the basic understating about firewalls. Let's move on to the next.
34
5. Load Balancers
Si load balancer naman as the name implies is nag-aact to balance the load of the application to
a server or group of servers. Ang main purpose ng load balancer is to distribute the traffic and
requests to a certain destination. Let's have an example.
Sa ating sample image sa taas, makikita niyo na meron tayong meron tayong Big-IP LTM load
balancer. Ito ay isang device or product ni F5 Networks Inc. na karaniwang ginagamit na load
balancer sa mga corporate at malalaking network (ito rin ginagamit namin sa company).
So let say sabihin natin na meron tayong self-hosted website sa loob ng ating company. Self-
hosted means tayo ang nag-hohost at nag-mamaintain ng website pati mga servers nito. And let
say ito ay publicly available, example nalang website ng company mismo like
www.companyA.com.
Since maraming users and connections ang gumagamit or kumokonek sa ating website, most
likely mahihirapan ang ating server kung ito ay iisa lamang.
Pwedeng hindi kayanin ang traffic or requests at ito ay magdown. In this case, nagdadagdag ng
mga servers at naglalagay ng load balancer para i-load balance or i-distrubute ang traffic sa
mga naturang servers.
So basically, each request and connection from outside is evenly distributed or depende sa
gustong setup pwedeng 10 connection sa 1st server then 5 sa sumunod then ganun ulit or
pwede rin 20 request sa high end servers and then 5 sa mga medyo luma na. etc. Meron mga
settings na pwede i-configure para ma-cuztomize ang paglo-load balance.
Gaya ng sample setup natin sa taas, all requests or connection para sa website or web servers
is dadaan muna sa load balancer and then si load balancer ang bahala kung papano niya
mababalance ang traffic base sa configuration na naka-set sa kanya.
Ang common setup is sa IP muna ni load balancer papasok lahat ng requests, and then sa
behind that load balancer meron naka-setup na server or group of servers na pagpapasahan
35
niya ng naturang requests or connections. May kakayahan din siyang magre-direct at mag-filter
ng traffic or even to block a certain connection.
Again ang logical setup is: users <> load balancer <> server/servers
Ganito ang ginagamit ng malalaking company at website owners na nag-hohost mismo ng sarili
nilang mga application at services.
Take note mga idol ha, ang load balancers is pwede rin gamitin internally. Configuration values
lang ang maiiba gawa ng mga IP etc. pero the function is still the same.
6. Proxy Server
In a nutshell, si proxy server naman is just another computer, device or software na karaniwang
ginagamit to filter web content, to screen downloads or uploads at pwede rin gamitin to become
anonymous when accessing a certain network or in the internet.
It acts like a separate security device from the firewall or pwede rin naman na within the firewall
na siya as a separate application.
In most cases, ginagamit natin si proxy server in screening or filtering content sa internet.
For example, mga content gaya ng video streaming or torrent, by using proxy server pwede
natin i-block lahat ng mga yun thru proxy server. Sabi ko nga it's like another security device in
your network.
Here’s a sample proxy server setup and concept.
So basically before all traffic goes out sa ating router and firewall, nafi-filter na ito with our proxy
server.
I hope nakatulong ang article na ito upang maintindihan n'yo ang mga common networking
devices and their basic functions.
36
On the future lessons, pag-uusapan naman natin kung papano natin sila ima-manage lalong
lalo na ang mga Cisco devices.
For now, focus muna tayo sa mga basic at foundations ng computer networking upang sa
ganon ay mas maging ready tayo sa mga future CCNA topics and advance lessons.
Lesson 7: Understanding the basic of network speed and topology
Siguro karamihan ay familiar na or may background na sa network speed and topology topics
pero para sa mga wala pa, ito ay para sa inyo.
Basic Understanding of Network Speed
Kapag pinag-usapan ang network speed, madalas nating naririnig ang mga terms na bits, bytes,
megabits etc. Ito ang mga batayan or sukatan ng speed sa network.
So let's take a look sa basic meaning ng mga terms na ito para mas maintindihan natin.
Bit
Ang bits ang pinaka-maliit na amount or piece of data that a computer can process. It's always
either a 0 or a 1. On or off, yes or no. Kapag pinagsama-sama natin ang mga bits, we will get a
byte.
Byte
Ang isang byte ay katumbas ng 8 bits. Or in binary term, katumbas ito ng 8 pieces of 0s and/or
1s. Makakatulong ito lalo na pagdating natin sa IP address topics in the future.
Kadalasan, ang karaniwang naririnig natin kapag network speed or internet speed ang pinag-
uusapan ay ang mga term na kilobits/kilobytes or megabits/megabytes. Ang mga ito ay
kombinasyon lamang ng mga speed na nabanggit natin sa taas. Ito ang simpleng paliwanag
para d'yan.
Kilo (K)
Ay tumutukoy sa bilang na isang libo or 1,000. So ang 1K bits or 1 kilobits ay katumbas ng

1,000 bits. 1M bits ay katumbas naman ng 1 million bits. Ang 1 kilobytes ay katumbas ng 1024
bytes.
Mega (M)
Ay katumbas naman ng isang milyong bits. So ang 1M bits ay katumbas ng 1 million bits or
approximately 125,000 kilobytes (since 1byte = 8 bits). Pero kadalasan or ang standard na
nakikita natin ay 1024 kilobytes.
37
Giga (G)
Ay katumbas naman ng isang bilyong bits. So ang 1G bits ay katumbas ng 1 000 000 000 bits
or 125,000 megabits or 125 megabytes (using 1byte = 8bits) or kagaya ng sa standard ay 1024
megabytes.
Para hindi tayo malito kapag nakakabasa or nakakakita ng mga ganito, ang ginagamit na
symbol kapag bits ay small leterrs (kb, mb or gb) then capital letters naman kapag bytes (KB,
MB or GB).
Para mas mapalawak ang ating kaalaman, ni-research ko ang mga sumusunod na table na
nagpapakita ng comparison ng mga data sizes at connection speeds. Makakatulong ang mga
ito para sa mga future lessons natin.
38
At panghuli, gaya ng pinag-usapan natin sa network cabling ito ang mga kaukulang speed ng
mga media type na karaniwang nakikita at ginagamit natin sa network.
Basic Understanding of Network Topology
Ang network topology ay ang arrangement, structure or design naman ng isang network. Ito ang
nagpapakita or nagpapaliwanag kung papano magkaka-connect ang mga devices (physical) or
kung papano dumadaloy ang data or traffic sa isang network (logical).
Ang physical topology ay yung pagkaka-ayos ng mga devices or components ng isang network
kasama na ang physical location ng mga devices pati na rin ang cable installation.
Samantalang ang logical topology naman ang nagpapakita kung papaano nga tumatakbo or
dumadaloy ang data or traffic sa isang network regardless of its physical design. Sa ibig sabihin,
hindi naka-batay sa physical na location, pagkakasunod-sunod at iba ang magiging takbo ng
data or traffic kapag logical design ang pinag-uusapan.
Common network topology model
Sabi ko nga, dadaanan lamang natin ang topic na ito para ma-refresh ang mga idea natin or
maunawaan nung ibang mga nagsisimula pa lamang.
Ang mga sumusunod ang pangkaraniwang network topology ng mga network.
39
Bus
Sa bus topology na design ng network, ang bawat devices ay connected sa isang single cable
or "single bus cable". Ang signal or data ay nagta-travel from source papunta sa lahat ng
devices na connected sa bus line na ito.
Ang malaking dis-advantage nito ay meron itong single point of failure. Ibig sabihin, kapag
nagka-issue or problema ang "bus line" kung saan naka-connect ang mga devices wala ng
alternatibong daanan para maka-pagcommunicate pa sila. Image taken from wikipedia.
Star
Sa isang start topology na design ng isang network, lahat ng mga devices or network
components ay connected sa isang central device na pwedeng hub or switch kagaya ng pinag-
usapang natin sa common network devices.
Hindi ibig sabihin ng star topology ay kailangang hugis star ang design ng isang network, as
long as ang mga end devices ay connected sa isang central device, ito ay isang star topology.
Ito ay isa sa pinaka-madali at pang-karaniwang design ng network. Ang dis-advantage din nito
ay single point of failure. Kapag nagka-problema or issue ang "central device", lahat ng devices
ay affected.
40
Ring
Ang design naman ng ring topology ay pabilog kagaya ng nakikita natin sa sample taken
from wikipedia. Sa ring topology, every device act as a repeater upang mapalakas ang signal ng
communication. Bawat device ay nag-rereceive at nag-tratransmit ng data galing at papunta sa
kasunod nilang device. Single point of failure din ang dis-advantage ng network design na ito.
Mesh
Sa isang mesh topology, bawat device ay merong redundant connection. Ang network topology
na ito ay combination ng mga naunang network topology at bawat device ay connected din sa
lahat ng device na nasa network.
Sa isang fully connected mesh topology na network, naiiwasan ang failure of connection kung
sakaling magka-problema or magka-issue ang isang device. Dahil nga fully-redundant ito,
makakapag-communicate pa rin ang ibang devices na walang problema kahit merong device na
may issue. Ito ang karaniwang ginagamit sa mga advance at malalaking network. Although
syempre, kanya kanyang variation at implementaion base sa needs at goals ng bawat
company.
41
Cisco Hierarchical Network Design
Ang Cisco ay may recommended network design or hierarchy ng topology ng isang network. Sa
pamamagitan ng design or topology na ito, mas optimize at maiiwasan ang failure of connection
ng mga devices.
Maiiwasan ang "downtime" or interuption sa network. Let's see.
Ayon kay Cisco, recommended na magkaroon ng division ang isang network into discrete layers
gaya ng nakikita natin sa larawan. Each layer or tier sa network ay may kanya-kanyang function
na nagde-define ng kanyang role sa kabuuang design ng network.
Ito ay makaka-tulong sa isang network engineer sa pag-optimize, pagpili ng mga model ng

devices at mga features nito, kasama na rin ang pagtro-troubleshoot kapag may issue sa
network.
Let's see the basic understanding of each layer.
42
Access Layer
Sa isang LAN environment, ang mga access layer devices ang nagco-connect ng mga end
devices sa network. Ang mga PC, servers, printers at iba pa ay naka-connect sa mga access
layer devices (example access switches).
Ang ilan sa mga functions nito ay layer 2 switching na na-explain natin kung pano gumagana
ang isang switch, high availability, port security at iba pa. Si Cisco ay meron ding designed na
devices or different models na nararapat para sa access layer gaya ng Cisco catalyst 3650 or
3850 at iba pa depende sa laki ng network or organizations. More on this on the future articles.
Distribution Layer
43
Ang mga nasa distribution layer devices naman ang bahalang mag-manage ng data or traffic
galing sa mga devices sa access layer bago ito makarating sa final layer or core layers kung
kinakailangan.
Sa mga malalaking company, segragated ang network sa ganitong design para mas optimized
ang network at madaling magtroubleshoot kung kinakailangan.
Meron ding recommended na devices or model si Cisco para sa distribution layer depende rin
sa laki ng network or environment. Example is Cisco Catalyst 6500 or 6800.
Core layer
Ang core layer naman ang nagsisilbing "backbone" ng network. Dito naka-connect ang mga
devices sa distribution layer kung saan naman naka-connect din ang mga devices na nsa
access layer. Mga advance or yung mga high end model of devices ang mga nsa core layer
since designed sila to process traffic faster and optimized.
Halimbawa din dito ay ang mga Cisco Catalyst 6500 or 6800 or mas mataas pa depende sa
environment. Usually ang core layer ay connected na sa mga edge routers or devices palabas
ng isang network (either internet or remote network location). Ang mga sample image na
sample ay taken from cisco website.
Hanggang dito na lang muna ulit mga idol. Hopefully nadagdagan ang inyong kaalaman sa
networking pagdating sa network speed and topology. Importante na maintindihan or ma-
refresh natin ang knowledge natin about dito dahil malaki ang maitutulong nito sa mga susunod
na lessons.
I suggest din na balikan or basahin n'yo yung ibang mga naunang lessons kung hindi n'yo pa
nababasa ang mga ito. You can check them here.
44
Sa susunod, basic knowledge naman about IP address ang pag-uusapan natin. Kung ano ang
mga klase ng IP address at kung papano ito ginagamit at gumagana sa network.
Kasama na rin ang subnetting. Then after, deretso na tayo sa Cisco IOS and other basic
knowledge about Cisco devices. To our success, cheers!
Lesson 8: IP Addressing Part I. Basic understanding of IP address.
Previously, pinag-usapan natin how common networking devices work at nitong nakaraan,
dinaanan naman natin ang basic of network speed and topology. I suggest balikan or basahin
n'yo muna sila kung hindi n'yo pa nababasa ang mga ito.
Simula na ito ng mga interesting at exciting na topic mga idol kaya sit back and relax. Subscribe
or like our facebook page for real time updates. We will discuss all the important topics na
makakatulong sa ating CCNA career. Ready na ba kayo? Alright, let's do this!
What is IP Address?
Ano nga ba ang IP address? Bakit nga ba meron nito at saan ito ginagamit?
Sa isang simpleng paliwag, ang IP address ay isang logical addressing sytem na ginagamit
upang ma-identify ang isang network or group of computers at kasama na rin ang mga
individual or bawat isang "host" or end devices na member na naturang network. Let me explain
further.
Kung makikita n'yo sa sample image natin sa taas, ito ay isang street sa isang subdivision dito
sa aming lugar. Para ma-identify n'yo kung saan at kanino mismo ang mga bahay na ito, meron
pa silang specific address na ginagamit na unique lamang sa kanila.
45
Let's say magpapadala tayo ng letter kay Mike na nakatira dito sa Mahogany st., kelangan
nating alamin kung saan sa mahogany st. ang "address" mismo ni Mike.
Bakit? Syempre para alam ng mail man kung saan idedeliver ang letter natin. Hindi
makakarating ang letter natin kung walang specific na "destination address" kung saan natin ito
ipapadala.
It could be a waste of time kung magtatanong ang mail man or iisa-isahin pa n'ya ang mga
bahay sa buong Mahogany st. Eh pano kung sing haba ng Edsa ang Mahogany st. na ito?
Imagine isang letter pa lamang ito. Make sense?
Ganun din sa network at mga computers. Lahat ng network at mga connected devices ay
kailangan ng IP address. Ito ay para alam din ng ibang mga network devices or computers kung
kanino at saan sila makiki-pagcommunicate. A
ng mahogany st. na sample natin sa taas ay maihahalintulad natin sa isang network address at
ang specific address ng mga bahay ang mismong IP address naman ng mga devices na
member ng naturang network.
Basic explanation of an IPV4 address
Since focus tayo sa basic dito sa CCNAPHILIPPINES blog, IPV4 muna ang pag-uusapan natin.
Ito rin naman ang karaniwang ginagamit pa sa ngayon sa real world. In the future, siguro
dadaanan din natin ang topic ng IPV6. Let's see the basic of an IPV4 (IP version 4) address.
Ang image natin sa taas ay halimbawa ng isang IPV4 address. Ito ay binubuo ng apat ng grupo
ng decimal numbers (0 - 255) at nahahati sa pamamagitan ng period. Ang bawat grupo(before
the period) ay tinatawag na octet. Minsan sa ibang resources, ang tawag din dito ay dotted
decimal numbers. You can check your IP address by typing "ipconfig" in command prompt.
Understanding network and host portion
Sa sample IP address na ipinakita natin kanina, ang IP address na ito ay nahahati sa dalawang
portion, ang network portion at ang mismong host or end device portion.
Kagaya din ng sample natin sa itaas, kung si Mike ay nakatira sa 105 Mahogany st., ang
Mahogany st. ang maituturing na network address at ang 105 ang mismong address ng bahay
n'ya or ip address ng host or end device.
So pano natin malalaman kung alin ang network portion at host portion sa isang IPV4 address?
Dito pumapasok ang subnet mask. Let's see.
46
Dito sa sample IP address natin kanina, kung ito lamang ang titingnan natin, hindi natin
masasabi or matutukoy kung alin or ano ang network address portion at host portion dito. Sa
pamamagitan ng subnet mask, malalaman natin kung saan at alin ang network at host portion
sa isang ip address.
Ang mask or subnet mask ang nag-didivide or nag-iidentify kung saan or alin ang network
address portion at alin ang host portion sa isang ip address. Ang network portion can start
somewhere in an ip address and always goes to the LEFT. Tapos ang host portion naman can
start somewhere in an ip address and always goes to the RIGHT. Let's give an example.
Dito sa sample image natin sa taas, let's say ang unang tatlong octet ang network portions at
ang huling octet ang host portion. Ibig sabihin ang network address natin ay laging magsisimula
sa 192.168.1, ito rin ang street address kung ihahalintulad natin sa halimbawa natin kanina.
Then ang mga possible host or end devices address naman ay magsisimula sa 0 hanggang
255. Ito rin ang pwedeng mga maging house address kung gagamitin ang halimbawa natin
kanina.
Hold on! There's more! Ang pinaka-una at huling address sa host portion ay hindi maaring
gamitin ng isang device. Hindi ito usable.
Bakit? Kasi ang pinaka-unang address ay ang mismong network address (192.168.1.0) sa ating
halimbawa. Ito ang magsisilbing "street address" or "Mahogany st." ng lahat ng mga host or end
devices or houses. Ito ang nakikita at tinatandaan ng mga network devices or routers para
padalhan ng mga packets or traffic.
Gaya ng pinag-usapan natin kung paano gumagana ang mga router.
Ang pinaka-huling address naman sa host portion ay hindi rin pwedeng gamitin dahil ito ang
tinatawag na broadcast address. Ang broadcast address naman ang ginagamit ng mga switch
para padalhan ng brodcast message at para ma-identify kung kaninong mac-address ang
nakaninong port. Gaya din ng pinag-usapang natin kung paano gumagana ang mga switches.
So sa given example natin, ang mga address lang ng 1 - 254 ang pwedeng ma-assign sa mga
host or computer or network devices.
47
Woooh! Alright mga idol, hanggang dito na lang muna itong Part I ng ating lesson about sa IP
address.
Sana kahit papano ay naliwanagan or nadagdagan ang inyong kaalaman sa networking about
sa IP address sa tulong ng article na ito. On Part II, pag-uusapan naman natin ang mga
classes, and then type ng IP addresses. Tapos next ang subnetting. Sabi ko nga para mas
maintindihan, hahatiin natin part by part.
Kung ito ang unang beses mo sa topic na ito at medyo nalilito ka pa, I suggest basahin at
balikan mo ng ilang beses hanggang sa ma-gets mo na. Repetition makes perfect! :D Ganun
din sa ibang mga naunang lessons. )
Hanggang sa susunod idol. Cheers!
Lesson 9: IP Addressing Part II. IP address classes and Private IP address
Last time, pinag-usapan natin ang pinaka-basic at Part I ng IP addressing. Ngayon naman,
itutuloy natin ito. Sana kahit papano ay naliwanagan at nagka-idea na kayo kung saan
ginagamit ang mga ip address. Ang pag-uusapan naman natin ngayon ay about IP address
classes and Private IP address. Let's continue.
Sa IPV4 addressing, meron tayong tinatawag na classes ng mga IP address. Ito ang mga
sumusunod.
Sa image natin sa itaas, makikita n'yo ang 3 classes of usable IP addresses. Ito ang mga
usable IP addresses para sa network at sa mga host or end devices.
Actually meron din tayong class D&E (224 - 225.x.x.x) pero hindi naman ito ginagamit dahil ito
ay reserved sa research. Hindi na rin natin isinama sa range ng class A ang 0.0.0.0 dahil s'ya
ay ginagamit naman sa default routing.
Ang range din na 127.x.x.x ay hindi kasama dahil ito naman ay ginagamit sa loopbacks.
Two Reasons why we need to know IP address classes?
Una, Kelangan natin maka-bisado ang mga classes na ito dahil kasama ito sa CCNA exam. Sa
exam, may mga random questions na what class of ip address is 10.25.26.254?
So para masagot mo ito ng tama, dapat kabisado mo ang table natin sa taas. Para mas madali
mo itong matandaan, ang pinaka-madaling technic ay kabisaduhin mo ung octet or number
48
before the period or dot. In short, ito lang ang kailangan mong tandaan, 126, 191 and 223. Base
dito maari mo ng malaman kung ano ang class ng isang IP address.
Kung ang UNANG OCTET ng given IP address ay nagsisimula or less than sa 126, ito ay pasok
sa class A. Kung ito naman ay less than or nagsisimula sa 191 pasok ito sa class B then kung
less than or nagsisimula sa 223 pasok ito sa class C. So ang technic, tingnan mo yung FIRST
OCTET ng given IP address, then isipin mo kung nagsisimula or less than ba sila sa 126, 192 or
223. From there madali mong makukuha kung saan class ng IP address sila pasok.
Examples:
10.160.193.129 - class A IP address

139.81.218.58 - class B IP address
203.55.45.100 - class C IP address
Pangalawa at ang pinaka-importanteng dahilan kung bakit natin malaman at makabisado ang
classes ng IP address ay para malaman din natin ang kanilang default subnet mask.
Kung natatandaan n'yo, nabanggit natin sa IP Addressing Part I na ang subnet mask ang
nagtatakda kung alin ang network portion at host portion sa isang IP address.
Ang mga classes ng IP address na napag-usapan natin sa itaas ay may kanya-kanyang default
subnet mask.
Sa sample image natin sa itaas, ipinapakita ng table kung ano ang default subnet mask ng
bawat class ng IP address. Nakikita n'yo rin ang kanilang kaukulang slash notation format. Sa
ating class A IP address, ang default mask nito ay 255.0.0.0 or /8.
Ibig sabihin, ang first octet ay para sa network portion at ang 3 remaining octets ay para naman
sa mga hosts (Network.Host.Host.Host). Ganun din sa class B (Network.Network.Host.Host)
and class C (Network.Network.Network.Host).
Kunin natin yung sample IP natin kanina, ang 10.160.193.129 ay isang class A IP address so
ibig sabihin ang default mask n'ya is 255.0.0.0 or /8.
Base dito, ang network portion n'ya is 10 and all the remaining octets are for IP address of the
hosts. In short we can have this as 10.0.0.0/8 network.
Ganun din yung sa class B na IP 139.81.218.58 ay pwede nating sabihin na pasok sa network
na 139.81.0.0/16 network at sa class C na IP address na 203.55.45.100 ay pwede natin sabihin
na pasok sa network na 203.55.45.0/24 network base sa kanilang mga default subnet masks.
49
Malinaw ba mga idol? Kung medyo hindi agad makuha, break muna then basa ulit. Lalo sa mga
beginners, 'wag n'yong biglain baka dumugo. LOL! Let's move on.
Short explanation of subnet mask
Since pinag-uusapan at magiging parte ng CCNA journey natin ang subnet mask. Daanan natin
saglit para mas maintindihan natin.
Kagaya nga ng nabanggit ko, ito ang tumutukoy kung aling portion ng IP address ang network
portion at alin ang host portion. Ito ang nagsisilbing dividing line kung alin ang network
addresses at alin ang para sa mga host addresses.
So sa subnet mask na 255.255.0.0, ibig sabhin nito ay ang first 2 octets ay para sa network
addresses at ang last 2 octets ay para sa hosts addresses.
Pano natin malalaman kung ano ang subnet mask ng isang IP? Kagaya ng nabanggit ko, sa IP
classes. Based doon malalaman natin ang default mask ng isang IP at mapipin-point natin kung
alin ang network at host portion.
May mga times or madalas binabago ang default subnet mask galing sa default para ma-
accomodate ang kailangang dami ng network or dami ng host, dito pumapasok ang subnetting.
At yun ang pag-uusapan natin sa susunod.
Ang slash notation format ay equal din sa subnet mask. Ito ay isa lamang short cut or short
formula para sa kaukulang subnet mask. Kagaya ng subnet mask, ito ang tumutukoy sa mga
bits na naka-on or 1 in binary format kung icoconvert natin sa binary numbers. Let's see below
example taken from 9tut.
 /8 is "11111111.00000000.00000000.00000000" - 8 bits are turned on (bit 1) also equal

to 255.0.0.0
 /16 is "11111111.11111111.00000000.00000000" - 16 bits are turned on (bit 1) also
equal to 255.255.0.0
 /28 is "11111111.11111111.11111111.11110000" - 28 bits are turned on (bit 1) also
equal to 255.25.255.240
 /32 is "11111111.11111111.11111111.11111111"- 32 bits are turned on (bit 1) also
equal to 255.255.255.255 where all bits are turned on.
Kagaya nga ng nabanggit natin before, ang IPV4 ip address ay binubuo ng 4 octets. At bawat
octet ay katumbas ng 8 bits in binary.
So kung i-cocompute, ikino-convert lang natin yung mga values ng bawat octet para makuha
ang subnet mask or slash notation format. 255 is equal to 11111111 at s'yempre ang 0 is equal
to 00000000.
Hindi ko na isasama sa lessons natin ang conversion ng binary to decimal and vice versa.
Hanap na lang tayo ng ibang sources sa internet. Wait! There's more. Haha. Dahil mahal ko
kayo(Yun ohh!), I'm attaching this table taken from the internet. Makakatulong ito. :)
50
Private IP address
Before we end this lesson, ang last topic natin is about private IP address. Ano nga ba at para
saan ang mga private ip address? Let's see.
51
Sa image natin sa itaas, ipinapakita ang mga private ip address na pwede natin gamitin sa loob
ng isang organization or internal network. Bawat classes ng IP address ay may naka-define na
private IP address range na maaring gamitin ng isang company or organization.
Ginagamit ang mga ito upang ma-segragate ang mga addresses na ginagamit internally at sa
public gaya ng internet. At ang mga private ip addresses na ito ay hindi maaring gamitin in
public or sa internet. Pano ito nangyayari at pano ito gumagana? Let's see.
Sa isang internal network or kahit sa inyong bahay, most likely na pasok sa alin man sa private
ip address range na nasa sample natin ang iyong ip address. Kagaya nga ng sinabi ko, ito ang
ginagamit internally at hindi pwedeng gamitin outside or in public.
Kapag tayo ay nag-browse sa internet or sa labas ng ating internal network, dumadaan tayo sa
router at itina-translate nito ang ating private ip address into a public ip address. Ito ang
tinatawag na NAT or network address translation. Pag-uusapan natin ito in the future.
Let's say ang ip ng iyong pc ngayon (try ipconfig in command prompt) ay 192.168.1.5, that is a
private ip address at ang nakakakita lamang nito ay ang ibang devices na naka-connect din sa
iyong network or iyong router (internal!).
Pag-browse mo ng internet, let say nag-login ka sa facebook, hindi nakikita ni facebook at ng

ibang users or network na ang ip mo is 192.168.5. Ang nakikita ni facebook or ng iba ay ang
iyong public ip address which is ang ip address na allocated ng iyong ISP (PLDT, Globe, Bayan
etc.).
So sa pamamagitan ng iyong home router or router modem, itina-translate nito ang iyong
private ip address sa isa sa mga public ip address ng iyong ISP. Ganun ang nangyayari at yun
ang kahalagahan ng private ip addressing.
Para sa karagradagang kaalaman, ito ang hierarchy kung papaano na-aasign at namamange
ang mga public ip addresses natin over the internet. Ang IANA(Internet Assigned Numbers
Authority) ang nagde-delegate sa mga RIR(Regional Internet Registry) upang mag-organize at
mag-manage ng allocation at registration ng mga internet number resources within particular
region sa buong mundo.
Kasama dito ang IP addresses(public) at mga AS or autonomous system numbers. Under

IANA, meron tayong kabuuang limang RIRs.
Ito ang mga sumusunod.
 African Network Information Center (AFRINIC) for Africa

 American Registry for Internet Numbers (ARIN) for the United States, Canada, several
parts of the Caribbean region, and Antarctica.
 Asia-Pacific Network Information Centre (APNIC) for Asia, Australia, New Zealand, and
neighboring countries
 Latin America and Caribbean Network Information Centre (LACNIC) for Latin America
and parts of the Caribbean region
 Réseaux IP Européens Network Coordination Centre (RIPE NCC) for Europe, Russia,
the Middle East, and Central Asia
52
Ito naman ang world-map view ng mga RIRs na ito.
BONUS! Para mas maintindihan pa natin kuna papaano na-aassign ang public IP address or
internet address dito sa atin, ito naman ang hierarchy ng APNIC(Asia-Pacipic) kung saan tayo
nabibilang. Image was taken from APNIC official website.
Ang ISP na nakikita natin sa image ay ang mga internet providers natin gaya ng PLDT, Globe,
Bayan etc. Then tayo yung mga EU or end users.
53
Lesson 10: How to subnet. Subnetting tutorial for beginners. Part I
Maraming tanong sa CCNA exam ang tungkol sa subnetting at syempre ito rin ay magagamit
natin sa "real world" kapag tayo ay nag-tatrabaho na bilang isang network administrator.
Alright, simulan na natin.
What is subnetting?
Kung matatandaan n'yo, sa Part II ng ating IP addressing lesson ay pinag-usapan natin ang IP
address classes. Kasama ng mga IP address classes na ito ay ang kanilang mga default subnet
mask. Ito din ay tinatawag din na classful addressing or pagsunod or paggamit ng mga default
subnet mask. Katulad ng nakikita n'yo sa sample image natin sa ibaba. At gaya nga ng sabi
natin, ang subnet mask ang nagtatakda ng network portion at host portion sa isang IPV4 ip
address.
In real world or sa mga real networking scenario, kadalasan na hindi ginagamit ang mga default
subnet mask or classful addressing. Ang kadalasang ginagamit ay ang classless addressing. Ito
ay ang pag-gamit ng customized na mga subnet mask para sa mga IP addresses. Ito rin ang
tinatawag na subnetted networks.
Ang subnetting ay ang proseso ng pag-customize ng default subnet mask para i-extend ang
network portions ng isang IP address. Ito ay ginagawa sa pamamagitan ng pag-hiram or "pag-
steal" ng mga bits galing sa host portions. Sa pamamagitan ng subnetting, maari nating ma-
accomodate ang required number of needed network/s for a given IP address.
For example, kailangan nating mag-create ng 3 new networks para sa ating existing network na
192.168.1.0/24. Ibig sabihin, sa 192.168.1.0/24 din manggaling ang ating new networks.
Magagawa natin ito sa pamamagitan ng subnetting. Kailangan lang nating "manghiram or mag-
steal ng bits" galing sa host portions para ma-accomodate ang hinihinging number ng new
networks. Let's see how that works.
How to subnet. An easy and fast subnetting tutorial.
Ngayon mga idol, ito ang isa sa pina-importanteng skill na dapat nating matutunan bilang
CCNA. Hindi lamang para sa CCNA exam kundi para na rin sa real world scenario. Malaki ang
maitutulong nito para maipasa mo ang CCNA certification exam at maintindihan kung paano ito
ginagamit sa real networking world.
Ang subnetting tutorial na ituturo ko sa inyo ay ang pinaka-madali at pinaka-mabilis na paraan

ng subnetting na aking natutunan(atleast for me). Sa subnetting questions sa CCNA exam, oras
ang kalaban mo so kinakailangan mo na mabilis magawa or ma-solve ang mga subnetting
questions. Maximum of 1 minute per questions! Although maraming subnetting tutorial ang
available sa internet, mostly ay English at super technical ng mga explanations kaya hindi agad
54
natin ma-adapt or matutunan lalo na ng mga beginners. Kung problema mo ang subnetting at
nahihirapan ka, ito na ang sagot. Padadaliin at pabibilisin natin sa maliwanag na paraan upang
ma-solve ang iyong problema. Power mga kapatid! Power! Lol. Haha. Let's go.
Sa given example natin kanina, naatasan tayong mag-create ng 3 new networks sa ating
existing network na 192.168.1.0/24. Para madali at mabilis natin itong makuha, kailangan nating
i-identify ang sumusunod.
 No. of networks needed

 No. of bits "stolen or borrowed"
 New subnet mask
Yung number of networks needed is ofcourse given na sa ating questions which is 3. Ang
kailangan natin alamin is yung no. of bits needed to steal or borrow sa host portion para ma-
accomodate ang hinihinging number of networks. Dito papasok ang pag-gamit ng ating mga
fingers or tinatawag ding finger subnetting. Let's continue.
Para naman makuha natin ang number of bits needed to accomodate the given networks(3 in
our example), kelangan lang natin gamitin ang ating mga daliri sa pagbilang ng bits starting
from 2 then duplicating or doubling itself(2, 4, 8, 16, 32, 64, 128 and so on if needed) hanggang
sa ma-accomodate na natin ung hinihinging bilang ng network.
To do this, tingnan mo lang yung kanang kamay mo na nakatalikod sayo(yung parang

nanunumpa) gaya ng nasa larawan sa taas. Then starting from hinliliit, magbilang ka starting
from 2 then gaya ng sinabi ko kanina, doblehin or duplicate mo lang yung value hanggang
makuha mo yung needed number of networks.
So sa ating example, 3 networks ang needed natin. Magbilang tayo from hinliliit starting from 2
hanggnang ma-abot or ma-accomodate na natin yung 3 na bilang ng networks na kelangan.
55
Therefore sa value pa lang ng pangalawang daliri(4) pasok na yung 3 networks na hinahanap
natin. So dalawang bits lang ang kailangan.
So ang number of bits stolen or borrowed natin is 2. Balikan natin yung mga kelangan.
Given IP/Network: 192.168.1.0/24
 No. of networks needed = 3

 No. of bits = 2
 New subnet mask = ?
Para naman makuha natin ang new or bagong subnet mask, napaka-simple lang. Ito ang secret
formula.
Sa ating example, NSM = 24 + 2. So ang new subnet mask natin is 26 or /26 or in long format is
255.255.255.192. Therefore we can conclude na para makapag-create tayo ng 3 new networks
from 192.168.1.0/24 our new subnetted network is 192.168.1.0/26.
Pano nakuha yung 255.255.255.192? Sa unang given network natin, given na yung /24 diba, so
ibig sabihin yung first 3 octets ay 255 na or 3 groups of eight 1s
(11111111.11111111.11111111.?). Ang kailangan lang natin is yung last octet kung saan tayo
nanghiram ng bits.
Before tayo manghiram ng bits, ang bits ng last octet ay eight 0s(00000000) kasi nga siya ay
para sa host. After natin manghiram ito ay magiging 11000000 na. Ibig sabihin yung dalawang
56
bits na hiniram natin is ginawa nating 1. Kagaya ng nabanggit natin sa mga unang lessons, sa
subnet mask ang 1s ay para sa network portion at ang 0s ay para sa host portions in binary. At
ang value ng 11000000 in decimal is 192. Make sense mga idol?
Para mas mabilis n'yo makuha, gumamit din tayo ng ating mga fingers.
Makikita n'yo sa ating image sa taas ang walo sa ating mga daliri(hindi kasama ang hinlalaki).
Ito ay katumbas din ng 8 bits sa bawat octet ng isang IPV4 subnet mask(eight 0s or 1s - eight
na daliri). At since subnet mask ang focus natin dito, dun tayo sa green numbers focus.
Kapag subnet mask ang usapan, ang tingin natin or pagbilang natin is ALWAYS FROM LEFT
TO RIGHT kagaya ng pinag-usapan natin sa IP Addressing Part I and Part II. Kung ilang bits
ang hiniram natin or ginamit natin kanina(or bit 0 na ginawa nating bit 1), kukunin lang natin ang
value noon FROM LEFT TO RIGHT using the green numbers.
Sa example natin kanina, nakuha natin ang 192 sa subnet mask na 255.255.255.192 kasi 2 bits
ang hiniram or ginamit natin(11000000), and from LEFT TO RIGHT gamit ang values ng finger
natin (128, 192, 224, 240, 248, 252, 254, 255). 192 ang value ng pangalawang finger(2 bits).
Pano naman ito naging /26 in slash format? Sa given meron na tayong /24 which is tatlong
255.255.255 or 24 na 1s(11111111.11111111.11111111). Idinagdag lang natin yung dalawang
hiniram or ginamit natin from host portions. /24 + 2 = /26 or
(11111111.11111111.11111111.11000000).
Madali lang diba? Kung hindi agad nakuha mga idol, break muna. Basahin at balikan ulit kapag
medyo unwind na. :) Kung meron ka naman ng existing way of subnetting at mas mabilis at
bihasa ka na doon, mas ok na dun kana mag-focus. Sabi ko nga, maraming paraan basta
kelangan nagagawa mo ng mabilis.
Madali lang di ba mga idol? Let me summarize.
57
 Ilang networks ang kailangan
 Ilang bits ang nagamit mo(bilang ng daliri) para ma-accomodate mo yung bilang ng
networks na kailangan(RIGHT TO LEFT sa ating example)
 New Subnet Mask(NSM) = Old Subnet Mask(OSM) + No. of bits borrowed
Let's see more examples.
A.) 201.50.65.0/24, 10 networks >>> 4 bits | NSM = /28 or 255.255.255.240 | New subnetted
network = 201.50.65.0/28
Explanation: Sa pagkuha ng bits, ang value ng fourth finger natin is 16(2,4,8,16) | Sa pagkuha
ng subnet mask, ang value ng 4th finger is 240(128,192,224,240) | NSM = OSM + Bits or /24 +
4 = /28 (255.255.255.240)
B.) 160.40.0.0/16, 1000 networks >>> 10 bits | NSM = /26 or 255.255.255.192 | New subnetted
network = 160.40.0.0/26
Explanation: Sa pagkuha ng bits, ang value ng 10th finger natin is

1024(2,4,8,16,32,64,128,256,512,1024) | Sa pagkuha ng subnet mask, ang value ng 2nd finger
is 192(128,192) Dito nasa 4th octet kana kasi ung first 3 octets ay puro 1s na or 24 na 1s| NSM
= OSM + Bits or /16 + 10 = /26(255.255.255.192)
C.) 100.0.0.0/8, 2000 networks >>> 11 bits | NSM = /19 or 255.255.224.0 | New subnetted
network = 100.0.0.0/19
Explanation: Sa pagkuha ng bits, ang value ng 11th finger natin is

2048(2,4,8,16,32,64,128,256,512,1024,2048) | Sa pagkuha ng subnet mask, ang value ng 3rd
finger is 224(128,192,224) Dito nasa 3rd octet kana kasi ung first 2 octets ay puro 1s na or 16
na 1s| NSM = OSM + Bits or /8 + 11 = /19(255.255.224.0)
In case na yung number of needed networks ay matataas na, basta ituloy lang natin ung rule na
duplicate or idouble yung value at tandaan kung ilang daliri na ang nagamit natin. So sa value
na 1000 nakagamit tayo ng 10 daliri na ang value eh 1024 kaya pasok ito. Pati na din sa 2000
network na may 11 bits(or 11 daliri) na may value na 2048. And it goes on and on.
Wag din kayong malilito sa pag-kuha ng bits para sa needed number of networks at sa pag-
kuha ng bits para sa subnet mask. Sa pag-kuha ng no. of bits para sa no. of needed networks,
always start at 2 then doubling or duplicate the value hanggang sa ma-accomodate na nung
value yung needed no. of networks then kunin mo kung ilang daliri ang nagamit(10 bits or daliri
sa 1000 networks). It doesn't matter where you start! Sa sample ko lang ginamit na sa kanan
kasi dito ako nasanay. :) Basta make sure the rule is applied.
Sa shortcut ng pag-kuha naman ng subnet mask decimal value, yung value naman ng fingers
natin from LEFT TO RIGHT starting from 128. Kada-eight 1s 255 na yun so next octet kana,
then ganun ulit, value ng fingers from LEFT TO RIGHT starting from 128.
Sa sample natin na 160.40.0.0/16, 1000 networks needed, meron na tayong 16

1s(11111111.11111111.00000000.00000000) given and since 10 bits ang kelangan para ma-
accomodate yung 1000 networks, hiniram or ginamit natin yung 10 0s galing sa host portions
kaya naging (11111111.11111111.11111111.11000000) or 255.255.255.192 or /26(or 26
58
consecutive 1s). Nakita n'yo na ang last octet na lang ang ni-compute natin kasi nga kada eight
1s is 255 na. :)
Alright mga idol, hanggang dito na lang muna itong subnetting tutorial natin. Para hindi ma-
overload lalo na yung mga beginners. Sa part II itutuloy natin ito. Pag-uusapan natin kung pano
naman kukunin yung number of networks, number of hosts, increment, network range, valid
host range, network address or broadcast address of a certain network at iba pa. To our
success, cheers!
Lesson 11: Subnetting tutorial for beginners Part II
Last time mga idol, pinag-usapan natin ang Subnetting tutorial Part I or basic ng subnetting
tutorial given yung hinihinging number of networks. This time pag-aaralan naman natin yung
ibang type ng questions or ibang angle ng subnetting. Sana kahit papano ay natulungan kayo
nung naunang article.
I assure you na kung nakuha at naintindihan n'yo yun, mabibilis n'yong maiintindihan itong mga
susunod na lessons at pati na rin ang mga subnetting questions sa CCNA exam. Let's begin.
Subnetting given the number of host/s needed.
Kung last time, certain number of networks ang hinihingi sa ating subnetting question, silipin
naman natin this time kapag number of hosts ang kailangan nating hanapin. Same concept at
technic lang din ang ating gagamitin although yun nga, kailangan natin makuha is yung number
of hosts na hinihingi.
Let's have an example.
195.50.65.0/24, 20 hosts per subnet
No. of hosts needed: 20 per subnet

No. of bits taken:
New subnet mask:
Para makuha natin ang number of bits needed, same technic pa rin tayo. Bilang lang tayo ng 2
sa ating mga daliri from hinliliit and then i-double natin ito. To satisfy the 20 hosts needed,
makakagamit tayo ng 5 daliri or 5 bits(2,4,8,16,32). Pasok na yung hinihinging number of hosts
sa value ng pang-limang daliri natin(32). So 5 bits ang kailangan.
To get the new subnet mask, bago na ang formula natin.
Kung nung una sa number of networks given, New Subnet Mask = Old Subnet Mask + Bits this
time sy'mpre maiiba kasi number of hosts ang hinahanap natin. Laging tatandaan na sa subnet
mask, ang mga 1s ay para sa network at ang mga 0s ay para sa hosts. Ito ang ating new
formula.
59
So base sa ating formula, to get the new subnet mask, kailangan natin bawasin ang number of
bits na nagamit natin from 32. So 32 - 5 = 27. Ang NSM natin would be /27 or 255.255.255.224
or 195.50.65.0/27.
Pano naging 255.255.255.224 ang /27? Kagaya nung sa subnetting part I natin, balikan natin
yung mga value nung daliri natin kapag subnet mask from LEFT TO RIGHT. Meron ka nang 24
na 1s galing sa first 3 octets(255.255.255). Kailangan mo na lang ituloy hanggang 27. So from
left to right, 25, 26, 27 ang magiging value is 128, 192, 224. Kaya s'ya naging 224. Get's ba
mga idol? Comment lang pag may tanong. :)
So ang sagot natin doon sa hinihingi is:
No. of hosts needed: 20 hosts per subnet

No. of bits taken: 5 bits
New subnet mask: 195.50.65.0/27 (255.255.255.224)
Ibig sabihin ang subnet na /27 or 255.255.255.224 can accomodate 20 usable hosts per subnet.
Let's have another example.
10.0.0.0/8, 5000 hosts per subnet
No. of hosts needed: 5000 per subnet

No. of bits taken: 13
New subnet mask: /19 or 255.255.224.0
Therefore, 10.0.0.0/19 or 255.255.224.0 can accomodate 5000 hosts per subnet. Let me
explain.
13 bits ang nagamit natin to accomodate 5000. Ang value ng pang 12th na daliri is 4096 so
hindi pa pasok ang 5000 so next daliri tayo. Then ang pang-13th na daliri is 8192. Boom! So 13
bits nagamit natin.
New Subnet Mask = 32 - bits.
So 32 - 13 = 19. Pano naman naging 255.255.224.0? Same technic mga idol, first 16 1s natin is
255.255. Then continue tayo sa daliri from LEFT to RIGHT. 17, 18, 19. Ang value nito(pang 3rd
na daliri) is 128, 192, 224. Nasa 3rd octet lang tayo, so we will leave the last octet to 0. That's it!
How to get the increment.
Ang increment is kung gaano kalaki ang pagitan ng bawat networks natin. Sa pamamagitan ng
pagkuha na increment, malalaman natin ang mga posibleng networks na pwede natin gamitin.
Ang pagkuha din ng increment ang heart or puso ng subnetting. Kapag nakuha mo na ang
60
increment, masasagot mo na ang lahat ng subnetting questions sa CCNA exam or even in real
world. Let's see kung pano.
Para makuha ang increment, tandaan lang natin yung image na ipinakita ko nung una
sa subnetting part I kagaya ng nakikita n'yo sa baba.
Kung ang numbers na green ay para sa subnet mask, ang nasa taas na value is para naman sa
increment. Ito ay ang mga values na (128, 64, 32, 16, 8, 4, 2,1). To get the increment, kung
nasan yung subnet mask (green numbers) ang increment n'ya is yung value na nasa taas.
Boom! That's it!
Kelangan lang natin i-plus or idagdag yung increment number sa octet kung saan tayo nag-
subnet. Let'see how it works.
Sa ating example sa taas:
195.50.65.0/27 (255.255.255.224)
To get and see the actual networks for this subnet, gagamitin natin yung increment. Ang
increment nito is 32. Bakit? Kung babalikan n'yo yung sample image, yung 224 na mask ang
increment value n'ya is 32. That's it! So kelangan lang natin s'ya i-add sa octet ng ganito. Copy
lang natin yung base or classful address, then add tayo ng 32 sa last octet kasi dun tayo nag
subnet.
61
Kung makikita n'yo nag-add lang tayo ng 32 doon sa last octet. Then to complete each subnet,
subtract lang tayo ng 1 para naman doon sa last IP address ng given sinundan na network.
Ganito.
Sa second example naman natin.
10.0.0.0/19 or 255.255.224.0
Parang ganun din, increment natin is 32 (ito yung increment value ng 224 na mask). Pero this
time nasa 3rd octet tayo so dun naman tayo mag-aadd.
Then para makuha natin yung buong network for each subnet, subtract tayo ng 1 para doon sa
last IP address ng sinundan na network.
Boom again! That's it pansit! Easy pizzy! Haha. Kung medyo nalito, break muna mga idol. Balik-
balikan lang sure ako makukuha n'yo rin ito. At pag-nakuha n'yo 'to, I promise kaya n'yo iperfect
ang mga subnetting questions sa exam.
That's the actual networks for those subnets. At base d'yan pwede na natin masagot ang mga
tanong sa subnetting questions sa CCNA exam or even sa real world. Halimbawa ng mga
tanong sa exam ay, what is the first usable ip address on that subnet or what is the last usable
ip address, or pwede rin na what is the first and last usable ip address on the 3rd network and
many more. Gamit ang increment kaya natin masagot ang mga tanong na ito.
62
Let's dive a little bit deep.
How to get actual number of networks and usable number of hosts.
1. To get the actual number of networks, ito ang formula.
Kagaya ng nakikita n'yo sa taas, to get the actual number of networks ang formula natin is 2
raise to the no. of 1s added or NSM - OSM.
So sa ating 1st example sa taas, ito yung gagawin.
Then ito naman yung sagot.
Sa 2nd example natin (10.0.0.0/19 or 255.255.224.0).
2 raise to 11. Bakit? kasi NSM(19) - OSM(8) = 11.
So ang actual number of networks for that is 2048. Ibig sabihin sa 10.0.0.0/19 pwede tayong
makapag-create ng 2048 na networks.
2. To get the actual number of usable hosts, ito naman yung formula.
Para naman makuha natin yung actual number of usable hosts, 2 (raise to the no of 0s
remaining or 32 - NSM) - 2 . Kagaya ng nabanggit natin nitong mga nakaraan, yung 0s is para
sa host portion. So yung mga natitirang 0s yun ang pwedeng ilaan para sa IP address ng mga
hosts.
63
Pero take note na we need to subtract 2 sa final answer. Bakit? Kasi nga, yung first and last IP
address ay hindi usable. Yung first IP address is para sa network at yung last IP address ay
para sa broadcast. Pwede n'yong balikan yung IP Addressing part I and part II.
So sa ating 1st example, ito ang gagawin.
Dun naman sa ating 2nd example (10.0.0.0/19 or 255.255.224.0).
2 raise to 13 minus 2. Bakit? 32 - NSM(19) = 13.
So 2 raise to 13 = 8192. Then need natin mag-subtract ng 2. 8192 - 2 = 8910. Therefore, sa

10.0.0.0/19 or 255.255.224.0 meron tayong 8910 usable hosts kada subnets.
Wheeeew! That's it mga CCNAers! Sana ay natulungan kayo ng subnetting article na ito. Kung
medyo nalito, gaya ng sabi ko, break muna. Wag biglain baka dumugo. Haha. Practice lang
makukuha din yan. Kung meron naman na kayo existing technic at mas mabilis at mas-ok sa
inyo un, mas maganda stick na lang tayo dun.
So pano, hanggang dito muna ulit. Until next lesson, Salamat!
Lesson 12: Practice of sample subnetting questions in CCNA exam.
Last time, pinag-usapan natin ang about sa subnetting.
Kung beginner ka at nagsisimula pa lang sa iyong CCNA career, sana kahit papano ay
natutulungan kayo ng mga FREE CCNA lessons dito sa blog. Kung expert ka naman, pwede
kang mag-share ng mga tips and suggestions na makakatulong sa amin. :)
Today, I will share some sample subnetting questions para mas ma-practice pa natin ang
subnetting skills natin. Mahalaga na makabisado natin at mabilis natin itong magawa dahil
malaki ang maitutulong nito para maipasa n'yo ang CCNA exam at syempre sa real networking
world. Ready? Let's do this!
Sample subnetting questions
To give us real sample subnetting questions, kumuha ako ng mga tanong

sa subnettingquestions.com. Ito rin ang ginamit ko dati nung nag-practice ako ng subnetting.
Malaki ang naitulong ng website na ito para mahasa ang aking subnetting skills. Sana
matulungan din kayo.
64
1.
Let's see kung pano nakuha yung sagot.
Gaya ng formulang pinag-aralan natin nung naunang lessons, gamitin natin ang ating mga
daliri. Sa ating question, we need to have 29 subnets that can accomodate 4 hosts each galing
sa 192.168.253.0/24.
Given: 192.168.253.0/24
Needed: 29 subnets, 4 hosts each
Find: Bits and NSM
Let's use our finger subnetting technique. To get the number of bits need to borrow or take from
the host portions, need natin ng 5 bits. Why? 32 ang value ng pang-limang daliri natin kapag
nag-bilang tayo ng bits(2,4,8,16,32). That can satisfy 29 subnets needed. See the image below
that we also used last time.
65
Ang NSM(New Subnet Mask) naman natin is /29. Why? /24 + 5(bits taken) = 29. Therefore,
192.168.253.0/29 is the subnetted network that can accomodate the question.
/29 = 255.255.255.248. Why? Gaya din ng ginamit natin sa mga naunang lessons, meron na
tayong 24 1s galing sa given, so that's 255.255.255. Then 5 bits or 5 1s ang nadagdag, so
count tayo sa ating daliri sa from LEFT TO RIGHT(25, 26, 27, 28, 29).
Ang subnet mask value ng pang-limang daliri from LEFT TO RIGHT is 248(128, 192, 224, 240,
248). See image below(green numbers) na ginamit din natin last time.
Can /29 or 255.255.255.248 accomodate 4 hosts each subnet? Yes! How? Sa ating formula
before, para makuha natin ang actual number of hosts ito ang formula.
So in our sample, 2 raise to 3(32 - 29) then minus 2.
2 raise to 3 = 8 minus 2 is 6. So pasok ang hinihingi nating 4 hosts each subnet.
That's it pansit! So dahil ang tanong is what subnet mask should we use, ang sagot is /29 or
255.255.255.248.
66
2.
Let see how we got that.
Sa mga ganitong klase ng tanong, kelangan natin makuha ang increment. At gaya ng mga
nauna nating lessons, we can get the increment by just getting the increment value of the
subnet mask.
So sa subnet mask na 255.255.255.248, ang value ng increment is 8. Why? Ang increment

value ng 248 is 8. Like what we see on our sample image below.
Then gaya nung mga naunang sample natin sa mga unang lessons, we just need to add the
increment to the base network.
From there, makukuha natin ang sagot. Gaya ng nakikita n'yo sa baba.
67
So dito natin makikita kung bakit 192.168.189.135 ang sagot. Gotcha? I hope so. :)
3.
On this type of question din, kelangan natin makuha ang increment. What's the increment? 16!
Why? 16 ang increment value ng 240 subnet mask. This time nasa 3rd octet lang tayo pero
same technique mga idol.
Start tayo from base address(3rd octet) then increment tayo ng 16 kada network. Continue lang
hanggang maabot natin ung hinahanap. Ganito dapat mangyayari.
And from there, makikita n'yo kung bakit network 10.173.208.0 ang naging sagot. Why? Kasi
yung host na hinahanap natin is pasok sa network na yan. Ang mga valid host IP address niya
is 10.173.208.1 - 10.173.223.254. Make sense mga idol?
68
4.
Again, we need to find the increment in this type of question. Ang increment dito is 2! Why? Kasi
2 ang increment value ng 254 subnet mask gaya ng finger subnetting technique na ginagamit
natin simula pa nung una.
So to prove na tama yung sagot, let's compute again. madali lang ito.
Bakit naging 172.18.252.1 ang sagot? Syempre ang tanong is what is the first valid host on the
network that node 172.18.252.28, which is pasok sa network na 172.18.252.0 kagaya ng
nakikita natin sa image.
Ang range ng valid hosts nito are 172.18.252.1 - 172.18.252.254. Laging tandaan na ang first
address ay para sa network address at ang last address ay para sa broadcast, so hindi sila
valid host address.
69
Let's have a final sample subnetting question.
5.
Sa subnet mask na 255.255.254.0, we used or added 7 bits (FROM LEFT TO RIGHT) from the
original subnet mask. To get the actual number of networks, gaya ng pinag-aralan natin last
time ang formula is:
So to get the answer, we just need to compute 2 raise to 7.
7 na 1s ang nadagdag natin or pwede rin na /23(.254) - /16 which is 7 din naman ang sagot. 2
raise to 7 = 128. Kaya 128 networks ang sagot.
Para naman sa actual number of hosts, ang formula natin kung natatandaan n'yo sa mga Part II
ng subnetting lessons is ganito:
So to get the answer, 2 raise to 9(0s remaining) minus 2 or pwede rin na 2 raise to 32 -
23(NSM) which is 9 din naman. Ang sagot is 512. Then syempre minus 2 kasi hindi kasali ang
network at broadcast address kaya 510 valid hosts addresses. Gotcha?
Alright mga idol, hanggang dito na lang. Sana nadagdagan ang inyong kaalaman sa subnetting
at kahit papano ay na-practice kayo sa mga sample subnetting questions natin. Practice lang ng
practice! You can visit subnettingquestions.com for more sample subnetting questions.
70
Lesson 13: Understanding the basic of VLSM or Variable Length Subnet Mask
Howdy idol, as part of our IP addressing lessons, we will discuss the basic of VLSM or Variable
Length Subnet Mask. Kasama ito sa CCNA v3.0 exam and siyempre malaki ang maitutulong
nito sa inyo in the real world. Sabi ko nga kelangan alam natin ang concepts para alam natin
kung papaano nangyayari at paano gumagana. Ready? Let's start.
Basic of VLSM: What is VLSM or Variable Length Subnet Mask?
Ang VLSM or Variable Length Subnet Mask ay ginagamit to fully utilize the subnet created or
needed number of hosts. Ibig sabihin through VLSM, nagcre-create tayo ng "variable" or
"customized" na subnet para sa specific number of hosts needed. Parang in "demand service",
ibig sabihin ang i-ccreate lang natin na subnet is kung ilan lang talaga ang kailangnan.
Kasi tanda niyo sa unang part at basic subnetting natin, nag-susubnet tayo pero merong times
na hindi naman lahat ng part ng host portion nagagamit natin. Or kadalasan, "nakakain" yung
malaking part pero wala naman pakinabang.
Sa basic at default subnetting kasi, once the network was subnetted, pare-pareho na ang
number of hosts for each subnet. Siyempre, una natin kinukuha yung pinaka-maraming hosts
required. And then ang mangyayari, yung mga ibang subnets or network same na lang din sila
ng number of hosts na kayang ma-accomodate kahit yung iba hindi naman kailangan.
Ang problema, sa real world or even sa exam, kadalasan ay hindi naman pare-pareho ang
kailangang number of hosts. Minsan konti at minsan marami. Depende sa needs at situation.
Lalo na sa real world, let say sa company mo merong department na konti lang empleyado or
meron tayong branch na hindi naman kelangan ng malaking size ng network etc. and etc. If we
just do the basic subnetting, more likely marami tayong hindi magamit ng network space lalo sa
host portion. Sayang at siyempre pangit ang design kasi hindi fully utilized.
Dito pumapasok si VLSM.
Let me give you an example.
Let say meron tayong class C network na 204.15.5.0/24, you need to create subnets that will
satisfy the diagram below.
71
So sa ating sample, galing daw sa 204.15.5.0/24, kelangan natin mag-create ng 5 subnets(netA
to netE) na merong at least 28 hosts to satisfy the given diagram. Since 28 hosts yung pinaka-
maraming kelangan so yun ang susundan natin. Pag nagsimula tayo sa 14 hosts lang, hindi
natin ma-sasatisfy yung may kailangan ng 28 hosts. So kaya dun tayo sa pinaka-maraming
nagsisimula. Yan sa normal or default na subnetting.
Gamit ang napag-aralan nating formula sa subnetting with given number of hosts, here's what
we need.
 No. of hosts needed

 No. of bits taken
 New subnet mask
 Increment
Yan ang default or normal formula natin sa subnetting with number of hosts given right?
Sa subnetting with VLSM kasi idol, halos ganyan lang din. Subnetting with number of hosts
given ang sinusundan pero meron nga lang extra steps. We'll see that later.
By following the above formula, we can have the following.
 No. of hosts needed = 28 (kasi nga siya ang pinaka-marami)

 No. of bits taken = 5 (we used five bits to satisfy 28 hosts)
 New subnet mask = /27 or 255.255.255.224 (new subnet mask = 32 - number of bits
used or taken which is 5. So 32 - 5 = 27).
 Increment = 32 (Increment value ng /27 or 224 is 32)
With our formula, we can come up with the following subnets na pwede nating i-assign at
gamitin to satisfy our given diagram kung default or normal subnetting with humber of hosts
given and sinundan natin.
netA: 204.15.5.0/27 host address range 1 to 30

netB: 204.15.5.32/27 host address range 33 to 62
netC: 204.15.5.64/27 host address range 65 to 94
netD: 204.15.5.96/27 host address range 97 to 126
netE: 204.15.5.128/27 host address range 129 to 158
So since 32 ang ating increment natin, add lang tayo ng 32 from the base network and then
continue.
Na-solved natin ang hinihingi right?
So meron na tayong 5 subnets para sa five networks in the diagram and then it can accomodate
at least 28 hosts.
Kaso ito ang problema.
72
Si netB at netE lang naman ang may kailangan ng at least 28 hosts. Si netA 14 lang, si netD 7
hosts lang at si netC nga 2 lang. Kita mo ang problema idol? Gumamit tayo ng /27 for each
subnet pero hindi naman natin lahat nagamit yung allocated IPs para sa hosts. Sayang.
This can also eats up resources sa ating switch or router kasi siyempre papadalhan pa rin yan
ng broadcast kapag nagpo-process si switch kasi part siya ng subnet. Tapos malilista din sa
topology table etc. etc. Eh hindi naman lahat ginagamit.
Gets mo idol? I hope I'm making sense.
The point is, sa isang good network design mas ok kung na-uutilized mo muna ang IP space at
walang nasasayang. That's why VLSM is created. Para makapag-subnet tayo ng ayon lang sa
kailangan na number of hosts lamang.
So again, in VLSM, we subnet based on how many hosts are needed for each network or
subnet.
How to subnet with VLSM
In order to subnet with VLSM, ginagamit lang din natin ang same formula dun sa ating
subnetting with hosts given, with just some extra steps.
So gaya ng example ko sa taas, we need to get the following.
 No. of hosts needed

 No. of bits taken
 New subnet mask
 Increment
 Range
Pero bukod diyan, kelangan natin na:
 Iarrange from highest to lowest ang number of hosts needed

 And then kelangan natin i-take note yung network range kung saan natin na-satisfy yung
last number of hosts needed, tapos dun tayo mag-sstart para sa next host(next network
range).
Sa subnetting with VLSM, kinukuha or inililista muna natin ang mga number of hosts needed
from the highest to lowest. Ibig sabihin, ilista mo daw yung mga hinihinging hosts addresses
mula sa pinaka-mataas hanggang sa pinaka-mababa.
So sa ating sample kanina, ganito dapat for subnetting with VLSM.
 No. of hosts needed: 28, 28, 14, 7, 2
And then we continue the following for each hosts given.
 No. of bits taken for each hosts needed

 New subnet mask for each hosts needed
73
 Increment
 Network range
 Next network range
Ok, try natin sa unang 28 hosts na hinihingi.
 No. of hosts needed: 28

 No. of bits taken: 5
 New subnet mask: /27 or 255.255.255.224 ( 32 - 5)
 Increment: 32 (increment value of 224)
 Network range: 204.15.5.0/27
 Next network range: 204.15.5.32
I already explained idol kuna paano nakuha yung mga values di ba? Maliban sa next network
range. Pero simple lang yan, ganito siya.
Di ba kapag kukunin na natin ang network range, kelangan natin mag-start sa base address or
yung given then add lang natin ang increment doon sa octet kung saan may changes ng subnet
mask.
So with our example, our increment is 32 and then we have the changes in octet 4. So dun natin
ia-add yung 32.
Parang ganito.
204.15.5.0
204.15.5.32
Nag-add lang ako ng 32 sa last octet. Gets mo idol? I hope it's clear. Sabi ko nga katulad lang
din yan nung subnetting with hosts requirements.
And then kaya naging 204.15.5.32 ang next network range natin is dahil nakuha or na-satisfy na
natin yung hinihinging number of hosts sa first range which is 204.15.5.0. Since ang increment
natin is 32, nag-add tayo ng 32 sa last octet ni 204.15.5.0(0 + 32). Kaya si 204.15.5.32 ang next
network range natin.
To complete the range, sundan lang din natin yung formula natin before.
204.15.5.0 - 204.15.5.31 or 204.15.5.0/27 (for the first 28 hosts)

204.15.5.32 - next range (dito tayo magsisimula for the next hosts requirement)
Ang silbi ng pagkuha ng next network range is para lang malaman natin kung saan tayo
magsisimulang mag-subnet ulit para sa susunod na hosts requirement. So this time, 28 ulit.
Same formula lang din idol.

 New subnet mask: /27 or 255.255.255.224
74
 Increment: 32
 Network range: 204.15.5.32/27
32 lang din increment natin kasi 28 hosts ang kelangan natin, so same computation dun sa
nauna. And then ang magiging next network range na natin is 204.15.5.64.
Bakit? Kasi nga 32 ang increment, eh kanina ang last network range na natin is 204.15.5.32,
then kelangan ulit natin mag-add ng 32 sa last octet, kaya siya naging 64.
Basically ganito siya.
204.15.5.32 - 204.15.5.63 (para sa pangalawang 28 hosts)

204.15.5.64 - next network range (dito tayo magsisimula for the next hosts requirement)
Get mo idol? Ok let's move on. On this one, makikita mo ang kahalagahan ng VLSM.

 New subnet mask: /28 or 255.255.255.240 (32 - 4 bits)
 Increment: 16 (increment value of 240)
 Network range: 204.15.5.64/28
Bakit naging 4 ang bits taken? Kasi we can satisfy 14 hosts in 4 bits(2 raised to 4 is 16).
Bakit /28 or 255.255.255.240. Kasi using our formule for the new subnet mask na 32 - bits used.
(32 - 4 = 28). Then ang long format value niyan is 240.
Bakit 16 ang increment? Kasi ang increment value ng /28 or 255.255.255.240 is 16. That's it.
And since ang next network range natin last time is 204.15.5.64, dito tayo mag-aadd na 16 sa
last octet. Kaya magiging 204.15.5.80 ang next network range natin after.
204.15.5.64 - 204.15.5.79
204.15.5.80 - next network range (dito ulit tayo magsisimula for the next hosts needed). Ok,
next tayo.

 Increment: 16
 Network range: 204.15.5.80/28
Bakit naging 4 ang bits taken? Eh we can satisfy 7 hosts in 3 bits kasi ang 2 raised to 3 is 8.
Right?
75
Kasi ganito yan idol, gaya ng nabanggit at napag-aralan natin sa IP addressing, we cannot
assign the network address and the broadcast address to a host. So kung 8 lang, 6 usable
addresses lang yun. In real world at sa exam, mali. Kaya ginawa natin na 4 bits. Although
meron tayong hindi magagamit, na-utilized pa rin natin hanggang sa pinaka-maliit.
And then same thing /28 or 255.255.255.240 kasi 4 bits taken nga.
Tapos 16 ang increment kasi nga 16 ang increment value ng 240 sa ating subnetting finger
technique.
204.15.5.80 - 204.15.5.95
204.15.5.96 - next network range (Again, dito ulit tayo magsisimula for the next hosts needed)
For the last hosts requirement which is 2, here's what we need.

 Increment: 4
 Network range: 204.15.5.96/30
I hope this time gets mo na idol.
Bakit 2 bits? Kasi 2 hosts ang kailangan. Again hindi pwedeng gamitin ng host ang network at
broadcast address kaya ginawa nating 2 bits instead of 1.
Bakit /30 or 255.255.255.252? We used 2 bits, so again 32 - 2 = 30. Meron na tayong 24 1s so

tuloy lang natin until 30, kaya (25, 26, 27, 28, 29, 30). Ang long format value is 252.
Ang increment value ni 252 or /30 is 4. Kaya 4 ang ini-add natin sa last octet para sa next
network range kung kailangan pa.
204.15.5.96 - 204.15.5.99
204.15.5.100 - next network range (Again, dito ulit tayo magsisimula for the next hosts needed)
Gets mo na idol? I hope this time it is making sense. Kung hindi makuha at nalilito pa, oks lang.
Balik-balikan lang.
Ok, balikan natin yung kanina sa umpisa using default or basic subnetting. Ito sana ang mga
subnets na ma-aassin sa mga networks na hinihingi.
76
netE: 204.15.5.128/27 host address range 129 to 158
As you can see mga idol, sa last 3 networks madami tayong hindi magagamit na ip addresses.
Lalo na sa netE. Sayang at siyempre panget.
Using subneting with VLSM, ito na ang mga range na pwede natin gamitin para sa mga hosts
na hinihingi.

netE: 204.15.5.96/30 host address range 97 & 98
Kita mo difference idol? We save lots of network space at super-utilized natin kung ano lang
ang hinihingi at kailangan. Hindi gaya dun sa nauna na maraming nasayang at hindi nagamit.
That's the use and beauty of subnetting with VLSM.
With VLSM, we can create a sound at practical subnets na wala masyadong nasasayang.
In real world, hindi rin maganda na laging eksakto ang subnet or hosts range natin lalo na kung
may planong mag-scale or mag-grow ang network.
Dapat meron din tayong allowance kung sakaling mag-dagdag ng devices or may kailanganin
na IP from a given subnet.
Nasa planning at design din pati kung papaano ang allocation ng mga IP addresses kaya dapat
pinag-iisapan at pinag-aaralan muna talaga. Kung baga dagdag ka ng konti at hindi naman
sobrang sagad. Make sense?
It's one of the long lessons and article I've written idol, I hope my effort won't be wasted. Sana
may natutunan ka. Unti next lesson, cheers!
Lesson 14: Understanding the basic of IPv6
On this lesson idol, we're going to discuss and talk about the basic of IPv6. Bibihira pa ang
gumagamit ng IPv6 in real world at sa mga enterprise pero since kasama siay sa CCNA v3.0
exam, mahalaga na malaman natin ang basic at fundamentals nito. Let's start!
77
The basic of IPv6: What is IPv6?
All thought out sa aking mga naunang lessons, I only shared about IPv4 which is the traditional
IP addressing na ginagamit natin. Pag sinabing IPv6, ito ang newest version ng IP addressing
or IP protocol to eliminate the shortage of IPv4.
Sa dami ng mga devices at IPv4 connections, nakikita ng mga expert na dadating ang time na
mauubos at kakapusin ito, kaya they come up with the new and sustainable version which is
IPv6 or IP version 6.
Kung si IPv4 ay isang 32 bit address, ang isang IPv6 address ay binubuo ng 128 bit address.
Here's an example of IPv6 address.
Here's a basic comparison of IPv4 and IPv6.
78
Kung nagtataka ka idol kung gaano kalaki or karami ang isang 128 bit address, here's a
presentation and comparison.
Features of IPv6
Ito naman ang ilan sa mga importanteng features ng ating IPv6.
1. Large address space
Gaya ng ng nabanggit ko sa taas, si IPv6 ay gumagamit ng 128 bit address unlike IPv4 which is
a 32 bit address only. Ibig sabihin, super dami at super laki ng network space or IP space na
kayang i-accomodate ni IPv6. Sabi nga nila, hindi na tayo magkakaroon ng shortage sa IP if
IPv6 will be implemented.
2. Enhanced security
Ang IPSec or (Internet Protocol Security) ay built in na sa IPv6 as part of the protocol . Ibig
sabihin, two devices can dynamically create a secure tunnel without user intervention.
79
3. No need for NAT
Since super laki at super dami nang pwedeng IP na magamit thru IPv6, hindi na required or
kelangan pang mag-NAT if ever implemented.
Note: Ang NAT ang isa sa mga dahilan kung bakit tayo nakakatipid ng IPv4 at hanggang
ngayon is hindi pa rin tayo kinakapos.
4. Stateless address autoconfiguration
Ang mga IPv6 devices ay may kakayanan na automatically mag-configure ng sarili nilang IPv6
addresses.
IPv6 address format

Ok, let's move on sa format ng isang IPv6 address.
Unlike IPv4 na gumagamit ng dotted-decimal for each byte(octet) na ranging from 0 - 255, si
IPv6 ay gumagamit ng 8 groups of four hexadecimal digits separated by colons. For example,
this is a valid IPv6 address:
2340:0023:AABA:0A01:0055:5054:9ABC:ABB0
Kung nakalimutan mo naman or hindi ka familiar on how to convert hexadecimal to binary,
here's the table to remind you idol.
IPv6 prefixes
Ito naman ang common prefixes na kadalasang ginagamit sa IPv6.
80
Pagdating naman sa routing, ito idol ang mga routing protocols na supported ang IPv6.
 RIPng (RIP New Generation)

 OSPFv3
 EIGRP for IPv6
 IS-IS for IPv6
 MP-BGP4 (Multiprotocol BGP-4)
Since we're only after the basic and fundamentals of Ipv6 on this lesson, hindi na natin iisa-
isahin ang mga yan but we have a full discussion and lessons about routing protocols for IPv4.
IPv6 address shortening

Medyo nakakalula ang format ng IPv6 right? Lalo na kung una mo palang itong makikita. There
are some ways para mas maging madali at maiksi ang isang IPv6 address, ito ang tinatawag na
IPv6 address shortening.
1. A leading zero can be omitted
Ibig sabihin, pwede daw natin hindi na isulat or isama yung mga leading 0's or mga 0 na nasa
unahan ng kada group. Gets mo diol?
For example, the address mentioned above (2340:0023:AABA:0A01:0055:5054:9ABC:ABB0)
could be shorten to 2340:23:AABA:A01:55:5054:9ABC:ABB0.
2. Successive fields of zeroes can be represented as two colons (::)
On this one naman idol, sa mga successive fields or 0s or group of 0s daw, pwedeng :: na lang
ang isulat or ilagay natin.
For example, 2340:0000:0000:0000:0455:0000:AAAB:1121 can be written as
2340::0455:0000:AAAB:1121
Note: Isang beses lang daw natin pwedeng gamitin yan into a given IPv6 address.
Here's another example of combined 1 & 2 rules.
Long version: 0000:0000:0001:AAAA:BBBC:A222:BBBA:0001
Shortened version: ::1:AAAA:BBBC:A222:BBBA:1
Types of IPv6 addresses

1. Unicast
Ang IPv6 represents a single interface. Ang traffic or packets addressed to a unicast address
are delivered to a single interface.
Kumbaga one-to-one ang direction ng packets or traffic.
81
Here's a sample diagram.
2. Anycast
Pag sinabi naman nating anycast, it identifies one or more interfaces. For example grupo ng
mga servers na same lang ang function, they can use ipv6 anycast address. And then packets
are sent to that IP address are pino-forward sa pinaka-malapit na server.
Kadalasan ginagamit ito for load balancing at minsan tinatawag na "one-to-nearest" or "one-to-
one-in-many".
82
3. Multicast
3rd type of IPv6 address ay ang tinatawag nating multicast. On this one naman, it represents a
dynamic group of hosts. Kumbaga "one-is-to-many" naman ang analogy ni multicast.
Three types of Unicast address

Meron tayong three types of unicast address pagdating sa IPv6 idol, here they are.
1. Global unicast
Ang global unicast ay maihahalintulad natin sa public IP in IPv4. Ito ang ginagamit to route to
the internet. Gaya ng napag-usapan natin sa IPv4, ito ay ina-assign ng IANA sa mga RIR and
then down to different ISPs.
They have a prefix of 2000::/3, meaning all the addresses that begin with binary 001.
2. Unique local
Ang unique local naman is same with private IP addresses. Ibig sabihin, ginagamit ito for
internal purposes ng isang organization. At siyempre hindi ito routable sa internet.
These addresses have a prefix of FD00::/8.
3. Link local
Pagdating naman sa link local, these addresses are used for sending packets over the local
subnet. Ibig sabihin, for a certain group of IPv6 addresses.
Routers do not forward packets with this addresses to other subnets. IPv6 requires a link-local
address to be assigned to every network interface on which the IPv6 protocol is enabled. These
addresses have a prefix of FE80::/10
83
IPv6 multicast address
Ok idol, we're moving to another term and basic knolwedge in IPv6 and that is the multicast
addresses in IPv6.
Ang IPv6 multicast address ay kagaya lang din ng multicast sa IPv4, they are used to
communicate with dynamic groupings of hosts, for example all routers on the link (“one-to-many
distribution”).
Ang isang IPv6 multicast address ay nagsisimula sa FF00::/8
Next 4 bits ay para sa scope ng network which the multicast traffic is intended or kung saan ang
destination. Routers use the scope field to determine whether multicast traffic can be forwarded.
The remaining 112 bits of the address make up the multicast Group ID.
Here is a graphical representation of the IPv6 multicast packet:
And then ito naman ang ilan sa mga pangkaraniwang link local multicast addresses.
How to configure IPv6 address on a router interface

Before we end this IPv6 topic idol, let's have a basic example on how to configure IPv6 address
on a router interface. Are you ready? Let's start.
Ang IPv6 ay hindi naka-enable by default sa mga Cisco routers. Ibig sabihin, bago natin ito
magamit, kelangan muna natin itong i-enable. There are two things we need to configure IPv6 in
Cisco routers.
Here they are.
1. Enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global configuration
command.
Dahil nga hindi sila enabled by default sa mga Cisco routers, dapat ma-enable muna natin sila
bago ito gumana or magamit. At ito ang command on how to enable IPv6 on a Cisco router.
Router#conf t
Router(config)#ipv6 unicast-routing
84
Sa ating simpleng command sa taas idol, na-ienable na natin ang IPv6 for that router.
Remember na nasa global configuration mode tayo kaya it affects the whole router
configuration.
2. After natin ma-enable ang ipv6 for this router, that's the only time na pwede na
tayong mag-config ng IPv6 sa mga interfaces nitong router.
We can use the "ipv6 address address/prefix-length [eui-64]" command. If you omit omit the eui-
64 parameter you must configure the entire address manually.
Ito ang simpleng example kung pano ito ginagawa.
Router#conf t
Router(config)#interface fa0/1
Router(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64
Router(config-if)#no shutdown
Router(config-if)#exit
Sa ating sample command sa taas, ine-enable natin ang ipv6 sa interface fa0/1 ni router. We
use/64 as the prefix length.
Ang last, we can verify the ipv6 configuration of a given interface by using the command show
"ipv6 interface fa0/1". Siyempre yung fa0/1 ay depende sa kung anong interface ang iche-check
natin. This time is fa0/1.
From the output above we can verify two things mga idol:
1. the link local IPv6 address has been automatically configured
2. the global IPv6 address has been created using the modified EUI-64 method
85
That's just it! Wheew another one of the longest article I've researched and written. Ang IPv6
questions sa CCNA exam ay hindi naman karamihan, in fact ilang piraso lang. Pero sabi ko
nga, malahaga na maintindihan natin ang basic concepts and fundamentals para alam natin
kung ano at papaano ito gumagana.
I hope you now have the basic understanding of what is an IPv6. Until next lessons, Cheers!
86
CHAPTER III. LAN SWITCHING
Lesson 1: Basic understanding of how a Cisco switch works
On this chapter, pag-aaralan at pag-uusapan naman natin ang mga basic at foundation ng
Cisco switch. I hope by the end of this chapter, you will have more knowledge and clear
understanding how a Cisco switch works. Let's go!
Understanding switch topology
Depende sa laki ng organization or company, merong kanya-kanyang setup kung papaano

naka-latag ang mga switches. Pero gaya nga ng nabanggit natin sa network topology, merong
recommended si Cisco kung papaano natin ise-setup ang ating mga switches. Recommended
ni Cisco na magkaroon tayo ng hierarchical design gaya ng nakikita n'yo sa sample image natin
sa baba.
Hindi na natin i-eexplain ang bawat layer dahil nga na-explain ko na ito before. Paki-balikan na
lang mga kapatid. Mahalaga na maintindihan at maunawaan n'yo ang mga topology na yun
dahil malaki ang maitutulong nito para mas maintindihan n'yo pa how a Cisco switch works.
Layer 2 and layer 3 switches
Para mas maintindihan pa ng ating mga readers, let me share some information about layer 2
and layer 3 switches. Kagaya ng nakikita n'yo sa recommended design ni Cisco, ang
distribution at core layers ay gumagamit ng mga layer 3 switches. Ang mga layer 3 switches ay
mga switches na may kakayahang mag-process ng layer 3 protocols or routing bukod sa
87
kanilang normal na layer 2 functions. Yes! They can process EIGRP or OSPF or others (more
on this in the future) even they are switches.
From the distribution switches (from distribution layers) and core switches (from core layers)
they can route the packets or traffic at wire speed. Ibig sabihin, dahil mas mabilis ang
"convergence" sa layer 3 mas magaan at mas mabilis din ang pag-process ng mga "traffic" sa
ating network. Nawawala na rin ang possibility ng broadcast. Isa pang benefits nito, by using
routing on layer 3 switches port, naaalis or nami-minimize na magkaroon ng loop. Pag-uusapan
natin ito pagdating sa STP(Spanning Tree Protocol).
How a Cisco switch works in Cisco heirarchical design
Kung babalikan natin, nai-share at nai-discuss ko na rin ang basic at function ng isang switch.
You can check them here. This time, papalawakin pa natin ang inyong kaalaman. Are you
ready? Let's go!
Sa recommended design ni Cisco, which is most likely na ginagamit sa malalaking company at

organization, nakikita n'yo na layer 3 switch ang nasa distribution at core layers natin. Ibig
sabihin, ang recommended na switch models na ilagay natin dito ay ang mga switches na may
kakayahan mag-handle ng layer 3 protocols or routing.
From access switches kung saan mostly naka-connect ang mga end devices, kung ang another
end device na gustong maki-pag communicate ay nasa same switch lamang, the switch can
easily identify kung saan naka-connect ang naturang device via its mac-address table.
Sa mac-address table nakalista ang mga port, VLANs at kaukulang mac-address ng device na
connected sa naturang port.
Kung first time naman nila mag-connect, magsesend ng broadcast ang communicating device
sa switch at mare-receive ito ng lahat ng ports ng naturang switch. Ang port kung saan naka-
connect ang device na kailangan ang s'ya lamang sasagot.
Mabubuo ang connection. Malilista ang mga mac-addresses at port kasama na ang vlans sa
mac-address table ni switch para sa future connections or reference.
Kung ang communication naman ay mangyayari sa dalawang mag-kaibang switches na

connected sa distribution switch, pero nasa iisang VLAN, same lang din. The distribution will act
as a normal switch.
Mare-receive din ni distribution switch ang broadcast at ibabato ito sa port kung saan connected
ang switch na gusto maka-communicate. Same VLANs = isang network = isang broadcast =
same process.
Kung ang device naman na gustong maki-pagcommunicate ay nasa ibang network or VLANS,
si ditribution switch na ang bahalang mag-provide ng connections per vlan. Each vlan can
communicate through the distribution switch.
88
From the access switch, ang request ay mapupunta sa distribution switch at ito ay "iro-route" ng
distribution switch sa VLAN or network papunta sa switch kung saan connected ang device na
gustong maka-communicate.
Ang layer 3 switching or "routing" ay nangyayari locally at hindi na kailangang lumabas pa ng

router(router on a stick).
Same thing kung papaano gumagana ang isang router. Nababawasan ang congestion sa
network at gumagaan ang flow ng traffic.
Take note na pagdating naman sa connection ng distribution sa core switches, most of the time,
networks or subnets na ang iniro-route or ina-advertise natin dito.
Kagaya ng sample image sa taas. Nawawala na ang possibility ng broadcast. Gamit ang mga
normal na routing protocols gaya ng EIGRP or OSPF at iba pa mas optimize, effecient at
smooth ang takbo ng network.
This is the basic of how Cisco switch works and what's happening inside that hierarchical
design, atleast on a simple explanatin and newbie perspective. I hope you get the point.
On future lessons, pag-uusapan natin ang iba pang switching at routing protocols at standards
na makaka-tulong upang lumawak ang inyong kaalaman. For now, hanggang dito na lang
muna.
89
Lesson 2: Basic configuration of a new Cisco switch
On this lesson, I want to share something that can help others to understand(especially
beginners) about the basic configuration of a new Cisco switch. This may sound very basic pero
para sa mga nag-sisimula pa lang, I know malaking tulong ito. Let's do this!
Before configuring a new Cisco switch
Bago tayo mag-configure ng new Cisco switch, we should already have the plan laid out kung
ano ang goal natin. Ibig sabihin, dapat bago palang tayo magsimula naka-ready na ang mga
tools (software or hardware man) na kailangan natin. In networking, as much as possible dapat
lahat ng activities natin ay naka-plano na.
Sa isang corporate network or sa real world, kadalasan ay meron ng mga existing process kung
papaano magcocon-figure ng new cisco switch. Kung magpapalit man or magdagdag, meron na
ring mga existing templates or script na sinusunod para organize, standardize at professional
ang setup.
Ma-ishare ko lang guys, pagdating sa company namin or pinapasukan ko, meron na kaming
existing template para sa mga new switch or router na ikakabit or idadagdag sa network. Naka-
set na as standard kung papano ang naming ng device, labeling, location, IOS version, model at
iba pang configuration ng device. Sa ganitong paraan, mas madali kami nakakapag-plano at
nakaka-pagpalit or dagdag ng mga new devices.
On this article, I will just share some needed configuration of a new Cisco switch that can help
you understand the basics and fundamentals for your CCNA exam and as well as for your real
world CCNA networking career.
Bago tayo makapag-perform ng initial configuration ng isang Cisco device, most of the time ina-
access natin ito via console port. So kelangan natin ng console cable. Kelangan rin natin ng
terminal software gaya ng putty or secure crt para maka-login dito.
I suggest balikan n'yo rin ang topic natin about sa IOS command modes para ma-refresh kayo
lalo na sa mga beginners. Here we go.
Basic Configuration of a new cisco switch
1. Deleting Old Vlan database (vlan.dat)
Ang vlan.dat ay ang VLAN database ng previous configuration. Kung dati ng ginamit ang switch
or kahit brand new, it is needed to delete this vlan database to protect the existing
configurations of the network. Pwede kasing ma-override ang existing configurations ng network
dahil sa lumang vlan database.
Kahit i-erase na natin ang buong configuration ng isang switch, naiiwan pa rin ang old vlan
database kaya kelangan natin itong idelete manually.
Command:
Switch# delete flash:vlan.dat
90
We'll talk about VLANS in the future.
2. Deleting the startup configuration.
Ang start-up condigurations ang naka-save ng configuration sa ating device. Once na i-delete
natin ito, babalik sa default state ang configurations. Same ito ng factory reset sa ibang mga
gadgets or devices. Then after, need natin ireboot ang device.
Command:
Switch# write erase or clear start >> will erase the start-up configurations
Switch# reload >> will reboot the device
3. Setting the hostname
Ang hostname ang basic identification ng isang device. Ito ang nakikita natin "name" ng isang
switch or router kapag nag-login tayo sa command line.
Please take note na ang mga devices ay nagco-communicate through IP address at hindi
through hostname. Ang hostname ay para sa mga administrators/users.
Command:
Switch(conf t)#hostname NEW_SWITCH << the hostname of the device will become
NEW_SWITCH
4. Setting IP Address
Ito ang gagamiting IP address ng ating switch or any device. Most of the time, ito ay tinatawag
ding management IP. Maliban sa hostname pwede rin natin na gamitin ang IP address para
maka-login at ma-configure ang device.
Basic Command:
Switch(conf t)# ip address 10.160.224.15
In real world, ang isang access switch ay connected sa isang uplink(maybe core or distribution).
Ang most of the time, ito ay nasa isang management VLAN. Let say na ang management vlan
is vlan 1.
Command:
Switch(conf t)#
interface Vlan1
description NETWORK_MANAGEMENT >> description of the vlan 1 interface
ip address 10.160.224.52 255.255.255.128 >> ip address and subnet mask
no shut >> to turn up the vlan 1 interface
5. Setting Default Gateway
Ang default gateway ang magsisilbing daan palabas ng switch natin kung ang end device na
naka-connect sa switch natin ay gustong maki-pagcommunicate sa ibang VLANs or network or
sa internet.
91
Sa mga simulations at maliliit na network, pwedeng ip address ito ng router. In real world, Ip
address ito ng core or uplink switches or layer 3 device.
Command:
Switch(conf t)#ip default-gateway 10.160.224.1
6. Securing the logins
Ang pagse-secure ng login ang isa sa pinaka-importanteng task na kelangan natin gawin when
setting configuration of a new Cisco switch. Kelangan na authorized users lamang ang mga
may access at nakaka-login sa device natin.
Command:
Switch(conf t)# enable secret Cisco >> this command will set the password "Cisco" for the
priviledge mode
Switch(conf t)#
line con 0
exec-timeout 60 0
login
password Cisco123 >> this command secure console access with password Cisco123 and
timeout settings of 60 secs
Switch(conf t)#
line vty 0 15
exec-timeout 60 0
password Cisco123 >> this command secure VTY line with password Cisco123 and timeout
settings of 60 secs
login
7. Setting the Banner
Ang banner ang nagsisilbing welcome message pag-login natin sa device. Pwede natin itong
gamitin para mag-inform ng mga users na nag-coconnect sa ating device.
Command:
Switch(conf t)#
banner motd %
************************************************************************
NOTICE: This system is restricted solely to Company authorized users for
legitimate business purposes only.
************************************************************************
%
92
Ang mga characters after ng "%" ang magiging banner natin dito sa example. Pwee tayong
gumamit ng ibang character, basta kelangan lang natin umpisahan at tapusin ang banner
message sa naturang character.
Ang mga ito ang pinaka-basic configuration of a new Cisco switch. Ito ay kung stand-alone
lamang or let say lab switch lang ang ating ico-configure, sa isang production switch marami
pang mga base configurations ang hindi natin isinama.
Nanjan ang mga settings for VTP, Spanning-tree, TACACS or Radius, mga settings ng ports or
interfaces at marami pang iba. We'll talk about them in the future.
Hindi na munta natin isinama ang mga ito. Sabi ko nga, ito ay company to company basis.
Usually meron ng mga template at configuration standard na dapat sundin anga mga company
lalo na sa pag-add ng nga new network devices.
Hanggang dito na lang muna mga idol. I hope may natutunan kayo sa short article na ito. Unitl
next time. Cheers!
Lesson 3: Understanding the basic of VLAN. Part I.
Here at lesson number 3 in Chapter III, pag-uusapan naman natin ang foundation at basic ng
VLAN.
Before we continue, I hope you have your 2016 goals set already. This will help you easily
achieve what you are trying to accomplish for this year. Career goals man or life goals in
general, importante na we have our goals set.
Not just in mind, but on paper!
Alright, let's begin.
What is a VLAN?
According to Cisco, "A VLAN is a group of devices on one or more LANs that are configured to
communicate as if they were attached to the same wire, when in fact they are located on a
number of different LAN segments. Because VLANs are based on logical instead of physical
connections, they are extremely flexible".
Sa simple at pinaka-madaling paliwanag, ang VLAN ay isang network or subnet. Or isang LAN -
virtually. All devices in the same VLAN are in the same broadcast domain - logically. Ito ay
binubuo ng mga devices na nakakapag-communicate sa isa't isa. Hindi katulad ng physical
LAN(Local Area Network), ang VLAN ay pwedeng physically connected at madalas ay "logically
connected".
Ibig sabihin, kahit ang dalawang devices ay nasa magkahiwalay ng location, pwede silang
maging member ng isang VLAN. Ito ang kaibahan ng VLAN sa isang normal at pangkaraniwang
LAN. Kaya din tinawag itong "virtual LAN".
93
Ang VLAN ay ginagamit upang mai-group ang mga devices according to their functions instead
of their physical location. Sa pamamagitan din ng VLAN, hindi na problema ang location at nai-
sesecure natin ang ating network dahil nabibigyan natin ng kanya-kanyang "rules" ang bawat
VLAN na nararapat para sa mga member ng naturang VLAN.
Here's the VLAN ranges provided by Cisco.
How VLAN works?
In a flat or traditional network, ang mga devices ay nag-cocommunicate by receiving and

sending broadcast. Gaya nang na-discuss natin on how switch works. Ibig sabihin, ang flat or
traditional network ay isang malaking broadcast domain.
Kapag merong devices na nag-cocommunicate or gustong maki-pag communicate nag-sesend

ng broadcast message at LAHAT ng devices na part ng flat or traditional network ay nakaka-
tanggap ng broadcast. Ito ay nagdudulot ng pagbagal or pwedeng maging sanhi ng
disconnection sa network natin.
94
Let's have an example. Sa image sample natin sa taas, ang mga devices na yan ay connected
sa mga "hub" or let say switch in a traditional or flat network. Ibig sabihin nagkaka-roon ng
"broadcast storm" at pagbagal ng network kapag sila ay "nag-uusap usap" dahil nga sa
broadcast. Ang broadcast ay na-sesend sa lahat ng ports ni hub or traditional switch at ma-
rereceived ng lahat ng devices na naka-connect sa kanya.
Kung meron pang ibang hub, then dun sa mga hubs or switch na yun gaya ng nasa taas at may
naka-connect rin na mga devices, ma-rereceive pa rin nila ang broadcast at magiging part pa rin
sila ng broadcast. Yan ang sitwasyon sa flat at traditional na network.
Over the time, nag-evolved na ang technology at naimbento ang mga switches. Dito na rin
pumasok ang technology about VLANs. Sa pamamagitan ng VLAN, nalilimitahan or naiiwasan
ang ganitong sitwasyon. Bakit? Dahil tanging ang mga "member" lamang ng isang VLAN ang
makaka-tanggap ng broadcast from other member na gustong mag-communicate.
Sa modern network, ang mga devices na naka-connect sa isang switch ay pwedeng maging
member ng iba't ibang VLAN. Kada-port ng naturang switch ay pwedeng maging member ng
different VLANs.
At sympre kada-devices na naka-connect sa naturang port ay magiging member ng VLAN na

naka-assign sa port na yun. At ang isa sa malaking benefit nito, tanging ang port lamang na
member na naturang VLAN ang makaka-receive ng broadcast message.
For example, kung ang PC 1 to PC 3 ay naka-connect sa port 1 - port 3 ng isang switch at

member ng VLAN 5, ang PC 4 na naka-connect sa port 4 at iba pang PC ay hindi makaka-
tanggap ng broadcast kung ang mga port kung saan sila naka-connect ay hindi member ng
VLAN 5. Tandaan, port ang ina-assign sa VLAN.
Gets ba mga idol? Let's have more.
Another good thing about the VLAN is the location. Sa isang flat network, dati hindi pwedeng
pagsamahin ang magkaibang "role" or "department" sa isang location or "switch" lamang.
95
Let say sa 2nd floor ng building located ang mga Sales team at sa 3rd floor naman located ang
mga HR team. They are connected on a separate access switches which are connected to their
main switch or distribution switch. Magkaiba sila ng mga rules at access sa network.
Once na occupied na ang 2nd floor para sa Sales team, you need to create another subnet or
maybe add another switch doon sa 2nd floor para sa mga new hired na Sales team. Eh pano
kung yung 2nd floor can only accomodate 40 people?
With the help of VLAN, pwede tayong mag-create ng SALES VLAN and HR vlan sa main switch
or let say distribution switch (or core switch in some designs) and then all the access switches in
the building will have those VLANs. All switches will have those VLAN through VTP(Virtual
Trunking Protocol) na ididiscuss natin sa mga susunod na lessons.
So ibig sabihin, kahit may newly hired Sales team or newly hired HR team, they can sit
anywhere in the building given that the port of the switch kung saan sila connected ay nasa
kani-kanilang VLAN. At na-mamaintain pa rin ang type of access at rules na talagang para sa
kanya-kanyang department. No need to add new subnet or switch kung hindi naman talaga
kailangan.
Here's a sample image from Cisco that shows kung pano ang traditional network setup vs.
network setup using VLAN. Makikita nyo ang malaking pag-kakaiba at mga benefits nito.
Amazing, is in it? :D
96
That's the basic of how VLAN works. For now, hanggang dito na lang muna para ma-grasp at
ma-appreciate n'yo lalo na ng mga beginners ang basic of VLAN. On the future lessons, we will
dig deeper and have more samples. We will also share how to configure VLANs and some real
world scenarios para mas maintindihan pa natin ito.
I hope this has been informative mga idol. Until next time, cheers!
Lesson 4: VLAN Part II. VLAN operation and basic configuration.
VLAN Operation
Again, gaya ng na-discuss natin sa Part I, ang VLAN ay ginagamit para i-separate ang network
according to their functions. This is also to limit the broadcast and secure a particular network.
VLAN is also used to eliminate the physical or location boundries in network design and
operation.
Let's have another example again para mas maliwagan pa tayo sa operation ng VLAN.
Let say we 2 departments in our company, the HR and Sales. In a flat or traditional network, I
can only assign a particular subnet on a specific switch. Let say meron akong isang switch na
24-ports, I can assign a particular subnet for this switch and allot it to the HR department.
97
Let say si HR department which is located in 2nd floor is connected to switch-01 and we are
using subnet or network 192.168.1.0/24. Lahat ng PC or devices na i-coconnect ko sa switch na
ito is para lamang sa HR department at located lamang sa 2nd floor.
In order for me to have the Sales department on the 2nd floor too, kailangan natin mag-dagdag
ng new switch at mag-assign ng new subnet para sa Sales. Let say switch-02 and then subnet
192.168.2.0/24.
We cannot just put Sales department into the subnet and switch of HR department. Bakit?
Magiging part lamang sila ng isang broadcast domain, ibig sabhin lahat sila makaka-receive ng
broadcast kapag may gusto mag-communicate na device. Walang security kasi lahat ng maa-
access ng HR pwede na rin ma-access ng Sales.
Parang hindi rin sila hiwalay na department, right? And they can only sit on the 2nd floor of the
building kasi andun lang ang subnet at switch na para sa kanila. Ganyan sa flat at traditional
network.
Sa pamamagitan ng VLAN, we can have those 2 departments in a single switch(example is

switch-01). And they are still separated - virtually.
Ibig sabihin, we can assign switch ports 1-10 to HR department and switch ports 11-20 to Sales
department on switch-01. Or pwedeng alternate. Lahat ng odd ports ay HR department at lahat
ng even ports ay Sales department. Or kada-tatlo. You name it!
98
Kahit na mag-kasama sila sa iisang switch, mag-kaiba sila ng broadcast domain. Mag-kaiba sila
ng access. At higit sa lahat, they can sit anywhere as long as the switch port kung saan sila
connected is assigned to their specific VLAN.
Lahat ng devices na nasa HR vlan ay makaka-tanggap lamang ng broadcast na para sa HR

vlan or subnet. At ganun din sa Sales.
What if may HR employee na gusto lumipat ng 3rd floor or 4th floor ng building. No problem. As
long as ang port kung saan sila connected ay nasa tamang VLAN, same connection pa rin.
Parang andun pa rin sila katabi ng mga ka-team nila sa 2nd floor. Same same lang ika nga. And
the same goes on for other VLANs.
Another important thing to note: Lahat ng ports na hindi naka-assign sa specific VLAN ay
magdedefault sa native VLAN. Most of the time ito ay VLAN 1.
For example, let say sa ating 24-ports na switch, kung ang ports 1-5 lamang ang naka-assign
sa VLAN 5, then ports 6-10 naman sa VLAN 10, lahat ng remaining ports(ports 11-24) ay
default na ma-aassign sa VLAN 1 or kung anu mang nakaset na native VLAN. Makikita n'yo
later below.
Maliwanag ba mga idol? I hope mas naintindihan n'yo pa ang basic of VLAN and it's operation.
Kung may tanong comment or email lang.
Let's dig deeper.
Layer 2 and layer 3 VLAN
Kasama ng operations ng VLAN ang kanilang layer 2 and layer 3 functionalities. Ibig sabihin,
they are operating on layer 2 and layer 3 of the OSI model.
Sa layer 2 pumapasok ang VLAN ID or VLAN number ng specific VLAN. For example VLAN 5 -
on a particular switch or device you can only have single vlan id. Ibig sabihin kung meron na
tayong na-create na VLAN 5, hindi na ito pwedeng ma-doble.
99
Again for reference, ito yung mga range ng VLAN or vlan numbers na pwede natin gamitin
provided ng Cisco. The VLAN 1002 - 1005 ay hindi ginagamit sa network operations.
Sa layer 3 naman pumapasok ang IP address or specific subnet para sa VLAN id na na-
icrereate natin. Let say yung sample natin sa taas na VLAN 5, para maka-connect at ma-identify
s'ya sa network, kelangan n'yang mag-karoon ng specific address.
Sa ating example kanina, we assign 192.168.1.0/24 para sa HR department. We can assign

that subnet too to VLAN 5. Ibig sabihin ang mga IP address ng mga taga HR deparment ay
starting from 192.168.1.1 to 192.168.1.254. Remember na hindi kasama ang network at
broadcast address.
Sa layer 3 VLAN din pumapasok ang SVI or switch vlan interface. Ito ay virtual interface na
ginagamit natin para malagyan ng specific IP address ang particular VLANs. Para din mai-route
natin ang naturang VLAN at maka-connect sa iba pang VLANs sa ating network.
How to configure VLAN
Ngayong alam na natin kung pano gumagana at ang basic operation ng VLAN, let's see kung
pano naman ang basic configurations nito. I will just share the basic and foundation here para
mas maintindihan lalo na ng mga beginners at newbies. That's the mission of this blog. To
provide the basic and foundation knowledge for Pinoy beginners. Let's start!
Kagaya ng example natin sa taas, let say meron tayong separate subnets para sa kanya-
kanyang departments. At mag-aassign tayo ng kanya-kanyang VLAN para sa bawat
department. Ito ang sumusunod:
 192.168.1.0/24 - VLAN 5 HR department

 192.168.2.0/24 - VLAN 10 Sales department
Configuring Layer 2 VLAN
Dito sa ating example, I'm using a 3650 switch which is capable of layer 2 and layer 3 vlans.
Para maka-pag configure tayo ng layer 2 VLAN, here's the command.
Switch>
Switch>en → to go to the enable mode
Switch#conf t → to go to the global configuration mode. Check the IOS command mode again
100
here.
Switch(config)#vlan 5 → creating layer 2 vlan with vlan id 5. VLAN 5 already exists.
Switch(config-vlan)#name HR_DEPARTMENT → naming vlan 5 for naming convention.
Switch(config-vlan)#exit
Switch(config)#vlan 10 → creating layer 2 vlan with vlan id 10
Switch(config-vlan)#name SALES_DEPARTMENT → we name the vlan 10 for Sales
department.
Switch(config)#end
Switch#
By using the command above, naka-pag create na tayo ng layer 2 vlan for our 2 departments.
Pero it doesn't end there. We need to assign ports on those VLAN para ma-segregate natin sila.
Always remember na port ang inaassign sa VLAN.
So far wala pang ports ang naka-assign sa vlan 5 and 10. Let see.
Switch#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7,
Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19,
Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gig0/1, Gig0/2
5 HR_DEPARTMENT active
10 SALES_DEPARTMENT active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
As you can see on the above, I was able to show all the VLAN including all the ports in this
switch. You can see our VLAN 5 and VLAN 10 there pero wala pang port na naka-assign kasi
nga hindi pa tayo nag-aassign sa kanila.
Notice din na as default, lahat sila ay naka-assign sa native VLAN(VLAN 1) gaya nga ng
nabanggit ko kanina.
So ngayon, I will assign several ports sa ating HR at Sales VLAN para makita n'yo kung
papano.
Switch(config)#interface fastethernet 0/1 → to go into the interface configuration mode

Switch(config-if)#switchport mode access → to set the port as access port
Switch(config-if)#switchport access vlan 5 → to assign this port to VLAN 5
101
Switch(config-if)#no shutdown → to turn up the port
Switch(config-if)#exit
On the command above, I was able to assign port 0/1 or fastethernet 0/1 to vlan 5. See here.

---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24, Gig0/1, Gig0/2
5 HR_DEPARTMENT active Fa0/1 → HR VLAN na. Wala na s'ya sa VLAN 1.

Gotcha?
10 SALES_DEPARTMENT active
To speed up the proccess, pwede tayong gumamit ng "range" option command para mabilis
natin ma-assign ang mga range of ports sa VLAN na gusto natin. Let's have another example.
Switch#conf t
Switch(config)#interface range fastethernet 0/2-6
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#no shutdown
Switch(config-if-range)#exit
On this example, I use the range option para ma-assign ko ng by group or by range ang mga
port sa specific VLAN. In this case, I assigned port 2 to 6 sa Sales VLAN or VLAN 10. To see
them in action again, here they are.

---- -------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11,
Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gig0/1, Gig0/2
102
5 HR_DEPARTMENT active Fa0/1 → nasa VLAN 5
10 SALES_DEPARTMENT active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6 → nasa VLAN 10
na
Nakikita n'yo sa output natin sa taas na na-assign natin ang ports 0/2 to 0/6 sa VLAN 10 using
the range option. Sweet right? That's it pansit! I hope by this time, you now understand the
basic operation of VLAN and how to configure them (layer 2).
Want more? Ok, sagarin na natin.
Configuring Layer 3 VLAN
Since we already created the layer 2 VLAN, para ma-kumpleto natin ang VLAN operation we
also need to create the layer 3. Sabi nga natin kanina, layer 3 VLAN is to provide specific
address for specific VLANs. Para din mako-connect sila sa network at mai-route ang traffic ng
mga devices belong to those VLANs back and forth sa ating network.
On old designs and some small companies, ginagamit ang router-on-a-stick design. Meaning,
sa router gumagawa ng virtual interfaces para mai-route ang mga connections to different
VLANs.
Sa real world scenario at most of the general design, they are using layer 3 switch. Meaning
ung mga switch na capable of layer 2 and layer 3 functions. This way, gumagaan ang trabaho ni
router at hindi masyado nag-coconsume ng CPU.
Ito rin ay base sa recommended design ni Cisco. Gaya nga ng napag-usapan natin sa network
topology. Paki-balikan na lang kung kailangan mga idol.
Sa ating example sa taas, we assign the following subnet to our VLANs:
 192.168.1.0/24 - VLAN 5 HR department

 192.168.2.0/24 - VLAN 10 Sales department
To configure them in the switch, here's the basic command we need to do.
Switch>
Switch>en
Switch#conf t
Switch(config)#interface vlan 5 → creating switch vlan interface for our VLAN 5
Switch(config-if)#description HR_DEPARTMENT → description for this vlan interface
Switch(config-if)#ip address 192.168.1.1 255.255.255.0 → assigning IP address on the VLAN
interface. It should belong to the VLAN 5 subnet(192.168.1.0/24).
Switch(config-if)#no shutdown
Switch(config)#interface vlan 10 → creating switch vlan interface for our VLAN 5
Switch(config-if)#description SALES_DEPARTMENT → description for this vlan interface
103
Switch(config-if)#ip address 192.168.2.1 255.255.255.0 → assigning IP address on the VLAN
interface. It should belong to the VLAN 10 subnet(192.168.2.0/24).
Switch(config-if)#no shutdown
From the command and configurations above, naka-pag create na tayo ng layer 3 vlan at naka-
bigyan na natin ito ng IP address. The devices on different VLANs now can communicate from
other VLANs. The devices can ping and connect to each other. We'll show that again in the
future. So far, hanggang dito na lang muna.
Weeeew! That's too much! I spent several hours creating this article. You guys should treat me
at least a pizza and a beer. Hahaha.
Anyways, I hope by this time you now understand the basic VLAN operation. Pati na rin ang
pag-configure ng layer 2 at layer 3 vlan.
On future articles, we will have more discussion about them. Or siguro sa vidoes (in the future)
kapag meron na, para mas madali ipaliwanag at mas maintindihan ng lahat.
Hanggang dito na lang muna mga idol. I hope you learn something new. If you have questions,
let me know. Cheers!
Lesson 5: VLAN Trunking Protocol: Understanding the basic.
We're done talking about the basic and foundation of VLANs on previous articles, today pag-
uusapan naman natin ang basic ng VTP (VLAN Trunking Protocol). Let's begin.
Disclaimer: There are some advance topics and discussions about VTP(VLAN Trunking
Protocol), what I'm sharing here is the basic and foundation. Kagaya ng lage kong sinasabi,
once you understand the basic and foundation, mas madali at mas mabilis mo ng maiintindihan
ang mga advance topics at configurations. All you need to do is to understand "the flow and the
process", from there sinisugurado ko sa'yo na "sisiw" na lang ang mga kasunod.
What is VTP (VLAN Trunking Protocol)?
Sa isang simpleng paliwanag, ang VTP or VLAN Trunking Protocol ay ginagamit upang
mapadali at maging-organize ang pag-manage ng mga VLANs. That's just it. That's the basic
and foundation.
Para mas maintindihan, narito kung pano ito gumagana.
Meron tayong mga switches under VTP domain CCNAPHILIPPINES, ang isang switch ay naka-
set as "VTP server" and then other switches are set as VTP clients. Sa switch na naka-set as
vtp server lang tayo mag-aadd, mag-momodify at mag-dedelete ng VLANs.
104
Kagaya ng nakikita n'yo sa larawan sa taas (taken from wikipedia), all updates will be
automatically propagated on all switches under vtp domain na CCNAPHILIPPINES.
Everytime na may ginawa tayong changes sa vtp server, the "configuration revision number" will
increase tracking those changes and will update all switches in the vtp domain. Yun lang un!
Sisiw mga idol diba? Lol. :D
What is VTP domain?
Ang function ng vtp domain ay para mai-group ang mga switches. Simple lang, lahat ng
member ng naturang domain ay magkaka-group. Gaya ng nabanggit ko sa taas, all vlan
updates and changes are propagated from vtp server in that specific domain.
Different VTP modes
Sa VLAN trunking protocol, meron tayong mga modes ng switches. At depende sa mode nila
ang kanilang magiging functions. Let's see them below.
1. VTP server
Gaya ng binanggit ko, ang vtp server ang ginagamit natin para mag-add, update at delete ng
VLANs. By default, all Cisco switches are operating in VTP server. So bago tayo mag-add ng
switch sa network, kelangan muna natin i-make sure na hindi nito maapektuhan ang current
configuration ng ating network. We can delete the vlan.dat file(explained below) and set the
switch to vtp client or vtp transparent mode.
105
2. VTP Client
Ang vtp client mode naman is mag-accept lamang s'ya ng vtp updates and i-sysynchronize n'ya
ang sarili n'ya from that updates. Then it will forward the updates sa ibang switch na naka-
connect sa kanya. VTP client cannot add, modify or delete vlans.
3. VTP transparent
Sa vtp transparent mode, hindi n'ya ina-update ang sarili n'ya sa mga vtp updates na
natatanggap n'ya kundi ifo-forward n'ya lamang ito sa switches na naka-connect sa kanya.
Gotcha?
4. Off
Kelangan pa ba ipaliwanag? :D Pag-off syempre hindi s'ya magpaparticipate sa kahit anong vtp
activities. That's just it!
There are certain advantage and disadvantages sa paggamit nito. Let's see.
Major advantages of VLAN Trunking Protocol
1. Easy VLAN management
Sa pamamagitan ng VTP, nagiging madali ang pag-mamanage at pag-oorganize ng mga

VLANs sa isang network. Bakit? Dahil we can centralize the process and creation of VLANs on
a single switch and then all of the other switches will be updated automatically.
Meaning, we can just simply create a vlan on a particular switch and then all of other switches
on the network will have that vlan. So ibig sabihin, hindi na natin kelangan mag-login sa bawat
switches natin sa network para lang mag-create ng naturang vlan. Those are already
"automatically propagated" sa tulong ng VLAN Trunking Protocol.
Malaking tulong at malaking bagay ito lalo na sa malalaking network or company. For example,
sa Company A ay meron 50 switches sa isang building then kelangan mag-add ng VLAN 50
para sa Sales department. At isang network admin lang ang gagawa nito. Without VTP, the
network admin need to login and configure VLANs on all those 50 switches manually. Yes, isa
isa kapatid. Ma-trabaho, mabagal at sympre hindi smart.
With the help of VTP, the network admin just need to create the VLAN 50 on the server switch
and then it automatically populates on all of the switches in the "domain". In this way, mas
mabilis ang trabaho at mas naka-tipid tayo sa oras.
Once the VLAN is populated, pwede ka na mag-assign ng mga ports on VLAN 50 on every
switch.
2. Auto-obtain VLANs
Kung meron kang new switch na need ikabit or iconnect sa network, once the switch has been
configured, it can automatically obtain all the VLANs on the network too. Kagaya ng sabi ko sa
106
#1, it will automatically obtain all the VLAN configurations from the "main switch" and will be
setup automatically. All VLANs are obtained without you creating those sa new switch.
Note: On VTP version 1 and 2, there is a drawback when you add a new switch na meron mas
mataas na revision #. If the new switch contains higher configuration revision #, pwede sy'ang
maging "main switch" at iupdate n'ya ang network kung saan s'ya naka-connect.
Ibig sabihin, kung ang "VLAN.dat" file sa switch ay hindi na-erase at meron itong mga VLAN
configuration, pwede itong maka-apekto sa network na pagkakabitan mo ng new switch. That's
one of the draw back. More on this later.
3. VTP Pruning
Once enabled, ang VTP pruning ay isang simpleng process sa VTP kung saan ang mga switch
ay "intelligently" nag-dedecide at nag-cocommunicate kung anong VLANs ang meron at
ginagamit sa ibang switches. Sa pamamagitan ng VTP pruning, hindi na nagpapadala ng
"VLAN updates/information" sa isang switch kung hindi naman ito kailangan. Naiiwasan ang
congestion at nama-maximize ang resources ng mga switches.
For example, merong 5 switches sa 2nd floor ng Company building A. Lahat ng switches ay
may VLAN 50 pero si switch-05 ay wala pa namang port na naka-assign sa VLAN 50. If updates
or communication goes out for VLAN 50, tanging ang switch-01 to switch-04 lamang ang
makaka-receive ng updates.
Since hindi naman kailangan ni switch-05 ang VLAN 50 updates or info (kasi wala ngang port
ang naka-assign sa kanya sa VLAN 50) "ipinu-prune" ito para hindi na s'ya padalhan ng
updates. That's how VTP pruning works! Gotcha kapatid?
Major disadvantage of VTP (VLAN Trunking Protocol)
Ang pinaka-drawback ng VLAN Trunking Protocol is pwede itong mag-cause ng network outage
at ma-override ang existing network configurations. Lalo na sa versions 1 and 2.
Kagaya ng nabanggit ko kanina, kung nag-add tayo ng new switch sa network na may existing
configurations at mas mataas ang configuration revision number, pwede nitong i-override ang
VLAN configurations ng lhat ng switches at palitan ng configuration na galing sa kanya. Dahil
dito, maapektuhan ang lahat ng mga devices na connected sa mga naturang switches.
Since ang default mode ng mga Cisco switches ay "server mode" pwede nitong ma-override
ang existing configurations kung mas mataas ang revision number nito kesa sa existing
server. Sa version VTP version 3, pwede na itong maiwasan dahil meron ng tinatawag ng
"primary server". Ibig sabihin, tanging ang primary server lamang ang pwedeng mag-update,
add, delete ng mga VLANs.
What is VLAN.DAT?
Ang VLAN.dat ay ang VLAN database containing the VLAN information at VLAN configurations
na naka-save sa mga switches. Kasama dito ang configuration revision number. Hindi ito
nabubura sa pagdelete ng running configurations ng isang cisco switch. Ito any MANUALLY na
107
binugura or inaalis. So para maiwasan ang downtime or outage s kapag nag-aadd tayo ng new
switch sa network, we need to make sure na burado ang VLAN.DAT on that switch.
How to delete vlan.dat in a Cisco switch
Simple lang ang pag-delete ng vlan.dat, kung tayo ay mag-coconfigure ng new switch. Just
follow the command below.
Switch# dir flash: → to check what's save on flash memory of the switch
Directory of flash:/
2 -rwx 2487439 Mar 11 1993 01:25:32 c2950-i6q4l2-mz.121-9.EA1d.bin

3 -rwx 840 Mar 20 1993 09:20:09 vlan.dat
4 -rwx 2491435 Mar 08 1993 16:14:13 c2950-mvr.bin
6 -rwx 42 Mar 01 1993 00:07:35 env_vars
7 -rwx 109 Mar 11 1993 01:23:56 info
8 drwx 640 Mar 11 1993 01:26:35 html
19 -rwx 109 Mar 11 1993 01:26:35 info.ver
7741440 bytes total (1088512 bytes free)
Switch# delete flash:vlan.dat → to delete the vlan.dat file

Delete filename [vlan.dat]?
!--- Press Enter.
Delete flash:vlan.dat? [confirm]y
Switch# reload → to reboot the switch

Proceed with reload? [confirm]y
4w5d: %SYS-5-RELOAD: Reload requested
After reload, pwede nating i-check ang VLAN information with the show vlan command. The
user-configured VLANs no longer appear in the command output. Only factory-default VLAN
information is on the switch.
Switch# show vlan

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
108
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - IBM - 0 0
From here, pwede na natin ituloy ang pag-configure ng switch. I hope you get it mga idol. Kung
may tanong, email or comment na lang.
What is trunk port?
Before we continue, daanan muna natin saglit ang trunk port. Mahalaga na maintindihan din
natin ito para mas maintindihan pa natin ang VTP.
Ang trunk link(switch ports that in trunking state) ay kailangan upang "maka-pagpasa" ng VLAN
information and updates between switches. Ito ang basic port state ng karaniwang Cisco switch
ports. Ang trunk port gaya nga ng nabanggit ko, ito ang state ng port kung saan magka-connect
ang dalawang switch.
By default, ang trunk port ay member ng lahat ng VLANs at nag-papadala at nag-sesend ito ng
VLAN information at update sa other switch na naka-connect sa kanya. May kakayahan ito na
"i-tag" ang bawat traffic kung para kaninong VLAN gaya ng nakikita n'yong larawan sa baba.
109
Trunking Protocols
 802.1Q: This is the most common trunking protocol. It’s a standard and supported by
many vendors.
 ISL: This is the Cisco proprietary trunking protocol. Ibig sabihin, tanging mga Cisco
devices lang ang pwedeng gumamit ng ISL.
Configuring trunk ports
SwitchA#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchA(config)#int fastEthernet 0/24
SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk encapsulation dot1Q
SwitchA(config-if)#no shutdown
SwitchA(config-if)#exit
SwitchB#conf t
SwitchB(config)#interface fastEthernet 0/24
SwitchB(config-if)#switchport mode trunk
SwitchB(config-if)#switchport trunk encapsulation dot1Q
SwitchB(config-if)#no shutdown
SwitchB(config-if)#exit
Sa sample natin sa taas, we configure port 0/24 ng SwitchA and SwitchB to trunk ports using
dot1q encapsulation. By having this, we can now connect each switch to each other on interface
fa0/24.
How to configure VLAN Trunking Protocol
Before we go to the vtp configuration, we can easily check the status and settings of vtp sa
pamamagitan ng command na "show vtp status". From here, makikita natin ang vtp information
para sa isang switch gaya ng sample natin sa baba.
SwitchA#sh vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
110
Mahalaga na mag-verify muna tayo bago tayo mag-simula ng changes. Sabi ko nga before,
dapat meron na tayong step by step plan sa ating gagawin lalo na sa production network.
Here's the basic steps kung pano tayo magco-configure ng VTP.
SwitchA(config)# vtp domain ccnaphilippines → set vtp domain to ccnaphilippines

Setting VTP domain name from NULL to ccnaphilippines.
SwitchA(config)# vtp mode server → set vtp mode to server
Setting device to VTP Server mode for VLANS.
SwitchA(config)# vtp password cisco → set vtp password
Setting device VLAN database password to cisco.
SwitchA(config)# end
SwitchA#
Sa sample natin sa taas, nai-configure ko na ang SwitchA as the vtp server in the
ccnaphilippines vtp domain at may password na "cisco". Again we can verify using the show vtp
status command like below.
SwitchA#show vtp status

VTP Version : 2
VTP Operating Mode : Server
VTP Domain Name : ccnaphilippines
MD5 digest : 0x91 0x38 0x27 0x1F 0x2A 0x9F 0x1B 0xB0
Local updater ID is 0.0.0.0 (no valid interface found)
All we need to do in other switches is to join them in "ccnaphilippines" domain and use vtp
password "cisco". Let's do it.
SwitchB(config)# vtp domain ccnaphilippines

Setting VTP domain name to ccnaphilippines.
SwitchB(config)# vtp mode client
SwitchB(config)# vtp password cisco
Setting device VLAN database password to cisco.
SwitchB(config)# end
SwitchB#
And we can verify again.
SwitchB#show vtp status

VTP Version : 2
VTP Operating Mode : Client
111
VTP Domain Name : ccnaphilippines
MD5 digest : 0x91 0x38 0x27 0x1F 0x2A 0x9F 0x1B 0xB0
Kung transparent naman ang gusto natin, palitan lang natin ung mode as transparent(vtp mode
transparent) and make sure na tama yung vtp domain and vtp password. From there, once we
create, update, and delete VLAN on the SwitchA(server mode), all updates will be
"automatically" populated on other switches.
Kung meron 200 switches sa network under that domain, hindi mo na kailangan mag-create,
mag-update at mag-delete ng VLANs manually sa bawat isang switches, it happens
automatically by the help of VTP.
Weew! That's it pansit! As usual, napahaba na naman itong article natin 2000++ words! Pero
ayos lang as long as nai-shashare ko ng maayos at maliwanag sa inyo. Once I completed all
the basic and foundation tutorials, I'll create a video in the future para mas madali natin
maipakita at maintindihan. Just stick around.
If you reached this far, I hope you now understand the basic operation and configuration of VTP
or VLAN trunking protocol. Hanggang sa susunod mga idol, cheers!
Lesson 6: Introduction to Spanning-Tree Protocol. Part I.
Kamusta mga idol? Today, we're going to discuss the introduction about Spanning-Tree
Protocol. This is the continuation of our Chapter III. Sana nabasa at naintindihan n'yo na ang
basic about VLANs and VTP. Paki-balikan na lang kung hindi pa.
What is Spanning-Tree Protocol?
Sa isang simpleng paliwanag, ang Spanning-Tree Protocol ay isang switching technology na

ginagamit para ma-prevent loops sa isang network. Yun lang yun. Keyword: loops!
Mahalaga na maintindihan natin ang ibig sabihin at kung papaano ito gumagana. Bukod sa
kasama ito sa CCNA exam, ito rin ang isa sa pinaka-karaniwang incident na ma-eencounter
natin sa real world kapag nasa networking industry na tayo.
Why we need Spanning-Tree protocol?
Ngayong alam na natin na ang Spanning-Tree Protocol ay para sa loop prevention. Siguro ay
napa-isip kayo kung ano ba ang loop. Wait! Alam ko ang susunod n'yong tanong. Bakit may
loop? Or bakit nagka-karoon ng loop sa network? Let me explain why.
Kung tutuusin, pwede naman na talaga na wala ng Spanning-Tree Protocol. Yun ay kung ok
lang sa isang company or network infrastructure na walang redundancy ang ating network.
Anong ibig sabihin ng redundancy?
112
Simple lang, meron tayong backup path para ma-reach ang isang network destination. Ibig
sabihin meron tayong ibang way para maka-connect sa isang device sa network in case na
mag-down or may mangyari sa isang path natin. Pa-simplehin pa natin.
Kung ang tanging way papuntang Pasay from Cubao ay MRT lang (no other way - no
redundancy), deadbols ka na kapag ito ay nagka-sira or nagka-problema (which is lage namang
ngyayari! Bwiset na yan! haha). Pero dahil meron kang ibang way para makarating ng Pasay
from Cubao (LRT, Edsa or C5 etc.) you have the option para makarating pa rin sa pupuntahan
mo kahit mag-fail ang MRT. We have redundant path. Hindi lang tayo single point of failure.
Ganun din sa network. Kung ang mail server mo is naka-connect sa isang switch at may isang
path lang papunta doon, all users will be affected once na mag-down ang naturang path or link.
Walang redundancy eh. Nage-gets mo idol?
Sa isang business or company lalo na sa mga banks at BPO, hospitals at iba pang mga critical
at malalaking businesses hindi pwedeng walang redundancy. Kailangan laging up-up ang
network or mabilis ang recovery. Sa pamamagitan ng redundancy, nagkakaroon tayo ng backup
path para ma-reach and isang network destination. Naalis na natin ang tinatawag na "single
point of failure". Let's have more example.
Sa sample image natin sa taas, meron tayong 2 switches na connected lamang in one path.
Isang cable lamang ang nag-coconnect sa kanila. Single point of failure.
Kapag nagdown ang interface fa0/0 ni switch A or switch B, or maputol ung network cable or
kinain ng daga - wala ng way para makapag-communicate si PC-A papunta kay PC-B or vice
versa. Single point of failure.
To resolve the single point of failure issue, pwede tayong magdagdag ng additional cable on
both switches to make it redundant. Let's say aside from the cable in fa0/0 on both switches, we
add another cable goes to interface fa1/0 ng switch A and B kagaya ng nakikita n'yo sa sample
image natin sa baba.
113
This way, if interface fa0/0 goes down or yung cable nila is naputol, there is still way para
makapag-communicate si PC-A at PC-B. Gets ba mga idol? That's how redundancy work. I
mean in a very simple explanation or setup. Para lang mas maintindihan natin lalo na ng mga
beginners.
Pero kung tutuusin meron pa rin single point of failure kasi sa isang switch lang sila dumadaan,
pano kung ung switch ang magka-issue di ba? Pero in some way, we make it redundant. Sa
isang fully redundant setup, ginagawan pa rin yan ng paraan. Again it depends on the company,
network policy, design etc. I hope you get my point idol.
Ok, so redundant na tayo sa network. Meron na tayong different ways to communicate or

connect sa isang target destination in case may mangyari sa isang path or link. Ano ang
problema? Loop kapatid! Network loops. Sa kasamaang palad, ang redundancy ay nagdudulot
ng network loop. Bakit kamo? Ganito kasi yun.
Sa simpleng redundant setup natin sa image sa taas, ganito ang mangyayari kapag mag-
cocommunicate si PC-A at PC-B kung walang Spanning-Tree Protocol.
114
1. Let's say magco-connect si PC-A kay PC-B. Magse-send ng ARP request si PC-A para
hanapin ang mac-address ni PC-B. Ang ARP ay isang brodcast frame. Mapupunta ito kay
Switch-A.
2. Since ito ay broadcast, ise-send ngayon ni Switch-A sa lahat ng kanyang ports ang ARP
maliban sa interface kung saan n'ya ito natanggap(port ni PC-A). Kagaya ng napag-aralan
natin kung pano gumagana ang switch.
3. Ngayon, mare-receive ni Switch-B ang broadcast frame sa parehong interfaces(port fa0/0

and fa0/1).
Ano ngayon ang gagawin ni Switch-B?
1. Dahil nga ito ay broadcast frame, ifo-forward din ito ni Switch-B sa lahat ng kanyang
interfaces maliban kung saan n'ya ito nareceive.
2. So yung frame na na-receive ni Switch-B sa interface fa0/0 mafo-forward sa lahat ng

ports(kasama si fa0/1). Then yung frame galing kay interface fa0/1 mafo-forward sa lahat ng
ports kasama naman si interface fa0/0.
Then babalik ito kay Switch-A. And do you see where it's going? Wala. Paulit-ulit lang na
parang sirang plaka. Pabalik-balik lang ang broadcast frames at forever na silang maglo-loop.
Kung sa teleserye walang forever, sa network loop meron! Haha.
So kung ganito ang mangyayari, pwedeng bumigay ang switch or mag-down ang network. At
dito na pumapasok ang ating superhero na si Spanning-Tree Protocol. Dandadadaaaan.
Let's have another sample.
115
Sa sample image natin sa taas, makikita n'yo na meron tayong 3 switches inter-connected sa
bawat isa to provide "redundancy". Ibig sabihin, meron tayong alternative path na ma-reach ang
other swtich kung sakaling may mangyari sa isang port or link papunta sa kada-switch. Si
SwitchC meron 2 path para makarating kay SwitchA(isa sa interface fa0/0 at isa sa fa1/0 na
dadaan kay SwitchB). Si SwitchB ganun din, meron din s'yang 2 redundant path papunta kay
SwitchA.
Nakikita n'yo na ba ang bridge loop or network loop kung hindi gagamitin ang STP? Tama.
Since ang bawat switch ay magse-send ng broadcast sa lahat ng kanilang interfaces(maliban
kung saan nila ito natangap), magkakaroon tayo ng network loop.
Ung "BPDU" or bridge protocol data unit (ito ang tawag sa mga update ng mga switches) na
matatanggap ni SwitchA from interface fa0/0 ise-send n'ya kay interface fa1/0 at sa iba pang
ports at iikot lang ito pabalik sa kanya. Ganun din kung ang "BPDU" ay sa interface fa0/0
lalabas. Same scenario. Magkakaroon ng bridging or network loop. Ang mga ganitong issue
ang nire-resolve ni STP. Let's see kung paano.
How Spanning-Tree Protocol works?
Ngayong alam na natin kung para saan ang STP, let's see the fundamentals kung paano
naman s'ya gumagana.
Sa isang simple at walang halong "jargons", ibina-block ni spanning-tree protocol ang port or
interfaces na pwedeng maging cause ng loop para magkaroon tayo ng loop-free network
topology.
When I say ibina-block, temporary lang ito at "ready anytime" in case may mangyari or ma-
detect na failure or distruption sa active path or link natin. Let's have another example.
116
Sa image sample natin sa taas, makikita n'yo ang posibleng network loop kung walang STP.
Bawat switch ay magpapadala ng updates na tinatawag nga na "BPDU" sa isa't isa.
Kapag ginamit or ini-enable na natin ang spanning-tree protocol, ganito ang nangyayari:
Nagkakaroon ng eleksyon ang mga switches kung sino ang magiging "root bridge" or root
switch. Ang root bridge ang nagsisilbing focal point sa network. Ang mga desisyon sa network
gaya ng aling port ang iba-block, alin ang magiging forwaring port at iba pa ay nakabatay sa
root bridge or root switch.
Pwede natin piliin kung alin ang magiging root bridge (manual configuration - advisable!) or
pwede rin naman natin hayaaran na ang mismong mga switches ang mag-identify ng magiging
root bridge nila (risky).
Sa STP election process, ang switch na may best bridge ID or PINAKA-MABABANG bridge
ID ang mananalong root bridge.
Ano naman ang bridge ID? Ang bridge ID ay binubuo ng bridge priority at mac-address ng
switch. Ang bridge priority ng mga switch ay naka-default sa 32768(can be change/configure) at
ang mac-address naman ay ang physical na address ng mga switches.
Ibig sabihin, kung hindi babaguhin ang priority ng mga switches (32768) ang switch na may
pinaka-mababang mac-address ang magiging root bridge or root switch. Imposible na silang
mag-tie sa mac-address dahil ito ay unique in every device.
Sa real world scenario, kadalasan na ina-adjust ang priority(mas mababa) para ma-influence
kung sino ang magiging root bridge. Gets ba mga idol? Let's continue.
117
Kagaya nga ng sample image natin sa taas, meron tayong default priority at sample mac-
addresses sa mga sample switches. So sa STP election process, mag-cocompare sila ng
bridge ID (priority at mac-address).
Since tie sila sa priority, ang tie breaker nila ay ang mac-address.
At ang switch na may pinaka-mababang mac-address ang magiging root bridge which is
SwitchA(ang mac-address n'ya ay AAA).
At lahat ng port ng root bridge ay "designated" which means na lage silang nasa forwarding
state. See sample image below.
Ngayong na-identify na kung sino ang root bridge(SwitchA), ganito naman ang mangyayari.
Lahat ng hindi root bridge/switch ay magiging non-root(syempre). At lahat sila ay kelangan

humanap ng "shortest path" papunta kay root bridge.
Ang shortest path papunta sa root bridge ay tinatawag na "root port". Take note mga idol ha,
ang root port ay nasa non-root bridge na device. Ito ay ang pinaka-mabilis na mararating n'ya
ang root bridge.
118
In the image sample above, makikita natin na ang root port ni SwitchB ay ang interface fa0/0 at
ganun din kay SwitchC. Sila ang shortest path papunta s root bridge na si SwitchA. Ito ay para
lang mapa-simple ang paliwanag.
In real world scenario, ang pag-determine ng shortest path ay depende sa speed ng interface.
Bawat speed ay may katumbas na "cost". At ang may pinaka-mababang cost(pinaka-mabilis na
speed) ang magiging shortest path papunta sa root bridge at magiging root port.
Ito ang overview ng cost per speed ng isang interface:
 10 Mbit = Cost 100

Remember, ang pinaka-mababang cost ay ang may pinaka-mabilis na speed. Ito ang magiging
root port sa non-root bridge switch. Gets ba mga idol?
Ok, so meron na tayong root bridge. Meron na rin tayong mga designated ports at alam na rin
natin kung alin ang mga root ports sa ating non-root switches. Meron pa rin tayong loop.
Sy'empre wala pa naman blocking port. So sino kay SwitchB or SwitchC ang magbo-block ng
port para ma-resolve ang loop? Let's see.
119
To identify kung sino at kung aling port ang ibo-block sa mga non-root switch. Mag-cocompare
ulit sila ng bridge ID at kung sino ulit ang pinaka-mababa sy'a ulit ang mananalo. Ibig sabihin,
compare ng priority tapos kung tie compare naman ng mac-address.
Sa ating sample, since deafult ang priority ng mga switches(SwitchB and SwitchC) magtitie-
breaker ulit sila sa mac-address kung saan si SwitchB ang mananalo kasi s'ya ang may pinaka-
mababang mac-address. Ibig sabihin, si SwitchC ang magbo-block ng port to prevent the loop
in the network.
So this time, ang interface fa1/0 ni SwitchC ang mabo-block at magiging non-designated port at
ito ay papasok sa blocking state.
Hindi namamatay ang port, nakikinig at abangers lang siya just in case magka-problema sa
interface fa0/0 ni SwitchC and ready to take over. This way, our network is redundant and
network loop is resolved.
This is the fundamentals and basic how Spanning-Tree Protocol works. Sa haba ng nai-share
ko sana naman ay may naintindihan kayo mga idol. Ilang araw at oras kong ginawa ang article
na ito on my free time para sa inyo. Sana makatulong.
This is just the foundation and basic. Next natin ung mga STP configurations at iba pa.
Hanggang sa susunod, cheers!
120
Lesson 7: Different port states in Spanning-Tree Protocol.
Howdy mga idol! I hope nakatulong ang previous lesson which is the introduction to spanning-
tree protocol para maintindihan n'yo ang basic. Let's continue the discusion.
This time, different port states in Spanning-Tree Protocol naman ang pag-uusapan natin.
By understanding how switch ports behave in STP, mas maiinitindihan natin kung pano ito
gumagana at sy'empre malaki rin ang maitutulong nito sa inyo kapag nag-exam na kayo at nag-
trabaho in real world.
Again, we're just going to discuss the basic and foundation para meron tayong overview at
fundamental knowledge about port states in Spanning-Tree Protocol.
Let's begin.
The different Port states in Spanning-Tree Protocol and how they work
1. Blocking state
During the switch initial "election process" in Spanning-Tree Protocol, all ports are temporarily in
blocking state. Once the election is done and "root bridge/switch" has been identified saka pa
lang papasok sa listening and forwarding state ang mga ports at sye'mpre kasama ng mai-
identify ang blocking ports gaya nga nung napag-usapan natin nung unang lesson.
Sa isang switch na nagpa-participate sa STP, ang port ay nasa blocking state kapag merong
ibang port na mas better at mas mabilis na way(cost) papunta sa root bridge or root switch at
kapag ang port ay "hindi root port or designated port".
Para ma-refresh tayo let me remind you the following:
 Root Port - Port/s ng non-root switch papunta sa root switch.

 Designated Port - Port/s ng root-switch at non-root switches papunta naman sa other
switches.
So again, kung hindi s'ya root port at hind rin designated port, malamang ito ay non-designated
port at nasa blocking state.
Gets ba chief?
Let's see an example.
121
Sa ating sample image sa taas, we can see that the interface fa1/0 ng SwitchC ay hindi root
port at hindi rin designated port, ito ay isang non-designated port at ito ay nasa blocking state.
Gotcha?
Ang port na nasa blocking state ay tumatanggap pa rin ng BPDU(switch updates) pero hindi
siya nagpo-process ng frames at data traffic. Sabi ko nga abangers lang s'ya sa topology
change at pwedeng mangyari sa network. In case mag-down yung current path, ready sy'ang
mag-take over at mag-change ng state into listening state after 20 seconds.
2. Listening state
From blocking state, ang port ay magta-transition into listening state(after 20 seconds).
DURING listening state, hindi pa rin nagpa-process ng frames at updates ang port. Discarded
pa rin ang updates. Nakikinig lang ito at hindi magfo-forward. After 15 seconds, the port will
transition from listening to learning state.
So from blocking state to listening state(20 seconds) and then listening to learning state(15
seconds).
3. Learning state
Pagdating sa learning state, the port is listening at nag-paprocess na ng BPDU. Nagpa-process

na rin ito ng user frames at nagsi-simula ng mag-update ng mac-address table pero ito ay hindi
122
pa niya ipino-forward. After 15 seconds pa ulit bago mag-transition ang port from learning state
to forwarding state.
So again, from blocking state to listening state(20 seconds), listening to learning state(15
seconds) and then learning state to forwarding state(another 15 seconds).
Ibig sabihin, it will take 50 seconds bago makapag-take over ang isang port from blocking state
into forwarding state. Ito ay sa traditional na spanning-tree protocol or yung tinatawag natin na
common spanning-tree protocol(CSTP). Sa new at modern spanning-tree protocol model,
ginagawan ito ng paraan. Ito ay ang PVST, RSTP at iba pa. We will discuss that next time.
Mabilis na ba yung 50 seconds? Sa mga tao, oo sy'empre sobrang bilis na nun. Pero sa isang
busy na network infrastructure at mga critical businesses, matagal yun. Sobrang tagal na nun!
Pwede nang mawalan ng mga customer ang isang business at trust from investors kapag
ganun. Again, we'll discuss that next time.
4. Forwarding state
Ang forwarding state ang final state ng interface at dito ngyayari ang normal na function ng mga
switch ports which is to forward frames. All ethernet frames will be forwarded(again on how
switch work) para sa ating data transmission. Gets ba mga idol?
Sa sample image natin sa taas, makikita n'yo ang summary kung papaano nag-tatransition at
gumagana ang different port states sa ating Spanning-Tree Protocol.
Hanggang dito na lang muna for now mga idol. I hope this short article has been informative. On
the next lessons, makikita natin ang kahalagahan at importansya ng mga port states na ito.
Hanggang sa susunod. Cheers!
123
Lesson 8: Different modes of spanning-tree and their basic configuration
As usual, we will just talk about the basic here. Medyo malawak at maraming pasikot-sikot ang
stp topic pero once you understand the basic siguradong madali na lang para sa inyo ang ibang
mga stp topics.
I believed kapag natutunan na natin ang foundation at concept, sisiw na lang sa atin ang mga
topic pasikot-sikot dito.
Oks ba mga idol? Let's begin.
Different modes of spanning-tree
1. CST (Common Spanning-Tree) | 802.D
Ang common spanning-tree ay legacy or sinaunang flavor ng spanning-tree. Kagaya ng

nabanggit ko, ito ay under the 802.D standard. As the name implies, ang common spanning-
tree ay meron lamang isang "instance" ng stp. Ibig sabihin, kahit gaano kalaki ang network or
kahit gaano kadami ang VLANs, meron lamang isang root bridge or root switch para sa lahat.
Kadalasan ito ay tinatawag na "not vlan aware". Kasi nga, kahit gaano kadami ang VLANs,
meron lamang isang "common" spanning-tree ang nagru-run sa lahat ng VLANs network. Yan
ang isa sa drawback nitong CST.
Ang CST ay enabled by default sa mga sinaunang switches pero you have the option to disable
it and use other mode of STP.
2. PVST+ (Per VLAN Spanning-Tree)
Kung ang CST or common spanning-tree ay meron lamang isang instance ng stp kahit gaano
kalaki ang network, dito sa PVST ay kada VLAN meron. As the name implied too, per vlan! Ibig
sabihin pwedeng magkaroon ng kanya-kanyang root switch ang bawat VLAN kung gugustuhin
or kailangan. Ito rin ay Cisco proprietary protocol. Meaning, designed by Cisco for Cisco
devices.
Kung meron kanya-kanyang root bridge or root switch ang kada VLAN, magkakaroon ito ng iba't
ibang path depende sa calculation nito papunta sa root switch.
How to Configure PVST+
Let say for example, meron tayong different VLANs (10, 20 and 30) at meron din tayong tatlong
switches (Switch A, B and C) sa network at gusto natin gamitin ang PVST+ para kada-VLAN
meron kanya-kanyang root bridge.
Kelangan lang natin i-set ang mode at s'ympre baguhin ang bridge priority(mas mababa dapat
kesa sa iba remember) sa kada switch para s'ya ang maging root bridge ng naturang VLAN.
Remember mga idol na kapag default ang priority(32768) magti-tie breaker sila sa mac-
address.
124
Note: Kapag tayo ay nagse-set ng bridge priority, 4096 ang interval. Ibig sabihin, multiples of
4096.
Example:
SwitchA(config)#spanning-tree mode pvst

SwitchA(config)#spanning-tree vlan 10 priority 8192
SwitchB(config)#spanning-tree mode pvst

SwitchB(config)#spanning-tree vlan 20 priority 8192
SwitchC(config)#spanning-tree mode pvst

SwitchC(config)#spanning-tree vlan 10 priority 8192
Sa ating example sa taas, we now configured each switch to be root for each VLAN. So ibig
sabihin, lahat ng traffic para sa VLAN 10 ang root switch n'ya ay SwitchA. Kung merong mga
ports na naka-assign sa VLAN 10 sa SwitchB and SwitchC, si SwitchA ang kikilalanin nilang
root switch.
Ganun din sa VLAN 20(SwitchB) and VLAN 30(SwitchC). Magkakaroon sila ng kanya-kanyang
computation kung alin ang root port at kung alin ang ibo-block na port kada VLAN. Gets ba mga
chief?
Some terms to take note.
Backbonefast - Ang backbone fast ay isang enhancement ni Cisco to detect indirect failures.
Ang indirect failure is hindi kaagad nade-detect sa isang normal na operation ng STP, ginagamit
ang Max Age timer para ma-detect ang indirect failure. Kumbaga ang max age timer ay may
threshold at s'ya ang magde-deklara kung down na ang isang port. By default, ang max age
timer threshold is 20 seconds.
So kapag na-expire ang max age timers, saka pa lang pupunta sa listening and learning state
ang isang port (30) seconds bago mapunta sa forwarding or blocking state. That's almost 50
secods bago mag-converge ulit ang network. Kapag enable ang backbonefast, ini-eliminate nito
ang max age timout sa mga indirect failures. Meaning it will only take 30 seconds(ibabawas
yung max age timers which is 20 seconds) para makapag-converge ang network. Mas mabilis
right?
Switch# configure terminal

Switch(config)# spanning-tree backbonefast
Ang command sa taas ang ginagamit para ma-enable ang backbonefast feature.
Uplinkfast - Ang uplinkfast naman ay para sa direct failure. Ibig sabihin, ito ay para sa mga
uplink port ng isang switch. Halos same use lang si backbonefast at uplinkfast, yun nga lang, si
backbonefast para indirect failures or mga ports na connected sa end stations then si uplinkfast
ay para sa direct failures or mga ports na connected sa other switch. That's the basic.
125
Switch#configure terminal
Switch(config)#spanning-tree uplinkfast
Switch(config)#spanning-tree uplinkfast max-update-rate 250
Ang command sa taas ay para ma-enable ang uplinkfast at para ma-set ang multi-cast rate.
Again just the basic, we'll have more in the future.
Portfast - Ang portfast naman ay isa pa ring enhancement ni Cisco para ma-transition na
kaagad ang port from blocking or disabled into forwarding state. Ibig sabihin, kapag enabled
ang portfast, hindi na dadaan ng listening at learning state ang port. So nakaka-bawas tayo ng
30 seconds. Forwarding na agad agad!
Usually ito ay ginagamit sa mga ports na connected sa end devices or end stations gaya ng
mga PC or printers.
Switch# configure terminal

Switch(config)# interface range fa0/3 - 24
Switch(config-if-range)# spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host. Connecting
hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can
cause temporary bridging loops. Use with CAUTION.
Ang sample command sa taas ay para i-configure ang portfast sa mga ports fa0/3 hanggang
fa0/24. Again this is being done doon sa mga interface or ports na connected sa mga end
stations or end devices.
I hope this helps you understand the fundamentals mga idol. Email or comment lang kung may
questions or suggestions.
3. RSTP (Rapid Spanning-Tree) | 802.W
Paglipas ng panahon, s'yempre nag-evolve din ang STP. Ang new evolution ng STP ay ang
tinatawag natin na RSTP. Ano ang ibig sabihin ng RSTP? Ito ay ang rapid spanning-tree
protocol. 802.W standard ng IEEE ang ginagamit ng RSTP at ito ay nagpo-provide ng mas
mabilis ng "spanning-tree convergence" kapag meron changes sa network. Ito ang default sa
mga karaniwang Cisco switches ngayon.
126
Makikita n'yo sa table natin sa taas ang comparison ng port states ng STP at RSTP. Kung sa
traditional STP meron tayong 5 port states(blocking, listening, learning, forwarding and
disabled), sa RSTP meron na lang tayong 3 port states(discarding, learning and forwarding).
Kung sa STP meron tayo almost 50 seconds bago makarating sa forwarding state ang isang
port, sa RSTP it only takes almost 10 seconds. Again, mas mabilis ang convergence.
Kung sa traditional STP meron tayong port roles na root port(port papunta sa root bridge) at
designated port (port na nasa forwarding state), sa RSTP meron tayong new port roles at ito
ang sumusunod:
Alternate Port
Ang alternate port ay isa sa new role ng or sabihin na nating new "name" sa RSTP. Ito ang port
na naka-block para hindi magka-loop sa network.
Backup Port
As the name implies, ang backup port ay nagsisilbing backup ng ibang designated ports kung
sakaling may mangyari sa network. See example above.
RSTP could be a large topic pero sabi ko nga, I will just share the fundamentals para meron na
tayong basic understanding. Sana ay may na-gets kayo mga idol. On the future articles or
probably on video tutorials, We'll dig deeper para mas maintindihan. So far, siguro hanggang
dito na lang muna.
127
Ang RSTP ay meron ding backward compatibility sa STP. Ibig sabihin kung ang isang switch sa
network ay nagru-run sa STP pero RSTP ang gamit ng ibang mga connected na devices, STP
ang magru-run on that device while running RSTP on other devices.
Sa RSTP kahit sabihin natin na mabilis ang convergence at transition, meron lang din itong
isang instance ng spanning-tree. Sabi ko nga, just think of STP na mabilis lang mag-converge.
Meron lang din isang root bridge or root switch kahit marami pang VLANs sa isang network.
That's the fundamentals of RSTP.
4. Rapid PVST+ (Rapid Per-VLAN Spanning-Tree+) | 802.1W
Dito naman sa Rapid PVST+, in a nutshell, enhanced version lang din sya ng PVST+. Mas
mabilis na convergence din(rapid parang Lito Lapid! Haha). Ang mga term na portfast,
uplinkfast at backbonefast eh hindi na ini-enable kapag rapid-pvst+ ang gamit dahil ito ay built-
in na sa rapid-pvst+.
Si Rapid PVST+ ay gumagamit ng point to point wiring to provide rapid convergence of

spanning-tree. The spanning-tree reconfiguration can occur in less than 1 second kumpara sa
traditional STP na almost 50 seconds.
Some terms to take note in Rapid PVST+.
Edge Port - Sa RSTP, ang edge port ay immediately nagta-transition kaagad sa forwarding
state. Ito ay standard kahit sa ibang vendors at katumbas ng portfast sa Cisco devices.
Root Port - Kapag si Rapid PVST+ ay nagseselect ng new root port, ibina-block nito ang old
root port and immediately na tina-transition sa forwarding state ang new root port.
Point-to-Point links - in Rapid PVST+, kapag ang isang port ay naka-connect sa other port,
nagne-negotiate ito ng rapid transition sa pamamagitan ng proposal-agreement handshake to
ensure a loop free topology.
How to configure Rapid-PVST+
SwitchA# configure terminal

SwitchA(config)# spanning-tree mode rapid-pvst
Sa simpleng command natin sa taas, na-enable na natin ang rapid-pvst+ sa naturang switch.
Para naman ma-configure natin ang per-vlan, kailangan lang natin gawin ang sumusunod.

SwitchA(config)#spanning-tree vlan 10 root primary
Ang command sa taas specified that the switch will be the root bridge for VLAN 10. Sa pag-
gamit ng command na ito, ise-set ni IOS ang priority ni SwitchA ng mas mababa kumpara sa
ibang switches para s'ya ang kilalanin na root bridge. Pwede rin natin gamitin ang vlan-range
option to specify certain range of VLANs.
128
SwitchA(config)#spanning-tree vlan-range 10,12,14 priority 4096
Or
SwitchB# configure terminal

SwitchB(config)#spanning-tree vlan-range 11,13,15 priority 4096
Yung unang command set SwitchA to be the root switch for VLANs 10, 12 and 14 dahil ibinaba
natin yung priority tapos ung pangalawa naman set SwitchB as root switch fro VLAN 11,13 and
15.
This will be for now. Again this is just the basic. We will dig deeper in future tutorials.
5. MST (Multiple Spanning-Tree) | 802.1S
Sa MST naman mga idol para mas simple at mas madaling intindihin, ang spanning-tree ay
igino-group into regions. Kung sa PVST+ ay kada-VLAN merong instance ng STP, sa MST
naman pwede natin i-group ang certain number of VLANs to have one instance of spanning-
tree.
Ang MST rin ay IEEE standard inspired from the Cisco proprietary Multiple Instances Spanning
Tree Protocol (MISTP) implementation. So meaning, si MST ay not vendor specific. Pero ang
technology at usage ay inspired from cisco MISTP.
Bakit naimbento ang MST? Isipin natin, kung meron 200 VLANs sa network at PVST+ or Rapid
PVST+ ang ginagamit na spanning-tree, meron tayong 200 instance ng spanning-tree on that
situation. 200 kasi 1 instance of spanning-tree kada VLAN eh. Ibig sabihin, 200x magca-
calculate si spanning-tree ng mga root bridge, blocking port etc. That will require a lot of CPU
power and memory sa mga switches.
Sa MST, since naka-group ang mga VLANs thru regions, naka-map ang mga VLANs using
instances into the region at nababawasan ang workload ng mga switches. Yung 200 VLANs
natin sa PVST+ or Rapid PVST+, pwede nating gawin 10 instances(20 VLANs kada region)
lang ng spanning-tree sa MST. Ibig sabihin 20x lang siya magca-calculate. Laking bagay diba? I
hope nage-gets n'yo logic mga idol. :)
Example:
VLAN 3,5,7,9 > one instance of STP

VLAN 2,4,6,8 > another instance of STP
Note: Lahat ng VLANs are assigned to MST instance 0 by default.
Let's see more.
Kada switch na nagru-run ng MST ay meron single MST configuration na meron nitong 3
attributes.
129
1. Alpha-numeric configuration name
2. A configuration revision number
3. A 4096-element table that associates each of the potential 4096 VLANs supported on the
chassis to a given instance
Para maging part ng isang common MST region, ang grupo ng switches ay kailangang meron
pare-parehong configuration attributes. Let's see how we can configure them.
How to configure MST
Let say meron tayong 3 Switches(A,B and C) and then meron tayong mga VLANs 2-9 on those
switches. Ito ay para lang ma-illustrate ko nang simple mga idol ha. Let's see kung pano natin
maco-configure ang MST.
SwitchA#conf t
SwitchA(config)#spanning-tree mode mst
SwitchA(config)#spanning-tree mst configuration
SwitchA(config-mst)#instance 1 vlan 3,5,7,9
SwitchA(config-mst)#instance 2 vlan 2,4,6,8
SwitchA(config-mst)#name ccnaphilippines
SwitchA(config-mst)#revision 1
SwitchA(config)#exit
SwitchB#conf t
SwitchB(config)#spanning-tree mode mst
SwitchB(config)#spanning-tree mst configuration
SwitchB(config-mst)#instance 1 vlan 3,5,7,9
SwitchB(config-mst)#instance 2 vlan 2,4,6,8
SwitchB(config-mst)#name ccnaphilippines
SwitchB(config-mst)#revision 1
SwitchB(config)#exit
SwitchC#conf t
SwitchC(config)#spanning-tree mode mst
SwitchC(config)#spanning-tree mst configuration
SwitchC(config-mst)#instance 1 vlan 3,5,7,9
SwitchC(config-mst)#instance 2 vlan 2,4,6,8
SwitchC(config-mst)#name ccnaphilippines
SwitchC(config-mst)#revision 1
SwitchC(config)#exit
Sa command natin sa taas, una si-net nating sa mst ang mode ng spanning-tree sa 3 switches.
Tapos nag-create tayo ng instance at imi-nap natin ang VLANs 3,5,7,9 sa instance 1 at VLANs
2,4,6,8 sa instance 2.
Tapos pina-ngalanan lang natin ang region ng ccnaphilippines. Then we set revision 1. That's
just it.
Tapos we can set SwitchA as the root for instance 1 (VLANs 3,5,7 and 9). Eto yung command
para ma-assign natin si SwitchA as root for instance 1.
130
SwitchA(config)# spanning-tree mst 1 priority 0
SwitchA(config)# spanning-tree mst 2 priority 4096
As you can see, ginawa natin na priority ni instance 1 to 0. Again, pinaka-mababang priority
magiging root. Remember that!
Eto yung command para ma-assign natin si SwitchB as root fro instance 2.
SwitchB(config)# spanning-tree mst 1 priority 4096

SwitchB(config)# spanning-tree mst 2 priority 0
So ganun din. Bababaan lang natin ang priority for that instance para s'ya ang maging root.
Gets ba idol? We'll have more of this in the future.
Ganun si MST mga idol. Simple lang diba? I mean yan yung basic and foundation pero
s'yempre marami pang advance topics about MST.
Sabi ko nga, once na ma-gets na natin ang basic at foundation mas madali ng maintindihan ang
mga susunod.
We're almost done mga idol pero bago ko tapusin I have some bonuses. Ito yung mga basic
spanning-tree commands from Cisco na ginagamit natin na related sa spanning-tree.
Makakatulong ito I'm sure. Here you go.
Alright, so those are the different modes of spanning-tree and their basic configurations. Sana
ay may napulot kayong aral mga idol. Sana ay may natutunan kayo.
Hanggang sa susunod mga idol. Cheers!
Lesson 9: Understanding the basic of Etherchannel
On this lesson idol, pag-uusapan naman natin ang basic of Etherchannel. Kasama ito sa CCNA
v3.0 exam kaya malaki ang maitutulong nito kung ikaw ay nagre-ready at naghahanda para
maging CCNA.
Ready ka na ba? Let's do this!
131
Basic of Etherchannel: What is Etherchannel?
In a nutshell, ang etherchannel ay ang proseso ng pag-bubundle or pag-gogroup ng mga

physical interfaces ng isang switch or router to act like one. Meaning, kapag nag-etherchannel
tayo ng 4 interfaces sa isang switch, it will be considered as 1 port only or 1 virtual port or 1 link.
1 group of ports to be exact pero in reality, 4 ports ang nasa loob ng naturang port-channel or
etherchannel.
In our sample image sa taas, meron tayong tag-apat na physical ports na naka-bundle or naka-
etherchannel. Although we have 4 ports used, ito ay nakikita lamang as 1 logical link or
connection sa ating etherchannel configuration.
In most cases, ito ay magiging port-channel 1 sa side ng parehong switches.
Bakit natin ginagamit at para saan ang etherchannel?
Kung tutuusin marami at kanya-kanyang reason ang pag-gamit ng etherchannel.
Pwedeng dahil nagtitipid dahil hindi mo na kailangan bumili ng high capacity port na switches or
devices or pwede din redundancy para in case mag-down ang isang port meron p rin tayong
connection going to the other device or in general gingagamit ito para ma-extend ang capacity
ng mga ports or interfaces.
Let me give a basic example.
132
Sa ating sample image sa taas meron tayong common fastethernet switch. Fastethernet
meaning 100Mbps ang capacity ng kada-port(shown in A).
Kung ibu-bundle natin siya or iimplement natin ang etherchannel sa dalawang ports,
magkakaroon na tayo ng 200Mpbs capacity logically (shown in B).
Bakit? Eh kasi dalawang 100Mbps acting as one eh, so kaya siya nag-increase ng capacity as
200Mpbs. Kung apat yan siyempre 400Mpbs.
Ibig sabihin we can increase the capacity of the ports na wala tayong binibiling bagong device.
Nakatipid ika nga. And then we can also say na naging reduntant ang connection for both
switches kasi they are connected in multiple ports.
Please take note na we can only bundle 8 ports maximum per device. Ibig sabihin, 800Mbps
lang ang kaya natin ma-achieve na capacity using etherchannel kung fastethernet.
Later makikita natin kung pano mag-configure ng etherchannel para mas maunawaan niyo pa
ng mas maayos.
Gets mo idol? Hindi mahirap intindihin ang etherchannel, alam ko sisiw lang sayo yan. :)
Different types of etherchannel
Para mas maintindihan pa natin ang fundamentals at basic of Etherchannel, let's also take a
look on its different types or categories.
Here are the 3 different types of etherchannel na karaniwang ginagamit sa real world at
siyempre na kasama sa new CCNA V3.0 exam.
Port Aggregation Protocol (PAgP)

Link Aggregation Control Protocol (LACP)
Static (“On”)
133
Let's discuss each para mas maintindihan natin at makita ang pagkaka-iba nila.
1. PAgP or Port Aggregation Protocol
Si PagP ay isang Cisco proprietary protocol. Meaning, ginagamit at gumagana lamang ito sa
mga Cisco devices. Parang si EIGRP, gawa ni Cisco para lamang sa mga Cisco devices din.
Si PAgP din ay automatic na nag-nenegotiate para makapag-form ng etherchannel.
Let say on the Switch 1 port 1 & 2 at Switch 2 port 1 & 2 nag-configure ka ng etherchannel
using PAgP, automatic na mag-foform ng etherchannel as long as tama ang mode and
configurations.
Meron tayong two modes of PAgP, ito ay ang sumusunod.
1.1 Auto
Kapag ang port mode ng PAgP ay naka-auto, tatanggapin niya lang automatically kung ano
yung port mode or config nung katapat niya na port. Tumatanggap lang siya, meaning hindi siya
nag-iinitiate ng formation.
So kapag naka-auto ang config ng isang port, kelangan hindi naka-auto yung katapat niya.
Why? Kasi pareho lang silang mag-aantayan. Magkakahiyaan kumbaga. Kasi nga ndi sila nag-
iinitiate ng formation.
So dapat kung auto ang config ng isang port, ang kabilang port or katapat niya na port ay nasa
Desirable mode, which is the second mode of PAgP.
1.2 Desirable
Kapag desirable mode naman, it always look or initiate for formation of etherchannel. Kumbaga
siya yung volunteer na nakikipag-usap sa kabilang port para makabuo sila ng etherchannel.
Kung si auto mode ay naghihintay lang, si desirable naman ay siyang kumikilos to form the
bundling of ports. Hokage ika nga. Lol.
Hindi gaya ni auto mode, si desirable ay pwedeng mag-form ng connection or ng etherchannel

kahit naka-auto or naka-desirable mode pa yung magkabilang dulo ng ports.
Ibig sabihin kahit anong modes ang makatapat niya, makakabuo pa rin isya ng etherchannel.
To summarize, here's a sample image showing the two PAgP modes combination that will work
and not.
134
2. LACP or Link Aggregation Protocol
Unlike PAgP, si LACP ay isang open-standard protocol. Meaning, it can be use to any device,
hindi siya vendor specific.
Si LACP ay halos same concept lang din ni PAgP, maliban na nga lang na si PAgP ay gagana
lamang sa Cisco devices. Aside from that, ang mga modes ni LACP ay meron ibang name pero
the concept is almost the same with PAgP. Here they are.
2.1 Passive
Kapag ang LACP etherchannel port ay naka-passive mode, ibig sabihin mag-rerespond lang din
siya sa kung ano ang config ng katapat niya na port. Hindi siya mag-iinitiate ng formation ng
etherchannel. Ito ay katumbas ng auto mode kung naka-PAgP.
2.2 Active
Ang active mode naman ni LACP ang katumbas ni desirable ng PAgP. Meaning, it initiate the
formation of the etherchannel and build the bundle whatever mode of LACP is on the other side
of the port.
135
In summary, LACP will look like this.
3. Static
Ang pinaka-huling type ng etherchannel na meron tayo is ang tinatawag natin na static. So from
the word itself, static etherchannel means manual natin kino-config ang etherchannel ports sa
mgakabilang devices. Ibig sabihin din nito, lahat ng ports na gusto mong maging member ng
etherchannel is kelangan i-configure natin isa-isa.
In this mode, no negotiation is needed. Kelangan lang natin manually i-on ang etherchannel sa
kada ports and we're good to go.
Here is a snapshot of how Static etherchannel works.
136
Note: Kung static etherchannel ang gagamitin natin, both sides of devices should use static at
kelangan din na identical or pareho ang kanilang mga port settings.
On the next article, we will do some etherchannel configuration para makita naman natin kung
papaano gumagana ang mga ito in action. For now, hanggang dito na lang muna.
I hope you now understand the basic of etherchannel. Until next etherchannel part. Cheers!
Lesson 10: Etherchannel Part II. Basic etherchannel configuration
This article is continuation ng ating etherchannel series. Kung hindi niyo pa nababasa yung Part
I which is Understanding basic of Etherchannel, paki-balikan muna para mas maging madali sa
inyo itong ating sample etherchannel configuration.
Basic etherchannel configuration
Ang goal natin sa article na ito is maipakita kung papaano gumawa ng basic etherchannel
configuration using different types of etherchannel.
Ipapakita din natin kung papaano mag-verify at mag-check kung ok ba ang ating configuration.
Ready ka na ba idol? Let's do this!
1. PAgP etherchannel configuration
Let's start with PAgP.
Kagaya nga ng na-discuss natin sa Part I, si PAgP ay open-standard etherchannel protocol. Ibig
sabihin pwede sa kahit anong devices. Let see how it works in action.
137
As you can see on our simple network diagram, meron tayong dalawang switches. Si CORE at
si ACCESS. And then 4 of their ports are connected sa isa't isa. To make it simplier, pinag-tapat
tapat ko na lang ang port number nila para mas madaling maintindihan.
Note: Gumamit ako ng packet tracer on this example so ang command na "channel-protocol
pagp/lacp" ay kelangan para mapagana natin ang etherchannel.
In real devices, hindi mo na kailangan gamitin ang command na yan kasi once na ginamit mo
yung modes ng alin man sa etherchannel protocol, automatic niya ng malalaman kung anong
etherchannel protocol ang gamit mo.
Ex. auto/desirable = PAgP or active/passive = LACP or on/on = Static
Gets idol? Ok, let's do the configuration.
CORE-SWITCH
CORE-SWITCH#conf t
CORE-SWITCH(config)#interface range fa0/1 - 4
CORE-SWITCH(config-if-range)#channel-protocol pagp
CORE-SWITCH(config-if-range)#channel-group 1 mode auto
CORE-SWITCH(config-if-range)#no shutdown
CORE-SWITCH(config-if-range)#end
Creating a port-channel interface Port-channel 1
ACCESS-SWITCH
ACCESS-SWITCH#conf t
ACCESS-SWITCH(config)#
138
ACCESS-SWITCH(config)#interface range fa0/1 - 4
ACCESS-SWITCH(config-if-range)#channel-protocol pagp
ACCESS-SWITCH(config-if-range)#channel-group 1 mode desirable
ACCESS-SWITCH(config-if-range)#no shut
ACCESS-SWITCH(config-if-range)#end
Dito sa ating initial configuration, actually ito na talaga yung configuration, ito yung mga ginawa
natin.
interface range fa0/1 - 4

- I go into the the interface configuration, ibig sabihin yung interface or port settings ang pinasok
ko. At dahil ginamit ko yung option na "range", I'm configuring interface fa0/1 hanggang fa0/4 ng
sabay sabay. Pwede niyong gamtin yan in all interfaces.
channel-protocol pagp
- This command declare kung anong etherchannel protocol ang gagamitin natin. So we use
PAgP.
channel-group 1 mode desirable

-On this one, we declare na group number which is #1. Take note na pwede tayong mag-
configure ng several etherchannel sa isang switch, so make sure tama yung numbering or
grouping natin.
And remember din na local ito sa device, ibig sabihin yung group number is para mismo dun
lang sa device mo at hindi kailangan na magkatapat ang prehong group from other device.
Tapos yung PAgP mode na gusto natin ma-configure which is auto doon sa access switch.
Gaya ng napag-usapan natin sa basic of etherchannel, si PAgP auto mode ay mag-aantay lang
ng mag-papair sa kanya to form a bundle or etherchannel. So dapat ang katapat niya
is desirable, kasi kung auto-auto, pareho lang silang mag-aantay.
Again pag-desirable PAgP mode, it will actively look for etherchannel formation kahit ano pang
mode yung katapat na interface.
no shut
-And then of course, we turn up the interfaces gamit ang "no shut" or no shutdown command.
That's just it! As you can see mga idol on the last line, meron notification na it created a port-
channel interface 1. Ibig sabihin yung interfaces fa0/1 - fa0/4 ay naging isa na lang at sila ay
port-channel 1 na.
Same thing lang ang mangyayari on both switches as what you can see.
That's it! We already configured PAgP etherchannel. Now let'see some basic verification.
CORE-SWITCH#show etherchannel summary

Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
139
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) Fa0/3(P) Fa0/4(P)
In the command above, makikita natin na successful natin nabuo ang etherchannel. Makikita
natin na in group 1 meron tayong port-channel1, then ang ginamit nga natin na protocol is
PAgP. We can also see yung mga ports na member ng ating etherchannel which is interface
fa0/1 - fa0/4.
CORE-SWITCH#show ip interface brief

Interface IP-Address OK? Method Status Protocol
Port-channel 1 unassigned YES unset up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
...
...
Gaya ng nakikita natin sa taas, we can also verify our interfaces gamit ang command na "show
ip interface brief". Makikita natin dito ang related information about sa mga interfaces ng ating
device. As you can see, all of our interfaces are up kasama na si port-channel1.
CORE-SWITCH#sh interface port-channel1

Port-channel 1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 00e0.f7b3.59ba (bia 00e0.f7b3.59ba)
MTU 1500 bytes, BW 500000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 500Mb/s
input flow-control is off, output flow-control is off
Members in this channel: Fa0/1 ,Fa0/2 ,Fa0/3 ,Fa0/4 ,
...
...
Vinerify ko rin ang mismong status ni interface port-channel 1. So makikita natin dito na up-up
ung interface and then we can again see below kung sino-sinong mga ports ang mga members
nitong port channel na ito.
140
CORE-SWITCH#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
ACCESS-SWITCH Por 1 171 S 2960 Fas 0/1
ACCESS-SWITCH Por 1 171 S 2960 Por 1
Lastly, ginamit ko yung command na "show cdp neighbors". CDP ibig sabihin niya is Cisco
Discovery Protocol, meaning ginagamit siya ni Cisco to discover and gather details and
information doon sa mga connected na devices sa kanya.
Note: Gumagana lamang ito sa mga Cisco devices. Kapag other devices, LLDP ang tawag sa
protocol. We'll have that in other lesson.
Ok, finally we're successful with our goal na magbuo ng etherchannel using PAgP protocol. Na-
verify din natin na tama at working ang ating configuration. Basically that's just how to configure
PAgP etherchannel.
2. LACP etherchannel configuration
Ok, this time silipin naman natin how to configure LACP etherchannel. Basically it's almost the
same with PAgP, kelangan lang natin baguhin yung protocol and then siyempre yung modes.
This time, I'll cut it short. I will just show the basic LACP configuration kagaya ng ginawa natin
sa PAgP. Everything else will be the same kahit pagdating mismo sa verification. Siyempre,
LACP lang ang makikita natin sa results insted na PAgP.
Ok ba yun mga idol? Let's do this!
CORE-SWITCH
CORE-SWITCH#conf t
CORE-SWITCH(config-if-range)#channel-protocol lacp
CORE-SWITCH(config-if-range)#channel-group 1 mode passive
ACCESS-SWITCH
ACCESS-SWITCH(config-if-range)#channel-protocol lacp
ACCESS-SWITCH(config-if-range)#channel-group 1 mode active
141
So again gaya nga ng sabi ko, I'll make this short kasi halos same lang naman ang config nila.
Pati din verification. Ang tanging naiba lang is yung pag declare natin ng protocol at siyempre
yung mode ni LACP.
Again, in LACP, kapag ang mode is passive mag-aantay lang siya na may mag-form sa kanya
ng etherchannel. So katumbas siya ni auto in PAgP. Then of course, in active mode, as the
name implies, actively seeking or looking for formation itong mode na ito.
So in summary, it's either active-passive or active-active lang dapat ang mode natin sa LACP
etherchannel.
To verify just use the same commands na ginamit natin sa PAgP. It will give you the same
result, LACP nga lang ang makikita natin insted of PAgP. I hope it's clear mga idol.
3. Static etherchannel configuration
Alright, our last sample is for static etherchannel. Again, I'll cut it short kasi same lang din siya
with the first two above. Kelagan lang natin baguhin yung modes to specify kung anong type ng
etherchannel ang binubuo natin.
Ok, let do static etherchannel.
CORE-SWITCH
CORE-SWITCH#conf t
CORE-SWITCH(config-if-range)#channel-group 1 mode on
ACCESS-SWITCH
ACCESS-SWITCH(config-if-range)#channel-group 1 mode on
Again it's almost the same kagaya nung dalawang naunang ginawa natin. We just need to
change the modes.
142
This time, inalis ko na yung "channel-protocol" na command. Again, in real devices automatic
na malalaman ng mga devices kung anong etherchannel protocol ang gamit mo base doon sa
mga modes na naka-set sa etherchannel port.
So in this case, ginamit natin yung "on" na mode on both switches to declare na we're using
static etherchannel. That's just it. We're now using static etherchannel. At kagaya din nung
dalawa natin sa taas, results will be the same when you verify.
Note: Kapag static ang ginamit natin na etherchannel protocol, we need to make sure na ang
mga ports natin ay same settings. Ibig sabihin pareho dapat sila ng mga configurations or else
hindi natin mafo-form ang static etherchannel. Owki?
Alright mga idol, this has been another long article pero I know sulit ito.
There are other configurations and settings regarding etherchannel pero sabi ko nga, we're after
the basic and fundamentals.
I hope by reading this article etherchannel series, you now understand the basic of etherchannel
at kung pano mag-configure nito.
Hanggang sa susunod idol, salamat!
143
CHAPTER IV: ROUTING TECHNOLGIES
Lesson 1: Introduction to Routing. How routers work.
Today, we will jump to the next chapter of our tutorials. This is exciting! Kung dati regarding sa
switch at switching ang mga topics natin, we're moving now into routing and how routers work.
At ang article na ito ang ating introduction to routing. Let's do this!
Bago natin umpisahan ang bakbakan, let's have some recap.
Ok lang ba mga chief? Let's go.
How routers work
Ang main function ng router is to route data(packets ang tawag kapag nasa layer 3 ng OSI)
from one host or network to another host or remote network. Meaning, si router ang bahalang
mag-forward ng packet from source to destination network using IP address. Kung si switch
mac-address ang tinitingnan, si router naman ay IP address. Malinaw ba mga idol? Ok tuloy
tayo.
So once matanggap ni router ang request, iche-check n'ya ang destination IP address then ide-
determine niya kung kanino ito pwede ipadala (next hop address) at ifo-forward niya ito.
Ulit lang ang mangyayari sa mga kasunod na router hanggang sa makating ang packet sa
tamang destination. Nalalaman niya ito sa pamamagitan ng kanyang routing table.
Ang routing table ay listahan ni router ng mga posibleng "routes" or path kung pano mararating
ang iba't ibang network or destination.
Gets na?
Kung hindi pa, pakibalikan yung common networking devices and their functions para mas
malinaw. Sana naman dun ma-gets n'yo na mga idol. So malinaw na tayo sa routers. Let's
move on.
Why we need routers?
Bakit nga ba kelangan pa ng router eh meron namang switch? Bakit kelangan pa ng IP address
eh meron naman mac-address?
Nice question idol. Ito ang sagot. Ang switch ay hindi scalable at limitado din ang functions.
Bakit?
Ganito kasi yun.
144
Let's have an example. Sabihin natin meron tayong 2 switches at meron 200 computers
connected on each switch. Ngaun kung gustong mag-communicate nung 400 computers, bawat
switch ay kelangan tandaan ang 400 mac-addresses ng bawat device at i-save ito sa kanilang
mac-address table.
So kumbaga si switch A, kelangan niyang malaman kung saan-saang ports naka-tusok ang
bawat PC sa switch B. Ganun din si switch B, kelangan alam niya rin kung sino-sino ang mga
nakatusok kay switch A. Siguro pwede pa or kaya pa.
Eh pano kung malalaking network? Yung mga tipong libo ang mga connected computers. Or let
say the internet, kung saan milyon-milyong mga devices ang magkaka-connect? Pano na tayo
kapatid? Hindi pwede. Walang hierarchy sa mac-address at ito ay isang flat 48-bit mac-address
lamang. You get my point mga sir? I hope so.
Dito pumapasok ang kaibigan nating si router. Let's have the same sample using routers.
Sa ating sample image sa taas, we used routers instead of switches. Same setup pa rin tayo
ha, meron tayong tag-200 computers sa mag-kabilang side. Kita niyo ang malaking difference
mga idol? So sa router A meron tayong 200 computers na nasa 192.168.1.0/24 network.
145
Ganun din sa router B pero nasa 192.168.2.0/24 network. Since ang router nga ay "nag-
roroute" base sa IP information, sa ating scenario ang kelangan lang tandaan ni router A ay
isang network para marating ang mga PC sa router B. Ito ay yung 192.168.2.0/24 network.
So ganun din si router B, ang isa-save niya lang sa "routing table" niya ay ang network na
192.168.1.0/24 para sa mga PC doon. Mas simple. Mas mabilis. Mas madali. Di ba?
So ngayon, kahit lumaki pa ang ating network or kahit nga ang internet kaya nitong i-support.
Dito naman pumapasok yung IP addressing like private and public IP address. Ang galing di
ba? So meron siyang hierarchy at siya ay scalable.
Ngayon balikan natin yung sample sa taas. Pano naipapadala ni router A ang mga requests
papunta kay router B. Pano nangyayari?
Dito naman pumapasok ang default gateway. Again, ang default gateway ang nagsisilbing
"lagusan ng isang internal network" palabas or going outside or to other network or other VLAN.
Andun din 'to sa how network devices work and their functions pati yung about sa routing table.
So via default gateway, makakarating ang packet sa router. Then i-checheck naman ni router sa
kanyang routing table kung paano makakarating ang packet sa kanyang destination.
Sa routing table ito ang basic na information na makikita natin:
 network destination and network subnet mask

 remote router (IP Address)
 outgoing interface
So base sa mga information na yan, makikita ni router kung saan niya dapat ipadala ang packet
para makarating sa tamang destination. Gets ba mga kapatid? Again, pag-hindi agad ma-gets
break muna. Wag biglain kasi dudugo! Haha. Balik-balikan lang. Owki?
How routers route packets
Sa ating sample image sa taas meron tayong dalawang PC na nasa magka-ibang network na
connected sa isang router. Ganito ang mangyayari.
Si Host A gustong maki-pag communicate kay Host B kaso si Host B ay nasa ibang network
(10.0.0.0/8). So since nasa remote network si Host B, mapupunta ang packet kay router(again
sa pamamagitan ng default gateway sa internal network na 192.168.0.0/24).
146
Matatanggap ni router ang packets then iche-check niya kung meron siyang entry sa routing
table para doon sa destination address (so ibig sabihin meron bang route papunta kay
10.0.0.0/8 network kung nasaan si Host B). Kung meron, ipapadala ito ni router sa appropriate
interface or port(this time is interface Fa0/1). Kung wala ido-drop niya ito or pwedeng sa default
route, depende kung ano naka-configure sa router.
That's just it! So tayo bilang mga network administrator, tayo ang nagcocon-figure ng mga
routes sa mga router. Tayo ang naglalagay ng mga posibleng destination ng isang network.
Mga routing information at mga routing protocols etc. More on this in the coming lessons.
Para ma-check, we can use the command "show ip route" para makita natin ang mga available
routes sa routing table ni router.
Gaya ng nakikita niyo sa ating sample routing table sa taas, meron tayong 2 directly connected
routes para sa subnet na 10.0.0.0/8 at 192.168.0.0/24 kasama ang interface kung paano sila
mararating doon sa naturaning network. Ang symbol na "C" sa routing table ang ibig sabihin ay
directly connected route.
On our sample scenario, si Host A ay makaka-communicate kay Host B kasi meron tayong
existing routes papunta sa network ni Host B. I hope you get this mga idol.
Ok, so ngayon alam na natin ang mga information sa routing table ni router, next time aalamin
naman natin kung pano siya nag-dedecide kung sino ang pipiliin niyang "path" or "route" para
marating ang tamang destination. Kasi remember mga idol, pwedeng maraming available na
path or way para marating ang isang destination. Meron din mga factors na ico-consider si
router.
So pano siya nag-dedecide? Ano ang mga nakaka-influence sa decision niya? At iba pa.
Dito na pumapasok ang mga routing protocols. In a simple manner, meron tayong 3 ways para
ma-update ang routing table. Ito ang mga sumusunod:
 directly connected subnets

 using static routing
 using dynamic routing
147
We're going to talk about them in the coming lessons. I hope by this far, you now understand
the basic and foundation or routing and routing protocols. Hanggang sa susunod. Cheers!
Lesson 2: Administrative distance and metric. Routing fundamentals.
Before we dive to the world of routing protocols mga idol, daanan natin saglit ang tinatawag
nating administrative distance at metric. Mahalaga ito sa mga susunod natin na lessons kaya
kelangan niyo itong maintindihan.
Again, knowing the basic and fundamentals will help you ignite your knowledge at siyempre
para magkaroon kayo ng foundation sa kabuuan ng iba pang mga topics.
Learn and take action, one step at a time.
Owki? Let's begin.
Administrative distance
Ang tinatawag nating administrative distance ay ang identifier or let say a default number kung
saan tinitingnan ng mga router(base sa routing protocols) kung alin ang pipiliin niyang route
para makarating sa isang network destination. What does it mean? Let me elaborate.
Kagaya nga ng mga napag-usapan natin sa mga naunang lessons, ang isang network ay
pwedeng magkaroon ng iba't ibang routing protocols. Lalo na sa mga malalaki at mga bigating
company. Mixed yung setup at design kung baga.
Since marami or iba't iba ang routing protocols, pwedeng magkaroon ng iba't ibang ways para
ma-learn ng isang router ang path papunta sa isang network destination. At gaya nga ng
nabanggit ko before, si router ay kelangan pumili ng "best path" para marating ang naturang
destination.
Let say for example(for simplicity) sabihin natin na meron tayong router A at isang network
destination na 1.1.1.0/24. So kay router A let say sabihin natin na merong naka-configure na
RIP and EIGRP routing protcols(we will discuss this next) para marating ang network
destination na 1.1.1.0/24.
So ibig sabihin meron tayong "two possible paths" para marating si 1.1.1.0/24. Aling path ang
gagamitin ni router A? Sino ang pipiliin niya? Yung mahal ba niya pero hindi siya mahal or
mahal siya pero hindi niya naman gusto? #hugot. Haha.
Dito pumapasok ang ating kaibigan na si administrative distance. Bawat routing protocols ay
may kanya-kanyang administrative distance na naka-define. Ibig sabihin, kapag meron
sitwasyon na ganito (two or more possible paths), administrative distance ang mag-iinfluence
kay router para piliin kung aling ang "best path" or "best route" papunta sa naturang destination.
Ito ang mga define na administrative distance ng mga karaniwang routing protocols. Again just
the basic mga kapatid, owki?
148
Default administrative distance of routing protocols
So sa nakikita niyo mga idol, base sa mga default AD, kung meron dalawa(2) na routing
protocols ang possible path papunta sa isang network destination, mas pipiliin ni router ang may
pinaka-mababang AD. Again, pinaka-mababang administrative distance. Dun sa ating sample
situation kanina, mas pipiliin ni router ang path via EIGRP papuntang 1.1.1.0/24 network kasi
nga mas mababa ang kanyang AD kesa RIP.
Again by default, kung ang possible path ay through RIP and EIGRP, mas pipiliin ni router ang
path using EIGRP kasi siya ang merong mas mababang AD(RIP = 120 | EIGRP = 90). Kung via
static route at OSPF ang option, mas pipiliin ni router ang path via static route kasi ang AD niya
is 1 compared sa OSPF na 110. Kuha mo idol? Dapat, pina-simple na natin yan. :)
Metric
Ok so ngayon alam na natin ang AD, let's talk about metric. So sabi ko nga, ang AD ay
ginagamit kapag meron two or more possible paths(via different routing protocols) papunta sa
isang network destination. Papaano naman kapag 2 or more possible paths pa rin pero same
routing protocols? Let say doon sa sample natin na network destination na 1.1.1.0/24 ang 2
possible path natin ay parehong RIP?
Dito naman papasok si metric. Ang bawat routing protocols ay meron din kanya-kanyang
ginagamit na metrics para ma-identify kung alin ang best path sa mga ganitong sitwasyon. Kung
alin ang best path sa mga options at kung alin ang malalagay sa kanyang routing table. Again
the lower number is better.
For example, ang RIP ay gumagamit ng "hop counts" as metric then ang OSPF naman ay
"cost" ang ginagamit. Let me give a simple example base sa situation natin kanina.
149
Sa ating sample situation sa taas, let say sabihin nga natin na RIP is configured on all routers.
So papuntang network destination na 1.1.1.0/24 meron tayong two possible otpions from router
1.
Ang path from router 1 > router 2 and then path from router 1 > router 3 > router 4. Ngayon
pano malalaman ni router 1 kung alin ang best path sa mga ito? Metric kapatid. Si RIP ay
gumagamit ng "hop count" bilang kanyang metric. Sa isang simpleng paliwanag, ang hop count
ay bilang ng router sa pagitan ng source at destination. Kung ilang hop or router ka bago
makarating sa destination. Nage-gets ba idol?
Let me give a simple analogy.
Let say nasa Cubao ka then papuntang Pasay Taft riding a train. Meron kang option to ride
MRT and LRT. Alin ang pipiliin mo?
Using hop counts, mas mabilis kang makakarating kung mag-MRT ka (8 hops away - santolan,
ortigas, shaw, boni, guadalupe, buendia, ayala, magallanes then taft).
Kung mag-LRT ka lagpas 10 hops or 10 stations ang need mo daanan bago makarating ng
Taft. Gets na mga chief?
So ating sample, from router 1 > router 2 > 1.1.1.0/24(destination network na), only 1 hop away
from router 1. So metric ng path ng ito ay 1(1 hop).
Sa isang possible path, router 1 > router 3 > router 4 > 1.1.1.0/24. Two hops from router 1. Ibig
sabihin ang metric ng path na ito ay 2(2 hops). Of course, since ANG PINAKA-MABABA metric
ang pipiliin ni router, ang path using router 2 ang pipiliin niya para marating ang 1.1.1.0/24.
So iba't ibang routing protocols merong kanya-kanyang metrics. Ito ang metrics ng mga basic
routing protocols na idi-discuss natin sa susunod.
Metrics of Common routing protocols
On the following lessons, isa isa natin sisilipin kung papaano sila gumagana at ginagamit. Sa
next lessons natin which are the routing protocols, isa isa natin sisilipin at hihimayin ang mga ito
para mas maintindihan pa ng marami lalo ng mga beginners.
150
Lesson 3: Directly connected, Static and Dynamic routes
On this lesson idol, we will continue talking about the foundation and basic of routing. You're
going to learn the basic of directly connected, static and dynamic routes.
Last time pinag-usapan natin kung papaano gumagana ang mga routers. I hope by now,
naiintindihan n'yo na ito.
Directly connected routes
Ang mga subnets or network na directly connected sa isang router interface ay automatically
na-aadd sa routing table. Given na ang mga naturang interfaces ay meron naka-assign na IP
address from that subnet or network at "naka-up up" ang status. Walang duda na ma-roroute ni
router ang mga packets sa mga naturang subnets or network.
Kagaya ng example natin nung nakaraang lesson, let say meron tayong 2 magkaibang
networks na connected sa iisang router sa kanyang magka-ibang interfaces.
Sa ating example, meron tayong two active interfaces sa ating router. Ito ay ang fa0/0 na
connected sa network 192.168.0.0/24 at ang fa0/1 na connected sa network na 10.0.0.0/8.
Kagaya nga ng nabanggit ko sa taas, kelangan lang na naka-up up ang mga interfaces na ito at
meron silang kaukulang IP address from their respective network, automatic na magkikita na
sila at madadagdag sa routing table ni router.
Again, pwede natin icheck sa pamamagitan ng command na"show ip route"
151
At isa pang again, ang letter "C" na sign ay nagsi-simbolo sa directly connected routes kagaya
ng nakikita niyo sa ating sample. Sa sample na ito, magkikita at makakapag-communicate na si
Host A at Host B at iba pang mga devices sa magkabilang network. Malinaw ba mga idol?
Static routes
Ang static routes naman ay isa sa mga pinaka-simpleng paraan ng pag-aadd ng routes sa mga
router. Ibig sabihin nito, tayo bilang mga network administrator ang maglalagay ng mga static
routes kada-router para ma-update ang routing table ng naturang router. As the name implies,
ito ay static at manually nilalagay sa mga router na gusto nating maging part ng routing table.
Sa pamamagitan ng static routes, male-learn ni router ang mga posibleng routes or path
papunta sa naturang network kahit hindi ito directly connected sa kanya. Let's have a simple
example.
Sa ating simpleng example sa taas, meron tayong dalawang router. Si router A na directly
connected kay router B via network 192.168.0.0/24 and then si router B ay directly connected
din sa network na 10.0.0.0/24.
Since ang subnet or network na 10.0.0.0/24 ay hindi direclty connected kay router A, hindi alam
ni router A kung papaano ipapadala ang packet papunta sa network na ito in case meron
kelangan mag-connect. This time, pwede tayong mag-configure ng static route kay router A
para ma-reach niya ang network na 10.0.0.0/24.
Let's see it in action.
Let's see first kung anong routes ang existing kay router A, again we can use the command
"show ip route".
152
Nakikita natin na ang route lang na meron si router A so far is yung directly connected route
para sa network na 192.168.0.0/24 network. Again ito ay directly connected sa kanyang
interface na fa0/0.
Ok, so para marating ni router A yung network sa kabila ni router B, let's use static routing.
Sa pag-configure ng static routes, ang syntax na ginagamit ay ang sumusunod:
ip route <destination network> <subnet mask> <next hop ip address> or

ip route <destination network> <subnet mask> <exit interface>
So yung word na "ip route" ay command para ipaalam kay router na gagamit tayo ng static
routing and then yung destination network is yung network na gusto natin marating or ma-reach
kasama ang kanyang subnet mask tapos yung next hop ip address or next hop interface ay
kung saan mo ipapadala or papadaanin ang packets para marating ang naturang network
destination. Simple lang diba?
Let say for example na ang IP ni router B(sa side nila ni router A ay 192.168.0.2), siya ang
gagamitin nating "next hop ip address" gaya ng nakikita niyo sa taas.
Let's apply the static route on router A.
153
Nakikita niyo sa example natin mga idol, nakapag-configure na tayo ng static routing kay router
A by using the command sytax above. Basically, ganito ang nangyari.
Inutusan lang natin si router A na gamitin or dumaan kay router B (next hop ip address
192.168.0.2) para marating ang network na 10.0.0./24. Again, manually natin ina-add ang static
routes sa mga routers. Pwede rin natin gamitin ang exit interface(fa0/0) instead of next hop ip
address gaya ng command syntax sa taas.
So kung makikita natin, after natin mag-add ng static routes kay router A. Nadagdagan na ang
routes sa kanyang routing table. Ang symbol na "S" ay nagre-represent para sa static routes.
Again ang comman ay "show ip route".
Ang pinaka-drawback nitong static route ay manually natin need i-configure ang mga routes
para malaman ni router ang mga "paths" papunta sa isang network destination. Ok sana ito
kung maliit at simple lang ang network, eh ang kaso pano pag malalaki at mga complicated
setup na ang design diba? Pero somehow, malaki pa rin ang tulong nito at hanggang ngayon ay
marami pa ring gumagamit ng static routing. Mixed kadalasan ang design sa mga malalaki at
mga kilalang company. Ibig sabihin, iba't ibang routing protocol at standard ang ginagamit. Oks
ba tayo mga chief?
I hope by this time, meron na kayong basic understanding kung papaano gumagana at ang
simpleng pag-configure ng static routes. On the future, we will have more samples mga idol.
Dynamic routes
Alright mga idol, so ngayong alam na natin ang basic at foundation ng directly connected at
static routes let's move on naman sa tinatawag nating dynamic routes.
Sa dynamic routing, automatic na na-lelearn ng mga router ang mga posibleng routes papunta
sa mga network destination. Hindi gaya ng static routing, we need to manually configure each
router para "ituro" sa mga router kung saan at paano niya mare-reach ang isang network
destination.
As the name implies, sa dynamic routing "dynamically" nagpo-propagate at nag-populate ang

mga possible routes at naa-add sa routing table ni router. Dito na rin papasok ang mga
tinatawag natin ng routing protocols.
Ang mga routing protocols ay ginagamit ng mga routers para mag-exchange or mag-palitan ng
mga routing information. Ibig sabihin, once na ma-configure natin ang isang router using a
"dynamic routing protocol", kusa na siyang mag-uupdate ng kanyang routing table base sa mga
routing information na nakikita at ipinapadala sa kanya ng iba pang routers. Kadalasan ang
tawag sa mga ito ay neighbor or peer.
Sa dynamic routing din ay automatic na humahanap ng ibang path or way para ma-reach ang
isang network destination kapag ang current path ay nag-down. Ibig sabihin, fault tolerant.
At gaya nga ng sinabi ko kanina, no need to manually configure each route sa bawat router
dahil automatic na itong male-learn kung dynamic routing protocols ang gagamitin natin.
154
Ang mga routing protocols na idi-discuss natin dito sa blog ay mgg sumusunod:
 RIP
 EIGRP
 OSPF
 BGP
Sa mga susunod na lessons, pag-aaralan natin ang mga basic at foundation ng mga naturang
routing protocols. Kagaya ng lage kong sinasabi, it is important na maunawaan at maintindihan
natin ang mga basic at foundation dahil ito ang mahalaga. Once na naintindihan natin ang
concept, mas mabilis natin maiintindihan ang mga advance lessons at iba pang topic related
dito.
Hanggang dito na lang muna ulit. See you on next lessons.. Cheers!
Lesson 4: Understanding router on a stick

On this article, ang pag-uusapan naman natin mga idol ay about sa router on a stick. Ano nga
ba ito at pano ito gumagana? Are you ready? Let's do this!
What is router on a stick?
Ang router on a stick ay ang term or setup na kadalasang ginagamit to route and connect
different VLANs together. As we've already discussed before, para ma-route or ma-reach ng
isang device and isa pang device from another vlan, kelangan natin ng routing. So either
gumamit tayo ng router or layer 3 switch na capable sa routing.
In this case, router ang ginagamit to route VLANs or inter-vlan routing. Kaya din ito tinawag na
router on a stick.
In a nutshell, kapag sinabing router on a stick, nag-crecreate tayo ng virtual interfaces sa router
for each of the VLANs. Tinatawag itong layer 3 interface at kadalasan sub-interfaces nung port
kung saan magka-connect si layer 2 switch and router ang ginagamit for easy naming
convention.
And then we assign IP addresses doon sa mga layer 3 or virtual interfaces na assigned sa mga
naturang vlans. Then we normally set them to use dot1q encapsulation. That way, we created
layer 3 vlans at pwede na silang mag-communicate.
That's just it! Basically ito ay isa sa mga lumang setup or setup na ginagamit ng maliliit ng
organization para makatipid at para na rin to simplify the network.
In real world at malalaking network infrastructure, bihira ang gumagamit nito. Why? Siyempre
kapag marami ka ng switches at VLANs, mahihirapan at mabubulunan na si router para i-
process ang mga VLAN communication requests. Bukod pa ang mga routing protocols like
EIGRP, RIP or OSPF so in short dagdag trabaho at kain ng resources ni router.
And kadalasan na ginagamit ay ang recommended ni Cisco na hierarchy topology model.
Gets idol? I hope I made it simple enough.
155
How to setup router on a stick
Gaya nga ng sinabi ko, ang karaniwang setup ni router on a stick is a normal layer 2 switch with
different vlans connected to a router. Here's a very simple router on a stick topology.
Sa ating sample topology sa taas, meron tayong isang normal layer 2 switch connected to a
router. Then Sa ating layer 2 switch, meron tayong 3 VLANS which are VLAN 5, 10 and 15.
Then the switch is connected to a router via trunk port.
Para makapag-communicate ang dalawang device na connected on different VLANs sa ating
switch, kelangan natin ng routing. So sabi ko nga either router on a stick or layer 3 switch. This
time, silipin natin kung pano siya gagana using router on a stick setup.
Sa ating simple topology, ang ating switch ay connected sa ating router through port f0/0 on
both end of the device and they are set as trunk ports using encapsulation dot1q. As we've
discussed before, ang mga devices ay mostly connected via trunk ports and then access port
naman para sa end devices.
Let see how it works.
Switch
Switch(config)#vlan 5
Switch(config)#interface FastEthernet0/1
Switch(config)#no shutdown
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
156
Router
Router(config)#interface FastEthernet0/0
Router(config-if)#no ip address
Router(config-if)#interface FastEthernet0/0.5
Router(config-subif)#encapsulation dot1Q 5
Router(config-subif)#ip add 192.168.5.1 255.255.255.0
Router(config-subif)#interface FastEthernet0/0.10
Router(config-subif)#interface FastEthernet0/0.15
So bale ang ginawa natin is nag-configure tayo ng VLANs sa ating switch. You can see the
VLAN 5, 10 and 15. Those are layer 2 vlans only. Kasi nga layer 2 device lang ang ating switch.
And then turn up the port connected to the router(fa0/1) tapos isi-net natin as trunk. Bakit? Kasi
ang mga devices ay nag-uusap via trunk port. Remember? Ok.
And then on the router side, we just turn up the fa0/0 interface pero hindi natin nilagyan ng IP
address. Ang gingawa natin is sub-interfaces of fa0/0 na nilagyan natin ng dot1q encapsulation
and then the IP addresses ng kada-VLAN.
Kung makikita mo idol, we just simply use the 5, 10 and 15 for simple explanation (fa0/0.5,
fa0/0.10, and fa0/0.15). That way, we already allowed or created routing for those different
VLANs. Let's verify connectivity by pinging the subinterfaces from the switch.
Switch#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
!!!!!
!!!!!
157
That's it! Nakapag-configure na tayo ng router on a stick idol and we successfully tested it.
I hope this has been informative, cheers!
Lesson 5: Understanding Default routes and Floating Static routes

Idol we're going to continue our routing topics at today ang pag-uusapan naman natin ay about
Default routes and Floating Static routes. Ano nga ba ito at saan ito ginagamit and then pano ito
gumagana?
Let's begin.
Default routes
Ok, move on tayo sa tinatawag nating default routes. Ano nga ba ito at pano ito gumagana.
As the name implies, default routes are used to route network or IP's into something na wala sa
ating routing table. Ibig sabihin kapag hindi natin alam kung saan dapat i-route or kapag hindi
fixed yung destination IP, most of the time dun ginagamit ang default routes. Let me give an
example.
For example, our users inside our network na gustong umaccess sa internet. So sa dami ng
mga public IPs at public websites sa internet na ina-access at pwedeing i-access ni user,
imposibleng ma-define natin ang destination IP. That's were default routing comes in.
In a nutshell, lahat ng undefined or sabi ko nga kanina lahat ng destination na wala sa routing
table ay pwede natin i-set to use the default routes. Kasi kung hindi natin ito i-seset, i-ddrop ni
router ang lahat ng traffic natin. Kasi nga wala yung routes sa kanyang routing table.
Kapag nag-set tayo ng default route at na-encounter ng router natin na ang destination ay wala
sa kanyang routing table, it will fall under default route at yun ang susundin niya. Gets mo idol?
Let's see how it works.
How to configure default routes

Simple lang din ang pag-configure ng default routes or default routing. Since default routes is
part ng static routing, kelangan nating manually i-define at i-configure ang mga ito.
Here's the basic syntax.
Syntax#1:
Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.10.2
On this sample config mga idol, lahat ng packets or traffic para sa network na wala sa aking
routing table ay ibabato or ipapasa ko sa ip na 172.16.10.2. So whenever a user or any device
158
na gustong mag-connect or communicate sa IP na wala sa ating routing table ay mag-dedefault
sa routes na ito.
Ibig sabihin lang, that request will be send over to 172.16.10.2. Kadalasan in real world, ito ay
ang internet router or ang device natin facing public internet.
Syntax#2:
Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0
On this way of default routing naman, halos same lang din. Instead na mag-default ang traffic or
packets natin sa IP of a device, it will be send on a physical interface(s0/0).
So ganun din, pwedeng ito ay ang interface natin facing public internet or kung ano man ang
interface na gusto natin puntahan ng mga request na wala sa ating routing table.
That's just how default routes or default routing works mga idol. Napaka-simple. Again, lahat ng
traffic or packet para sa network na wala sa ating routing table ay magfa-fall or mag-dedefault
dito kapag ito ay naka-set sa ating router.
Floating Static routes

In regards with static routes mga idol, meron din tayong tinatawag na floating static routes.
Simple lang din ito, ibig sabihin lang meron tayong backup static route or static default route na
naka-set sa router. Here's what I mean.
Let say sa ating sample kanina na default static route ip route 0.0.0.0 0.0.0.0 172.16.10.2 or ip
route 0.0.0.0 0.0.0.0 s0/0, if in any case mag-down si 172.16.10.2 or yung interface natin na
s0/0, deadbol na. Ibig sabihin drop lahat ng traffic papunta sa network na wala sa ating routing
table. Right?
So by using floating static routes, mag-crecreate pa tayo ng another static routes na pointing
naman sa ibang IP or ibang interface para mag-silbing backup or redundant path ng mga traffic
or request na wala sa ating routing table. Kung mag-fail man yung first or primary static default
route, papalo or lilipat lang sila sa naka-set na floating static routes.
159
Sa ating sample topology sa taas, makikita natin na meron tayong 2 routers connected kay R1.
So si R2 and R3. To show a simple application ng floating static route, here's what we need to
configure.
R1#conf t
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.10.2
R1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0 5
R1(config)#end
On the configuration above mga idol, we set default static route kay R1. So lahat ng request at
traffic going to network na wala sa kanyang routing table is ma-roroute sa IP na 172.16.10.2.
Gets?
If in case mag-down si R2 or yung interface ni R2 na may IP na 172.16.20.2, lilipat ang traffic
natin or ang default route natin to R3 using the interface serial0/0. So in this case, si ip route
0.0.0.0 0.0.0.0 serial 0/0 5 ang ating floating static route or floating static default route.
Para saan naman yung 5 sa dulo ng config, ito ay to tell the administrative distance ng naturang
static route. Remember ang static route ay may default administrative distance na 1, kaya yung
unang static default route natin na papuntang 172.16.10.2 ang pinaka-primary static route kasi it
is using the default administrative distance. Then dun sa pangalawa, nag-set tayo ng 5 para
siya ang sasalo ng mga default route in case mag-down yung una.
Gets mo idol? That's just it. I hope by this time, nadagdagan na naman ang kaalaman mo about
routing. Kasama ito sa exam at isa pa madalas din itong ginagamit in real world kaya sure ako
malaki ang maitutulong nito sa iyong CCNA journey.
Kung may reaction or questions, comment or email lang. Thanks!
Lesson 6: Understanding the basic of RIP routing protocol
RIP means "routing information protocol". On this article mga idol, we will going to tackle the
basic of RIP. How it works and the basic configuration.
Again, the goal of this blog is para magkaroon kayo ng basic and fundamental knowledge about
Cisco networking especially CCNA. I always insist this, understand the basic and fundamental
first (the concept) - once you did that, sureball na mas madali na ang mga advance topics. Are
you ready? Let's do this.
Before we dive to the basic of RIP, let me give some brief summary about routing protocols.
Para mas simple, think about this.
Sa transportation, meron tayong iba't ibang way para makarating sa ating destination. Let say
dito sa atin, meron tayong tricycle, Jeep, Bus, Train, Taxi and others. Bawat means of
transportation meron kanya-kanyang pros and cons. Merong kanya-kanyang advantage at dis-
advantages. Pero ano ang main goal? Ang ihatid ang pasahero from one place to another.
That's just it di ba?
160
Sa routing protocols parang ganun din. Iba't ibang means or ways of routing, pero ang goal is to
route the specific IP or network from source to destination. Ang mga routing protocols gaya
ng RIP, EIGRP, OSPF at BGP ay gaya din ng mga sasakyan like Jeep, Bus, Train or Taxi na
ihahatid ang pasahero(data naman sa network) mula sa kanyang pinang-galingan papunta sa
kanyang pupuntahan.
So when we talk about routing protocols, it's just a different flavors of routing the traffic from
source to destination. Malinaw ba mga chief? I hope from that simple analogy, you get my point.
Let's move on.
Basic of RIP protocol
Sabi ko nga, ang RIP ay short term for Routing Information Protocol. Isa ito sa mga oldest
distance routing protocols at karaniwang ginagamit sa mga malilit na networks. Simple at madali
lang mag-configure ng RIP pero gaya nga ng analogy natin, meron itong pros and cons
compared sa ibang ways. Meron itong 2 versions, version 1 and version 2. Ano ang pinagka-iba
nila?
RIP v1 - hindi nakaka-pag advertise ng subnet mask, ibig sabihin classful routing. Broadcast
ang ginagamit niya when sending route information to other RIP peers.
RIP v2 - capable or advertising subnet mask(classless routing) at gumagamit ng multicast when

sending routing updates. Pero si RIP v2 ay backward compatible naman kay RIP v1.
Gaya nga ng nabanggit ko sa administrative distance at metric, si RIP ay gumagamit ng "hop

count" bilang kanyang metric at meron siyang default administrative distance na 120. Again,
ang mga ito ay ginagamit kapag nagde-decide na si router kung alin ang best path from source
to destination compared sa ibang routing protocols.
So in case meron 2 or more routing protocols na meron path from source to destination, mag-
cocompare sila ng AD, ang pinaka-mababa ang mananalo.
Then let say sa mga routing protocols na yun RIP ang nanalo at meron pa rin 2 or more paths
using RIP para marating ang destination, gagamitin naman ni RIP ang metric(hop counts) para
ma-figure out kung alin ang best path sa mga ito. Gets ba mga idol? Simple lang diba.
Si RIP ay nag-sesend ng routing table information called "routing updates" every 30 seconds sa
kanyang mga peers. Pag sinabi nating peers, ito yung mga ibang router na ka-routing protocol
niya. Ibig sabihin, yung naka-connect sa kanya na gumagamit din ng same routing protocol.
Sa pagsend ng routing table information or routing updates, isine-send ito ni RIP v2 via
multicast(one to many) sa multicast address na 224.0.0.9.
Lahat ng RIP v2 peer niya ay ganun din, dun sila nagse-send at kumukuha ng mga routing
updates.
Let see how it works.
161
How RIP protocol works
Sa sample image natin sa taas, meron tayong 3 routers running RIP. Yung mga IP address ay
pina-simple na lang natin mga idol ha. :)
So sa Router 1 meron tayong directly connected networks na 1.1.1.0/24(interface fa0/0),

2.2.2.0/24 in interface fa0/1 tapos 3.3.3.0/24 sa interface fa0/2.
Sa Router 2 meron tayong dalawang directly connected networks, 3.3.3.0/24 sa interface fa0/0
at 5.5.5.0/24 sa interface fa0/1.
Ganun din sa Router 3, dalawang directly connected networks. 2.2.2.0/24 sa interface fa0/0 and
then 4.4.4.0 sa interface na fa0/1.
Kapag nag-configure na tayo ng RIP sa mga routers na ito, ipapadala nila ang mga routing
updates sa bawat isa. So si Router 1 ipapasa niya routing updates kay Router 2, ganun din si
Router 2 papunta kay Router 1. Then ipapasa din ni Router 1 lahat ng meron siya kay Router 3.
Parang ganito.
Router 1: Hey Router 2 and Router 3, we're all using RIP v2 let me send you my routing
information. Ito ang mga network na meron ako: 1.1.1.0/24 | 2.2.2.0/24 and 3.3.3.0/24. Sent!
Router 2: Watz up Router 1. (After 30 seconds)I got the updates. Let me add those to my
routing table. Ito naman ang network na meron ako: 3.3.3.0/24 and 5.5.5.0/24. Sent!
Router 3: Hey Router 1 brotha, 'zap yow! Let me add those to my routing table. Done! Eto
naman ang meron ako: 2.2.2.0/24 and 4.4.4.0/24. Sent!
Router 1 to Router 2: Noted Router 2. Meron na akong 3.3.3.0/24 sa aking routing table, let
me just add 5.5.5.0/24. But hey there's more! Meron akong bagong updates from Router 3,
paki-add mo din sayo itong 2.2.2.0/24 and 4.4.4.0/24. Sent!
Router 2 to Router 1: Ok Router 1, let me update my routing table. Done!
162
Router 1 to Router 3: Hey Router 3, noted on that. Meron na akong 2.2.2.0/24 sa I just added
4.4.4.0/24. Meron din akong new network from Router 2, paki-add mo itong 3.3.3.0/24 at
5.5.5.0/24. Sent!
Router 3 to Router 1: K. Done Router 1!
So bale sa routing table of each router, meron na silang path or alam na nila ang way to reach
those networks through RIP. And the three routers live happily ever after. Boom! Haha.
Nagets niyo ba mga idol? That's the basic of RIP protocol. Pina-simple na natin para mas
madali niyong maintindihan. All good na tayo mga kapatid?
Here's some problem. Sa RIP posible at nagkakaroon din ng loop. Paano? Ganito.
Let say nag-down ang network na 5.5.5.0/24 kay Router 2. Ngayon siyempre, aalisin na ito ni
Router 2 sa kanyang routing table. Pero kay Router 1 at Router 3 naka-lista pa rin ang
5.5.50/24. Kung mauunang mag-update si Router 2 papunta kay Router 1, ma-uupdate niya na
down at alisin na si 5.5.5.0/24. So aalisin din siya ni Router 1 and then ma-uupdate din si
Router 3. Wala sanang problema.
Ang problema ganito, kapag naunang mag-update si Router 1 papunta kay Router 2.
Remember every 30 seconds nagpapalitan sila ng updates di ba? Ganito posibleng mangyari.
Router 1 to Router 2: Hey Router 2, so far ito ang mga routing information ko (1.1.1.0/24 |
2.2.2.0/24 | 3.3.3.0/24 | 4.4.4.0/24 and 5.5.5.0/24) kasama kung ilang hops away sila.
Remember hop count! So sa routing information ni Router 1, 1 hop away siya sa network na
5.5.5.0/24.
Router 2 to Router 1: Ok Router 1 let me update mine. Ngayon, makikita ni Router 2 na si

Router 1 ay may path papunta kay 5.5.5.0/24(1 hop). Kasi nga siyempre, mas nauna siyang
mag-update. Iisipin ngayon ni Router 2 na pwede niya pa palang ma-reach si 5.5.5.0/24 sa
pamamagitan ni Router 1 in 2 hops. Kasi 1 hop kay Router 1 so iisipin niya 2 hops away sa
kanya.
Then pag nagsend na si Router 2 ng update niya kay Router 1, nakalagay na 2 hops away si
Router 2 papunta sa 5.5.5.0/24 network base sa previous updates. So si Router 1 iisipin na
kung 2 hops away na ngayon si Router 2 sa 5.5.5.0/24, I can reach that in 3 hops. Then sa
susunod na update ganun na naman. Ayun loop na. Ganun ang loop na nangyayari sa RIP, I
mean sa pinaka-simpleng scenario. Gets mga idol?
Note: Remember before binanggit ko na si RIP ay meron lamang maximum hop count na 15.
Ibig sabihin 15 hops away lang ang neighbor or peer na made-detect niya. Kapag ang route or
peer ay pang 16th hop na, unreachable na ito at hindi na makaka-connect. Ito ang isa sa mga
drawback ni RIP. Pakitandaan mga idol kasi kasama to sa exam, hehe. 15 ang max hop counts
ni RIP. Ok?
Ang isa pa sa drawback ni RIP ay ganito. Since hop count ang metric niya to figure out the best
path kung parehong RIP ang routing protocols, kahit mabagal ang link or mababa ang
bandwidth ng naturang path pero mas konti ang hop count, ito pa rin ang pipiliin niya(yung
163
konting hop count kahit mabagal na link or circuit). Bakit? Kasi nga hop count lang ang
tinitingnan niya.
Sa sample scenario natin sa taas, meron 2 hops si R1 para marating si R7. Pero ang speed ng
link or circuit niya is only 1.5 Mbps. On the other side, meron 3 hops si R1 to reach R7 pero this
time 8mbps naman ang speed niya.
Logically speaking mas mabilis mararating ni R1 si R7 dito sa mga 8Mbps link pero dahil si RIP
ay nag-babase sa hop count, yung nasa taas(1.5Mbps) path pa rin ang pipiliin niya kasi nga 2
hops away lang to destination. Mas konting hops. Walang paki-alam si RIP sa speed or
bandwidth.
Gets mga chief? That's how RIP select its path.
Nage-gets mo idol? Di ba panget? Yan ang mga major disadvantages ni RIP. I hope you get it
mga idol. Kung may tanong, email or comment lang.
Ang mga sitwasyon sa taas at ganitong pangyayari ay nagagawan ng paraan sa pamamagitan

ng mga sumusunod:
1. SplitHorizon - never send a route information back to where it came from. Ibig sabihin,
kung kay R1 galing ang update papunta kay R2, hindi ito ipapasa or isesend ni R2
pabalik kay R1. Ganun din sa ibang router. They keep track kung kanino galing ng
routing updates at sa pamamagitan ng split horizon, hindi na ito i-sesend pabalik sa
pinagmulan nito.
2. Route poisoning - Sa halip na i-mark ni RIP na down ang network, i-nonote niya ito na
"16 hops away" from it. Meaning, unreachable na ito at hindi na mararating.
3. Poison reverse - The poison reverse rule overwrites split horizon rule. Kapag may down
na network, pwedeng mag-send si Router ng update pabalik sa nagbigay sa kanya ng
164
naturang update. Ito ay para malaman niya yung down na network. Kaya in this
scenario, na-ooverride ang split horizon para ma-update ang bawat router in case meron
mag-down.
4. Hold down timers - Kapag may meron existing network na nag-down, di ba iro-route
poision ni RIP (16 hops away) pero meron siyang ginagawang countdown in case
merong ibang RIP router ang magbigay ng ibang path papunta sa naturang down na
network. Iti-treat niya muna ito as "possible down" hanggang sa ma-expire ang hold
down timers. Si RIP ay may default hold down timer na 180 seconds.
5. Triggered Update - Kapag may nag-down na network, don't wait for 30 seconds. Send
the update immediately. Remember na 30 seconds ang update interval ni RIP di ba, so
kapag may nag-down, sa pamamagitan ni triggered update, hindi na mag-aantay ng 30
seconds at agad-agad i-uupdate ang mga peers.
I hope you get this mga idol. Madali lang naman intindihin, kung bago pa lang balik-balikan lang
at sure ako makukuha niyo din yan.
Lesson 7: Understanding RIP Part II. How to configure RIP
Hey mga idol, welcome back again. This is the part II of our RIP routing protocol tutorial. This
time pag-uusapan natin how to configure RIP. In order to understand this better, make sure you
study, learn and understand the basic of RIP Part I here.
Again as I always insists, understand the concept first and the rest will be easy. Got it?
Alright so without any further delay, let see how to configure RIP and how it works in action. Are
you ready? Let's do this!
How to configure RIP v2
Ok, I hope by this time you now have the foundation and fundamental understanding about the
basic RIP. This time, let see naman kung papaano mag-configure ng RIP. On this part, RIP v2
ang sample natin.
Simple lang ang pag-configure ng RIP v2, here's what we need:
1. Enable lang natin yung RIP using the command "router rip" sa global configuration mode
2. Set the RIP version by using the command "rip version [#]" Example: rip version 2
3. Tell the network you want to advertise using the "network x.x.x.x" command. Example:
network 192.168.1.0
Example:
Router#enable
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.16.0.0
165
That's it. Binuhay natin ang RIP using "router rip" and then we specify the version, tapos nag-
advertise lang tayo ng network using the network command. Easy pissy, right?
Again, in RIP v1 it takes the "classful" address kapag ginamit natin yung "network" command.
Ibig sabihin dun sa command natin na "network 10.16.0.0", automatic niyang kinukuha ang
default subnet mask nung 10.16.0.0 na isang class A IP address which is 255.0.0.0. Meaning
lahat ng IP or network na nag-start sa 10, ia-advertise ni router sa ka-peer or ka-RIP niya.
Ganun din sa 172.16.0.0, class B address(private IP) siya so default mask niya is 255.240.0.0
Sa RIP v1 ganun.
Since RIP v2 ang ginagmit natin, "classless routing" ang mangyayari at ang isasama ni RIP v2
ang tamang subnets lang ng network na ina-advertise natin. So yung unang network na
10.16.0.0 hindi kasama buong class A na IP na nagsisimula sa 10(255.0.0.0) kundi yung naka-
define lang na subnet na 10.16.0.0/16 or 255.255.0.0.
Gets ba mga idol?
Let see it in action.
Ok, sa ating sample scenario sa taas. Meron tayong 3 routers then meron tayong 5 networks.
Mag-coconfigure tayo ng RIP v2 at sisilipin natin kung pano ito gumagana in actual.
I used GNS3 para mas maipakita ko ng maayos sa inyo kung pano ang basic configuration ng
RIP v2. Pina-simple na lang natin ang scenario mga idol para mas madaling maintindihan.
So bale ito ang mga given natin.
R1
Networks:
10.0.0.0/8
192.168.5.0/24
Interfaces:
Loopback0: 10.0.0.1
Fa0/0: 192.168.5.1
R2
Networks:
192.168.5.0/24
192.168.6.0/24
166
Interfaces:
Fa0/0: 192.168.5.2
Fa0/1: 192.168.6.1
R3
Networks:
192.168.6.0/24
100.100.100.0/24
Interfaces:
Loopback0: 100.100.100.1
Fa0/1: 192.168.6.2
So una, let's configure the interface of each router.
Makikita niyo sa taas na nag-configure ako ng mga interfaces ng bawat router. Sinunod ko lang
yung given natin sa taas mga idol. I hope you understand.
167
I go to global configuration mode(conf t) then pinasok ko si interface(interface #), nag-set ako
ng ip address kasama ang kanyang subnet mask, then I turned up the interface(no shutdown).
Easy lang di ba? Kung may tanong, email or comment lang.
Ok, so configured na ang mga interfaces ng bawat router, siyempre dapat lahat ng mga
kasaling interfaces ay naka-up. Bago natin i-configure ang RIP, let's take a look sa existing
routes or laman ng routing table ng bawat router. Again ang command is "show ip route".
Sa image natin sa taas, makikita niyo na ang mga existing routes pa lang sa routing table ng
bawat routers ay ang mga "directly connected routes". Again, kagaya ng napag-usapan natin
before, ito ay indicated ng sign na "C". Malinaw ha?
168
Sa image sa baba, sinubukan ko rin i-ping ang network sa Loopback ni R3(100.100.100.1) from
R1 Loopback(10.0.0.1) at makikita niyo na unreachable or hindi tayo maka-connect. Pati na rin
ang interface fa0/1 ni R3(192.168.6.2) at ito ay unreachable din.
Sa 2nd image, pati ang interface fa0/0 ni R2(192.168.5.2) from R1's Loopback(10.0.0.1) ay
hindi rin reachable.
Bakit? Kasi ang mga ito ay remote networks.
At ang pinaka-huli, makikita niyo na ang tanging napi-ping ko lang ay and directly connected
network kay R1 na interface(fa0/0) 192.168.5.1.
Take note, ang mga ito ay before tayo mag-configure ng RIP.
Let's go ahead and configure RIP v2.
169
Ok, sa image sa taas, I configured RIP v2 sa ating mga routers. Sinunod ko lang ang format or
syntax na pinag-usapan natin kanina.
Again, "router rip" na command para i-turn on si RIP, "version 2" to indicate the version and
then "network x.x.x.x" para i-advertise naman ang mga network na meron sa kada-router. Napa-
simple di ba? Gets ba mga idol? Malinaw tayo ha? So RIP v2 is now running in our networks.
Let see the results.
So ngayong meron na tayong RIP na tumatakbo sa network, let see kung anu ano na ang
laman ng routing table ng ating mga routers. Remember na kanina ay puro directly connected
networks "C" lang ang nakita natin. Again ang command is "show ip route".
170
So kung makikita niyo sa image natin sa taas, updated na ang routing table ng bawat routers,
meron na tayong new routes at ito ay thru RIP indicated by letter "R". Naka-highlight na din siya
para sa inyo mga idol(in red).
171
Kung mapapansin niyo rin yung highlighted in blue, yun yung administrative distance ni RIP
kasama kung ilang hops bago niya marating ang naturang network. And then kung kanino siya
dadaan para marating ito. Again, ang bawat routing protocols ay may kanya-kanyang defined
na administrative distance.
So gaya ng napag-usapan natin sa administrative distance at metric ang RIP ay may

administrative distance na 120 at gumagamit ng hops as kanyang metric. at siyempre ang
directly connected ay 0, kaya wala ng nakalagay. Kuha mga chief? I hope malinaw ito ha. I
woke up 5AM para lang dito. Hehe.
Let's test the connectivity again.
Sa image natin sa taas, makikita niyo na reachable or pingable na ang Loopback0 interface ni
R3(100.100.100.1) from Loopback0 interface ni R1(10.0.0.1). Remember kanina hindi natin ito
napi-ping. Sa pamamagitan ni RIP, nagkita-kita ang mga naturang networks. Pati ang interface
fa0/0(192.168.5.2) na hindi pingable kanina ay napi-napiping na rin natin.
172
Sa image sa taas, I also tried doon naman sa side ni R3 na i-ping ang Loopback0 interface ni
R1(10.0.0.1) at siyrempre reachable na din ito. Pati din ang interface fa0/0(192.168.5.1) ay
reachable na din sa side ni R3. Siyempre, may routes na eh. Kuha mga chief?
Wait there's more! Haha.
Dahil gusto ko talaga na matuto kayo at maraming matulungan, I also turned on the debugging
option ni RIP para makita natin kung papaano ito nangyayari sa background.
Sa image sa taas, I just turned RIP debug kay R1 para ipakita ang mga logs na nangyayari
about RIP. Simple lang ang command "debug ip RIP".
Kagaya ng na-discuss natin, makikita niyo kung papaano nag-sesend ng routing information
thru RIP si R1. Gaya nang nabanggit ko sa umpisa, isesend ni RIP ang update sa multicast IP
address na 224.0.0.9 gaya ng nakikita niyo.
Then kasama na rin ang mga networks na meron siya sa kanyang routing table pati ang metric
or kung ilang hops away ang mga naturang networks. That's it. We now uncovered the RIP
topic.
I hope if you reached this far, you now understand the basic of RIP. How it works and its basic
configuration. Actually, ito na yun eh. More than basic na 'to mga idol. Kaya kapag nakuha niyo
ito, alam niyo na kung paano gumagana si RIP in different scenario. Kung nalalabuan or medyo
confuse pa, break muna. Balikan na lang ulit.
So before we end, here's the summary and and how to configure RIP.
 Si RIP v1 ay classful while is RIP v2 is a uses classless addressings

 Si RIP ay nagse-send ng buong routing table sa lahat ng kanyang active interfaces
every 30 seconds
 Si RIP ay may administrative distance na 120
 Si RIP ay gumagamit ng hop count bilalng kanyang metric
 Ang maximum hop counts ni RIP is 15, pagdating ng 16 hops ito ay unreachable na.
173
RIP v2 configuration:
Rotuer#router rip
Router(config-router)#version 2
Router(config-router)#network x.x.x.x
Router(config-router)#network x.x.x.x
Alright mga idol, I'm sure malaki ang naitulong nito sa inyo. Hanggang sa susunod. Cheers!
Lesson 8: OSPF Part I. Understanding the basic of OSPF protocol.
Move on tayo sa OSPF protocol.
What is OSPF Protocol?
Ang OSPF is an abbreviation para sa Open-shortest Path First. Ito ay isang link-state routing
protocol. Ito rin ang pinaka-sakit na interior gateway routing protocol.
Para ma-establish ang ating OSPF network, ang mga OSPF neighbor router ay nagpapalitan ng
"hellos" at ito ay ipinapadala nila sa multicast address na 224.0.0.5. You can see below.
By default, si OSPF ay nagsesend ng update every 10 seconds. If after 4 hellos(40 seconds) at

hindi nag-hello back si neighboring router, it will be tag as neighbor down.
After configuration, gaya din ng ibang routing protocol, ang OSPF protocol ay ay mag-aabang at
mag-papasa ng routing information sa kanyang mga neighbors through "hello messages". Ang
mga sumusunod na information ang kasama sa "ospf hello message" na pinapadala ni OSPF
router sa kanyang potential OSPF neighbor.
 subnet
 area id
 hello and dead interval timers
 authentication
 area stub flag
 MTU
Ang mga ito ay kailangan tugma at pareho sa neighboring OSPF router. If not, OSPF hello
mismatch can happen. Kung ok, kukunin ni OSPF router ang lahat ng "link state data" sa
174
kanyang neighboring router para makabuo ng topology map at isa-save ito sa kanyang "link
state database".
Gamit ang mga information sa kanyang link state database, it will calculate the "best shortest
path" to each reachable subnet/network gamit ang algorithm na tinatawag na Shortest Path
First (SPF) that was developed by the computer scientist Edsger W. Dijkstra in 1956. Gaya dn
ng ibang routing protocol, mag-crereate na ito ng 3 different tables base sa mga nakalap na
information.
1. Neighbor table - list of all OSPF neighbor na makikipag-palitan ng route sa kanya

2. Topology table - dito naman naka-save ang roadmap or lahat ng available na path from
a certain network going to a certain destination
3. Routing table - sa routing table naman naka-save ang "best shortest path" na gagamitin
main or primary path to reach a certain network destination
OSPF metric and administrative distance
Kung si RIP ay gumagamit ng hop count at si EIGRP naman ay gumagamit ng bandwidth and
delay, si OSPF protocol ay gumagamit lamang ng isang parameter para sa kanyang metric, at
ito ay ang cost. By default, si OSPF ay gumagamit ng reference na 100 Mbps para sa kanyang
cost calculation. In a nutshell, the formula to get the OSPF cost is:
OSPF cost = reference bandwidth divided by interface bandwidth or 100/interface bandwidth
Example:
Ang bandwidth ng interface natin na member ng isang OSPF network is 10Mbps. The
computation will be:
100(reference bandwidth) / 10(actual interface bandwidth) = 10. Therefore OSPF cost for this
link is 10.
We can use the command "ip ospf cost [bandwidth]" sa interface ni OSPF para i-modify or i-
customize ang cost na naturang interface. Later on, dadaanan natin ng masinsinan ang topic na
ito para mas lalo pa natin maintinidihan. For now, that's the basic.
Ang default administrative distance ng OSPF routes is, by default, 110. Again you can
check back the administrative distance article here.
OSPF Area
Kapag pinag-usapan ang OSPF protocol, ang unang pinaka "hint" natin dito ay ang "AREA".
Gumagamit si OSPF ng area to group the network para mas madali ang management at pag-
troubleshoot ng network. Bukod dito, ginagamit din ni OSPF ang concept ng areas para sa
network summarization at area boundries. We'll see below.
Ano nga ba ang Area? Ito ang term na ginagamit para sa grupo ng mga network or routers ni
OSPF. For example, sa ating pamayanan, ang bawat mga Barangay ay pwede natin i-consider
na area sa ating lugar. May kanya-kanya silang Brgy. Captain, kanya-kanyang street, mga rules
175
etc. Pero ang mga Barangay na ito ay part pa rin ng isang bayan. At ang mga Barangay na ito ay
nasasakop ng naturang bayan.
Ganun din sa OSPF protocol. Meron tayong iba't ibang "area"(barangay), meron silang kanya-
kanyang router, network, rules etc. pero they should all be connected to "area 0"(bayan). For
example, ang mga areas sa ating OSPF network ay area 1, area 2, area 3. All these areas ay
dapat connected sa Area 0. Ang area 0 ang pinaka-backbone ng OSPF network. Let me give
some basic illustration.
Sa ating sample image sa taas, makikita natin na meron 3 different Areas. Area 1 and Area 2 at
ang Area 0. Iignore niyo muna yung mga label, we will get into that later.
So kung napansin niyo, gaya ng nabanggit natin kanina, si Area 1 connected kay Area 0 at
ganun din si Area 2.
Kung meron pa tayong ibang network na gustong maging part ng OSPF network natin, one of
it's router should be connected to Area 0 too.
All these routers and network are in the same AS or autonomous system. Area 0 = the
backbone area.
Take note na each area ay meron kanya-kanyang network and pwede ring internal routers. As
long as na may isang router on that area na connected sa Area 0, they can be part ng ating
OSPF network. I hope it's clear mga idol.
Let's dig deeper.
176
How OSPF Areas work and inter-connected
Nabanggit nga natin na ang bawat area sa ating OSPF network ay dapat connected sa
backbone area which is Area 0. Pero pano nga ba sila nag-kikita kita at inter-connected from
each other.
Alamin din natin ang mga common name at terms na ginagamit sa OSPF protocol.
Area Border Router (ABR)
Gaya ng nakikita niyo sa sample image natin sa taas(encircled in orange), si ABR ay ang router
ang nagco-connect from a certain area to a different area.
Using the word "border" siguro naman hindi na mahirap intindihin na siya ang nasa border line
or pagitan ng magka-ibang area sa ating OSPF network.
Si Area Border Router rin ang responsable sa pag-susummarize ng mga IP address inside it's
area pati na rin ang pag-suppress ng mga updates inside them.
Basically all updates happening inside a certain area ay hindi na tinitingnan ng iba pang mga
areas. On configured interval, magpapadala na lamang si ABR ng link-state update sa iba pang
mga OSPF router para mag-synchronize ang mga OSPF tables nila.
Ganun din sa ibang areas na part ng ating OSPF network.
177
Autonomous System Boundary Router (ASBR)
As you can see on the sample image(encircled in orange) natin mga idol, si ASBR naman ang
router na nagco-connect from area 0 to a different network with different AS(autonomous
system).
Kadalasan, si ASBR ang nagco-connect kay OSPF network sa ibang routing protocols(RIP,
EIGRP etc), ibang organizations or sa external network gaya ng internet. Gaya ni ABR,si ASBR
ay may kakayanan din mag-summarize ng network bago ito i-advertise sa kung saan man ito
naka-connect na other network.
Alright, hanggang dito na lang muna ulit idol. We will have more sa mga next part ng OSPF
lessons.
Lesson 9: OSPF Part II. A deeper look on how OSPF protocol works
Wazzup mga idol! Last time we talked about the basic and fundamentals of OSPF protocol. I
hope you learned so much from that.
Today, we are going to continue the OSPF topic and on this article, we're going to take a
deeper look on how OSPF protocol works. Let's do this!
Sabi nga natin sa Part I, si OSPF protocol ay gumagamit ng Area. Each area are interconnected
to the backbone area(Area 0) through the ABR. Then the Area 0 can be connected to external
network or other AS using other routing protocol through ASBR naman. I hope malinaw ito mga
idol ha.
Let's dig deeper.
178
How OSPF protocol works: OSPF neighbor formation
Below are the basic process and stages on how OSPF protocol works and form its neighbor
relationship with other OSPF router. Pina-simple ko na lang para mas madali natin
maintindihan. I hope makatulong ito upang mas maunawaan niyo pa si OSPF. Game!
1. After natin ma-configure si OSPF, the first thing na mangyayari is to identify its self via router
id. So basically, each router identify each router ID before sending the "OSPF hello message" to
the other OSPF router. In a nutshell, ganito muna ang mangyayari:
Kagaya ng nakikita niyo sa ating sample image, magpapakilala muna si router sa kanyang
neighbor gamit ang kanyang router ID.
By default, router ID will be the highest IP address on a physical interface pero loopback
interface always wins. Ibig sabihin, kung meron existing na loopback interface, ang
pinakamataas na IP address ng loopback ang gagamitin niyang router ID.
In our case sa taas, kahit na meron tayong existing physical interface at mataas ang IP address
nito, hindi ito ang magiging router ID kasi meron tayong loopback interface. So si R1 and R2
gagamitin nila ang kanilang mga loopback interfaces as their router ID.
In real world, manual ito nilalagay at tayo ang nag-bibigay ng router ID for each device for better
management and security purposes. Take note, each router ID must be unique in the entire
OSPF network or else magkakaroon tayo ng conflict. Gotcha?
2. After nila magpakilala sa isa't isa through router ID, ma-aadd ngayon sa link-state database
of each router ang interface at ip address ng parehong device by using the "network command".
Using our example sa taas, bale nangyayari siya when we do network 192.168.1.0 0.0.0.255
area 1 kay R1 at network 192.168.1.0 0.0.0.255 area 1 kay R2 inside the OSPF router
configuration given na sila ay parehong nasa area 1. We'll have that later.
3. After ma-add sa link-state database ang mga ip addresses ng mga interface, this time mag-
sesend na ng "OSPF hello" ang bawat router para magpalitan ng routing information. The
OSPF hello messages will contain the following information:
 Router ID
 *Hello and Dead timers
179
 *Network Mask
 *Area ID
 Neighbors
 Router Priority
 DR/BDR IP address
 *Authentication Password
So basically mga idol, yung hello message ni Router ay naglalaman ng mga yan. Mga
information regarding sa naturang router. Yung mga may *asterisk is kelangan tugma or pareho
sa kabilang router to form OSPF. Else magkakaroon ng mis-match.
Later titingnan natin meaning nga mga yan pero base sa name nila, I hope you ar getting the
idea. It will send the hello every 10 seconds in broadbast or P2P networks then 30 seconds
naman sa NBMA(Non-broadcaset multi-access) networks.
4. After that, the neighboring router will receive the hello. Let say si R2 matatanggap niya na
ngayon yung OSPF hello message ni R1 containing those information nga na binanggit ko sa
taas. I-ccounter check niya ngayon kung pareho sila ng hello and dead timers, network mask,
area id at auth password kung meron.
Kung baga gagawin ni R2 sa OSPF hello ni R1: Am I compatible with this router? Check the
hello and dead timer(good), check network mask(good), check area id(good) then check auth
password(good). Ok, I will form neighbor relationship with this router.
Kapag hindi ito tugma, hindi magfo-form end neighbor relationship nilang dalawa. Gotcha idol? I
hope naging malinaw.
5. Si R2 or the other side router naman will check kung ang nagse-send sa kanya ng ospf hello
message ay new neighbor or an existing neighbor. Pano niya malalaman? Siyempre if it exists
on its neighbor table.
If it's an existing neighbor, it will reply a hello message then reset the dead timer. Remember na
ang existing OSPF neighbor send hello every 10 seconds kung P2P at ethernet networks then
30 seconds naman kng MBA? So its something like a keep alive to check kung buhay pa yung
neighbor niya and also for OSPF updates.
Pero kung ito ay new neighbor naman, it will form a neighbor relationship with that router. Given
na ung step#4 is compatible ang mga values nila.
6. Next process is the Master - Slave relationship formation. Ano naman ito? Basically when
routers formed a OSPF relationship, they will also identify master and slave relationship.
Si master ang UNANG nagse-send ng OSPF DBD(Database Description) or something like a

cliff note summary ng updates regarding sa OSPF network. And si slave naman is magre-reply
back lang with its OSPF DBD to check if they have the same DBD.
Basically master - slave para lang malaman kung sino unang magse-send ng OSPF DBD with
in that OSPF network.
180
Pano ma-identify kung sino ang master at slave? Simple lang idol. By OSPF priority na isine-set
natin sa OSPF configuration or by router ID ng isang OSPF router. The higher the router ID will
become the master.
7. After ng palitan ng DBDs, siyempre it will be recieved and acknolwedge on both sides of the
router. Kung meron updates na missing, that router will send a request for that specific updates
(ang tawag dito ay LSR - Link State Request).
Then the other router will send that missing update to the requesting router (ang tawag naman
dito ay LSU - Link State Update). Here's an example.
R1(master): R2 here's my OSPF DBDs. Please acknowledge.
R2(slave): Got it R1. It will cross-check ngayon sa kanyang existing OSPF database.
Let say merong new network na na-add kay R1 na wala pa kay R2. R2 now will request for that
update. Parang ganito.
R2(slave): Boss R1, I don't have the info about 192.168.1.0/24. Can you send me the details for
that? Ito ang tinatawag na link-state request.
R1(master): Noted R2. Here you go. So ipapadala ngayon ni R1 ung details about sa request ni
R2(network, cost, router id at iba pa). Ito naman ang link-state update.
Once it was received by R2, iaacknowledge niya ito at magse-send siya ng link-state ack just to
confirm na natanggap niya na ito.
Gets mo idol? On this stage, they are comparing their DBDs and then nagpapalitan sila ng
updates kung alin ang meron sa kanila at kung alin ang wala. I hope malinaw idol.
8. Once both or all routers have synchronized, dito na ico-consider na they are in full state. Ibig
sabihin they have all the OSPF information in every routers na member ng OSPF.
This is the time na magru-run na si OSPF ng DIJKSTRA SPF - algorithm para sa mga naturang
data or OSPF information.
Lahat ng steps na na-mention ko sa taas ay part ng different stages ni OSPF.
So let's make a quick summary using the image below.
181
Alright, I hope by this far mas naintindihan niyo pa how OSPF protocol works. Pina-simple natin
para mas maunawaan ng mga bago at aspiring Pinoy CCNA.
Lesson 10: OSPF Part III. Common OSPF terminologies a beginner should know.
We're done with the OSPF Part I and OSPF Part II. On this part, dadaanan natin ang common
OSPF terminologies na ginagamit at naririnig natin para mas maging familiar pa tayo kung ano
nga ba at para saan sila.
This will help you more understand how OSPF works. Let's begin.
Common OSPF terminologies
1. Link State
Information is shared between directly connected routers. Ito ang type ng routing protocol ni
OSPF.
Ang mga information ay nagpo-propagate through out the network unchanged ibig sabihin
pwedeng as is at ito rin ang ginagamit to create the shortest path first tree na gamit nga ni
OSPF.
182
2. Autonomous system (AS)
Gaya nga ng nabanggit natin nung mga nakaraan din na topic, si AS ay ang network under one
entity or managed by a certain administration. In real world, iba't ibang company at lalo na ang
mga ISP, may kanya-kanya silang AS.
Ex. PLDT AS - 17796 or Globe AS - 4775
Bukod pa yung external AS which is nakikita at kinikilala ng external network mo doon sa

internal AS na ginagamit mo lang sa loob ng iyong organization.
3. Area
Group ng mga routers na pare-pareho ng area ID. Lahat ng routers na member ng isang OSPF
network ay kailagang member din ng certain area.
4. Cost
Ito ang metric na ginagamit ni OSPF. We talked about this on OSPF Part I. You can manually
configure the cost with the "ip ospf cost" command sa interface ng isang OSPF router.
By default, the cost is calculated by using the formula cost = 100 / bandwidth in mbps.
5. Router ID
The highest IP address configured on a Cisco router or the highest numbered loopback
address. You can manually assign the router ID. Each router kelangan ng unique na router ID
sa ating OSPF network.
6. Topology table
Napag-usapan na natin ito in previous topics. So in OSPF gaya ng iba, it contains all the links or
neighbors in the OSPF network.
7. Designated router(DR) and Back-up Designated Router (BDR)
Basically sa OSPF, hindi lahat ng router ay nagpapalitan ng information. Ang Designated

Router(DR) or Back-up Designated Router(BDR) ang responsible sa pagse-send ng information
or updates sa other router. Si BDR siya yung papalit in case may issue yung DR.
So ang mga non-BDR or non-DR router, ay nagse-send lang ng update sa DR. Ang DR na ang
bahalang mag-send sa iba pang DR sa OSPF network to propagate the updates. This way, tipid
sa resources ang router kasi konting processing lang ang ginagawa niya. Let me elaborate
more.
On LANs, DR and BDR have to be elected. Two rules are used to elect a DR and BDR:
183
A. Router with the highest OSPF priority will become a DR. By default, all routers have a priority
of 1
B. If there is a tie, a router with the highest router ID wins the election
The router with the second highest OSPF priority or router ID will become a BDR. Para mas
maintindihan niyo pa, here's a more detailed explanation.
Sa ating image sample sa taas, let say nasa isang area ang mga routers na nasa sample. Si R1
ang DR at si R2 ang BDR. On the same area, let say meron pa tayong isang router na si R3 at
nag-down ang network na connected kay R3.
Si R3 instead na i-update niya lahat ng neighbor niya, kay R1 niya lang ipapadala ang
information na nag-down ang network niya. Yun yung (1) na nakikita niyo sa sample image. Ibig
sabihin, si R3 first updated R1 sa nangyari.
Ngayon si R1, i-inform naman niya lahat ng members ng OSPF on that area about sa nangyari.
Yun naman yung (2) update na nakikita niyo. So basically, all routers will be updated by their
DR or BDR in case may issue si DR.
Gets ba mga idol? Balik-balikan lang kung nalilito, sa tamang panahon makukuha niyo rin yan.
:D
8. Link-state advertisement (LSA), Link-state requests(LSR) and Link-state update(LSU)
Gaya nung napag-usapan natin sa OSPF Part II, si LSA ay ang packet that contain all relevant
information regarding a router's links and the state of those links.
LSR naman is kapag nakita niya na merong missing na info sa LSA na na-recieve niya, mag-
rerequest siya ng details about that info. Let say sa LSA na ni-send ni R1 kay R2, wala yung
19.2.168.1.0/24, ire-request ngayon ni R2 kay R1 yung details about that network. Ang tawag
dun sa pag-rerequest niya is LSR or Link-state request.
184
Ang pagbigay naman ng update ni router sa requested information(LSR) ay tinatawag na LSU
or Link-state update. So gaya nung sa taas, kung nag-request si R2 ng details about sa
192.168.1.0/24, pag-ipinadala na ito ni R1 kay R2, LSU na ang tawag dito kasi ini-update niya ni
R1 si R2. Malinaw idol?
9. Router Priority
Ito yung isi-neset natin para sa DR and BDR election kung gusto natin manually pumili ng DR
and BDR. Ginagamit din ito sa ibang processes ni OSPF as variable para sa comparison sa
ibang router.
10. Area Border Route or ABR
Gaya nung na-discuss natin sa Part I, ito ang router kung saan nag-coconnect ang bawat area
under same Autonomous system.
11. Autonomous System Border Router or ASBR
Si ASBR naman ang nag-coconnect kay OSPF sa ibang AS or external network or maging sa
ibang routing protocol gaya ng EIGRP or RIP.
12. Backbone Area
Last on our list of common OSPF terminilogies ay ay backbone area. Tinatawag din natin na
Area 0. It connected different area's in your OSPF network. See image below para mas ma-
figure out niyo kung ano ang function ni Area 0 or backbone area.
Alright idol, I hope this article is another valuable read for everyone. I spent hours and hours
researching and explaining all this topics para mas simple at mas madali niyong maintindihan
ang mga basic at fundamental topics ng CCNA. I hope nakakatulong.
See you on next lesson. Cheers!
185
Lesson 11: OSPF Part IV. Basic OSPF configuration
On this lesson, we will do some basic OSPF configuration para makita natin siya in action. Let's
begin.
Bago tayo gumawa ng sample basic OSPF configuration, let's take a look at some basic and
fundamental info na kelangan natin tandaan when configuring OSPF. Here are the basic syntax.
How to enable OSPF
Gaya din ng ibang routing protocols na nadaanan na natin, kelangan muna natin ito ma-enable
bago tayo makapag-configure na OSPF routing protocol. Here are the basic step to enable
OSPF in a Cisco router.
Router#
1. enable
2. configure terminal
3. router ospf process-id
4. network ip-address wildcard-mask area area-id
5. end
Ito naman ang detailed sample.
186
Basically from the sample basic OSPF configuration I took from Cisco, I'm sure meron ka na
kagad idea kung papaano mag-configure ng OSPF.
Yung ibang advance feature, hindi natin idi-discuss since sabi ko nga ang goal ng blog na ito is
to help you understand the basic and fundamentals. Ok mga idol?
Alright, so let see those in action. Let's create our own configuration of OSPF protocol.
Basic OSPF configuration in a single area network
Simple lang din ang pag-configure ng OSPF lalo na in a single area. Gaya nga ng sinabi natin
kanina, kelangan lang natin mai-enable si OSPF using the router OSPF process id command,
then kelangan natin i-advertise ang network and its wildcard mask na gusto natin maging part
ng OSPF network natin.
Let say for example we have the following network:
So enable natin si OSPF on both routers gamit yung command na router OSPF together with
the OSPF process id, then yung network at wildcard mask na kelangan. See below.
R1 initial configuration
Step 1. Configuring interfaces
R1(config)#int fa0/0
R1(config-if)#description R1 Fa0/0 to R2 Fa0/0
R1(config-if)#ip address 172.16.0.1 255.255.0.0
R1(config-if)#no shut
R1(config-if)#exit
187
R1(config-if)#end
====
R2(config)#
R2(config-if)#exit
R2(config-if)#end
====
R3(config-if)#end
====
R4(config-if)#end
188
====
Dito sa part na ito mga idol, we just configured interfaces of each router base doon sa ating
diagram. Nilagyan ko rin ng description para mas maging malinaw in case na mag-check tayo
ng configuration. So basically, nilagyan lang natin ng ip addresses ang mga interfaces at
siyempre nag-no shut tayo to turn them up.
Right here, we don't have OSPF protocol enabled yet. Sabi ko nga, nag-configure pa lang tayo
ng mga interfaces. Kung iche-check natin, wala pang laman ang routing table ni R1 at R2.
Again the command is "show ip route".
189
Makikita niyo rin sa sample image natin sa taas na wala pa rin tayong OSPF neighbor na nafo-
form. Kasi nga, hindi pa naman natin na-enable si OSPF.
Makikita niyo rin na hindi pa napi-ping or nare-reach ni R1 and internal network ni

R2(192.168.0.0/24) kasi nga wala pang routing.
Ganun din si R2 papunta sa internal network ni R1(10.0.1.0/24).
Ok, let's configure and enable OSPF on both R1 and R2 para makita natin ang differences.
A. Enabling OSPF and advertising network for R1
R1>enable
R1#conf t
R1(config)#router ospf 100
R1(config-router)#network 10.0.1.0 0.0.0.255 area 0
R1(config-router)#end
B. Enabling OSPF and advertising network for R2
R2>enable
R2#conf t
R2(config)#router ospf 100
So this time, we enabled the OSPF protocol using the command "router ospf 100". Yung 100 is
identifier lang ni OSPF para malaman natin kung alin ito in case meron tayong multiple OSPF
running on the routers.
After kong ma-enable si OSPF, nag-advertise na ako ng networks na connected from each
router. So sa side ni R1(10.0.1.0/24 & 172.16.0.0/16) and then sa side ni R2 naman
are(192.168.0.0/24 & 172.16.0.0/16). Gumamit din ako ng wildcard mask to specify kung alin
subnet ang gusto kong ma-advertise. Para ma-refresh kayo, let me explain again.
Ang command na network 10.0.1.0 0.0.0.255 area 0, ibig sabihin sa 10.0.1.0/24 na network,
ina-advertise ko yung buong /24 or yung host from 10.0.1.1 to 10.0.1.254.
Yung wildcard mask na 0.0.0.255 ibig sabihin lang niya is yung first 3 octets(0.0.0) should be
exact or the same kay 10.0.1 and then the last octet(255) should be anything na pasok sa
subnet, which is yun ngang usable address from 10.0.1.1 to 10.0.1.254. Gets na ba idol?
Ok, now that we have configured OSPF on both R1 and R2, i-check natin kung anong nabago
at kung ano na ang meron tayo.
190
Makikita niyo sa latest image natin sa taas mga idol na meron na tayong OSPF protocol sa
ating routing table. It is indicated by the sign "O".
Additionally, meron na rin tayong OSPF neighbor na na-formed. At siyempre, I can now ping or
reach the other side of R1 from R2. Ganun din from R2 to other side of R1. This time, we now
have a fully converged OSPF protocol.
191
This time we now have a working network through OSPF protocol. Simple lang naman ang
OSPF configuration pero siyempre as we go on, meron pang mga advance OSPF configuration
ang madadaanan natin. For now, let's just focus sa basic at fundamentals.
After natin ma-enable ang OSPF, there are certain configuration na kelangan natin gawin para
ma-customize at maging fully functional ang ating OSPF network. Sabi ko nga, in real world,
bihira ang gumagamit ng mga default values for better management and security purposes.
Isa pa, depende din ito sa setup and goal ng organization. So basically, when dealing with
OSPF, we also need to do some configurations on the router interface that is part of the OSPF
network.
Here are some of them.
How to configure OSPF on the interface
enable
configure terminal
interface [type number]
ip ospf cost [cost]
ip ospf retransmit-interval seconds
ip ospf transmit-delay seconds
ip ospf priority number-value
ip ospf hello-interval seconds
ip ospf dead-interval seconds
ip ospf authentication-key key
ip ospf message-digest-key key-id md5 key
ip ospf authentication [message-digest | null]
end
Ignore niyo na lang muna itong mga advance features kasi we're more on basic and
fundamentals dito sa blog. Ang ilan sa mga importante dito is yung "ip ospf cost [cost], ip ospf
hello-interval [seconds] and then ip ospf authentication-key [key]". Ang mga ito is inilalagay or
ikino-configure sa interface ng router na part ng OSPF.
Si ip ospf cost [cost] command is para ma-influence natin ang naturang interface na babaan or
taasan ang OSPF priority at i-prefer ang naturang interface kung meron pang ibang interface na
part ng OSPF. Kung baga, mina-manual natin ang pag-compute ni OSPF ng kanyang metric or
tinatawag nga nating "cost".
Si hello interval naman is kelangan match in both routers ganun din siyempre ang
authentication key para makapag-form ng relation ship ang mga router. This is already in
advance topics ni OSPF, in the future isha-share din natin yan through videos para mas
madaling maintindihan. For now, let's just have the basic.
Ok mga idol, I hope by this time you now understand the basic and fundamentals of OSPF.
Alam ko simple at basic lang ang mga nababasa niyo dito sa ebook pero I promise and I assure
you na once ma-gets at maintindihan niyo ang mga ito, mas madali na kayong matututo at mas
madali niyo ng maiintindihan ang mga related at advance topics.
192
Isa pa, once na you understand the concept, mas magiging matibay ang knowledge foundation
niyo sa inyong CCNA at Cisco career journey. I want you to become a real network engineer na
may real skills at knowledge. Yung tipong hindi umaasa sa dumps at mga kodigo.
My goal is to help you understand the concept, patibayin ang basic and fundamental knowledge
niyo sa Cisco networking, fire your passion and siyempre to inspire you in every possible way.
Kaya mo yan idol, keep it up! Until next time, cheers!
Lesson 12: EIGRP Part I. Understanding the basic of EIGRP protocol.
On this lesson, we're going to discuss and understand the basic of EIGRP protocol.
The basic of EIGRP protocol
Ang EIGRP ay isang Cisco proprietary routing protocol noon. Ibig sabihin, gawa ni Cisco para
lang sa mga cisco devices. EIGRP means Enhanced Interior Gateway Routing Protocol.
Sometimes tinatawag din itong hybrid or advance distance vector protocol. Bakit? Kasi parang
pinag-samang link state at distance vector protocol ang EIGRP. Again by Cisco for cisco
devices only.
Note: Today, ang EIGRP ang isa ng open source protocol. Meaning, pwede na rin gamitin ng
ibang vendor. Ang problema, wala pang nag-aadopt nito maliban sa creator nitong si Cisco.
Advantage ng EIGRP
 Very low usage of network resources during normal operation. Bakit? Kasi tanging "hello
packets" lang ang ise-send ni router sa kanyang mga EIGRP neighbor. Ito ay during
normal ang stable operation.
 When a change occurs, only routing table changes are propagated, not the entire routing
table. Ito ang isa sa pinaka-magandang advantage ni EIGRP. Kapag may new updates
or down or any changes sa network with EIGRP, tanging ang "naturang update" lamang
ang nag-popropagate at hindi ang buong routing table. Yung mismong changes lang.
Dahil dito, mas magaan ang trabaho ng mga router ang mas tahimik ang network.
 Rapid convergence times for changes in the network topology. Dahil nga kung alin lang
ang may update ay siya lang mababago sa routing table, mas mabilis ang converge ng
network. Isa pa, si EIGRP ay may tinatawag na "feasible successor" kung saan naka-
ready ang other path from source to destination in case may mangyari or mag-down ang
best path (successor). We'll talk about them next.
Ang EIGRP ay may kakayanan na mag-suporta ng classless routing at VLSM(Variable Subnet

Mask), route summarization, incremental updates, load balancing at marami pang ibang useful
features. Iisa-isahin natin ang mga yan. Hindi kagaya ng RIP, si EIGRP ay mas mabilis, mas
useful at mas reliable.
193
How EIGRP works
Iba ang way ng pag-compute niya ng "best path" from source to destination. Una, Kung si RIP
ay may administrative distance na 120, at si OSPF is 110, si EIGRP naman is 90. Mas mabilis.
Mas preferred si EIGRP in case kelangan mag-decide ni router kung alin ang best path between
RIP, OSPF and EIGRP.
Pangalawa, Kung si RIP ay gumagamit lamang ng hop count bilang kanyang metric, at si OSPF
naman ay cost, si EIGRP ay gumagamit ng mga sumusunod: bandwidth, delay, reliability, load
and mtu. Pero by default, only bandwidth and delay are use. We'll have that on the next article.
Ang mga routers running EIGRP ay kailangan munang maging "neighbors" bago makapag-
palitan ng updates or routing information. Para maka-discover sila ng other EIGRP neighbors,
ginagamit ni EIGRP ang multicast address na 224.0.0.10. They send "hello packets" sa
multicast address na 224.0.0.10. Ang naturang hello packets ang nagsisilbing "keep alive" para
malaman ng magkaka-neighbor na router kung meron changes or down sa naturang neighbor.
Ang mga routers rin na running EIGRP para maging neighbor ay kailangan din na nasa iisang
"autonomous system" or pare-pareho ng autonomous system number. Ano naman ang
autonomous system? In a nutshell, ito mga devices na within same organization or controlled by
a single organization.
Sa EIGRP, kelangan na nasa parehong autonomous system number upang magkita-kita ang
mga naturang router.
Example.
Router>enable
Router#configure terminal
Router(config)#router eigrp 100
Sa sample command ko sa taas, ini-enable ko si EIGRP using "router eigrp" in the

autonomous system number "100". Diyan ginagamit ang autonomous system number. So ibig
sabihin, dapat ang mga neighboring routers or ibang router na naka-EIGRP ay nasa
autonomous system 100 din kung gusto natin silang magkita-kita. Get's mo idol? Yan ang basic.
Si EIGRP din ay gumagamit ng DUAL(Diffuse Update Algorithm) to compute the best loop-free
path to a destination within the network.
Ang EIGRP routers ay meron 3 tables kung saan na-sasave ang mga routing and topology
information. Ito ang mga sumusunod.
1. Neighbor table
Dito naka-save ang mga neighbor information ni EIGRP. Meaning, mga information ng ibang
routers running EIGRP too na nasa same autonomous number. Kapag may newly discovered
neighbor, information of that neighbor will also be saved. We can verify this by using the
command: show ip eigrp neighbors
194
2. Topology table
Dito naman naka-save ang mga routing information na na-learned ng EIGRP router galing sa
kanyang mga neighbors. Kung anong mga network at kung anong mga possible path papunta
sa naturang network, lahat yan ay nasa topology table. The topolog table contains all the
destinations advertise by neighboring routers. Pwede natin i-verify ito using the
command: show ip eigrp topology
3. Routing table
Sa routing table naman ng mga EIGRP routers naka-save ang "best path" from a given network
source to a destination. Kapag nag-cocommunicate sina EIGRP routers sa routing table nila i-
checheck kung aling ang shortest or best path kung paano mararating ang isang network
destination.
We can check the routing table gamit naman ang command na: show ip route
We're going to discuss these tables more in the next article para mas maintindihan niyo mga
idol. For now, I just gave you the basic.
Basic of EIGRP protocol configuration
Before I end this introduction to EIGRP, ito ang simple at basic na configuration ng isang EIGRP
router.
Router>enable
Router(config)#router eigrp 10
Router(config-router)#no auto-summary
Router(config-router)#end
Sa ating basic EIGRP configuration sa taas, I go to the global configuration using configuration
terminal (conf t), then ine-enable ko si EIGRP using router eigrp 10. This command enable the
EIGRP protocol on this router gamit ang autonomous system number na 10.
So basically sabi ko nga kanina, lahat ng magiging neighbor nitong router should be in
autonomous system number 10 para magkita-kita sila. Tapos we advertise the network and
then use "no auto-summary" command para mismong subnet lang ng naturang network ang i-
aadvertise niya at hindi buong class.
That's just it. If we have another router, we can do the same configuration and advertise the
network on that router. Basically they will form EIGRP relationship. More on configurations on
the coming lesson idol. I just showed you the syntax for now.Until next part of EIGRP. Cheers!
195
Lesson 13: EIGRP Part II. EIGRP metrics: Bandwidth and Delay
Kagaya nga ng nabanggit natin, bandwidth and delay by default ang EIGRP metrics na
ginagamit ni EIGRP para mag-compute or mag-select ng best path from one source to the
destination.
If you haven't read the EIGRP Part I yet, please read it now.
Again yun ay kung may 2 or more EIGRP protocol exists configured from one source to a
destination. Siyempre kung ibang routing protocol, AD or administrative distance ang i-
cocompare ni router. Kagaya ng pinag-usapan natin sa administrative distance and metrics.
In a nutshell, BANDWIDTH is the capacity of network or interfaces kadalasan measured in bits

per seconds, kumbaga ilan or size ang kayang ma-transfer in a seconds at ang DELAY naman
ay ang round-trip or amount of time that it takes a packet from source to destination.
That's the basic! Gotcha?
In EIGRP, sila ang ginagamit to compute or select the best path from source to destination.
Pano naman nag-dedecide ang mga router with EIGRP to compute and compare bandwidth
and delay? Ganito mga idol.
EIGRP Metrics
Ang complete formula ni EIGRP to computer its metrics ay ito:
metric = ([K1 * bandwidth + (K2 * bandwidth) / (256 - load) + K3 * delay] * [K5 / (reliability + K4)])
* 256
Mahaba at nakakalito diba? Hehe. Pero gaya ng nabanggit ko, since by default bandwidth at
delay lang ang kadalasang ginagamit, ito ang shortcut or mas mabilis na formula for default
behavior.
metric = bandwidth + delay
Mas madali di ba? Simpleng simple, hindi katulad nung nauna. Again ito ay para maintindihan
niyo ang basic of EIGRP protocol at kanyang fundamentals. Sa real world scenario, bihira ang
gumagamit ng default so most likely ang complete formula ang ginagamit or naka-customize ito
ayon sa need ng isang company or organization. For now, focus tayo sa basic and
fundamentals.
Pano natin ma-cocompute ang bandwidth at delay. Let's have an example.
As per Cisco, we need to use the following formula.
bandwidth = (10000000/bandwidth(i)) * 256

where bandwidth(i) is the least bandwidth of all outgoing interfaces on the route to the
destination network represented in kilobits.
196
delay = delay(i) * 256
where delay(i) is the sum of the delays configured on the interfaces, on the route to the
destination network, in tens of microseconds. The delay as shown in the show ip eigrp topology
or show interface commands is in microseconds, so you must divide by 10 before you use it in
this formula.
Let's have a basic example.
Sa ating sample network image sa taas, makikita niyo na meron tayong 4(R1 to R4) routers
then Network A na naka-kabit kay R4. Meron tayong iba't ibang sample ng delay at bandwidth
values kada interfaces ni router. In short ito ang ating mga given:
R1
Interface s1/0
Bandwidth: 56
Delay: 2000
Interface s1/1
Bandwidth: 128
Delay: 1000
R2
Interface s1/0
Bandwidth: 56
Delay: 2000
Interface s1/1
Bandwidth:
Delay:
197
R3
Interface s1/1
Bandwidth: 128
Delay: 1000
Interface 1/0
Bandwidth: 1000
Delay: 100
R4
Interface s1/0
Bandwidth: 1000
Delay: 100
Interface s1/1
Bandwidth: 1000
Delay: 100
Network A
Bandwidth: 1000
Delay: 100
Sa ating sample scenario, from R1 to Network A, meron tayong 2 possible paths. Una, R1 to R2
then R4 para makarating kay Network A. Pangalawa, R1 to R3 then R4 para din makarating kay
Network A. Sabihin natin na EIGRP ang naka-configured kay R1 or sa mga router, aling path
ang gagamitin ni R1?
Sabi ko nga kanina, by default bandwidth and delay ang ginagamit ni EIGRP bilang metric. So
pano mag-cocompute at magco-compare si R1 ng metric between two paths? Let's see.
Gamitin natin ang formula.
So again ang formula natin sa taas sabi ni Cisco is:
bandwidth = (10000000/bandwidth(i)) * 256

where bandwidth(i) is the least bandwidth of all outgoing interfaces on the route to the
destination network represented in kilobits.
and
delay = delay(i) * 256

where delay(i) is the sum of the delays configured on the interfaces, on the route to the
destination network, in tens of microseconds. The delay as shown in the show ip eigrp topology
or show interface commands is in microseconds, so you must divide by 10 before you use it in
this formula.
198
Basically ang kukunin daw na bandwidth ay ang "least bandwidth" sa lahat ng outgoing
interfaces papunta sa destination then sa delay naman is the sum or total ng mga delays from
source to destination.
Compute muna natin ang from R1 through R2 path.
minimum bandwidth = 56k (Ito ang pinaka-least na banddwidth sa lahat ng mga interfaces from
R1 through R2)
total delay = 2000 + 100 + 100 (Pinag-sama sama naman natin lahat ng delay from R1 to R2,
R2 to R4 then R4 to Network A
[(10000000/56) + 2200] x 256 = (178571 + 2200) x 256 = 180771 x 256 = 46277376
So pano nakuha? Again by following the formula, isu-substitute lang natin yung values ng
bandwidth and delay na meron tayo. Then follow the usual mathematical procedures. Let me
break it down ng mas simple.
 Yung nasa loob muna ng parenthesis(usual math procedures) 10000000/56 = 178571

 then saka natin siya i-add sa total ng delay 178571 + 2200 = 180771
 tapos saka natin i-multiply sa 256. 180771 x 256 = 46277376
 kaya siya naging 46277376
Gets mo idol?
Ok, compute naman natin yung R1 through R3 na path.
minimum bandwidth = 128k
total delay = 100 + 100 + 1000 = 1200
[(10000000/128) + 1200] x 256 = (78125 + 1200) x 256 = 79325 x 256 = 20307200
Same computation lang mga idol ha. Siguro naman alam mo na this time kuna pano nakuha.
Baka nalilito ka lang. Ulitin mo lang, sure ako makukuha at maiintindihan mo rin yan. Kung may
tanong at reaction, comment or email lang.
From R1 to Network A via EIGRP, we have the following metrics after the computation of the
given.
R1 > R2 > R4 > Network A = 46277376

R1 > R3 > R4 > Network A = 20307200
In this scenario, R1 will choose the path through R3. Again, mas mababa mas mabilis. And
that's how basic of EIGRP protocol compute its metrics. Please take note na pina-simple lang
natin ang mga values para mas madaling maintindihan.
So in case may 2 or more EIGRP na configured kay router, by default it will compute and
compare ng bandwidth and delay. Gaya ng simpleng example natin, malalaman ni router kung
199
alin ang mas "best path". Ang path na ito ang isasave at ilalagay niya sa routing table bilang
successor. At gaya ng nabanggit natin, feasible successor niya ang sumunod na pinaka-
mababang metrics.
Remember nabanggit ko nung una na kino-compute ni EIGRP lahat ng possible paths at isina-
save ito sa kanyang topology table for future references. That's how it works kapatid.
Alright, I hope by this time somehow kahit papaano ay na-gets or naintindihan niyo ang basic
kung papaano nag-cocompute at nag-cocompare si EIGRP ng kanyang metrics. Again ito ay in
case na may two or more paths with EIGRP configured from a source to destination.
Laging tatandaan, pag different routing protocol, compare at pababaan ng AD(Administrative

distance) then kung same protocol pababaan naman ng metrics. You can check the basic of
administrative distance and metrics again here.
Hanggang dito na lang muna mga idol. Pag-aralan at balik-balikan niyo muna ito para
makabisado at magamay niyo. Mahaba at marami ang topic about EIGRP protocol. Ayoko
naman ng ma-information overload kayo kaya hinay-hinay lang tayo.
Iisa-isahin natin at hihimay-himayin ang mga yan para mas maintidihan at mas maunawaan
niyo ang basic at fundamentals. See you on the next part of EIGRP. Cheers!
Lesson 14: EIGRP Part III. EIGRP operation.
We will going to discuss the EIGRP operation and other related fundamental topics para mas
maunawaan at maintindihan pa natin si EIGRP. Let's do this!
EIGRP operation
5 Types of EIGRP packets
1. Hello - kagaya ng nabanggit ko nung mga unang part ng EIGRP, ang hello packets ay
ginagamit ni EIGRP to discover other EIGRP neighbor
2. Update - ang update packets naman is for route advertisements. Kagaya ng nabanggit
natin, ito ay nase-send lamang kapag may changes.
3. Acknowledgement - ang ack packet is just a hello packet acknowledging the receipt of
the update
4. Query - si query packet naman ang ginagamit ni EIGRP kung kelangan maghanap ng
ibang path kapag main or ibang path papunta sa destination ay nag-down
5. Reply - si reply packet naman ay kumbaga tugon or sagot para kay query packets. So
basically siya ang magbibigay ng info kung meron ibang path na available.
Let see them in some simple action.
200
EIGRP route discovery
Sabihin natin na meron tayong 2 routers na naka-configured to run EIGRP. So basically, bago
sila magkita or maging neighbor, meron munang mga exchange at communication na
nagaganap between them. Dito pumapasok yung mga types of packets na pinag-usapan natin
sa taas.
So basically, ang router na naka-EIGRP ay magse-send ng "hello packets" to other routers na

naka-EIGRP rin. At gaya ng nabanggit natin sa EIGRP Part I, ito ay isesend sa EIGRP multicast
address na 224.0.0.10. So in a nutshell, kung meron tayong 2 routers (R1 and R2) na naka-
EIGRP parang ganito ang nangyayari.
R1: Hi, anyone using EIGRP? Let's become neighbor. Ako nga pala si R1. (Example of hello
packets)
So since naka-EIGRP rin si R2, sasagot siya ng hello packets din para malaman ni R1 na
pwede silang maging neighbor.
R2: Hi R1. Nice to meet you. Ako nga pala si R2.
Basically na-form na ang neighbor relationship nila, then since ito ay unang "formation" pa
lamang nila, kasunod na ipapadala ni R2 ang kanyang mga routing information in a form of
"update packets".
R2: Pareng R1, since magka-neighbor na tayo, ito ang mga routes ang iba pang routing
information na meron ako.
Then once na matanggap ito ni R1, ico-confirm naman niya ito in a form of "ack packets". Then
ise-send din ni R1 ang mga routing information na meron siya.
R1: Noted pareng R2. I got all the information! Eto naman ang mga routing information ko.
Catch!
R2: Got it R1. Thanks!
After this, the network was converged. EIGRP is running perfectly on the network. Ibig sabihin,
alam na ni R1 at R2 kung ano mga network at path na nasa kani-kanilang routing table. So
basically mag-populate na yung mga information sa neighbor table, routing table at topology
table ni R1 at R2.
Habang si EIGRP ay tumatakbo kay R1 at R2, periodically pa rin magse-send si R1 at R2 ng

"hello packets" sa isa't isa para malaman nila kung "up" or wala silang issue. Kumabaga "health
check" lang kung ok pa yung ka-neighbor nila.
At kagaya ng sinabi natin nung mga naunang parts, magsesend lamang ULIT sila ng routing
updates kung meron "changes" sa network. At tanging yung about lamang sa changes ang
ipapadala niya. Hindi kagaya ng RIP na every 30 seconds ay nagse-send ng buong routing
table information kahit wala naman changes. Gets ba mga idol? I hope I'm making it clear.
201
Additional info about EIGRP
Hopefully by this time, meron na kayong basic understanding kung ano at papaano gumagana
si EIGRP. Again, ang goal ng blog na ito is to help you understand the basic and fundamentals.
Aside sa mga na-ishare natin sa Part I, Part II, here are some other terminologies and useful
information na kelangan natin malaman about EIGRP. Here we go.
1. Advertise distance - ang tinatawag na advertise distance(AD) sa EIGRP ay ang "cost"

from neighbor to a destination
2. Feasible distance - si feasible distance (fd) naman ang total ng cost advertise distance
(AD) + cost betwen the local router and the next-hop router
3. Successor - Si successor ang primary route to reach a certain destination. Kumbaga ito
ang "best route" na naka-save sa routing table ni router na may EIGRP.
4. Feasible successor - ito naman yung backup route. Siya yung mag-tatake over if ever
magdown or mag-fail yung successor.
Note: Sabi ni Cisco, bago maging feasible successor ang isang route or path, kelangan mas
mababa ang AD kesa sa FD ng current successor route.
Take note mga idol, ang mga terms na ito ay madalas kasama sa exam. Pati rin sa mga
interviews. So mahalaga na maintindihan natin ang mga ito. Let's have a simple example para
mas maging malinaw.
So basically para mas maliwanagan tayo kung ano nga ba yung AD at FD, ito lang, pina-simpel
ko na.
Route: R1 > R2 > R4

AD: 50 (cost from neighbor to destination. So cost from R2 to R4. Kaya siya 50. Gets?)
FD: 90 (total nung AD + cost between local router and next-hop router. So yung AD = 50, then
cost nung local router which is R1 to nex-hop which is R2 na 40. Kaya naging 90. Gets na?)
202
Route: R1 > R3 > R4
AD: 70
FD: 130
Same computation lang din dito sa second example.
Ung sa successor naman at feasible successor, mag-cocompute lang ang mga router na may
EIGRP ng kanilang metrics. Which is na-discuss na natin sa Part II. EIGRP - Bandwidth and
Delay.
Alright, I think hanggang dito na lang muna ulit mga idol. I hope it all make sense. Salamat idol.
Cheers!
Lesson 15: EIGRP Part IV. How to configure EIGRP.
Today, let's talk about how to configure EIGRP. This is the Part IV of the EIGRP series that we
have.
Kung hindi niyo pa nababasa yung first three parts, I suggest balikan niyo muna para mas
maintindihan niyo itong part na ito. If you're ready, let's go!
How to configure EIGRP protocol
Kagaya nga ng unang mga discussion natin, we're just sharing the basic dito sa blog para
maintindihan ng nakararami ang basic at fundamentals.
Once na ma-gets natin ang concept kung paano ito gumagana mas madali natin maiintindihan
ang mga advance at iba pang mga related na topics. Simulan na natin idol.
203
Makikita niyo sa taas ang ating sample diagram. Meron tayong 3 routers na connected sa isa't
isa.
Walang existing routing protocol sa kanila kaya hindi nila na-rereach ang network ng bawat isa
maliban sa mga directly connected interfaces.
So base sa ating diagram, ito ang ating mga given.
Ok sa basically ang goal natin is to route each network using EIGRP. Ibig sabihin, once ma-
kumpleto natin ang configuration, dapat each network can ping or connect dun sa ibang
network.
For example, from R1 inside network to R2 inside network. Right now, hindi natin ma-rereach
yung inside network ni R2 from R1 and vice versa. I used loopback interfaces para sa inside
network ni R1 and R2.
204
Since wala pa tayong routing na na-configure, ang tanging makikita lang natin is mga directly
connected routes from each router. Again we can use, show ip route command to check the
routing table.
205
Ok, so let's do the configuration.
Una natin i-config ang mga interfaces. Again, I used loopback interfaces para mag-represent sa
mga inside network.
Nilagyan ko ng mga description ang bawat interface para alam natin kung kanino ito naka-
connect. In real world, nakakatulong ito sa pag-totrooubleshoot at siyempre sa paghahanap
kung sino ang naka-connect para kanino.
Bukod sa description, kung makikita niyo meron tayong bandwidth statement or settings sa
kada interface. Ito ay dahil nga ang metrics na ginagamit ni EIGRP ay bandwidth and delay.
Ibig sabihin, kung meron 2 or more possible path from a source to destination, i-cocompare at i-
cocompute niya ang bandwidth and delay ng mga naturang path(interfaces) para makita niya
kung aling ang best path papunta sa destination.
Later, makikita natin kung pano ito nangyayari in action when we check the routing table. Or you
can check na bandwidth and delay lesson again.
Meron na tayong config para sa mga interfaces, let's do the EIGRP configuration for each
router.
206
Again dapat pare-pareho sila ng AS number. Yung no-auto summary naman is para hindi niya i-
summarize ang network sa default class nito.
Gumamit din ako ng wild card mask para maging specific si EIGRP. Ibig sabihin, yung config na
172.30.1.0 0.0.0.255, titignan niya yung first 3 octets(172.30.1), kelangan same siya diyan.
Then yung last octet is anything from 1 to 255 na. Napag-aralan natin yan sa IP addressing mga
idol.
After putting those configuation mga idol, makikita niyo na nabuhay na si EIGRP sa mga
routers. Na-detect na ng mga router na meron ibang router in the same autonomous number
(number 10) na gustong maki-pag neighbor sa kanila. New adjacency has been formed. Gaya
nga ng nabanggit natin sa EIGRP operation. See below.
207
Given this configuration, meron na tayong EIGRP running sa ating network. In fact, I can now
ping or reach R2 inside network from R1 and vice versa. Which is unreachable kanina. See
below.
Ok, so now we're good sa configuration. Basically from here, we're done. Ibig sabihin, naka-
pagsetup na tayo ng routing sa ating network using EIGRP.
Kung tama ang setup natin, dapat each network can now reach or connect to the other
networks.
Kung kanina before tayo mag-config, hindi natin na-rereach ang mga network na yan, ngayon
we're good. Ibig sabihin, tama ang configuration natin ng EIGRP.
Like what we discuss on previous parts, we can check EIGRP status and get additional details
by using the following commands.
208
To check EIGRP topology
We can use the following command.
#show ip eigrp topology
Dito sa EIGRP topology table makikita natin ang mga possible routes and path palabas kay R1.
Na-identify na rin niya kung alin ang successor and then na-compute ang FD or feasible
distance ng bawat routes. We already discuss this on previous EIGRP lessons.
To check EIGRP neighbors
#show ip eigrp neighbors
Dito naman sa EIGRP neighbor table makikita ang mga routers na naka-peer kay R1 via
EIGRP. So sila sina R2 at R3.
209
To check the routing table
#show ip route
And of course, dito sa routing table makikita natin ang mga routes for each network or subnet.
Then yung basic information about sa next hop IP address or next hop interface nila kung saan
dadaan yung traffic. Yung sign na C stands for connected routes and then D is for EIGRP gaya
ng di-niscuss natin before.
To check the information in R2 and R3, you can use the same commands. Pakibalikan na lang
yung EIGRP tables kung gustong ire-refresh kung para san at ano nga ulit itong mga EIGRP
table na ito. Gotcha mga idol?
Alright mga idol, I hope by this far naintindihan niyo na at nasubukan kung paano mag-configure
ng EIGRP. This is just the basic. Pina-simple ko na sa pinaka-simpleng paraan para sa inyo.
Hehe.
Hindi naman ganun kahirap, sabi ko sa inyo basta na-gets niyo ang basic at fundamentals
madali niyo ng maiintidihan ang mga advance na mga related topics. Dun lang din iikot yun mga
idol. Hanggang dito na lang muna ulit.
Until next time. I hope this has been informative, cheers!
210
Lesson 16: BGP Part I. Basic understanding of BGP protocol
Howdy mga idol, today we're moving to another topic at ito ay ang basic understanding of BGP
protocol. As you already know, basic BGP protocol will be included in the CCNA v3.0 exam. So
I think makakatulong ito if you're planning to take the CCNA v3.0 exam.
And of course, we will focus on the basic and fundamentals dito sa blog para magkaroon ka ng
knowledge foundation. Oks ba? Let's go!
What is BGP protocol?
Ang BGP is a short-term for Border Gateway Protocol. Ito ay isang EGP or external gateway
protocol. Ibig sabihin, most of the time, ito ay ginagamit for external routing gaya ng internet. In
real world, ang mga ISP to ISP ang karaniwang gumagamit ng BGP protocol. Kasama na rin
ang Enterprise to another Enterprise or Enterprise to ISP connection.
Example: PLDT to ATT - connected at nagkikita sila using BGP. Ibig sabihin nagpapasahan sila
ng mga routes using BGP protocol. Ganun din sa mga enterprise like let say Company A to
Company B or Company A to PLDT - most of the time they are also connected through BGP.
Ang BGP rin ang pinaka-malaki at pinaka-mabagal na routing protocol. Bakit? Kasi nga it
contain lots and lots of routing information or routing database. Ang main purpose ng BGP
protocol is to exchange summaries of network routes on internal or external routing domain or
autonomous system.
Just imagine mga idol sabi sa internet, today the internet itself BGP routing table holds more
than 300,000 active forwarding entries at ito ay summarization of over 2 billion addresses.
Imagine kung wala summarization di ba?
Kapag pinag-usapan ang BGP mga idol, laging kasama sa usapan ang AS or autonomous
system. Bakit? Kasi nga BGP routes address summaries through AS. Ang AS din ang ginagamit
ni BGP as their hop count. Kung si RIP is router or device ang binibilang for its hop count, si
BGP ay gumagamit naman ng AS or autonomous system number.
Let's have a recap.
What is an AS or Autonomous system number?
In a nutshell, ang AS ay assigned number sa bawat organization. Bawat organization ay meron

kanya-kanyang internal AS or/at public AS. On part of the malalaking enterprise at ISP or
service providers, public AS ang ginagamit nila to connect to other external organizations or
companies which is registered and assigned by IANA(Internet Assigned Numbers Authority) sa
mga RIRs(Regional Internet Registries).
Remember the public and private IP addressing topic na pinag-usapan natin before? It is
somehow the same for AS. That's the basic for AS and AS numbers mga idol. Pwede mo rin
icheck itong FAQ ng APNIC about AS number for additional information.
Ok, sa balik tayo sa basic ng BGP protocol.
211
ISP and Enterprise BGP
In it's most basic configuration, BGP ay maihahalintulad natin sa isang distance vector routing
protocol(like OSPF). Each network which is advertised was selected by choosing the shortest
path. At gaya nga ng nabanggit natin, BGP uses a path (AS path - autonomous system) as hop
count.
AS-path ang karaniwang ginagamit na metric or attribute ni BGP in most cases. Pero may iba
pang BGP metrics na mga ginagamit din sa BGP, we'll have that later.
Let see a basic example.
Let say sabihin natin na si PLDT ay may AS na 12345 and then si Globe naman is 54321. In
order for PLDT na ma-reach ang network ni Globe, it needs to have a route with AS-path of
54321. Ibig sabihin, kung meron target destination si PLDT papunta kay Globe kelangan na
naka-route ito sa AS ni Globe na 54321.
Kung from Globe to PLDT naman, Globe must have a route to AS-path 12345 to reach certain
network in PLDT. Ganun din sa iba pang ISP na may kanya-kanyang AS. Gets mo idol? I hope
it's clear.
Sa ating sample image sa taas which I got from the internet, makikita natin na meron tayong 3
ISP. Ito ang malalaking internet service provider sa US at pati na rin sa buong mundo. So sa
ating sample si AT&T ay may AS na 1, AS 2 kay Verizon at AS 3 naman kay Level 3.
212
Let me explain.
From ATT side, para marating ko ang network ni Verizon na 10.0.0/8, I have 2 ways. Number#1
is I can go directly to AS 2(Verizon) or number#2 I can go first through AS 3(Level 3) then AS 2
(Verizon). So kahit gano pa kadami ang router sa loob ng network ni Level 3 at Verizon, I only
need 2 AS-path to get there kung kay Level3 dadaan. At 1 AS-path naman kung deretso kay
Verizon.
Isa pang sample using the same image.
From Verizon, para marating ko ang network na 172.16.0.0/16 na network kay Level 3 I also
have 2 ways. #1 is thorugh AS 1(AT&T) and AS 3(Level 3) and then #2 is directly to AS(Level
3). Gets mo idol? Remember on that AS, maraming routers at devices ang dadaanan pero it
doesn't matter. BGP only looks for AS path as their hop counts.
So basically ganun din sa iba pang sample IP sa ating sample image. In real world, almost
same thing din ang ngyayari. So every ISP all over the world will exchange routes via
BGP(having different and unique AS) para marating ang isang destination address.
Ganun din sa malalaking company at mga enterprise. They are peered via BGP sa kanilang ISP
and other business partners para mai-route papunta at galing sa kanila ang mga kailangan
nilang source at destination.
On the other hand, sa ating mga normal at pang-karaniwang customers like mga residential,
hindi na natin nakikita or iniintindi ang mga ito. Why? Kasi nga si ISP na natin (either PLDT or
Globe in Philippines) na ang bahala mag-route papunta sa mga destination IP na gusto natin i-
browse.
Let say for example, ang ISP ko is PLDT and I want to connect to facebook.com. My home
router will just forward that request sa internal network ni PLDT, then inside PLDT doon
nangyayari ang BGP routing to public internet. Maybe PLDT is peered with AT&T, Sprint, Level
3, Verizon etc. via BGP din.
So basically, my request will find the way via PLDT para hanapin kung saan "best path" at ano
anong mga AS ang dadaanan para marating si facebook.com. Pwedeng dumaan kay AT&T
tapos Sprint then Level 3 tapos Verizon bago nakarating sa data center ng Facebook sa U.S na
connected din sa kanilang ISP.
Then it will be routed back through the same process. Dadaan ulit sa mga ISPs through their AS
para makabalik kay PLDT and then sa laptop ko. That way, naka-connect na ako ngayon kay
facebook.com.
Gets mo idol? Tayong mga network engineers lang ang karaniwang nakaka-intindi ng ganyang
process in the background. Ang mga karaniwang users or end users hindi na nila alam or
inaalam ang mga yan.
Sa mga enterprise naman, they are exchanging routes din via BGP kung sila ay may mga
services na connected at dumadaan sa public internet. Or meron silang mga business partners
na kelangan mag-connect thru BGP.
213
A good example is a BPO or call center company. So for example they have business partners
who are using different AS na kelangan maka-connect sa kanilang network, they will use BGP
to exchange routes. You can also check how BPO or call center manage their data network on
this article.
In a basic example mga idol, si Company A ay makikipag-peer kay Company B at magpa-

palitan sila ng routes. So yung router ni Company A magse-setup ng external BGP ganun din
yung router ni Company B. Then kapag tama ang setup, each company can exchange routes
back and forth.
Magiging BGP peers or neighbors na sila. At siyempre yung mga kailangan at specific routes or
subnets lang ang kelangan mong i-advertise sa other company.
Pwede nating makita ang lahat ng ating BGP peers or neighbor using the command #show ip
bgp summary.
Or pwedeng yung mismong neighbor lang gamit ang command na #show ip bgp neighbors
[neighbor IP].
Then we can also check kung anong route ang ina-advertise ng other company sa atin using
the command #show ip bgp neighbors [neighbor IP] received-routes.
Tapos pwede din natin ma-check kung ano ang mga routes na ina-advertise naman natin sa
naturang peer or neighbor using the command, #show ip bgp neighbors [neighbor IP]
advertised-routes.
Lahat ng ito ay manual natin ginagawa at kino-configure sa BGP protocol configuration. Ganun
din yung ka-peer natin na router.
On later part, we will have detailed sample on BGP configurations. We will also talk and have
more examples sa mga commands at scenarios.
Let's continue.
Usually si BPO or call center is connected din sa multiple ISPs para sa kanilang redundancy or
to reach their other sites and branches. This way they are also peered and exchanging routes
sa ISP via BGP para marating ang target destination na kailangan nila through internet man or
through other business partners.
So sa malalaking enterprise, they are peering via BGP sa mga ISP. Hindi katulad ng setup sa
residential or mga bahay natin na automatic na nagro-route, in enterprise setup manual
ginagawa ang mga routing. Manual kino-configure ang mga device.
Basically ang mga enterprise is using IGP(interior gateway protocol like RIP, EIGRP or OSPF)
inside their internal network then BGP naman when connecting outside or externally.
Take note again mga idol, bukod sa AS-path meron pang ibang metrics or attributes si BGP na
ginagamit to select the best path. Ito ang mga sumusunod.
214
BGP protocol attributes
So when BGP protocol is configured, yang mga attributes na yan ang tinitingnan ni BGP to look
for the best path to reach the destination. Basically it will compare its attributes at kung pareho
man or tie sila ng values it will go down the line to tie break the values gamit ang ibang
attributes.
For example ang BGP peer ay nag-tie ng "weight", ang next na titingnan at ico-compare niya is
"Local Preference" then kung tie pa rin yung origin type naman ang iche-check niya. Then "AS-
path"(karaniwang ginagamit) then kung tie pa rin it will just go down until it breaks the tie. Then
at that time, it will find its best path.
Ito yung pina-simpleng process ng BGP protocol path selection.
215
In the coming articles, we will have more sample mga idol para mas maintindihan pa natin ang
basic at fundamentals ng BGP protocol. For now, hanggang dito na lang muna tayo.
Alam niyo mga idol, all these process are happening in the background in a matter of seconds.
Eh bakit ang bilis natin maka-connect kung ganun kadami at kabagal ang nangyayari sa
background? Simple lang idol, all these routes are saved and cached already sa router ng isang
Enterprise or mga ISPs. Yay!
Kapag nag-converged na ang mga BGP nila, alam na ng mga routers ng bawat ISP kung
papaano mararating ang bawat AS. They are saved in the routing table or routing database of
each routers. Mag-uupdate na lamang ito kapag meron new updates.
Wheew! Ang haba na idol. Nasulit mo na naman ang oras ko. You should've treat me pizza and
beer! Haha. Anyway, that's just how BGP protocol works mga idol. In the most simplest form.
The basic and fundamentals.
I hope naintindihan at kahit papano ay may natutunan ka. Paki-share na rin sa iba ha. Until next
BGP session. Cheers!
Lesson 17: BGP Part II. Basic understanding of iBGP and eBGP
Welcome back idol, today pag-uusapan naman natin ang basic ng internal BGP or iBGP and
eBGP or external BGP.
If you haven't read the Part I Basic understanding of BGP protocol, paki-balikan na lang.
Owkidoki?
When we talk about BGP protocol, meron tayong tinatawag na iBGP and eBGP. So basically
here's the major difference:
1. iBGP - BGP routing in the same AS or autonomous system number
2. eBGP - BGP routing in different AS
Let's elaborate.
Internal BGP or iBGP
Kapag ang BGP ay within the same AS, ito ay tinatawag na iBGP. Let say sa loob ng network ni
PLDT, meron silang magkaka-peer ng mga router using BGP. Since they are all using PLDT's
AS or nasa loob lamang sila ng AS ni PLDT, it is called iBGP.
Ganun din sa mga enterprise na gumagamit ng BGP within their organization, since the BGP is
in the same AS, it is an iBGP. As you can see sa ating sample image sa baba, BGP are setup in
routers R1, R2 and R3 in AS 1.
216
San ginagamit at bakit meron pang iBGP?
In most cases idol, ang iBGP ay ginagamit to distribute the BGP routes from outside(eBGP) to
the internal network. So from outside(eBGP) to inside network(iBGP) and internal routing
protocol(IGP) gaya ng RIP, EIGRP at OSPF. Kumbaga si eBGP ay ipapasa ang mga route
papasok sa network thru iBGP.
Eh meron namang IGP like(EIGRP or OSPF or RIP) na pang internal bakit kelangan pa ng
iBGP?
Ganito idol, since si external BGP ang pinaka-malaking routing protocol sa lahat, it is imposible
na ma-hold at ma-process ng mga IGP protocol ang mga routes kung sila ang gagamitin natin.
It can break or cause outage sa network. Why? Kasi nga eBGP holds thousands and thousands
of routing information lalo na't dumadaan sa internet. Malamang sa malamang ang IGP protocol
may not able to hold and process them properly. Gotcha?
Some rules in iBGP.
1. Routes learnt from One iBGP Peer cannot be advertised to another iBGP Peer
Since si iBGP ay nasa iisang AS lamang, it will cause a loop kung i-aadvertise ng both iBGP
peers ang kanilang mga AS na pareho lang naman. So sa iBGP, AS-path is not added on the
advertisement ng mga network summaries sa router since pareho lang naman sila. Remember
sa BGP protocl Part I, pinag-usapan natin na na-aadd ang AS kada route advertisement? So sa
iBGP hindi.
Para naman maiwasan ang loop, iBGP uses the following.
A. Full Meshed Topology
Ibig sabihin each router na part ng iBGP is kelangan mong i-connect sa isa't isa. Or kelangan
mong mag-form ng iBGP sa lahat ng mga naturang routers. Ang formula na provided is N(N-
1)/2 IBGP sessions.
N is the n0. of routers. Ibig sabihin, kung meron kang 15 routers, meron ka dapat 105 iBGP
sessions(15(15-1)/2)). Why? 15 x (15-1) / 2.
So (15 x 14) / 2. 210/2 = 105. Gets idol?
217
In a nutshell, kung gagamit tayo fully meshed iBGP, it will look like this.
Kaso this option is not feasible kung marami kang routers na kelangan maging part ng iBGP.
Bakit? Siyempre it will take time to configure and manage all those routers. Dito pumapasok si
#2 which is using route reflectors.
B. Route Reflectors
In this case, hindi na natin kelangan i-peer ang mga routers manually in iBGP. I mean ng isa-
isa.
iBGP are established on a central point. At ang central point na ito ay tinatawag na route
reflector. Then ang mga other iBGP routers ay tinatawag naman na route reflector clients.
Using route reflector, it will look like this.
Mas malinis, mas organized at mas maayos di ba? At siyempre mas konting trabaho. Ang route
reflector ay almost the same concept sa DR and BDR ni OSPF kung saan sa kanya nag-sesend
218
ng updates ang mga peer(client) and then siya yung nagpapasa at kumukuha ng updates
naman sa ibang BGP route reflector din. Gotcha idol?
2. Rule of Synchronization: For A Route to be learnt from an iBGP neighbor, it must first
be known via an IGP. Any route learnt from iBGP is entered into the routing table only if
that route is first learnt by an IGP.
Dito naman sa rule na ito, it only means na bago ma-learn ni iBGP neighbor ang routes
kelangan muna na merong IGP na existing sa routing table para sa naturang route or subnet.
So basically sisilipin ni iBGP si routing table ng naturang router kung meron na existing route sa
routing table using IGP like RIP, OSPF, EIGRP or Static route bago niya ito i-advertise sa iBGP.
Most of the time, gumagawa muna ng static route and then tska gumagawa ng iBGP peering.
That way, that route or network ay nag-eexist na sa routing table at makikita na ni iBGP.
That's some of the basic and fundamentals about internal BGP or iBGP mga idol. I know medyo
nakakalito pero I'm sure pag inulit-ulit niyo makukuha niyo rin yan. Owki? Let's move on.
External BGP or eBGP
Gaya nga ng nabanggit natin, si eBGP or external border gateway protocol naman ay for BGP
connection with different AS. In most cases, ito yung peering natin sa ISP natin or sa ibang
organization thru BGP.
Dito naman sa ating eBGP sample, makikita natin ang eBGP on how in connects to the
network. So basically ito yung peering from other AS either ISP or other company. Gets mo
idol?
Example ulit: Company A(AS 12345) peered to PLDT(AS 54321). Since they are on different
AS, it is an eBGP.
Si eBGP kelangan is directly connected kapag nag-coconfigure tayo. Ibig sabihin yung ka-peer
mo na router or gustong maki-BGP neighbor sayo is dapat merong actual na connection sa isa't
isa.
219
For example, router ni Company A to router ni PLDT, they need to be directly connected before
an eBGP can form. So sa real world ang nangyayari is mag-sesetup si PLDT or ISP mo ng
connection papunta sa building niyo hanggang MDF then they have their device on your
premises.
So yung device nila na yun, na naka-kabit sa network ni PLDT and iko-connect naman sa router
ni Company A para maging directly connected sila. Then tsaka mag-iimplement ng eBGP.
Remember dun sa article natin na how a BPO manage their data network? Andun yun idol.
Kung si eBGP peer ay kelangan meron direct connection, si iBGP ay not hindi required as long
as meron existing route or logical connection sa kanila. Anong ibig sabihin nun? Gaya nga nung
nabanggit natin sa iBGP, kelangan muna merong existing route sa routing table bago ma-
implement si iBGP di ba?
So as long as meron nun, we can form iBGP at hindi sila kelangan directly connected sa isa't
isa. Moving on, we will have some samples.
When we are dealing with ISP or other Enterprise na business partner natin, most likely eBGP
ang pinag-uusapan natin. Kasi nga, we're on different AS. So basically ang common setup is:
ISP <> eBGP <> Comapny <> iBGP <> IGP(OSPF, EIGRP or RIP) or
Comapny A <> eBGP <> Comapny B <> iBGP <> IGP(OSPF, EIGRP or RIP).
Ibig sabihin, from outside we connect via eBGP to our ISP or business partner. Then para mai-
advertise natin siya sa internal network natin, normally gumagamit ng iBGP to get the network
advertisement from eBGP. Usually mga dito ginagamit yung mga route-map, prefixes and
access-lists. We'll have that in the future.
Once na na-advertise na natin to sa iBGP, tsaka natin i-aadvertise ulit thru internal gateway
protocol gaya ng RIP, EIGRP or OSPF.
Then pag-palabas naman ng network, same lang din pero siyempre pabalik naman ang
nangyayari.
Here's some sample image of iBGP and eBGP.
220
Malinaw naman siguro ang illustration sa ating sample mga idol di ba?
Bale si AS 1 and AS 2 nagru-run ng iBGP inside their network. Then magka-peer din sila thru
eBGP. Bukod dun siyempre they have their own ISP para maka-connect sa external world at sa
internet at ito ay connected rin thru eBGP. Gets na? Kung hindi pa, basa ulit. :-)
Alright idol, I think hanggang dito na lang muna ulit para mag-sync in at hindi mag-over load.
Sana kahit papano ay nadag-dagan ang inyong kaalaman.
Lesson 18: BGP Part III. Basic BGP configuration
Howdy idol, we're done sa Part I at Part II ng BGP and today we're moving to part III.
On this lesson, we will do some basic BGP configuration and see how it works in action. Sit tight
mga idol. Ready ka na ba? Tara sakay na! :-D
How BGP select Paths
Kagaya nga ng na-discuss natin nung Part I mga idol, si BGP is gumagamit ng "attributes" para
makapag-decide kung alin aling path and dadaanan from a source to destination. Kapag meron
multiple routes going to the same destination, ang pipiliin ni BGP is yung "best route" para
marating ang naturang destination. Gets ba idol?
To recap yung nadaanan natin nung Part I, this is how BGP decides kung alin ang magiging
best route from a source papuntang destination.
So basically, from top to bottom mag-cocompare lang siya ng values and then kung tie, it will go
down the line until ma-break niya yung tie. Please take note mga idol na ang mga BGP
attributes na ito ay configurable.
221
Ibig sabihin, pwede natin baguhin ang mga default values nila para ma-customize ayon sa ating
pangangailangan. Later we'll see kung papaano ito binabago to influence the route sa BGP.
Ok, so let's see some action mga idol. Let's do some basic BGP configuration para makita natin
kung papaano ito ginagamit at gumagana.
Again gaya ng lagi kong sinasabi, ang goal ng blog na ito is to help you understand the basic
and fundamentals. So we're always more on basic and fundamentals topics. Ok idol? Let's do it.
Before we can use the BGP protocol, kagaya din ng ibang routing protocol na dinaanan natin,
kelangan muna natin itong buhayin or i-turn up.
At gaya din ng ibang protocol, we just need to use a simple command to enable the BGP, peer
with the neighboring router and then advertise yung network na gusto natin maging part ng
BGP.
Let's have a quick overview.
1.Router(config)#router bgp [as-number]

2.Router(config)#neighbor [neighbor IP address] remote-as [AS #]
3.Router(config)#network 192.168.100.0 mask 255.255.255.0
Sa command sa taas, makikita natin na (#1)ini-enable ko ang bgp process, then after that
(#2)inaya ko yung neighbor device ko kasama ang kanyang AS na mag-peer kami and then last
is (#3)ini-advertise ko si 192.168.100.0/24 para maging part ng naturang BGP.
On that scenario, nakapag-enable na tayo ng BGP mga idol. Pero sympre that's only the basic.
Marami pang mga BGP statements are idinadagdag diyan to customize and to fully control the
BGP configuration.
To see it in action, let's have a basic BGP configuration sample.
So dito sa ating simpleng network diagram meron tayong two different routers and AS. Si R1 na
nasa AS 123 at si R2 na nasa AS 456. Each router ay meron din loopback interface to
represent an internal network.
So sa R1 meron tayong internal network na 1.1.1.0/24 and then kay R2 naman is 2.2.2.0/24.
222
Initial BGP configuration
R1
interface fa0/0
description R1 fa0/0 to R2 fa0/0
ip address 192.168.12.1 255.255.255.0
no shutdown
exit
interface loopback 0
ip address 1.1.1.1 255.255.255.0
exit
!
router bgp 123
neighbor 192.168.12.2 remote-as 456
end
R2
interface fa0/0
description R2 fa0/0 to R1 fa0/0
ip address 192.168.12.2 255.255.255.0
no shutdown
exit
interface loopback 0
ip address 2.2.2.1 255.255.255.0
exit
!
router bgp 456
neighbor 192.168.12.1 remote-as 123
end
Ok so dito sa initial configuration natin, we just configure the interface fa0/0 ng parehong router.
Nag-assign tayo ng IP address sa kanila and then we turn up that interface.
Nag-create din tayo ng loopback interface para nga mag-represent sa internal network of each
router.
We also turn on BGP process on both routers. Then nakipag-peer tayo sa neighbor natin(so si
R1 kay R2 and vice versa) gamit ang kanilang IP at remote AS.
Ok, let me try to ping R2's internal network from R1.
R1#ping 2.2.2.1

.....
Success rate is 0 percent (0/5)
Hindi niya nare-reach. Try din tayo kay R2 papunta naman kay R1.
223
R2#ping 1.1.1.1

.....
Ayaw rin.
So what I did next is ini-advertise ko yung internal network ng parehong router. Isinama ko sila
sa bgp statement.
Kasi remember, nakipag-BGP peer lang tayo kanina from R1 to R2 and vice versa pero wala
naman tayong ini-advertise na network inside the BGP diba. So ganito ginawa ko.
R1#conf t
R1(config)#router bgp 123
R1(config-router)#network 1.1.1.0 mask 255.255.255.0
R2#conf t
R2(config-router)#network 2.2.2.0 mask 255.255.255.0
This time, pinasok ko lang yung bgp id or bgp process ng parehong router and then ini-add ko
yung network advertisement para sa loopback ng parehong router.
So kay R1 ini-advertise natin si 1.1.1.0/24 at kay R2 si 2.2.2.0/24 naman.
After ko ma-advertise yung internal network for each router, I did a ping test again.
R1#ping 2.2.2.1

!!!!!
R2#ping 1.1.1.1

!!!!!
We're all good na. Basically we're routing each network via eBGP kasi they are located in
different AS.
224
We can also verify using some basic BGP commands.
R1#show ip bgp summary

BGP router identifier 192.168.12.1, local AS number 123
BGP table version is 7, main routing table version 7
2 network entries using 234 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 734 total bytes of memory
BGP activity 4/2 prefixes, 4/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.12.2 4 456 80 82 7 0 0 01:11:08 1
Dito sa BGP summary table, makikita natin kung sino ang BGP neighbor natin, AS niya,
Up/Down history at iba pang BGP information.
So bale to from R1, naka-BGP peer ako kay 192.168.2.2 to kaya ko nare-reach yung internal
network ni R2. Makikita rin natin ang BGP information ng router natin sa bandang taas.
R1#sh ip bgp
BGP table version is 7, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 2.2.2.0/24 192.168.12.2 0 0 456 i
Makikita rin natin dito sa BGP table ang mga iba pang BGP information. Kung mapapansin niyo
yung sa baba, we reached 2.2.2.0/24 network thru 192.168.12.2(which is yung BGP peer nga
natin). Then ang AS path niya is 456 which is yung AS ni R2.
Kapag naman sinilip natin ang routing table ni R1, here's what we got.
R1#sh ip route bgp

2.0.0.0/24 is subnetted, 1 subnets
B 2.2.2.0 [20/0] via 192.168.12.2, 00:22:00
So sinasabi rin dito na we reach 2.2.2.0 network via our BGP peer.
Ok, so this is for R1. Kapag sinilip natin si R2 pareho lang din since same naman tayo ng config
at nagkaka-iba lang sa values. Hindi ko na isasama para hindi masyadong mahaba.
225
This is just a basic BGP configuration. Pinaka-simple na 'to. On real world, marami pang mga
BGP statement at configurations ang ginagamit to fully control and manipulate the traffic via
BGP.
I hope you get it idol. I made it very simple as I can. Now, let's continue.
Let's have some more.
iBGP and eBGP configuration
Ok, so para mas ma-illustrate pa natin ng maayos at para mas maging malinaw para sa ating
ang basic BGP configuration. We have another simple example.
As you can see mga idol, we have R1 and R4 in AS 64520 and they are peered via iBGP(the
same AS). Ganun din sina R2 and R4, connected din sila thru iBGP since pareho din silang
nasa AS 64530.
And then sina R3 and R4 ay connected naman thru eBGP since they are on a separate AS.
Ang goal natin is magkaroon ng connectivity ang dalawang internal routers(R1 and R2) or
internal networks nila. So basically dapat ma-reach ni R1 si R2 and vice versa.
Then we will have some test kung successful tayo. Ready? Let's do this!
226
Initial configuration
So sa ating image sa taas ang initial configuration ng bawat router. Tinurn up natin ang mga
kaukulang interfaces and then nag-assign tayo ng IP address at subnet mask sa kanila base na
rin sa ating diagram sa taas.
We also turn on the BGP process. Gaya nga ng nabanggit natin sa umpisa kanina, we use the
command router bgp and then a certain number, usually the AS number.
After that, we initiate peering with our neighbor naman gamit ang command na "neighbor
[neighbor I.P] remote-as [as #]". So basically kung alin yung gusto maka-BGP, dun tayo nag-
iinitiate ng peering.
And then last, nag-advertise tayo ng network na gusto natin maging part ng BGP using the
command "network [I.P address or subnet] [mask]". So simple lang naman, I hope you get
this mga idol.
Ok, so tapos na tayo sa configuration. Let's do some verification para makita natin kung anong
meron sa BGP natin. Let's go.
R3#show ip bgp neighbors

BGP neighbor is 10.0.0.2, remote AS 64530, external link
BGP version 4, remote router ID 192.168.100.1
BGP state = Established, up for 00:20:11
227
... output ommited ...
BGP neighbor is 192.168.0.2, remote AS 64520, internal link

So in R3, makikita natin na established na yung BGP state ng peers natin. Sa pareho ha,
iBGP(internal) para kay R1 and then eBGP(external) para kay R4.
Let's check R1.
R1#sh ip bgp neighbors

BGP neighbor is 192.168.0.1, remote AS 64520, internal link
... output ommited ...
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/24 is directly connected, FastEthernet0/0
As you can see kay R1, we only have the directly connected routes. Wala tayong nakikita na
external route.
Dito sa R1, isa pa lang ang nakikita niyang BGP neighbor at ito ay yung iBGP lamang or
internal(R3). Yun ngang nasa taas.
Then kapag nag-check din tayo ng routing table ni R1 gamit ang "show ip route" na command,
wala ring nakikitang route papunta sa R2, which is our goal.
At siyempre since wala siyang route, hindi natin mare-reach si 192.168.100.0/24 network. Ang
ping ko kay 192.168.100.2 ay siyempre hidn magsusucceed.
R1#ping 192.168.100.2

.....
228
So walang tayong route papunta sa 192.168.100.0/24. Bakit?
Ganito idol.
Si R4 kasi na external router ay merong update source address na 10.0.0.2. That case, walang
idea si R1 on how to get to 10.0.0.0 network kaya hindi siya na-aadd sa routing table ni R1.
Kaya walang lumalabas sa show ip route natin kay R1.
So pano natin ito mare-resolve?
Dito pumapasok yung tinatawag natin "next-hop-self". Ibig sabihin lang, ang BGP router na
meron naka-config n next-hop-self is i-aanounce niya sa ibang BGP peering na siya ang gawing
next-hop at update source.
In our case, para marating ni R1 ang network ni R2, kelangan natin mag-configure ng next-hop-
self command kay R3 at pati na rin kay R4 para in case naman na kailgaan ni R2 papunta kay
R1.
Let's add the configuration to R3.

R3(config-router)#neighbor 192.168.0.2 next-hop-self
R3#
Basically ang meaning ng sa command sa taas, pinuntahan ko lang si BGP 64520 and then I
told to BGP process that for neighbor 192.168.0.2, I am the next hop. So in layman's term, siya
ay nag-taas kamay lang na siya ang gawin source update for that neighbor.
At siyempre ganun din kay R4, kelangan din natin mag-add para naman ma-reach din ni R2 si
R1 using it's IP address.

R4(config-router)#neighbor 192.168.100.2 next-hop-self
R4#
Same thing lang din idol niyang nauna. Ok so let's verify and check again.
R1#sh ip route
229
B 192.168.100.0/24 [200/0] via 192.168.0.1, 00:08:30
After natin ma-add ang next-hop-self, makikita natin na si R1 ay meron ng route papunta kay R2
via BGP. At ito ay sa pamamagitan ni R3(fa0/1).
Ok, so after natin ma-add ang next-hop-self option kay R3 at R4. I can now ping R2 from R1
and vice versa.
R1#ping 192.168.100.2

!!!!!
R1#ping 192.168.100.2 rep 50

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
On R2's part ganun din, after ko ma-add ang next-hop-self kay R4.
R2#sh ip route
B 192.168.0.0/24 [200/0] via 192.168.100.1, 00:03:31

R2#ping 192.168.0.2

!!!!!
R2#ping 192.168.0.2 rep 50
230
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The route papunta kay R1 ay nasa routing table na at siyempre, napiping na rin natin si R1 from
R2. And from R2 to R1. Ganun din from the R2 side. In short, we're successful sa ating goal.
That's it pansit!
I hope you learn the basic BGP configuration on this article. As I mentioned, BGP is large and
complex protocol. It would take time to discuss and learn it pero once you know the basic, yun
na yung simula.
Isa pa, basic BGP configuration lang din naman kasama sa exam eh kaya no need to worry. I
think this three part article is enough.
Practice at ulit ulit lang idol, in time makukuha mo rin yan. Until next lesson, cheers!
231
CHAPTER V. WAN TECHNOLOGIES
Lesson 1: Introduction to WAN or Wide Area Network

Idol, we're moving to Chapter IV of our CCNA Basic and Fundamentals ebook. Dito sa chapter
IV, pag-uusapan at idi-discuss natin ang tungkol sa WAN or Wide Area Network Technologies.
This will be a good opporunity to learn the basics para na rin sa exam at siyempre para
magkaroon tayo ng idea how it works in the real world.
Pag-sinabi natin WAN or Wide Area Network, ito ay binubuo ng multiple sites or locations na
connected sa ating network. Think of a collodge campus with different buildings or a company
with different branches or sites. It's like a normal LAN pero in a large scale kumbaga.
In WAN, we're connecting sites or branches in different locations and letting them communicate
inside our network. Kumbaga ine-extend natin yung location at sakop ng network natin. So hindi
lang siya limited sa isang room, building or lugar. Through the use of WAN technologies na idi-
discuss natin, na-coconnect natin ang mga ito without being accessible outside or to the public
internet.
Again, we're going to talk about the basic and fundamentals to help us understand how it works.
Excited nako idol, let's get this started!
How WAN connects different sites or branches?
Kung nabasa niyo sa blog yung article na how call centers and BPO handle their data network,
siguro ay kahit papaano naman ay may idea na kayo how multiple branches or multiple sites
inter-conncted through WAN. But let me give you again the basics.
A company or organization connects in their different branches thru WAN. Since imposible or
mahal na may-latag sila ng mga cables sa kalsada papunta sa kanilang remote branches or
site, nakiki-padaan or nakiki-gamit sila ng connection sa mga ISP or internet sevice providers.
At siyempre ito ay may bayad. Mahal! Haha.
Let's see an example.
232
Makikita niyo sa ating sample image sa taas, meron tayong multiple branches or office
locations. Sila ay connected sa isa't isa thru WAN. At gaya nga ng sabi ko, ito ay sa
pamamagitan ng ISP or mga Internet Service Providers.
So the usual scenario is, yung device ni ISP is connected sa device ng company or
organization. And then we send traffic or data to that link papunta sa iba nating branch or office
location. Take note, ang link na ito ay dedicated lang sa traffic natin at hindi nakikita ng iba.
Kung tutuusin, para rin itong LAN na may dalawang PC na dumadaan sa isang switch. Sa WAN
side nga lang, si switch ang nagsisilbing ISP then yung mga PC naman ang branches or remote
locations. Meron mga specific devices at protocols din ang ginagamit sa WAN at yan ang
kasama sa topics natin on this chapter.
Common WAN devices
Router - Of course alam ko naman na familiar na kayo kung ano at para saan ang router. Right?
So again, it is use to route and exchange traffic.
DTE or Data Terminal Equipment - kadalasan ito ay term lang din sa router on the customer
side.
DCE or Data Communications Equipment - ang device na ito ang ginagamit for clocking
signal in data transmission between sa devices ni ISP at ni customer
CPE or Customer Premise Equipment - ito naman yung device ni customer inside their
building or premise. Either router, switch or pc can become a CPE.
Demarcation Point - ang demarc point ay ang physical point kung saan nagtatapos ang
network ni ISP na kung saan nag-sisimula naman ang network ni customer
Local Loop - ito yung cable or connection from CPE to the ISP's nearest exchange facility or
central office. Most of the time, ginagamit ito for troubleshooting.
CSU/DSU(Channel Service Unit/Data Service Unit) - kadalasang ginagamit in digital lines
such as T1, T3 or E1.
Modem - of course familiar rin tayo sa modem. Ginagamit ito to convert analog to digital signal
or vice versa. To give you a glimpse of how this looks like in real world, here is a sample.
233
Lesson 2: Understanding WAN Topologies
On this lesson mga idol, we're going to discuss about the WAN topologies. This is important
kasi kasama ang ilan dito sa exam at siyempre para na rin maging aware tayo kung papaano ito
gumagana in real world. Let's begin.
Different types of WAN Topologies

1. Hub and Spoke
In WAN connection, meron tayong tinatawag na hub and spoke design. Ito ay karaniwang
ginagamit ng mga malalaking enterprise na may branches in different locations. Gaya nga ng
sabi natin, WAN is an extended LAN pero in large scale kasi it has different braches na
pwedeng located in multiple different locations.
In a hub and spoke design, ang isang site ay nagsisilbing HUB(usually main office) while ang
ibang mga remote offices or branches ang nagsisilbing SPOKES. So ibig sabihin, ang mga
remote braches ay nagkikita kita at nagkaka-usap usap sa pamamagitan ng pag-connect nila sa
HUB(main office).
If for example, si Company A ay merong 4 branches located in different locations. In a hub and
spoke design, ang mga branches na iyon ay kumokonek lahat sa main office ni Company A
para makapag-communicate.
Pano sila kumo-connect sa HUB or sa main office? Of course sa pamamagitan ng ISP or
Internet Service Providers. Gaya ng na-discuss natin sa WAN connectivity. So nakiki-padaan
sila sa network ni ISP(at siyempre nagbabayad ng mahal) para makarating ang connection nila
sa main office. The type connection can be anything sa pinag-usapan natin sa WAN
connectivity.
Here is a sample HUB and SPOKE design topology.
234
Malinaw idol, of course yung setup at configuration ay depende na sa goal at kelangan ng
company. Pero the topology itself, ganyan ang HUB and SPOKE WAN topology.
2. Point to Point
Another WAN topology na ginagamit is called Point to Point. So as the name implies, each site
is pointing or connecting to the different site via point to point connection. Gaya din ng na-
discuss natin sa WAN connectivity, they are going to use leased lines and then connect to the
ISP para maka-connect sa other site.
Here is a sample of Point to Point WAN topology.
In a point to point, we're limited to site to site connection. Kasi nga point to point or each
point(site) are pointed or connected to a single site only. Hope this is clear mga idol. Let's move
on.
3. Partial Mesh
Meron din tayong tinatawag na Partial Mesh WAN topology. On this one, multiple sites or
branches ay magkaka-connect pero hindi lahat. Let me explain.
So let say meron tayong 5 branches and then 1 main office. In a partial mesh wan topology, all
those 5 branches are connected sa main office. Aside from that, there are other branches na
magkaka-connect or inter-connected din sa isa't isa pero hindi lahat.
For example, merong branch na konti lang ang employee or hindi naman critical yung operation.
So pwedeng sa main brach lang sila connected pero hindi sila connected sa other branches.
That way, nakaka-tipid kahit papaano si company.
235
Here is sample of a simple WAN Partial Mesh topology.
4. Full Mesh
Of course, kung meron tayong partial mesh, meron din tayong full mesh wan topology. As the
name implies, it is fully-connected in all areas(main office and braches). So in short, they are full
redundant to each other.
Here is a sample of a full mesh wan topology.
As you can see idol, lahat ng branches ay magkaka-connect. Meaning kahit may magdown na
isang site or branch, tuloy p rin ang connection at operation ng ibang sites. Hindi sila naka-
depende sa iisang site lamang.
236
All these WAN topologies ay same concept lang din ng LAN or network topologies na napag-
usapan natin before. Yun nga lang, this is in large scale kumbaga. At isa pa, they are using
WAN connectivity na dinaanan din natin.
Malinaw ba idol? I hope this makes sense.
'Til next topic. Cheers!
Lesson 3: WAN Connectivity

Now let's move on to WAN connectivity or ang iba't ibang paraan kung pano naman tayo or ang
WAN nag-coconnect. This includes the technology pati na rin ang mga protocols na ginamgamit
in WAN connections. Let's start.
Marami at meron iba't ibang paraan kung papaano ikino-connect ni ISP ang mga braches or
sites through WAN. Ito ay siyempre depende sa goal ng company, budget, infrastructure at
other reasons.
Kapag pinag-usapan naman natin ang WAN connectivity, meron tayong two types. Ito ay ang
sumusunod:
1. Private WAN infrastructure

As the name implies ito ay private at dedicated para sa certain enterprise connection.
Kadalasan ito ang ina-avail ng mga company for their WAN infrastructure. Ito ay may dedicated
connections from the customer going to the ISP.
Under Private WAN infra, meron tayong type ng connections. Ito ang mga sumusunod.
1.1 Leased lines
Ang leased line ang isa sa pinaka-una at matagal ng type ng WAN connectivity. As the name
implies, nag-lelease ng dedicated at private connection si customer from the ISP para ma-
connect ang kanilang different branches into their network. Ang mga term na T1/E1, T3/E3,
serial line, point to point ang karaniwang naririnig natin when we talked about leased lines.
Here's a sample image of leased lines in real world use.
237
In real world, nagbabayad si customer kay ISP for the leased lines. At depende sa capacity,
type of leased line at ibang factors na-dedetermine ang presyo nito.
Under leased lines, ang karaniwang ginagamit na protocol ay ang HDLC(High Level Data Link
Control) at PPP(Point to Point). We will talk that separately.
1.2 Dial up
As what you've already know, isa rin ang dial up sa pina-una at pinaka-old school na type of
connections. In WAN, this belongs to Private WAN insfrastructure. Ito ay gumagamit ng
telephone line to connect outside.
These days halos obsolete na ang dial up at hindi na ginagamit.
1.3 ISDN
Ang Integrated Services Digital Network (ISDN) ay isang circuit-switching technology na
ginagamit to enable local loop of a PSTN to carry digital signals, resulting in higher-capacity
switched connections. In real world, bibihira na lang din ang gumagamit nito for WAN
connectivity.
1.4 Frame Relay
Si Frame Relay ay isang layer 2 nonbroadcast multiaccess WAN technology na ginagamit para
ma-connect ang enterprise LANs. Ang isang interface or port ni router ay pwedeng i-configure
for multiple PVC(Permanent Virtual Circuit) na pwedeng mag-transfer ng voice at data for WAN
connectivity.
Here's a sample diagram using Frame Relay.
238
We're not go much deeper here dahil ang Frame Relay topic ay inalis na or hindi na kasama sa
CCNA v3 exam. Since isa rin ito sa mga luma at old school na type ng WAN connections.
1.5 ATM
Si Asynchronous Transfer Mode (ATM) naman ay ang technology na capable of transferring
voice, video, and data through private and public networks. It is built on a cell-based
architecture rather than on a frame-based architecture.
In real world, kakaunti at bihira lang din ang gumagamit nito in enterprise networks. Mostly ito
ay for ISP or service providers.
1.6 Ethernet WAN
Si ethernet WAN ay ginawa for LAN access technology pero dahil sa development ng new
ethernet standards, gaya ng fiber-optic connections, ginamit na rin ito for WAN connectivity.
May mga ISP na nag-ooffer ng Ethernet WAN service using fiber-optic cabling. Ang ilan sa mga
ito ay ang Metropolitan Ethernet (MetroE), Ethernet over MPLS (EoMPLS), and Virtual Private
LAN Service (VPLS).
Here's a simple WAN connectivity using Ethernet WAN.
1.7 MPLS
Si MPLS or Multi Protocol Label Switching ang isa sa mga karaniwang ginagamit ngayo na
WAN connections lalo na sa mga enterprise. Gaya nga ng na-discuss natin on how BPO or call
center handle their data network.
239
MPLS is multiprotocol high-performance WAN technology that directs data from one router to
the next based on short path labels rather than IP network addresses. Sabi ko nga, in a very
simple analogy, it acts like a big switch then yung mga branches is like the PC.
Here's a sample topology using MPLS WAN connectivity.
Note: Si MPLS ay karaniwang ginagamit ng mga ISP or service providers.
1.8 VSAT
Ang VSAT or Very Small Aperture Terminal ay ginagamit para makapag-create ng wirelss WAN
connection thru satellite communications.
A VSAT is a small satellite dish similar to those used for home Internet and TV. VSATs create a
private WAN while providing connectivity to remote locations.
Here's a sample topology using VSAT WAN connections.
240
2. Public WAN infrastructure
Sa public WAN infra naman, dito nabibilang ang mga connections na dumadaan sa public
internet. Ito naman ang type of connections na nabibilang sa public WAN infrastructure.
2.1 DSL
Pang-karaniwang ginagamit ang DSL (Digital Subscriber's Line) ng mga malilit na enterprise at
pati na rin ng mga residential areas. Since it is public, dadaan ito sa public internet.
Here's a sample topology of a DSL WAN connection.
For critical at secured businesses, bihira or walang gumagamit ng DSL for their WAN
connectivity.
2.2 Cable
There are certain WAN connections na ginagamit sa public through cable. Most of the time ito
ay mga provider ng internet with cable channels. I'm sure you're familiar or heard this one.
For enterprise setup, bihira or wala pa yata akong narinig na gumagamit ng ganitong klase ng
WAN connectivity.
2.3 Wireless
As the name implies, pwede rin tayong mag-connect ng WAN thru wireless. Basically thru wifi,
wimax or sattelite internet na parang VSAT na pinag-usapan natin kanina. This is being used in
some campuses or corporate buildings to connect their WAN without laying out cables and
others.
241
2.4 3G/4G Cellular
Ito ang isa sa mga karaniwang connections na meron tayo these days. Ito ang ginagamit ng
mga smartphones natin ngayon. Connections like 3G/4G and LTE ay available na rin sa
Pilipinas.
This can be use for WAN connections too if properly designed.
2.5 VPN
Last sa ating public WAN connectivity ay ang VPN or Virtual Private Network. Ang VPN ay
ginagamit to secure na connection since ito ay dumadaan sa public internet. In VPN, ang
connection or communication ay encrypted at secured. Ginagamitn or nag-crecreate tayo ng
"tunnel" para ipadaan ang data natin through public internet.
Isa ito sa pinaka ginagamit na connections ngayon including kami. We can work from home or
anywhere as long as we have internet connection.
We can connect sa aming internal network na parang nasa office lang din at naka-plugin sa
network port ng office. This is possible because of the VPN technology.
In VPN, meron tayong two common types of connections.
2.5.1 Site to Site VPN
In site to site VPN, each site connect the entire network to each other sa pamamagitan ng VPN
gateway gaya ng router, firewall VPN concentrator or iba pang security appliance.
In a nutshell, site-to-site vpn works like this.
Nag-crereate ng "vpn tunnel" from each of the router or any other VPN capable device facing
outside ang isang office(branch) going to the other office(main) or vice versa.
Then ang tunnel na yun ay dumadaan sa public internet thru their ISP pero since siya ay
"secured tunnel" tanging ang sites lamang na magka-pair ang magkikita at magka-kausap.
Meron tayong tinatawag na different phase of authentication when it comes to VPN.
Basically, before the connection form, kelangan muna na tama at tugma ang mga security at
authentication details ng both ends.
Here's a sample topology of site-to-site vpn.
242
We have a separate tutorial for this since medyo mahaba ang topic about VPN. We're just
talking the basic and overview here.
2.5.2 Remote Access or Client VPN

Another type of VPN ay ang tinatawag natin na remote access or client vpn. Ito naman ang
karaniwang ginagamit ng mga empleyado na nagwo-work from home or mga mobile users to
access an internal or private network thru internet.
Sa remote access or client vpn, nag-iinstall ng vpn software ang isang individual or let say
empleyado para maka-connect sa kanilang internal or private network. Aside from an installed
application, pwede rin naman na web-based or maglo-login muna siya sa isang web page and
then maka-connect na thru internal network.
Kami on our company, we used the software called Cisco Anyconnect. Naka-install ito sa laptop
namin at lahat ng IT employee na allowed to work from home or remotely. Kung gusto namin
kumonek sa office or sa internal network ng company, we just login to the Anyconnect and then
once na naka-login na kami, we're able to see and connect out company network na parang
nasa office lang din kami.
243
We are getting the company's internal IP address thru that VPN connection so we're able to
browse and use company resources kahit nasa bahay or kahit nasaan kami as long as there is
internet connection.
Here is a sample topology of a remote access or client vpn.
We will also have another session that focus on remote access or client vpn to see more
detailed and deep meaning of it. Gagawan din natin ng simpleng configuration para makita natin
how it works in action.
I hope if you reached this far kahit papaano ay nadagdagan ang iyong kaalaman about WAN
technologies.
Again knowing the basic and fundamentals is very helpful and can really help you go long way.
Until next lesson, cheers!
244
Lesson 4: Different types of WAN uplink connections
Aside from WAN topology and WAN connectivity na napag-aralan natin, meron din tayong
tinatawag na different types of WAN uplink connections. Ito yung type or uri ng connection natin
sa ating internet service provider or ISP or tinatawag natin na uplink.
Sabi nga natin, each site connecting to other sites in different location at yan ay nagiging
posible dahil nga sa mga ISP. So nakiki-padaan tayo at siyempre nag-babayad para dumaan
yung traffic or ma-route ang traffic natin sa loob ng kanilang network infrastructure papunta sa
ibang sites natin.
Hindi kasi praktikal kung mismong si company ang maglalatag ng cable papunta sa kanyang
mga branches. Magastos, matrabaho at siyempre mahirap i-maintain. So the best way is mag-
subscribe sa ISP thru different uplink connections and then using different types of connectivity.
I hope you get the concept idol.
Here are the different types of WAN uplink connections
1. Single homed (1 link per ISP, 1 ISP)
Meron tayong tinatawag na single homed na meron lang isang link at isang isp. So basically,
from an enterprise or company there is only one connection or one way going out. Walang
redundancy.
Hindi na rin kailangan ng BGP. Bakit? Eh kasi there is only 1 way out lang naman din so hindi
mo rin magagamit ng ayos ang mga benefits ni BGP or hindi mo rin mama-maximize kasi kahit
anong gawin mo, isa lang ang lalabasan ng traffic.
Here is a sample diagram of a single home with 1 link and 1 ISP.
2. Dual homed (2+ per ISP, 1 ISP)

Next sa ating types of uplink connections is ang tinatawag nating Dual home na meron 2 links
pero isang ISP lang. Basically meron tayong two routers sa ating network na connected sa
isang ISP.
Below is a sample dual homed with 2 links per ISP.
245
On this type of uplink connections idol, meron tayong redundancy kahit papaano kasi there
another way going out let say mag-down yung isang link or isang device on our end.
Kaso, ang problema dito, there is still one point of failure sa side naman ni ISP.
Bakit? Eh kasi isang ISP lang uplink natin eh. In case my big outage sa network ni ISP,
impacted pa rin tayo. Meaning, pwede pa rin na hindi tayo maka-connect sa other branches or
sa internet kung down ang network ni ISP.
3. Single multi-homed (1 link per ISP, 2+ ISP)

The third one is ang tinatawag natin Single multi-homed (1 link per ISP, 2+ ISP). On this one,
meron na tayong 2 ISPs. Good backup and redundancy in case something happen on our end
or something happen on the other ISP.
Below is a sample diagram of Single multi-homed na meron 1 link sa dalawang ISP.
246
The second design ang kadalasan ginagamit (at least in what I know) sa mga BPO at call
centers today.
So basically, merong 2 edge routers sa loob ni company or enterprise at each of the router ay
connected on different ISP.
Then naka-setup sila na kapag may-issue or problema kung alin man sa mga ISP or uplink na
ito, mag-auto failover sa kabila. Dito nagagamit na maayos ang mga feautures ni BGP. In fact
ganito ang setup sa company namin.
4. Dual multi-homed (2+ links per ISP, 2+ ISP)

Last in our types of uplink connections is ang tinatawag natin na dual multi-homed with 2 links
per ISP with 2 or more ISPs.
On this one idol, two or more ISPs ay pwedeng gamitin at pwede rin na meron two or more
conneciton going to each of the ISPs.
247
Here is a sample of dual multi-homed with two links and 2 ISPs.
Medyo magastos ang ganitong type ng design kaya kakaunti lamang ang nag-aadapt nito. Pero
as you can see, the connection is fully redundant. Yun nga lang, kung hindi naman kailangan
sayang din ang ibinabayad diba.
So in short, it will boil down sa desing needs ng isang enterprise or organization. Sa umpisa we
can choose the simple one and then we can scale or upgrade the design kung talagang
kailangan na.
Alright idol, that's it! You now know and understand the design regarding sa types of uplink
connections na karaniwang ginagamit sa real world.
Some questions regarding dito is pwedeng makasama sa exam kaya mahalaga rin na
nadaanan natin ito. Isa pa, malaking bagay na aware tayo kung papaano ang setup in real
world.
I hope you learned something from here idol. Until next topic, cheers!
248
Lesson 5: Understanding the basic of QoS or Quality of Service
Alright idol, we're moving to another and new topic which is the understanding the basic of QoS
or quality of service. This is a newly added topic sa CCNA v3.0 exam kaya mahalaga na
madaanan at maintindihan natin ang basics nito. I'm excited! Let's get this rolling!
Basic of QoS: That thing called "QoS".

In a nutshell idol, ang QoS or Quality of Service ay ang pag-prioritize or pag-manage ng types
of traffic in a given network. Meaning, ina-assess ang network kung anong priority ang ibibigay
or ise-set in a certain types of traffic like data, voice, video and others.
After the assessment, we configure or set the network device (router or switch) to either
prioritize or de-prioritize kapag na-meet or na-encounter nila ang types of traffic or a given
situation on a certain types of traffic.
Let me give a simple analogy.
Sa mga malls, payment centers at iba pang establishments priority ang senior citizen, buntis or
disabled. Right?
So if for example sa pila sa isang mall, fastfood, payment centers or others na merong customer
na nabibilang sa group of persons na yan (types of traffic in QoS) they will be given a priority.
Matic yun, kasi naka-set na sa policy at even sa batas natin.
In QoS, parang ganun din. Pwede nating i-set or i-configure na once ang traffic is voice it will be
prioritize over data.
Meaning, lahat ng voice traffic ay unang pina-padaan or mas binibigyan ng priority kesa sa data
traffic sa isang router or switch. Pwede rin na video over data or others.
Kung congested ang network, pwedeng i-hold or i-qeue or even ma-drop ang data traffic kung
ang voice traffic ang naka-prioritize sa ating QoS. And the same goes with others.
Another example is sa mga concert or events, meron tayong tinatawag ng "VIP passes" or "VIP
ticket" right?
Ang mga may hawak ng VIP passes or VIP ticket na yan, hindi na kailangan pumila or dumaaan
sa normal na process or procedures ng isang event. Usually deretso na kagad sila sa pwesto or
lugar nila.
And kapag may kasabay sila sa entrance or let say may nakasabay sila going into the event,
they'll be prioritize first.
Kumbaga meron tayong "rules" sa device natin na nag-aabang sa types of traffic and then
depende sa QoS configuration natin kung papaano sila ipa-prioritize or kung anong other
actions ang gagawin.
249
Parang ganito when a router is processing traffic.
Router: (On first encounter) Ok traffic, ika-classify ko kayo at ima-mark para alam ng mga
kasunod ko kung anong priority or quality of service or action ang gagawin sa inyo. Owki?
On Next Router: Cge pasok lang, pasok. Hoy data traffic mamaya ka, si voice traffic muna. Ok,
tapos na mga voice traffic, data traffic pwede na kayo.
And then kung congested or na-oover utilized ang isang link or connection, tapos naka-prioritize
din ang voice, ganito naman.
On Next Router: Cge pasok lang, pasok. Oh! I'm full, data traffic drop ka muna. Voice traffic
pasok!
Gets mo idol? That's just the basic of QoS. I hope now you get the idea.
Three categories of QoS

As per Cisco, meron tayong 3 categories of QoS or kung papaano ito i-manage. Ito ang mga
sumusunod.
1. Best-effort
Sa tinatawag natin na best-effort, as the name suggests, traffic or packets will do its best
moving in and out sa ating network. In short walang prioritation na nangyayari. Kumabaga, first
come first serve basis. Parang wala ring QoS!
So ang naunang traffic or packets na dumaan or pumasok kay router or switch ang siyang
unang i-proprocess nito. First In, First Out or FIFO.
As simeple as it is. Yun lang un idol.
2. Integrated services (IntServ)
Sa IntServ naman, merong reservation na nangyayari. So for example in a certain application or
types of traffic, pwedeng mag-reserved na bandwidth using the IntServ category. Meaning,
kapag na-encounter or dumaan ang naka-set na application or types of traffic/packets, it will use
the reserved bandwidth on that link.
Ang problema the IntServ is not allowing the reserved bandwidth to be shared kahit hindi pa
naman ito ginagamit. For example, nag-set tayo ng 128 kbps para sa isang application or types
of packet, kahit hindi naman lahat nagagamit yung 128 kbps ng naturang application or types of
traffic hindi niya ito pwedeng i-share isa ibang application or ibang packet or traffic.
Yung reserved sa kanya, kanya lang. Selfish ika nga. :-D
3. Differentiated services (DiffServ)
The last category we have is ang tinatawag natin na Differentiated services (DiffServ). On this
one idol, dito ginagawa or nangyayari yung sample analogy ko kanina. Dito merong prioritization
at pag-analyze ng types of traffic. Ito rin ang karaniwang ginagamit sa real world.
250
In a nutshell, si Diffserv, ina-assess or kina-classify niya ang mga packets or types ng traffic at
depende sa QoS configuration, it will do what is set. Meaning, it will follow that rules when the
packet arrives on that switch or router. Gaya ng simple analogy natin sa taas.
Bale thru DiffServ, kina-classify ang traffic and then mina-mark ito based sa kanyang types or
classification. Once na na marked na yung packet, si next router or the next switch ay i-
eexamine at iche-check ang naturang marking and then mag-dedecide kung ano ang QoS
action na gagawin on that packet. Either forward or i-drop niya ito based on that marking or
other QoS actions.
And then unlike IntServ, sa DiffServ pwede natin i-share ang bandwidth na naka-reserved for
certain application or types of traffic. Here's what I mean.
Let say for example, we reserved 128 kbps for web traffic (http application) and then 256 kbps
sa ftp traffic. Kung ang network web traffic natin is hindi naman nagagamit or hindi pa kailangan
ang 128 kbps on that moment then the FTP traffic is in need of additional bandwidth, the FTP
application or traffic can use those bandwidth na hindi nagagamit or na-uutilize ni web.
Then the web can pull it back kung kailangan na niya in case. So in short, share-share sila if
needed.
Owki idol, by this far, I hope you now have the basic understanding of QoS and how it works.
On the next lesson, dadaanan din natin ang ilan sa mga QoS related topics para magkaroon
tayo ng idea and understanding. I hope this has been informative, cheers!
Lesson 6: QoS classification, marking, trust boundary, traffic shaping and

policing
Idol, we're just going to continue the lesson about the qos and on this one, pag-uusapan naman
natin ang QoS classification and marking. Since ang qos or quality of service is a new topic in
CCNA v3.0, malaki ang maitutulong nito sa iyong preparation para sa exam. Let's begin!
Ang QoS classification and marking ang ay isa sa mga QoS tools and management na
karaniwang ginagamit sa real world. Basically it refers to type of QoS tool na nagka-classify ng
traffic or packets based on their header content and then mina-marked nga(marking) by adding
or changing some header information of that packets. That way we can apply QoS pagdating sa
router.
Ang classification at marking ang foundational steps kapag nag-coconfigure tayo ng QoS sa
ating network.
Why? Because first, kailangan alam natin ang class or category of that packets and second is
dapat naka-mark ito for appropriate QoS action na i-aapply natin on that packets.
So kumbaga, these two steps is identifying(classifying) of traffic and putting a mark or additional
info on it.
Gets idol? Let's move on.
251
QoS classification
Ang traffic classes ay ang mga categories ng traffic (packets) that are grouped on the basis of
similarity. Those groups ay tinatawag natin na class maps.
In a nushell, the term classification idol refers to the process of classifying the type of packets or
traffic. That's just it!
And then after that, ginagamit ito to make a choice and take some QoS action. Meaning, once
the packet is classified, dun made-determine kung anong type of QoS action ang gagawin sa
naturang packets. Those actions include the other types of QoS tools like queuing, shaping,
policing, and so on. We'll get that later.
Once na ma-classify natin ang traffic, that is the time na i-mamark and applyan natin ng QoS.
Ang classification ay pwedeng inclusive (for example, lahat ng layer 2 vlan traffic or pwede rin
na let say lahat ng traffic na dumadaan on a given interface or pwede rin na specific (for
example, gamit ang CLASS MAP with MATCH commands that recognize specific aspects of the
traffic).
Pwede tayong mag-classify and apply ng QoS action (for example, marking) and then, on
another interface or network device, classify again based on the marked value and apply ulit ng
another QoS.
Medyo masalimuot ang QoS topics idol and as I always shared on sa blog, we will just discuss
the basic and fundamentals para magkaroon tayo ng idea at basic understanding.
QoS Marking
Pagdating naman sa tinatawag nating marking idol, it is simply adding some information sa
traffic header or let say modiying the traffic header belonging to a specific class or category. Ibig
sabihin, kelangan muna na na-classify ang packet bago ito ma-mark.
After ma-classify and ma-organize ang packet or after ng classfication, we can mark (change or
set) a value or attribute para sa traffic for a certain class.
At ito ang mga attributes na pwede natin i-mark during traffic marking phase.
 Cell loss priority (CLP) bit

 CoS value of an outgoing packet
 Discard-class value
 Discard eligible (DE) bit setting in the address field of a Frame Relay frame
 DSCP value in the type of service (ToS) byte
 MPLS EXP field value in the topmost label on an input or output interface
 Multiprotocol Label Switching (MPLS) experimental (EXP) field on all imposed label
entries
 Precedence value in the packet header
 QoS group identifier (ID)
 ToS bits in the header of an IP packet
252
2 Methods of marking packets or traffic
1. Using set command
2. Using table map
We will not go deep on this idol dahil sabi ko nga, we're just after the basic and fundamentals.
QoS Trust Boundry

Kapag nag-impelemnt tayo ng QoS sa ating network, meron tayong tinatawag na trust boundry.
In a nutshell idol, ang ibig sabhin lang nito is which device are we going to trust the marking of
the packets and Ethernet frames entering our network.
Here is a sample representation of trust boundry idol.
Kung meron tayong mga IP phones sa network, pwede natin i-configure ang mga switches natin
to trust the traffic from those IP phones.
Or kung pwede rin mismong PC, switch or router. We configure the QoS trust settings on the
last device in the trust boundry.
Here's another sample representaion idol.
253
On the sample image above, ang trust device or trust boundry natin is the IP Phone. Ibig
sabihin, traffic or packets from IP Phone papasok sa mga switches natin is hindi na kelangan i-
remark kasi it is trusted already based sa ating configurations.
But the traffic or packets from the PC, since hindi ito part or belong sa ating trust boundry ay
kelangan i-remark or lagyan ng marking bago makapasok or dumadaan sa ating mga devices in
the network.
That's the basic of QoS trust device or trust boundry. I hope it make sense idol.
QoS Shaping
Meron din tayong tinatawag na shaping pagdating sa QoS idol. In a nutshell, traffic shaping
naman is the process of limiting the trasmit rates of traffic to a value lower than the line rate.
Let me explain.
Ibig sabihin shaping meters traffic rates and delays (buffers) excessive traffic so that the traffic
rates stay within a desired rate limit. Kumbaga para hindi lumagpas ang traffic natin sa limit na
isi-net natin.
But take note na ang mga traffic na nag-eexceed sa rate limit is hindi nada-drop kundi nade-
delay lang. Ibig sabihin, naka-qeue sila kapag gumagamit tayo ng traffic shaping. This way,
smooth lang ang flow ng traffic natin at maiiwasan natin ang traffic congestion.
QoS Policing
On the other hand, bukod sa traffic shaping, meron din tayong tinatawag na traffic policing. Ito
namang policing will takes specific action for out-of-profile traffic above a specified rate.
Ibig sabihin, kadalasan ang mga traffic that exceeds a specified rate is usually drop; however,
other actions are permissible, such as trusting and marking.
Kung sa shaping ang mga excess traffic or traffic na lumalagpas sa limit is na-ququeu lang or
nade-delay, sa policing is usually idina-drop na ito.
Below is sample representation of traffic shaping and policing.
254
I hope this has bee informative idol. See you on next lessons, cheers!
Lesson 7: Understanding the basic of Point-to-Point Protocol

Ok idol, let's dig a little deeper about the basic of Point-to-Point Protocol. On this short lesson,
let see kung para saan at paano gumagana ang point-to-point protocol.
Basic of Point-to-Point Protocol: What is Point-to-Pont protocol?

Sabi nga natin sa naunang lesson, ang Point-to-Point Protocol (PPP) ay isang open standard
protocol na karaniwang ginagamit sa mga connections for serial links.
Ang katapat nito is HDLC which is proprietary ni Cisco. In our WAN connections topic, ito ay
pumapasok sa leased lines.
The main purpose of PPP is to transport Layer 3 packets over a Data Link layer point-to-point
link.
PPP can be configured on:
 Asynchronous serial connection like Plain old telephone service (POTS) dial-up
 Synchronous serial connection like Integrated Services for Digital Network (ISDN) or
point-to-point leased lines.
Ang PPP ay binubuo ng two sub-protocols:
1. Link Control Protocol (LCP)
Set up and negotiate control options on the Data Link Layer (OSI Layer 2)
255
2. Network control Protocol (NCP)
Negotiate optional configuration parameters and facilitate for the Network Layer (OSI Layer 3).
In other words, it makes sure IP and other protocols can operate correctly on PPP link.
Bago ma-establish ang isang PPP connection, dumadaan ito sa 3 phases. Ito ang mga
sumusunod:
1. Link establishment phase - magse-send muna ng test packet para i-test ang data link
connection
2. Authentication phase (optional) - siyempre kung enable ang authentication, dapat
match ang kanilang passwords and authentication type(PAP or CHAP)
3. Network layer protocol phase - dito na mag-cocommunicate over layer 3
PAP and CHAP authentication

Meron tayong 2 types of authentication sa PPP. Ito ay optional pero recommended gamitin for
security purposes.
May mga ilan-ilan ding tanong sa CCNA exam ang related dito so better na alam natin ang
basic about it.
Ang PAP or Password Authentication Protocol ay isang simpleng authentication protocol.
Ang client device na gustong makipag-communicate sa server device is magse-send ng
kanyang username and password in clear text. Then the server device will validate those
credentials. Kapag tama, the communication will start.
Here's a sample PAP authetication concept.
Let's go to CHAP.
Ang CHAP naman or Challenge Handshake Authentication Protocol ay PPP authentication
protocol which is far more secure than PAP. It uses 3-way handshake for authentication.
Sa CHAP authentication, meron munang nangyayaring "challenge" before the client and server
device can communicate. Ito ay bukod pa sa password and username. Kelangan matched ang
"result ng challenge" for both client and server device and then dapat tama rin ang password at
username. That time, pwede na silang mag-communicate.
256
Take note na sa CHAP, encrypted ang username at password at hindi isinasama sa
communication messages. Sa PAP, plain text ang username at password na kasama sa
communicateion messages between the two device.
Here's a sample concept of CHAP.
PPP sample configuration

To understand better, let's have a sample Point-to-Point protocol configuration idol.
Sa ating simpleng topology sa taas, meron tayong 2 routers connecting sa ISP via their serial
links. Let see kung papaano gagana ang PPP dito.
R1
hostname R1
username R2 password sameone
interface Serial0/0/0
no shutdown
ip address 10.0.1.1 255.255.255.252
encapsulation ppp
ppp authentication pap
ppp pap sent-username R2 password sameone
end
R2
hostname R2
257
username R1 password 0 sameone
interface Serial 0/0/0
no shutdown
ip address 10.0.1.2 255.255.255.252
encapsulation ppp
ppp authentication pap
ppp pap sent-username R2 password sameone
end
On our sample idol, we just used the PAP authentication for our PPP configuration. By having
this, we can now have the 2 routers communicate via PPP.
I hope it makes sense.
MLPPP or Multi-Link Point-to-Point Protocol

Ok idol, since we already talked about PPP, isama na rin natin ang MLPPP which is just another
type of PPP. This is very simple.
Ang MLPPP or Multi-Link Point-to-Point Protocol ay isa lang ding PPP connection pero instead
na isang link or serial link lang ang naka-connect with other device, we use group of serial
interfaces for connection.
Parang etherchannel lang pero for WAN and using serial links.
Here's a sample concept of MLPPP.
As you can see idol sa ating sample topology, meron tayong 2 routers connecting each other
(R3 & R4) and ginamit natin ang 2 of their serial links. Naka-group ang mga ito kaya at ito nga
ang tinatawag na MLPPP or multi-link point-to-point.
MLPPP sample configuration

On our sample topology sa taas, let's see kung papaano ang configuration.
258
R3
hostname R3
interface Multilink 1
no shutdown
ip address 10.0.1.1 255.255.255.252
ppp multilink
ppp multilink group 1
exit
no shutdown
no ip address
encapsulation ppp
ppp multilink
exit
no shutdown
no ip address
encapsulation ppp
ppp multilink
end
R4
hostname R4
interface Multilink 1
no shutdown
ip address 10.0.1.2 255.255.255.252
ppp multilink
exi
no shutdown
no ip address
encapsulation ppp
ppp multilink
exit
no shutdown
no ip address
encapsulation ppp
ppp multilink
end
Let me explain briefly idol.
259
We just group na serial interfaces into multilink 1. And then dun tayo naglagay ng IP address.
So the serial interfaces, nilagyan lang natin ng PPP encapsulation and then multilink group
(which is 1) and then turn it up. That's it!
PPP is a very simple concept idol. I hope I was able to explain it clear for you. Until next
lessons, cheers!
Lesson 8: Understanding the basic of VPN or Virtual Private Network

Idol welcome back. On this lessons, we will discuss and understand the basic of VPN. Since
kasama rin ito sa CCNA v3.0 exam, importante na malaman natin ang basic and fundamentals
para magkaroon na tayo ng ideas. Let start!
Basic of VPN: What is VPN?

In a nutshell idol, ang VPN is a private network that uses a public network (usually the Internet)
to connect remote sites or users together.
Instead na gumamit ng dedicated connections gaya ng leased lines etc., si VPN ay gumagamit
ng "virtual" connections routed through the Internet from the company's private network to the
remote site or employee.
There is a virtual tunnel na nag-poprovide ng secure connections from a site to another site or
from a user to a certain LAN over the internet. Here is a sample representation of how VPN
works idol.
As you can see on our sample image idol, weather tayo ay naka-site-to-site or remote access
vpn, dadaan ito sa isang secured tunnel over the public internet papunta sa ating corporate
network.
That way makaka-connect tayo na parang nasa office lang din.
Take note na kahit dumadaan ang packets or traffic natin over the public internet, safe at
secured ito. Bakit? Dahil ini-encrypt ni VPN and traffic from our PC kung remote or client access
VPN or nag-aauthenticate naman ang dalawang VPN device kung site-to-site VPN.
260
Here's another one idol.
As you can see, from a remote site or remote branch meron "virtual tunnel" going to the main
branch at again that is a secured tunnel. At ganun din kung remote or client VPN.
Today, sikat at lagi ng ginagamit ang VPN. Dahil sa idea ng work from home or work from
anywhere. Basic at hindi naman fully covered ang VPN ng CCNA R&S dahil in general, ang
VPN is pumapasok sa category ng security. So if you want to really dig deeg and learn more
about VPN, I suggest na mag-security ka after mo makapasa ng CCNA.
Let's continue idol.
Gaya nga ng na-discuss natin sa WAN techologies, meron tayong two common types of VPN.
Ito ay ang sumusunod.
Two common types of VPN
1. Remote Access
For the sake of clarification, let me share again the basic of remote access vpn.
Ang remote access von or client vpn ang karaniwang ginagamit ng mga empleyado na nagwo-
work from home or mga mobile users to access an internal or private network thru internet.
Sa remote access or client vpn, nag-iinstall ng vpn software ang isang individual or let say
empleyado para maka-connect sa kanilang internal or private network.
Aside from an installed application, pwede rin naman na web-based or maglo-login muna siya
sa isang web page and then maka-connect na thru internal network.
Kami on our company, we used the software called Cisco Anyconnect. Naka-install ito sa laptop
namin at lahat ng IT employee na allowed to work from home or remotely.
Kung gusto namin kumonek sa office or sa internal network ng company, we just login to the
Anyconnect and then once na naka-login na kami, we're able to see and connect out company
network na parang nasa office lang din kami.
261
We are getting the company's internal IP address thru that VPN connection so we're able to
browse and use company resources kahit nasa bahay or kahit nasaan kami as long as there is
internet connection.
Here is a sample topology of a remote access or client vpn.
2. Site-to-Site VPN
Again, let me share what is site-to-site vpn.
In site to site VPN, each site connect the entire network to each other sa pamamagitan ng VPN
gateway gaya ng router, firewall VPN concentrator or iba pang security appliance.
In a nutshell, site-to-site vpn works like this.
262
Nag-crereate ng "vpn tunnel" from each of the router or any other VPN capable device facing
outside ang isang office(branch) going to the other office(main) or vice versa. Then ang tunnel
na yun ay dumadaan sa public internet thru their ISP pero since siya ay "secured tunnel"
tanging ang sites lamang na magka-pair ang magkikita at magka-kausap.
Meron tayong tinatawag na different phase of authentication when it comes to VPN. Basically,
before the connection form, kelangan muna na tama at tugma ang mga security at
authentication details ng both ends.
Here's a sample topology of site-to-site vpn.
VPN Technologies
A well-designed VPN uses several methods in order to keep your connection and data secure.
1. Data Confidentiality
This is perhaps the most important service provided by any VPN implementation. Since your
private data travels over a public network, data confidentiality is vital and can be attained by
encrypting the data. This is the process of taking all the data that one computer is sending to
another and encoding it into a form that only the other computer will be able to decode.
Ibig sabihin lang nito idol, encrypted ang packets natin kapag dumaan sa VPN. Hindi ito basta-
basta na-dedecode ng hindi authenticated or authorized users.
Ito yung common encryption na ginagamit sa VPN.
1.1 IPsec
Si IPsec or Internet Protocol Security Protocol (IPsec) provides enhanced security features such
as stronger encryption algorithms and more comprehensive authentication.
263
Meron itong dalawang encryption modes:
 Tunnel - tunnel mode encrypts the header and the payload of each packet and trasport.
 Transport - only encrypts the payload.
Si IPsec din ay nagsu-support ng 56-bit (single DES) or 168-bit (triple-DES) encryption.

1.2 PPTP/MPPE
PPTP supports multi-protocol VPNs, with 40-bit and 128-bit encryption using a protocol called
Microsoft Point-to-Point Encryption (MPPE). It is important to note that PPTP by itself does not
provide data encryption.
1.3 L2TP/IPsec
Karaniwang tinatawag na L2TP over IPsec. Ito naman ay ginagamit to provide tunneling of
Layer 2 Tunneling Protocol (L2TP).
2. Data Integrity
Sa VPN meron din tayong way to make sure na hindi altered ang data or packets natin when it
comes to the receiving end. For example in IPsec, pwede nitong i-ensure na ang encrypted
portion ng packet, or the entire header and data portion of the packet, has not been tampered
with. If tampering is detected, the packet is dropped.
3. Data Origin Authentication
Of course, since ang VPN natin is dumadaan sa public internet, importante na authenticated at
verified users or connections lamang ang tinatanggap ng ating network.
4. Anti Replay
In VPN, meron din itong mechanism na ma-prevent ang pag-replay ng packets para iwas
spoofing.
5. Data Tunneling/Traffic Flow Confidentiality
Tunneling is the process of encapsulating an entire packet within another packet and sending it
over a network
Tunneling requires three different protocols.
 Passenger protocol- The original data (IPX, NetBeui, IP) that is carried.
 Encapsulating protocol - The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is wrapped
around the original data.
 Carrier protocol - The protocol used by the network over which the information is
traveling.
264
6. AAA or Authentication, authorization, and accounting
Siyempre gaya din nang napag-usapan natin sa security topic, mahalaga ang authentication,
authorization, and accounting ng ating network. This is to secure and make sure na hindi
mapapasok ng mga hackers ang ating network.
We will discuss this topic so hindi ko na siya ie-explain ditto.
Common VPN devices

Ok, so we already discuss the basics and some technologies or terms na tungkol sa VPN. Let's
also take a look sa mga karaniwang VPN devices or VPN appliances na kadalasang ginagamit
ng mga enterprises.
1. VPN Concentrator
Ang VPN concentrator ay isang VPN dedicated device. It's the most advanced encryption and
authentication techniques available, Cisco VPN Concentrators are built specifically for creating
a remote-access or site-to-site VPN .
Here's a sample image of Cisco's VPN concentrator
2. VPN-Enabled Router/VPN-Optimized Router

Ito naman idol ay mga normal na router pero may kakayanan din mag-handle ng VPN. Ibig
sabihin, bukod sa routing it can handle VPN requests.
All Cisco routers that run Cisco IOS® software support IPsec VPNs. The only requirement is
that the router must run a Cisco IOS image with the appropriate feature set.
Ang ilan sa mga sample models ng Cisco VPN-enabled router ay ang Cisco 1000, Cisco 1600,
Cisco 2500, Cisco 4000, Cisco 4500, and Cisco 4700 series.
265
Here's a sample image of a Cisco VPN-enabled router.
3. Firewalls
Isa rin sa mga karaniwang gingamit na VPN device today ay ang mga Firewall. Karaniwan sa
mga Firewall ay may built in components at capability rin to handle and process VPN.
Here's a sample image of Cisco Firewalls.
4. Cisco VPN Clients

Sa ating Cisco VPN clients, ito ay karaniwang mga software na ini-iinstall sa mga VPN remote
users gaya ng remote employee. Gaya nga ng napag-usapan natin, yung mga empleyado na
nagwo-work from home or work anywhere.
Here's a sample image of Cisco AnyConnect software.
266
VPN sample configuration.
Before we end this lesson idol, let's take a look at a simple VPN configuration.
We will not go deep with this since sabi ko nga we're after the basic and fundamentals naman.
Just to give you an idea at para ma-picture mo kung paano ito ikino-configure.
Site to Site IPSec VPN Tunnel sample configuration
Sa ating topology or diagram sa taas(I just got this from the internet), meron tayong two sites na
may static public IP address. R1 is configured with 70.54.241.1/24 and R2 is configured with
199.88.212.2/24 IP address. Both of the routers ay meron na ring basic configuration like IP
267
addresses, NAT Overload, default route, hostnames, SSH logins, etc. Sisilipin lang natin ang
VPN configuration part.
Sa IPSec meron tayong Phase 1 at Phase 2 na tinatawag. Sa Phase 1 nagse-set tayo ng
ISAKAMP policy para sa tunnel and then on Phase 2 ito naman yung transform set kung saan
tayo nag-eencrypt.
Step 1. Configuring IPSec Phase 1 (ISAKMP Policy)

R1
R1(config)#crypto isakmp policy 5
R1(config-isakmp)#hash sha
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#lifetime 86400
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#exit
R1(config)#crypto isakmp key cisco@123 address 199.88.212.2
Here's the explaination of these commands.

crypto isakmp policy 5
 This command creates ISAKMP policy number 5. You can create multiple policies, for
example 7, 8, 9 with different configuration. Routers participating in Phase 1 negotiation
tries to match a ISAKMP policy matching against the list of policies one by one. If any
policy is matched, the IPSec negotiation moves to Phase 2.
hash sha
 SHA algorithm will be used.

authentication pre-share
 Authentication method is pre-shared key.

group 2
 Diffie-Hellman group to be used is group 2.

encryption 3des
 3DES encryption algorithm will be used for Phase 1.

lifetime 86400
 Phase 1 lifetime is 86400 seconds.

crypto isakmp key cisco@123 address 199.88.212.2
 The Phase 1 password is cisco@123 and remote peer IP address is 199.88.212.2.
268
I will not go deep with this idol, I just want you to see how it is being configured.
Step 2. Configuring IPSec Phase 2 (Transform Set)

R1(config)#crypto ipsec transform-set MY-SET esp-aes 128 esp-md5-hmac
R1(cfg-crypto-trans)#crypto ipsec security-association lifetime seconds 3600
Ito naman ang ibig sabihin ng mga commands na yan.

crypto ipsec transform-set MY-SET
 Creates transform-set called MY-SET

esp-aes
 AES encryption method and ESP IPSec protocol will be used.

esp-md5-hmac
 MD5 hashing algorithm will be used.

crypto ipsec security-association lifetime seconds
 This is the amount to time that the phase 2 session exists before re-negotiation.
Step 3. Configuring Extended ACL for interesting traffic.

R1(config)#ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)#permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
This ACL defines the interesting traffic that needs to go through the VPN tunnel. Here, traffic
originating from 192.168.1.0 network to 192.168.2.0 network will go via VPN tunnel. This ACL
will be used in Step 4 in Crypto Map.
Step 4. Configure Crypto Map.

R1(config)#crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R1(config-crypto-map)#match address VPN-TRAFFIC
R1(config-crypto-map)#set peer 199.88.212.2
R1(config-crypto-map)#set transform-set MY-SET
Here's the explanation of these commands.

crypto map IPSEC-STE-TO-STE-VPN 10 ipsec-isakmp
269
 Creates new crypto map with sequence number 10. You can create more sequence
numbers with same crypto map name if you have multiple sites.
match address VPN-TRAFFIC
 Its matches interesting traffic from ACL named VPN-TRAFFIC.

set peer 199.88.212.2
 This is public IP address of R2.

set transform-set MY-SET
 This links the transform-set in this crypto map configuration.
Step 5. Apply Crypto Map to outgoing interface of R1.

R1(config-if)#crypto map IPSEC-SITE-TO-SITE-VPN
*Mar 1 05:43:51.114: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Step 6. Exclude VPN traffic from NAT Overload.

R1(config)#ip access-list extended 101
R1(config-ext-nacl)#deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
R1(config-ext-nacl)#permit ip 192.168.1.0 0.0.0.255 any
R1(config-ext-nacl)#exit
R1(config)#ip nat inside source list 101 interface FastEthernet0/0 overload
Ang ginawa natin diyan idol is si ACL 101 will exclude interesting traffic from NAT.
Ok, so we're done kay R1. Kelangan lang natin ulitin at gawin din ito kay R2.
R2
Step 1. Configuring IPSec Phase 1 (ISAKMP Policy)

R2(config)#crypto isakmp policy 5
R2(config-isakmp)#hash sha
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#group 2
R2(config-isakmp)#lifetime 86400
R2(config-isakmp)#encryption 3des
R2(config-isakmp)#exit
R2(config)#crypto isakmp key cisco@123 address 70.54.241.2
Step 2. Configuring IPSec Phase 2 (Transform Set)

R2(config)#crypto ipsec transform-set MY-SET esp-aes 128 esp-md5-hmac
R2(cfg-crypto-trans)#crypto ipsec security-association lifetime seconds 3600
270
Step 3. Configuring Extended ACL for interesting traffic.
R2(config)#ip access-list extended VPN-TRAFFIC
R2(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
Step 4. Configure Crypto Map.

R2(config)#crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R2(config-crypto-map)#match address VPN-TRAFFIC
R2(config-crypto-map)#set peer 70.54.241.2
R2(config-crypto-map)#set transform-set MY-SET
Step 5. Apply Crypto Map to outgoing interface
R2(config-if)#crypto map IPSEC-SITE-TO-SITE-VPN
*Mar 1 19:16:14.231: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Step 6. Exclude VPN traffic from NAT Overload.

R2(config)#ip access-list extended 101
R2(config-ext-nacl)#deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 any
R2(config-ext-nacl)#exit
R2(config)#ip nat inside source list 101 interface FastEthernet0/1 overload
Yay! That's it! That's how to configure IPSec site-to-site VPN. After that, pwede tayong mag-
verify at mag-test.
R1#ping 192.168.2.1 source 192.168.1.254
Packet sent with a source address of 192.168.1.254
!!!!!
To verify the IPSec Phase 1 connection, type show crypto isakmp sa as shown below.
R1#show crypto isakmp sa
dst src state conn-id slot status
70.54.241.2 199.88.212.2 QM_IDLE 1 0 ACTIVE
271
To verify IPSec Phase 2 connection, type show crypto ipsec sa as shown below.
R1#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: IPSEC-SITE-TO-SITE-VPN, local addr 70.54.241.2
protected vrf: (none)

local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer 199.88.212.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9
#pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 16, #recv errors 0
local crypto endpt.: 70.54.241.2, remote crypto endpt.: 199.88.212.2

path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xD41CAB1(222415537)
inbound esp sas:

spi: 0x9530FB4E(2503015246)
transform: esp-aes esp-md5-hmac ,
We can also view active IPSec sessions using show crypto session command as shown below.
R1#show crypto session
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 199.88.212.2 port 500
IKE SA: local 70.54.241.2/500 remote 199.88.212.2/500 Active
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
Wheew! That's it idol. I know medyo nosebleed pa pero alam ko na in time mage-gets at
maiintindihan mo rin lahat yan. Ulit-ulitin mo lang at sabi ko nga, this is just the basic and
fundamentals.
Once nag-training ka na or nag-aral about CCNA, mas lalo mo pang maiintindihan kung
papaano ang lahat nang yan gumagana at ginagamit. And I'm sure, this basic and fundamentals
ay nakatulong sayo.
Ok idol, I hope by this far alam mo na ang basic of VPN or Virtual Private Network. Until next
lessons, cheers!
272
CHAPTER VI: INFRASTRUCTURE SERVICES
Lesson 1: Understanding the basic of DHCP

Alright idol, isa sa mga kasama sa exam at kelangan mo rin maintindihan ay how to configure
DHCP in a Cisco router. May pa-ilan ilan tanong sa exam na related dito at siyempre para
dagdag kaalaman na din sa iyong networking journey. Let's begin.
Basic of DHCP
Bago tayo mag-configure ng DHCP sa isang Cisco router, let's talk muna about the basic of
DHCP itself. Ano nga ba ang DHCP, saan at paano ito ginagamit.
Ang DHCP ay abbreviation ng Dynamic Host Configuration Protocol. Isa itong services na
karaniwang ginagamit sa networking para makapag-assign or makapag-obtain ng ip address
ang isang device from a DHCP server. Kadalasan ding ipino-provide ng DHCP server ang
WINS Server(s), DNS Server(s), default gateway, NTP Server, TFTP Options etc…
Kapag pinag-usapan natin ang networking, laging kasama ang IP addresses. At siyempre
kapag pinag-usapan natin ang IP addresses, lagi din diyan kasama ang DHCP.
Basically in an IP or network environment, bago makapag-communicate ang isang device
kelangan nito ng ip address. Kasi alam naman natin na ang mga devices ay nag-uusap usap
gamit ang kanilang ip addresses right?
Pwede tayong mag-assign ng ip address manually sa mga devices. Yun ay kung kakaunti
lamang ito at ilang piraso. Pero sa common network in real world at siyempre para sa better
management, pwede natin itong gawing automatic. At dito pumapasok si DHCP.
Ibig sabihin, we can use the DHCP protocol para ang mga devices sa network natin(dhcp client)
ay automatically mag-obtain ng kanya-kanyang ip addresses from the dhcp server. Let see how
it works.
How DHCP works

In a nutshell, ganito gumagana or nagwowork ang DHCP sa isang network environment.
1. Ang isang end device or a DHCP client ay magse-send ng broadcast packet(DHCP
Discover) to look or discover a DHCP servers on the LAN segment. Basically nangyayari
ito pagbuhay or pagboot-up pa lang ng isang dhcp client. Let say a PC.
2. Once na marecieve ng DHCP server ang request. Magre-respond ito with DHCP Offer
packets(DCHP offer), offering IP addressing information.
3. Kapag ang end device or dhcp client ay naka-receive ng dhcp offers from multiple DHCP
server, ang pinaka-unang dumating ang tatanggapin niya. The rest will be drop or
273
ignored. And then ang dhcp client ay magse-send ng dhcp request(DHCP request) from
that specific dhcp server.
4. Si DHCP server naman ay i-aacknowledge ang naturang request(DHCP ack) sa

pamamagitan ng pagsesend ng DHCP Acknowledgement packet. The packet includes
the lease duration and other configuration information.
Here's a simple representation of that process.
To make it short, nagpapalitan si dhcp client at dhcp server ng 4 types of messages which are:
DHCP (Discover, Offer, Request, Acknowledgement) at kadalasan itong tinatawag ng DORA in
abbreviated term.
How to configure DHCP in a Cisco router

Alright, ngayon na meron na tayong basic knowledge about DHCP protocol, let's have a basic
configuration.
Just to be honest idol, bihira ang gumagamit nito sa real world, siguro yung talagang maliliit
lamang na network at hindi masyadong extensive at complex ang network setup.
Bakit? Kasi dagdag trabaho at kain ng resources ito sa router natin. Meron talagang mga
specific device or appliances na dedicated for dhcp protocol gaya ng mga unix, linux or windows
servers.
274
Pero hindi naman lahat. Sabi ko nga kung hindi naman malaki at complex ang network, pwede
at advisable pa rin gamitin para makatipid. Let's have the sample configuration.
Here's our configuration syntax.
Simple at maliwanag naman ang explanation idol, so basically self-explanatory na ang ating
syntax.
Ang excluded ip address ay nasa global configuration mode ng router mismo at wala sa dhcp
configuration. Ibig sabihin, that IP address ay hindi isasama sa pool na pwedeng i-lease sa mga
dhcp client. Karaniwan diyan ay ang ip address ng dhcp mismo, dns server etc. Yung mga key
devices or servers.
Ok, let's put it in real scenario para mas maintindihan natin.
Router(config)# ip dhcp excluded-address 172.16.1.1 172.16.1.3
Router(config)# ip dhcp pool CCNAPH
Router(config-dhcp)#network 172.16.1.0 255.255.255.0
Router(config-dhcp)#dns-server 172.16.1.1 172.16.1.21
Router(config-dhcp)#default-router 172.16.1.1
Router(config-dhcp)#lease 7
Base sa ating sample dhcp configuration sa taas, we excluded the ip 172.16.1.1, 172.16.1.2
and 172.16.1.3. Ibig sabihin, hindi ito makakasama sa mga pool of addresses na nasa
CCNAPH.
275
Ang mga ip na nasa CCNAPH pool ay from 172.16.1.4 to 172.16.1.254 kasi /24 address siya
based sa ating subnet mas na 255.255.255.0.
That's it. Others are self-explanatory na I guess idol.
Ito naman ang ilan sa mga useful commands na pwede natin gamitin when verifying and
checking DHCP configuration.
#show ip dhcp pool
 To display dhcp related information

#show ip dhcp binding
 To display dhcp binding to a dhcp client

#show ip dhcp conflict
 To display conflict of ip in the dhcp pool

#show ip dhcp database
 To displays recent activity on the DHCP database.

#show ip dhcp server statistics
 To displays a list of the number of messages sent and received by the DHCP server.
Alright, that's it pansit. I hope by this time, you have now the basic and understanding about the
DHCP configuration in a Cisco router. In fact, we cover more than the basic and fundamentals
of this topic here.
See you on the next lesson idol. Cheers!
Lesson 2: Understading the basic of First Hop Redundancy Protocol

On this chapter idol, we're going to talk about the basic of different First Hop Reduncy Protocol
or tinatawag natin na FHRP. Ang mga protocol na ito ay ginagamit in order to solve a single
point of failure or pwede rin naman na for load balancing sa ating network.
The three FHRP protocols na pag-uusapan natin ay ang mga sumusunod:
1. HSRP
2. VRRP
3. GLBP
As far as I know, only HSRP lang ang kasama sa CCNA v3.0 exam. Pero dahil malakas ka
sakin at alam kong malaki ang maitutulong nito sa iyong CCNA journey mahalaga na
maintindihan natin ang mga ito kaya isinama ko na rin.
Ready ka na ba? Tara simulan na natin!
276
1. HSRP or Hot Standby Router Protocol
Si HSRP or Hot Standby Router Protocol ay isang Cisco proprietary FHRP protocol. Ibig
sabihin, ginawa ni Cisco para lamang sa mga Cisco devices. Meron itong version 1 and 2.
Again, this protocol ay ginagamit para sa redundancy sa isang network.
How HSRP works

To make it simple idol, HSRP works like this: Meron tayong 2 routers, yung isa is acting as
active and then the other is acting as standby. Basically si active router and nag-proprocess at
nag-aasikaso ng requests coming in and out. Si standby ay abangers lang at ready na mag-take
over once mag-fail or mag-down si active router.
And then nag-crecreate tayo ng hsrp group para sa mga naturang routers. We name or
numbered that group for idetification na yun ay para sa naturang hsrp group na yun. And then
we set a virtual ip address for that hsrp group.
Nag-seset tayo ng priority para ma-identify kung sino ang active at standby router. The default
priority is 100.
Mas mataas sa default, mas preferred maging active. And then kung walang naka-set na
priority, it will fall to the default as 100.
Let say for example, router 1 and router 2. Si router 1, naka-set na priority is 110. Kay router 2
walang naka-set na priority. Meaning si router 1 ang magsisilbing active router(110 priority) and
then si router 2 ang mag-aact as standby(default priority 100).
Bale ang mga devices inside the network ay nakikipag-communicate sa virtual ip of that hsrp
group. Hindi na nila tinitignan ang IP nung active at standby router. Ang nakikita lang nila is si
virtual IP.
Virtual hsrp group ip: 192.168.1.10
Router 1(active): 192.168.1.1 (Priority 110)
Router 2(standby): 192.168.1. (Priority default)
On our given sa taas, we can see na we have the virtual ip of 192.168.1.10. Bale siya ang
nakikita at siya ang kinaka-usap ng mga devices sa ating network.
Pero in the background, si router 1 ang nag-proprocess ng mga request. Bakit? Kasi nga siya
ang active.
Ang mga devices ay hindi alam na dalawa ang router sa loob ng hsrp, basta ang alam nila at
kilala nila is si virtual ip of 192.168.1.10.
Once na mag-failed si router 1, magiging active automatically si router 2. Pero ang mga devices
ay kay virtual ip 192.168.1.10 pa rin nakiki-pag communicate.
Ibig sabihin, hindi nila nare-realized na may down time. Tuloy-tuloy lang ang communication at
connection nila.
277
Gets mo idol?
That's just how HSRP works.
And again, ito ay gumagana lamang sa mga Cisco devices kasi nga proprietary ni Cisco.
Basic HSRP configuration

Ok, to make it more understandable, let's have a simple lab of basic hsrp configuration.
Sa ating simple topology sa taas idol, meron tayong 2 routers. R1(192.168.1.1) acting as active
and then R2(192.168.1.2) as standby.
Then our hsrp group has been numbered as 10 na merong virtual ip na 192.168.1.10.
Gaya nga nang nabanggit ko, ang ibang devices sa network is nakikipag-usap lamang sa virtual
ip which is 192.168.1.10. On the background, bahala na si R1 at R2 ang mag-identify kung sino
ang active and standby sa kanila. As I mentioned earlier, nagse-set tayo ng priority para ma-
identify kung sino ang active at standby.
Here's our configuration.
R1
R1#configure terminal
R1(config)#interface FastEthernet0/0
R1(config-if)#standby version 2
278
R1(config-if)#standby 10 preempt
R1(config-if)#standby 10 priority 110
R1(config-if)#standby 10 ip 192.168.1.10
R1(config-if)#no shutdown
R1(config-if)#end
R2
R2(config-if)#standby version 2
R2(config-if)#standby 10 preempt
R2(config-if)#standby 10 priority 100
R2(config-if)#standby 10 ip 192.168.1.10
R2(config-if)#end
Let me just explain the code.

ip address 192.168.1.1 255.255.255.0
 As you can see idol, we configured the ip address of each router's interface na ginagamit
natin inside our network. Kasi dito dumadaan ang ating traffic based sa ating diagram.
standby version 2
 Idineclare lang natin kung anong version ng hsrp ang gagamitin natin. Keyword for hsrp
= standby sa configuration.
standby 10 preempt
 This code naman is for automatic failover. Preemption din ang tawag minsan from the
word preempt. So basically, if R1 failed, R2 will automatically becomes the active and
then R1 will became standby because of this code.
standby 10 priority 110
 As I mentioned earlier, nag-seset nga tayo ng priority to identify or declare kung sino ang
active router at kung sino ang standby. Again, the word "standby 10" is used to identify
the hsrp group. Then priority 110 means itinaas natin sa 110 ang priority nitong interface
or device na ito para sa naturang hsrp group.
Note: Pwedeng magkaroon pa ng ibang hsrp configuration sa router or interface na ito, that's
why kelangan natin tingnan or silipin kung anong hsrp group ang kino-configure natin.
standby 10 ip 192.168.1.10
 Sabi ko nga we need to have a virtual ip para sa hsrp group natin. Ito yung magsisilbing
IP ni R1 and R2 through hsrp.
279
no shutdown
 And then finally, we just enabled or turn up the interface using the no shutdown
command.
That's just it idol. So yung explanation applies to R1 and R2, magkaiba lang ng values.
And then we can verify the hsrp configuration using the command "show standby".
R1#show standby
FastEthernet0/0 – Group 10 (version 2)
State is Active
5 state changes, last state change 00:08:23
Virtual IP address is 192.168.1.10
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.948 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.2, priority 100 (expires in 9.412 sec)
Priority 110 (configured 110)
Group name is “hsrp-Fa0/0-10” (default)
R2#show standby
FastEthernet0/0 – Group 10 (version 2)
State is Standby
Active virtual MAC address is 0000.0c9f.f00a
Local virtual MAC address is 0000.0c9f.f00a (v2 default)
Preemption enabled
Active router is 192.168.1.1, priority 110 (expires in 8.760 sec)
MAC address is c200.09ac.0000
Standby router is local
Priority 100 (default 100)
Group name is “hsrp-Fa0/0-10” (default)
You can see all the details and information of our hsrp dito idol which I already discussed and
explained above. Using this command, we see all all hsrp related information on both routers.
Owki idol, that's how HSRP works. Napaka-simple di ba?
280
In case nalito ka or hindi mo kagad na-gets, balikan mo lang, in time sure ako mage-gets mo din
yan.
Let's move on to the next protocol which is VRRP.
2. VRRP or Virtual Router Redundancy Protocol

Si VRRP naman idol is ang katapat ni hsrp na open-standard or ginagamit ng ibang vendors or
manufacturer. Kasi nga si hsrp ay Cisco proprietary.
In nutshell, si VRRP ay halos same concept lang din ni hsrp with some slight changes. Sa
VRRP, meron din tayong vrrp group, tapos meron tayong router on that vrrp group acting as
virtual router master and then we have oen or other routers acting as virtual router backup.
And then like hsrp, gumagamit din ito ng virtual ip as the gateway para maki-pag communicate
on the network. Let's dig deeper.
How VRRP works

Para malaman kung anong role ng isang router in a vrrp group, ginagamit din natin ito ng
priority. Kung ang IP ng ating physical interface on a VRRP router is same with our vrrp virtual
ip, ang naturang router ang mag-aact as the virtual router master in the vrrp group.
And then you can configure the priority of each virtual router backup with a value of 1 through
254 using "vrrp priority" command. In case magdown ang virtual router master, the next virtual
router backup that has highest priority will become the virtual router master. Pero gaya ng hsrp,
the devices in the network still see the virtual ip up and not having any issue.
Yung transition ng virtual router backup to virtual router master only happens on the
background.
Si VRRP ay gumagamit din ng preremption for transition of master and backup. Gaya din sa
hsrp, para seamless ang transition in case mag-down ang virtual router master. Pero unlike
hsrp, ang preemption ay default na sa vrrp so hindi na natin kelangan pang i-declare.
Virtual vrrp group ip: 192.168.1.1
Router 1(virtual router master): 192.168.1.1 (Using same ip with the vrrp group virtual ip)
Router 2(virtual router backup): 192.168.1.2 (Priority 110)
Router 3(virtual router backup): 192.168.1.3 (Priority 100)
On our givin example sa taas, since pareho ang IP ng vrrp group at ip ng interface natin in
router 1, ito ang automatically magiging virtual router master. And then routers 2 and 3 are
virtual router backups na pwedeng mag-take over kay Router 1 in case mag-down. So si Router
2 muna kasi siya ang mataas ang priority.
281
Same as hsrp, ang mga devices in the network ay nakikipag-communicate sa vrrp group's
virtual ip na 192.168.1.1. In case magdown si Router 1, si Router 2 ang magtatake-over pero
ang vrrp group's virtual ip is same pa rin 192.168.1.1.
That's it idol. That's how VRRP works.
Basic VRRP configuration

Let's have a simple lab of basic VRRP configuration.
Sa ating simple topology sa taas idol, meron tayong 3 routers. R1(192.168.1.1) acting as virtual
router master and then R2(192.168.1.2) and R3(192.168.1.3) as virtual router backups.
Our vrrp group will use number 10 for identification na merong virtual ip na 192.168.1.1.
Gaya nga nang nabanggit ko, ang ibang devices sa network is nakikipag-usap lamang sa virtual
ip which is 192.168.1.1. On the background, bahala na si R1, R2 and R3 ang mag-identify kung
sino ang master and backup sa kanila. As I mentioned earlier, nagse-set tayo ng priority para
ma-identify kung sino ang master at backup.Pero since ang IP ni R1 is same sa ating vrrp group
virtual ip, siya automatic ang magiging virtual router master.
R1
R1(config-if)#vrrp 10 ip 192.168.1.1
R1(config-if)#
*Mar 1 00:29:06.095: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Master
R1(config-if)#end
282
R2
R2(config-if)#vrrp 10 priority 110
R2(config-if)#end
R2#
*Mar 1 00:32:02.859: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Backup
R2#
R3
R3(config-if)#vrrp 10 priority 100
R3(config-if)#end
R3#
*Mar 1 00:33:54.715: %VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Init -> Backup[OK]
The configuration above na meron tayo idol is same explanation lang din with HSRP kanina.
We turn up the interface, assign the proper ip address like what we have on the diagram, set the
vrrp priority (Router 2 and 3) and then set the vrrp group's virtual ip address. I hope it makes
sense.
And then we can verify using the "show vrrp" command like below.
R1#show vrrp
FastEthernet0/0 – Group 10
State is Master
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 255
Master Router is 192.168.1.1 (local), priority is 255
Master Advertisement interval is 1.000 sec
Master Down interval is 3.003 sec
As you can see idol, the priority of R1 is 255 and it is the master. It automatically default to
priority 255 kasi nga same ip siya ng vrrp group.
283
R2#show vrrp
…..
State is Backup
Preemption enabled
Priority is 110
Master Router is 192.168.1.1, priority is 255
Master Down interval is 3.570 sec (expires in 2.806 sec)
R3#show vrrp
State is Backup
Preemption enabled
Priority is 100
Master Router is 192.168.1.1, priority is 255
Master Down interval is 3.609 sec (expires in 2.633 sec)
Sa R2 and R3 naman idol, makikita natin information pa rin ng ating vrrp. It's more self-
explanatory I guess.
That's it pansit!
I hope by this time, meron ka ng idea at basic knowledge about HSRP and now VRRP protocol.
Last in our list is the GLBP.
3. GLBP or Gateway Load Balancing Protocol

Si GLBP like HSRP and VRRP ay nag-proprovide din ng redundancy sa ating network. Pero si
GLBP ay kayang mag load-balancing among different routers for the load or traffic ng ating
network.
So aside from redundancy, hinahati-hati niya pa ang traffic for different routers para hindi isang
router lang ang napwepwersa.
Kung matatandaan mo idol, sa HSRP at VRRP, redundant tayo pero in the backgroup isang
router lang ang gumagana diba? Meron tayong active or master.
Then magta-take over lang ang standby or backup kapag nagdown ang active/master. Right?
284
In other words, pwersado pa rin yung isang router na yun(active or master) sa mga requests at
communication na kelangan niyang iprocess, habang si standby or backup ay wala naman
ginagawa at naka-abang lang. Gets mo idol?
In GLBP, bukod sa redundancy, lahat ng routers in the group are working at naghahati-hati sa
mga requests at processes. Ibig sabihin, hindi isang router lang ang napwe-pwersa.
How GLBP works

Sa GLBP, ang mga routers na members ng naturang GLBP group ay nag-eelect ng isang router
as the AVG (active virtual gateway) for that group.
And then the other routers will act as backup in case magdown si active virtual gateway.
Si AVG ang nagco-control sa lahat ng members ng naturang GLBP group by assigning a virtual
MAC address to each member.
Each router takes responsibility of forwarding packets sent to the virtual MAC address assigned
to it by the AVG. At sila ay tinatawag na AVF (active virtual forwarder) for their virtual MAC
address.
So since pare-pareho ang mga routers ng virtual ip, nakikipag-communicate sila sa network via
its virtual mac-address na automatically assigned by AVG.
It communicates through ARP or address resolution protocol.
Ini-roround robin ni AVG sa mga AVF via its virtual mac-addresses ang pagprocess ng mga
requests or communications. Let say the first request will go to R1, then next will go to R2 etc.
etc.
Sabi ko nga kanina, hinahati-hati ang communication at requests sa lahat ng members ng
naturang GLBP.
So again, ang mga devices sa network ay nakikipag-communicate lamang sa virtual ip ng ating
GLBP group. And then si AVG na ang bahala kung sinong AVF ang magpro-process ng
kanilang requests.
Gets mo idol?
Simple lang diba?
Ulitin mo lang makukuha mo din yan.
Let's have a simple GLBP lab para mas magets mo pa.
285
Basic GLBP configuration
So ating diagram sa taas, we'll have GLBP group number 10 and then a virtual ip of
192.168.1.10 for that GLBP group.
Si R1 ang ating AVG for the GLBP group and is responsible for the virtual IP address
192.168.1.10.
Si R1 din ay magiging isang AVF for the virtual MAC address 0007.b400.0a01 and then si R2 is
a member of the same GLBP group and is the designated AVF for the virtual MAC address
0007.b400.0a02.
Basically ang mga hosts natin is nakikipag-communicate lang sa ating GLBP virtual ip na
192.168.1.10. Pero when the communication returns, iba iba ang mac-address na ginagamit ng
virtual ip. Kasi nga, ni-loload balance ni AVG ang traffic at requests sa mga AVF or member ng
GLBP group.
Gets idol?
R1
R1(config)#no shutdown
R1(config-if)#glbp 10 ip 192.168.1.10
R1(config-if)#end
R1#
R2
286
R2(config)#no shutdown
R2(config-if)#glbp 10 ip
R2(config-if)#end
R2#
Yung command na "glbp 10 ip" is used para sa ating GLBP group. Sabi ko nga we used number
10. Yung ibang configuration is very self-explanatory na idol. I hope it all make sense.
And then lastly, we can verify our configuration using the command "show glbp" like what you
see below.
R1#show glbp
State is Active
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is local
Standby is 192.168.1.2, priority 100 (expires in 9.888 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
c200.140c.0000 (192.168.1.1) local
c201.140c.0000 (192.168.1.2)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:07:22
MAC address is 0007.b400.0a01 (default)
Owner ID is c200.140c.0000
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.0a02 (learnt)
Redirection enabled, 598.188 sec remaining (maximum 600 sec)
Time to live: 14398.188 sec (maximum 14400 sec)
Active is 192.168.1.2 (primary), weighting 100 (expires in 8.188 sec)
287
R2#show glbp
State is Standby
Virtual IP address is 192.168.1.10 (learnt)
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is 192.168.1.1, priority 100 (expires in 7.468 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
c200.140c.0000 (192.168.1.1)
c201.140c.0000 (192.168.1.2) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
MAC address is 0007.b400.0a01 (learnt)
Time to live: 14397.456 sec (maximum 14400 sec)
Active is 192.168.1.1 (primary), weighting 100 (expires in 8.888 sec)
Forwarder 2
State is Active
MAC address is 0007.b400.0a02 (default)
Active is local, weighting 100
Wheew! Another long topic!! Pero I know sulit ito idol kasi I am confident naintindihan at marami
kang natutuan on this chapter.
These are the first hop redundancy protocol na karaniwang ginagamit natin sa network. Sa
exam ang alam ko is HSRP lang ang kasama but better check para sure tayo.
Again, I hope I was able to share something valuable on this lesson idol. Salamats!
288
Lesson 3: Understanding the basic of NAT or Network Address Translation
Idol, we're moving to another topic of our CCNA lessons. Today, ang pag-uusapan naman natin
ay ang understanding the basic of NAT or Network Address Translation. Are you ready? Let's
do this!
Basic of NAT: What is Network Address Translation?

In a nutshell idol, NAT is used to "translate" your private IP address to a public IP address so it
can reach and route over the internet. That's the concept and basic of NAT. But let me go deep
with that.
Kagaya nga nang nagpag-usapan natin before sa IP addressing, you can only go out or connect
to the internet thru a public IP address right? So let say for example in a company your internal
ip address is 192.168.1.5, yang ip na yan hindi mo pwedeng i-route or gamitin outside your
LAN. Bakit? That's a private IP address at hindi yan gagana or makikita outside or sa internet.
So in order to connect or route outside in public, kelangan natin i-translate yang private ip
address into a public ip address para maka-connect tayo sa internet or outside of our network.
Let say for example, yang private ip na 192.168.1.5 will be translated to 170.65.125.5. Kapag
nag-connect ka na outside, ang ibang company or organization is nakikita ka as 170.65.125.5.
Hindi yung internal IP mo. So they will communicate back to you through 170.65.125.5. And
then si router mo na ang bahalang mag-translate ulit from outside going to inside pa-connect sa
laptop or PC mo.
So meron ng designated na list ng private ip addresses na pwede mong gamitin inside your
network. And then meron din list ng mga public ip addresses na ginagamit sa public or sa
internet.
Here's the table of Private IP addresses, their classes and their default subnet mask.
Take note idol kung mapapansin mo, sa class B and class C ilang part lang ang kasama sa
range ng 172 and 192 na block ng ip addresses. Lahat ng hindi kasama sa range na yan is
public ip addresses. Owki?
Gets mo idol? Isa pa, padaliin natin.
Sa isang internal network or kahit sa inyong bahay, most likely na pasok sa alin man sa private
ip address range ang iyong ip address. Kagaya nga ng sinabi ko, ito ang ginagamit internally at
hindi pwedeng gamitin outside or in public.
Kapag tayo ay nag-browse sa internet or sa labas ng ating internal network, dumadaan tayo sa
router at itina-translate nito ang ating private ip address into a public ip address. Ito ang
tinatawag na NAT or network address translation.
289
Let’s say ang ip ng iyong pc ngayon (try ipconfig in command prompt) ay 192.168.1.5, that is a
private ip address at ang nakakakita lamang nito ay ang ibang devices na naka-connect din sa
iyong network or iyong router (internal!).
Pag-browse mo ng internet, let say nag-login ka sa facebook, hindi nakikita ni facebook at ng
ibang users or network na ang ip mo is 192.168.5. Ang nakikita ni facebook or ng iba ay ang
iyong public ip address which is ang ip address na allocated ng iyong ISP (PLDT, Globe, Bayan
etc.).
So sa pamamagitan ng iyong home router or router modem, itina-translate nito ang iyong
private ip address sa isa sa mga public ip address ng iyong ISP.
Ganun ang NAT. Hope by now, you get this idol. For additional info, you can visit ang check
again the IP Adderssing article we have.
Eh bakit hindi na lang public ip address gamitin ko sa LAN ko or inside my network para wala ng
translation? Let say 50 lang ang PC namin internally eh di kuha or bili na lang kami ng 50 na
public IP addresses. Hindi pwede idol. Bakit? Ganito.
Una, ang public IP address ay limited. Kung lahat ng tao or company ay gagawin yan, matagal
na tayong naubusan ng IPV4 public ip address.
Pangalawa, ito ay ni-reregister at siyempre binibili or binabayaran. At mahal! As in. Kaya din
siya mina-manage ng IANA(Internet Assigned Numbers Authority) sa pamamagitan ng mga
RIR(Regional Internet Registry) and then down through ISPs.
Gets mo idol? Kaya inembento ang NAT. I hope malinaw na idol.
Let's move on.
Two different types of NAT
Meron tayong two types of NAT kung pano itinatranslate ang mga private ip addresses into
public ip addresses. Here they are.
1. Static NAT
Sa static NAT as the name implies, naka-static ang bawat private ip addrsses into one public ip
address. One is to one. 1 private ip address = 1 public ip address.
So ibig sabihin, kung meron kang 50 host inside your network na kailangang mag-connect in
public, you need to have 50 public ip addresses. Kaya lang gaya ng napag-usapan natin kanina,
hindi nga ito feasible at bihira or wala atang gumagamit ng ganitong setup in real world.
Siyempre sa malalaking company na merong 500 or more na mga users, kailangan nila ng
maraming public ip addresses di ba. So dito pumapasok ang 2nd type natin na Dynamic NAT.
2. Dynamic NAT
In dynamic NAT idol, automatic or dynamically na na-tatranslate ang ating private ip address
into a public ip address. So hindi katulad ng static na 1 is to 1, so dynamic pwedeng group of
private ip addresses ang gumamit ng certain public ip addresses. Let me give an example.
290
Let say in a company meron silang 500 employees. So imposible nga at hindi feasible na
makabili or makakuha sila ng 500 public ip addresses para gamitin ang static NAT right? They
will use dynamic NAT.
Sabihin na natin na naka-obtain ng 50 public ip addresses si company. Ibig sabihin, 50 hosts or
users lang ang pwedeng mag-connect in public or sa internet ng sabay sabay right?
In dynamic NAT, pwedeng dynamically ma-assign ang 50 public ip addresses na yan kung sino
lang ang mga users na gumagamit ng internet that time.
For example, sa umaga 50 employees lang naman ang gumagamit ng internet so si router,
dynamically i-tatranslate yung private ip addresses nung 50 active users na yun sa 50 public ip
addresses na meron si company.
And then let say sa lunch break another 50 users ulit, dynamically ma-aassign ulit ung 50 public
ip addresses para dun sa active na 50. And then sa hapon kung ganun ulit, same thing.
Solve ba ang problema? Hindi! Bakit? Ganito idol.
Ang problema, una, hindi lang naman 50 persons or users ang posibleng mag-connect or
gumamit ng internet in a given time. In fact these days, halos lahat ng employee ay gumagamit
ng internet.
So hindi pwedeng pila pila na parang bayad center, malulugi ang business. Di ba?
Pangalawa, hindi rin ganun kadali mag-obtain ng 50 public ip addresses. Lalo na kung mas
marami pa diyan. Limited lang ang pwede mong mabili or ma-obtain na public ip from your ISP.
At siyempre mahal so dagdag gastos sa company.
Dito pumapasok at napapakinabangan ang feature ng dynamic NAT na NAT Overload or
tinatawag din natin na Port Address Translation (PAT).
Sa NAT overload or PAT, pwede natin magamit ang isang public ip address for mulitple private
ip addresses. In fact pwede ngang isang public ip address lang for the whole network kung hindi
naman kalakihan. You ask how?
Sa NAT overload dynamically na-aassign ang mga private ip addresses into a single public ip
address with different port numbers. So let say si 192.168.1.5 na-assign ng port 1234
(192.168.1.5:1234) then yung host na 192.168.1.6 port 2345 naman (192.168.1.5:2345) and so
on.
Kaya din siya tinawag na PAT or Port Address Translation. All of them can be translated into a
single public ip address.
Parang ganito.
291
As you can see sa ating sample image above mga idol, we have 3 different host in our internal
network.
Bago sila makalabas ng ating router(NAT overload enabled router) itina-translate na sila into a
singple public IP (203.31.218.100) at kasama ang iba't ibang ports for each of those internal or
private ip.
Ibig sabihin, each of the connection ay treated separately kahit single public ip lang ang gamit
natin. Kasi nga each session ay consisting of different ports.
Gets mo idol?
So in communicating back to us or pabalik sa ating network, yung destination or outside server
is makikipag-communicate sa ating public IP gamit yung mga ports kung saan niya natanggap
ang connections.
For example, dun sa unang connection from internal network going outside.
Source
Private IP: 192.168.0.1
Port: 3000
Public IP: 203.31.218.100
Destination:
Public IP: 200.0.0.1
Port: 23
*Yung port 23 is for application (this time telnet. So kung web traffic or http port 80 and then
etc.) This is from internal to outside idol ha.
Pagbalik niya from outside going to our router ganito na.

Source
Private IP: 200.0.0.1
Port: 23
292
Destination
Public IP: 203.31.218.100
Port: 3000
As you can see idol, yung public IP natin ang nakikita ng mga outside connections. Hindi nila
alam at wala silang pake doon sa private or internal ip address natin.
They will communicate back to our public ip address with the port given on that session.
And then pagdating router natin, malalaman niya na para kay 192.168.0.1 yung connection
dahil sa port destination na 3000. So mata-translate yun inside our network to 192.168.0.1 port
3000.
That's it!
That is how NAT overload works.
Before we end this article, daanan din natin ang ilan sa mga terms na may kinalaman sa NAT.
NAT terminologies you need to know.

1. Inside local address
The IP address assigned to a host on the inside network. Basically idol, ito yung mga private ip
addresses na ginagamit natin internally.
2. Outside local address
Ito ang term na tawag naman natin sa ip nung external host or yung destination natin from our
network perspective.
3. Inside global address
IP address representing the inside hosts on the external network. This is our public ip addresses
given or assigned to us by our ISPs.
4. Outside global address
IP address assigned to the host in the external network.
To make it simplier, here's how it works in visual representation idol. See below.
293
Gets idol? Ok, here's another one.
I hope everything is clear now.

Hanggang dito na lang muna idol. Ulitin at kabisaduhin mo muna ito until ma-gets mo na.
Honestly hindi naman siya mahirap. Alam ko yakang-yaka mo yan.
Next lesson, we will do some basic NAT configuration para makita natin kung pano ito ginagawa
at kung pano gumagana in action.
Hope it helps. Cheers!
294
Lesson 4: Basic NAT configuration
Alright idol, natapos na natin ang basic understanding ng NAT or Network Address Translation,
I hope by the time you read this, naiintindihan mo na at alam mo na ang concept kung papaano
at saan ginagamit ang NAT. This time, we're doing some basic NAT configuration. Ready?
Game!
Basic Static NAT configuration

On this one mga idol, we're going to have a very simple static NAT configuration. Para
maipakita natin kung papaano ito gumagana at kino-configure.
Again with static NAT, the translation from private to public ip address is one-to-one. Meaning, 1
private IP address = 1 public IP address. Gets na ha. Owki, let's start.
As per Cisco, here are the basic steps na kelangan natin sundan when configuring static NAT.
Let me explain the steps.

In #1, of course kelangan nasa global configuration mode tayo. Meaning, ang ginagawa nating
config is para sa buong router. Then in #2, the command "ip nat inside source static [local-ip]
[global-ip]" means that we're declaring NAT from inside to outside using static and then
295
translating the local ip (kung ano mang local or internal ip) to a global ip (kung ano man global ip
natin sa outside internface). Paki-ignore muna yung overload. :-)
Then in #4 and #5, nagdefine lang tayo kung alin yung NAT inside(ip nat inside) and NAT
outside interface(ip nat outside). Basically ang inside interface is ang interface facing our local
network and then siyempre ang outside interface is facing public or internet.
Gets idol?
Ok, let's have an actual scenario.
Ok, sa ating sample configuration as you can see idol, we just translated the internal ip of
192.168.1.20 to 172.16.1.5 when sending traffic out of interface f0/1.
Sinundan lang natin yung syntax sa taas.
So bale yung "ip nat inside source static 192.1681.20 172.16.1.5" gaya nga nung nabanggit ko
kanina, nag-define tayo ng NAT from inside going outside and then we also declare kung anong
internal ip at kung saang public ip siya matra-translate.
Tapos yung mga interfaces, again yung ip nat inside is for internal interface at siyempre may ip
address yan ganun din sa outside interface which is our public facing interface.
Alright? So this time, we now see how to apply basic static NAT configuration.
Let see how dynamic NAT naman.
296
Basic Dynamic NAT configuration
Ok, so in dynamic NAT just to recap, we can use pool or group of internal or private ip address
into a pool or group of public ip addresses. Right?
Sabi ni Cisco, here are the recommended steps when configuring basic dynamic NAT.
Let me explain again.

Halos same lang din naman with static excep sa steps 2 - 4. So let make is simple.
In step #2, kelangan natin mag-define ng "pool name" para sa mga addresses na mag-
ttranslate sa ating internal ip addresses. Once we have the pool name, kelangan din natin i-
declare yung range ng external or public ip addresses na gagamitin natin. And then after that,
the subnet mask or prefix list of that ip range.
Here's an example.
NATrtr(config)#ip nat pool example-pool 172.16.1.10 172.16.1.20 netmask 255.255.255.0
297
Sa ating sample config sa taas, ang pangalan ng pool natin is "example-pool" and then on that
example-pool meron tayong public ip addresses na 172.16.1.10 to 172.16.1.20. It's a /24
address pero 11 external IP addresses lang ang gagamitin natin base sa range na ni-declare
natin(.10 to .20).
Let's move on to step#3, dito naman idol kelangan natin mag-create ng acccess-list. Ayan na,
ano naman yung access-list? To make it simple, ang access-list ay nagsisilbing filter kapag
inapply sa router. Ibig sabihin, kung anong range or IP addresses lang ang naka-define sa
access-list na yun, yun lang ang ipa-process ni router, either allow or deny kapag inapply mo na
sa interface. We will have separate topic about ACL or access-list.

NATrtr(config)#access-list 55 permit 192.168.1.0 0.0.0.255
Sa ating sample script sa taas, nag-create tayo ng access-list which is a standard access-list.
Ito ay access-list #55, ang mga access-list ay ginagamitan ng number or sequence or pwede rin
naman na name.
This time we use number 55. Yun yung tatawagin natin once gusto na natin i-apply si access-
list.
After that, inside that access-list, we tell the declare to permit the IP range of 192.168.1.0 with a
netmask of 0.0.0.255.
Kagaya nga nang napag-usapan natin in subnetting, si netmask will just match for 0's and then
allow or let anything under non-zero's.
So bale yung 192.168.1.0 0.0.0.255 ay katumbas din ng /24. Lahat ng IP starting from
192.168.1(0.0.0 in netmask needs to match) and then yung 0(.255 in netmask) is anything from
0 to 255 (or 1 to 254 ang usable).
Gets idol?
In short parang ganito, access-list 55 allow the IP from 192.168.1.1 to 192.168.1.254. That's it!
Let's go to step #4.
On this step idol, tatawagin lang natin yung mga ginawa natin in step#2 and step #3. Ignore niyo
muna yung overload.
Here's the example.
NATrtr(config)#ip nat inside source list 55 pool example-pool
Ok, on this step, nag-declare tayo ng NAT from inside going outside(ip nat inside), then sinabi
natin na ang source list natin is si 55(which is si access-list 55 na ginawa natin kanina.
So ang nasa loob niya ni access-list 55 is permit 192.168.1.0 0.0.0.255).
And then we declare the pool(pool) tapos tinawag naman natin yung pool name(which is si
example-pool na ginawa din natin.
298
Then ang nasa loob ni example-pool is ang IP range na 172.16.1.10 172.16.1.20).
That's just it idol!
Then of course, kelangan natin i-declare yung inside and outside interfaces gaya nung sa static.
Gets ba idol? Hinimay himay ko na yan para sayo.
To see it together (with diagram), ito siya.
I hope malinaw idol, kung nalito or naguluhan ulit-ulitin lang. Kung hindi pa rin, break muna. Sa
tamang panahon, makukuha mo rin yan. :-)
Let's have our last sample which is the overloading.
Basic NAT with overloading configuration

Sa NAT with overloading, it is almost the same na with out last example. Kasi nga, feature lang
din naman siya ni Dynamic NAT. We will just have a basic sample para makita natin. Owki?
Let also use the same example we have in dynamic NAT.
See below.
299
Wala na tayong pool para sa public IP kasi this time isang public IP lang ginamit natin which is
the IP address of f0/1(172.16.1.1). Ibig sabihin yung laman ni access-list 55(192.168.1.1 - 254)
is i-tatranslate niya into a single IP which is 172.16.1.1 when going outside that interface.
Pano nangyayari? By the use of "overload" command, automatic ng alam ni router yun. So gaya
nung na-discuss natin sa Part I, i-ttrack ma-seseparate sila and mata-track with different ports
when communicating outside and going back inside.
Pwede rin naman na may pool pa ng public ip addresses, that case mag-ooverload siya on that
pool. Pero kadalasan wala na kasi "sayang" yung public IPs eh pwede namang isa lang. Di ba?
gets mo idol?
I hope by now, nadagdagan na ang kaalaman mo pagdating sa NAT. Medyo nakakalito lang sa
una pero ulit-ulitin mo lang, sabi ko sayo pag-nagets mo na, maiisip mo sisiw lang pala.
Before we end this lesson, here's some helpful commands when using NAT.
Basic NAT commands.

#show ip nat translations
 Para makita natin ang mga translation entries sa ating NAT configuration
Example.
Router# show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 171.68.1.1 171.68.1.1 171.68.16.10 172.16.88.1
--- --- --- 171.68.16.10 172.16.88.1
300
#show ip route
 Again, alam mo na dapat ito. To see the routing table entries.

#debug ip nat
 Para makita natin yung mga log changes na may kinalaman sa NAT configuration
I think that's it.

Wheew! Another long lesson idol, I hope, I hoooope this make sense. Until next lessons,
cheers!
301
CHAPTER VII: INFRASTRUCTURE SECURITY
Lesson 1: Understanding basic of port security

Idol, we're moving to another topic which is the basic of port security. Importante na
maintindihan at malaman natin kung paano ito ginagamit at gumagana. Bukod sa kasama ito sa
CCNA v3.0 exam, lage rin itong ginagamit sa network in real world. Let's get started!
Basic of port security

Mahalaga na secured ang mga ports ng ating switches at router dahil maari itong pagmulan at
panggalingan ng vulnerabilities. Pwede rin itong ma-access at maging dahilan ng network
breach and iba pa gaya ng pag-hack, data and information fraud at marami pa.
On this lesson idol, we will going to talk the some of the common and basic security na ina-
apply sa mga ports. Let's start.
How to enable and configure port security

Para magamit natin ang port security feature ng isang Cisco switch, siyempre kelangan muna
natin itong i-enable. There are 2 simple steps kung paano ito gawin. Here they are.
A. Define the interface as an access interface by using the "switchport mode access"
interface subcommand
Ex.
Switch#conf t
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Sa ating simpleng command sa taas ido, I set the interface or port fa0/1 ni switch to be a access
port. Ibig sabihin for end devices.
B. Enable the port security feature on the interface using the "switchport port-security"
subcommand
Ex.
Switch#conf t
Switch(config-if)#switchport port-security
Self-explanatory idol, we just enable na port security feature in port fa0/1 using the command
"switchport port-security"
302
Once na ma-enable na natin ang port security, that's the time na pwede na natin gamitin ang
mga port-security features. Siyempre, don't forget to enable or unshut the port.
Common port security features
Ito ang ilan at karaniwang port security features na karaniwang gingamit sa real world idol.
Please take note na may mga tanong din sa CCNA exam ang regarding dito. Here they are.
1. Port Security: Static Mac-address
On this one idol, pwede tayong mag-define ng static mac-address(switchport port-security mac-
address MAC_ADDRESS) na pwede lamang natin i-allow sa naturang port or pwede rin na
dynamic mac-address using the mac-address sticky option(swichport port-security mac-address
sticky).
Ex.
Switch#conf t
Switch(config-if)#switchport port-security mac-address aaa.aaa.aaa
On the this sample idol, static natin na idenefine ang mac-address na aaa.aaa.aaa sa interface
or port fa0/1.Ibig sabihin, tanging ang device lang na may mac-address na aaa.aaa.aaa ang
pwedeng gugamit ng port fa0/1.
Kapag nag-saksak tayo ng ibang device, ito ay hindi gagana at mag-eerrdisable state. Later we
will discuss what is errdisable state ng port.
2. Port Security: Dynamic Mac-address or sticky option
Switch#conf t
Switch(config-if)#switchport port-security mac-address sticky
Dito naman sa pangalawang situation, gumgamit tayo ng "sticky" option. Ibig sabihin lang ng
sticky, kung anong unang mac-address ang ma-learn niya, yun ang ide-define niya for security.
And then ang mga kasunod or kapag nag-connect tayo ng ibang devices hindi na ito gagana or
mag-errdisable din. Bakit? Kasi nga yung sticky option is tinatandaan niya yung first device na
kumonek sa kanya at tanging yun lang ang pwede gumana sa naturang port.
3. Port Security: Maximum value
Switch#conf t
Switch(config-if)#switchport port-security maximum 64
303
Dito naman idol, we set the maximum number of hosts or mac-addresses na pwedeng kumonek
on fa0/1 port. Ibig sabihin sa ating sample config sa taas, 64 devices lamang ang pwedeng
gumana.
Ibig sabihin, kung papalit-palit ang device na naka-connect sa naturang port at pang-65 na ang
ikinabit natin, hindi na ito gagana at mag-eerrdisable state na ang naturang port.
The number of maximum value na pwede natin ilagay is from 1 to 4,097. 1 is the default.
4. Port Security: Mac-address aging
Switch#conf t
Switch(config-if)#switchport port-security aging type inactivity
Switch(config-if)#switchport port-security aging time 120
On this one idol, we use the aging type inactivity on the port fa0/1 and set the aging time to 120
minutes or 2 hours. Ibig sabihin, in the event na idle or inactive ang naturang port within 120
minutes, the mac-address of that device will be release and new device can be connected.
Of course, do not forget to turn up or unshut the port.
5. Port Security: Violation mode
Sa port security, meron tayong tinatawag na violation mode. Ibig sabihin, when a certain port
security has been violated, pwede tayong mag-define ng action na pwedeng gawin or mangyari
on that port.
For example sa mga nauna nating port security features sa taas, kapag na-encounter ang mga
gnyan situation or violation of a given port, we can define kung anong mangyayari or anong
action ang gagawin on that port like shutdown, protech or restrict.
Ito yung 3 actions na pwede nating i-set sa port once violation occurs.
A. Shutdown (default)
The interface is placed into the error-disabled state, blocking all traffic. Gaya nga ng sinasabi ko
kanina, once na ma-encounter ang naka-set na port-security features, automatic na mag-
sshutdown ang port at ito ay mapupunta into err-disable state.
B. Protect
Frames from MAC addresses other than the allowed addresses are dropped; traffic from
allowed addresses is permitted to pass normally.
On this one naman idol, lahat lang lang ng naka-allowed na mac-address ang pwedeng maka-
connect or makagamit ng port once violation occurs. All traffic na galing sa hindi allowed na
devices will be dropped.
304
C. Restrict
Like protect mode, but generates a syslog message and increases the violation counter. Halos
same lang din itong protect mode pero this one ay magbibigay sayo ng log or counters to see
the violation on that port.
Switch#conf t
Switch(config-if)#switchport port-security maximum 64
Switch(config-if)#switchport port-security violation shutdown
Sa ating sample config sa taas idol, we use the maximum mac-address port-security feature
and then we also use the violation mode feature. Ibig sabihin lang nito, kapag nag-65 na ang
mac-address or na-reached na ng port ang 65th devices, the port will shutdown and put to err-
disable state.
Or pwede rin naman na gamitin natin yung ibang violation mode, depende na sa gusto at
kailangan natin. Like this format.
Switch(config-if)#switchport port-security violation {protect | restrict | shutdown}
Kelangan lang natin pumili kung anong type of action ang gagawin sa port when a port-security
violation occurs.
Gets na idol? Simple lang naman di ba?
Take note, shutdown is the default action when violation happens.
That's most of the common port security features na karaniwang ginagamit sa real world at
karaniwang din itinatanong sa exam. I hope by this far, naintindihan at na-gets mo naman na
kung paano ito gumagana at ginagamit.
Let's continue.
How to verify port security

Para naman makita natin ang port security na naka-configure sa isang port, we can use the
"show port security" command.
Here's an example.
Switch#show port-security interface f0/13
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
305
SecureStatic Address Aging : Disabled
Maximum MAC Addresses :1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Sa ating output sa taas, makikita natin na naka-enable ang port security at ang mga features
nito. Madali naman intindihin idol. I hope it's making sense.
How to enable err-disabled port

Sabi nga natin kanina, once na ma-encounter ang violation ng isang port ang default action nito
is to shutdown and put it on err-disabled state. So paano ang gagawin natin once that port is in
err-disabled state.
To enable and use the port again, kelangan natin itong i-shutdown manually and then i-unshut
ulit manually.
Please take note na kelangan munang i-shutdown bago i-unshut or i-turn up ang port na galing
sa err-disabled state. Kapag ini-unshut or ini-turn up mo ng hindi mo ito manually ini-shutdown,
hindi pa rin ito gagana kasi ito ay nasa err-disabled state pa rin. Bale kasi ang err-disabled state
ay hindi naman talaga naka-shutdown ang port, ito ay disable lang. So there's a difference.
Again manually shutdown the port and then unshut or turn it up again. Here's the example.
Let say si interface fa0/1 ay nasa err-disabled state dahil nag-occur ang isang port security
violation. Kelangan mong puntahan si interface and then issue the "shutdown" and "no shut"
command.
Switch#conf t
Switch(config)#shutdown
Switch(config)#no shut
Switch(config)#end
This will basically turn-up ang make the port usable again. Gotcha idol? Kung hindi, ulit lang.
Makukuha mo rin yan.
Auto recovery of err-disabled port

Ok, so alam na natin kung pano mag-set ng port-security features sa mga ports. Alam na rin
natin define ng action once that port security violation happens. At siyempre alam na rin natin
kung papaano i-recover ang port from err-disabled state. There's some small problem.
Ok lang sanang manual natin i-shutdown at i-unshut ang mga ports na nasa err-disabled state -
kung kakaunti lamang sila. Kung mga 10 or 20 pwede pa. Pero pano kung nasa isang malaking
306
network ka na may libo-libong ports? Or mag-isa ka lang sa shift mo sa network team at sabay-
sabay naka-encounter ng violation ang mga ports? Hustle i-manual di ba?
Dito pumapasok ang auto recovery of err-disabled port. Ibig sabihin, we can define or we can
set a specific time frame para automatic nang mag-enabled ang naturang port. Hindi na natin
kelangan manually i-shutdown at i-unshut para gumana ulit at maalis sa err-disabled state.
Let say sa ating scenario sa taas, naka-encounter ng port security violation si interface fa0/1 at
ito ay na-shutdown base sa violation mode. Kung meron tayong auto-recovery, automatic ng
magtu-turn up si fa0/1 sa certain interval na ini-set natin.
Here's the example configuration.
Switch(config)#errdisable recovery cause psecure-violation
Switch(config)#errdisable recovery interval 600
Note: The auto-recovery option ay sa global configuration mode (Switch(config)#) ikino-

configure at hindi sa loob ng interface.
Sa ating sample config sa taas, we enable the auto-recoverty from err-disabled state with
interval of 60 seconds. Ang code naman na "cause psecure-violation" ibig sabihin is for port-
security violation. Meron pa kasing ibang cause ng err-disabled kaya kelangan nating i-define.
Kung gusto natin na lahat ng nag-cause ng err-disable ay automatic mare-recover, we can use
the following.
Switch(config)#errdisable recovery cause all
Switch(config)# errdisable recovery interval 600
This one will auto-recover the port kahit ano pa ang cause ng err-disabled within 60 seconds.
To check interface status, we can use this command.
Switch#show interfaces gigabitethernet 4/1 status
Port Name Status Vlan Duplex Speed Type
Gi4/1 err-disabled 100 full 1000 1000BaseSX
This is an example of a port in the error disabled state. Again, we can manually shutdown and
un-shut the port or pwede tayong mag-set ng auto-recovery for automatic recovery of the said
ports.
Wheeew! Another long lesson idol. I hope by the time you reach this paragraph, naintindihan at
na-gets mo na ang basic of port security. Kung hindi pa, ulit-ulitin lang.
Until next lessons, cheers!
307
Lesson 2: How to configure password in a Cisco router
On this lesson idol, we will talk about the basic security na kailangan natin i-setup sa router. I'll
share with the basic of how to configure password in a Cisco router.
Let's start!
Mahalaga na may security ang ating logins lalo na ang mga critical devices.
Of course given na ito sa mga enterprise at corporate setup pero since ikaw ay nagsisimula pa
lang sa iyong CCNA journey, importante na aware ka at alam mo ang mga basic and
fundamentals.
Here are the basic ways to configure password in a Cisco router
1. Auxilary (AUX Port) Port
Ang auxilary or aux port ay isa sa mga communication port ng router. Kailangan natin itong ma-
secure dahil pwede itong gamitin to get inside sa ating network or get inside the router.
Here's a picture of an aux port and console port from the back of a Cisco router.
Ito naman ang way to configure password in auxilary or aux port.

Router#config t
Router(config)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login
Router#end
So basically in this command, we setup a password on the aux port (line aux 0) using the
password "cisco". Siyempre in real world dapat mas secured ang gagamitin nating password.
We also required login using the command "login".
308
When someone connects or let say nag-connect ng cable on the aux port, it will ask for login
and for a password.
2. Console Port
Gaya din ng sample image natin sa #1, ang console port ay isa rin sa communication port ni
router. In most cases ginagamit ito on the initial configuration ng router kasi wala pa siyang
network settings.
We can connect to a console port using a console cable na connected naman sa ating laptop or
computer. Here's an example.
So again, dapat ito ay secured at tanging mga authorized users lamang ang may access. Both
physically and online kapag connected na sa network. Here's the steps to configure a password
in a console port.
Router(config)# line console 0
Router(config-line)# password CISCO
Router(config-line)# login
Router#
Again, we go to the console line and required a login. Then the password must be CISCO para
makapag-login sa ating console port. Make sense idol?
3. VTY Ports (Telnet Ports)
Ang VTY naman or sabihin natin virtual lines ay mga communication line din ng router which
only works kapag connected na sa network. So again, dapat ito ay secured at tanging ang mga
authorized users lamang ang mga makaka-access.
309
Usually there are 5 VTY lines in a Cisco router (line 0 - 4). Pwede natin silang i-password
protect lahat using that range. Here's how to setup a password on VTY lines.
Router#config t
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Router#
On the above sample, we go to the all 5 VTY lines(0 - 4) and then required a login using a
password cisco. Again, dapat mas secured ang password in real world. Owki?
4. Privileged Mode
Gaya ng napag-usapan natin sa mga naunang lessons, ang meron tayong tinatawag na
command line modes in a Cisco router or switch. Basically each mode has different access and
use pagdating sa ating device.
For security purposes, kailangan din natin lagyan ng password ang privileged mode to secure
unauthorized access sa ating router's configuration. Again this is just the basic setup kasi in real
world, this can be connected to a login servers like TACACS+ or RADIUS na idi-discuss natin
sa susunod na lessons.
Ok, so here's how to setup a password in privileged mode.
Router#config t
Router(config)#enable password cisco
Router#
That's basically it! That one piece of command tells the router to ask for password when
someone goes or try to go in the privileged mode. And "cisco" must be the password to be
used.
Pero may konting problema diya, that type of password in priveleged mode is not so secure.
Why? Kasi that's the old way of setting up password in privileged mode. Kapag dumadaan yan
sa isang sniffer or data capture, plain text lang siya at makikita mo na "cisco" ang gamit na
password. Kumbaga hindi siya encrypted. Dito pumpasok ang enable secret.
Using enable secret, the router will encrypt the password at hindi ito basta basta ma-dedecrypt.
Ibig sabhin, hindi lang siya basta plain text gaya ng old way of securing privileged mode.
Here's the simple way to use the enable secret.
Router#config t
Router(config)#enable secret cisco
Router#
On this one, we are basically securing the privileged mode at the same time ine-encrypt natin
ang password using the word "secret". So in case dumaan ito sa sniffer or data capture
310
application, hindi pa rin makikita ang ating password na "cisco" kundi random combination of
text and numbers lang.
Gets mo ang difference idol? Madali lang naman diba. I hope it make sense.
Ok, so we setup passwords on different communication line ng ating router. To make it more
understandable, let's also create usernames and password on the router.
How to create local username and password in a Cisco router

Basically "local" ang tawag kapag ang mismong credentials or usernames and passwords ay sa
mismong router naka-save. That means na local ito for that specific device.
Let’s have an example.
R1#conf terminal
R1(config)#username [username] password [password]
That's the basic syntax or code para makapag-create tayo ng local username and password sa
ating router. And again, this is local for this device only.
Example.
R1#conf terminal
R1(config)#username billy password cisco
On this case idol, meron na akong credentials for router R1. Pero wait, after natin mag-create
ng username and password, kelangan pa natin itong tawagin on specific line or communication
lines para ma-apply at gumana. Ibig sabihin, kelangan natin tawagin ang credentials na ginawa
natin.
R1#conf terminal
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#
Sa ating simpleng config sa taas idol, tinawag natin yung local credentials na meron sa router
using the command "login local" and then we apply that into line vty 0 to 4. Ibig sabihin ang
username na "billy" at password na "cisco" ang gagana diyan. Unless mag-create pa tayo ng
additional credentials.
311
I hope it make sense idol. Simple lang naman di ba? Gumawa tayo ng username and password
sa router, tinawag natin ito gamit ang login local and then we applied it on line vty. Pwede rin
yan sa aux port, console port at priveleged mode na idi-niscuss natin sa taas.
That's it for now. Let's continue other topics on next lessons. Cheers!
Lesson 3: Understanding the basic of AAA, RADIUS and TACACS+

Alright, based from previous lesson, meron na tayong username and password. And nakapag-
apply na rin tayo into sample vty lines gaya ng nasa taas.
Let's also take a look on how to how to configure local authentication on a Cisco router.
This is also part of this topic at mahalaga na maintindihan din natin.
On this one idol, daanan nang kaunti ang AAA. Ano nga ba ang AAA? It stands for
authentication, authorization, and accounting. Ito ang model of authentication or security
services na karaniwang ginagamit sa mga Cisco devices.
Let me dig a littel deeper.
Authentication
In a nutshell, ang ibig sabihin ng authentication is to verify or "authenticate" kung ang user na
uma-access sa network ay tamang tao or user nga ba. For example sa real world like a finger
print scanner, that authenticates a person kung siya ba yun kasi unique yun for other persons.
Right?
Pagdating sa network, a great example is a password. For a certain username para ma-
authenticate or malaman natin kung tamang tao nga ba ang gumagamit ng naturang username,
kelangan alam at tama rin ang kanyang password. That authenticates that user.
Siyempre hindi na natin pag-uusapan ang password steal or fraud. I hope you get my point idol.
Authorization
Once the user was authenticated, authorization is the next process. On this part, ina-identify
kung alin alin lang ang pwedeng ma-access ng naturang user.
Parang sa building or offices din, meron mga place or lugar na hindi authorized pasukin ng
ibang empleyado at tanging mga boss or managers lang. In network ganun din.
So for authorization, kina-classify somehow kung anong group of user ka. For example admin
ka ba, or editor or monitoring lang and etc. That's the basic of authorization.
312
Accounting
Sa accounting naman idol, dito inilo-log ang activity or inu-audit ang activity ng naturang user.
Kung anong ginawa or let say anong changes ang ginawa ng particular user.
This is important para ma-record ang changes in the network and also to identify kung sino ang
nagta-try mag-hack or gumawa ng hindi maganda sa network environment.
How to configure local authentication on a Cisco router

Ok, on this one let's just say we have a local authentication process.
Example.
Router> enable
Router# configure terminal
Router(config)# aaa new-model
Router(config-if)# aaa authentication login default local
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# end
Ok, so sa ating example ng local authentication config sa taas. We used the AAA as the model
(aaa new-model) and then nag-define tayo ng list kung saan kukunin yung authentication. So on
this one, we used default to local. Which is, let say we have username billy and password cisco
na ginawa natin on previous lesson.
After that, kailangan ulit natin i-apply kung saan man kelangan ang authentication login. So on
this one, it was applied in line vty 0 to 4. Parang same lang din ito ng local username ang
password, nga lang, this one has aaa. Meaning meron itong authentication, authorization and
accounting. In case kelangan natin mag-check ng logs or mag audit ng logins or users, dito
natin siya ginagamit.
Owki ba idol? Break muna ha kung medyo nalito. Ulit-ulitin mo lang. :)
Ok, so we're good. Meron na tayong local username and password. At alam na rin natin kung
pano ito gamitin sa login. For practice or let say for very small networks, hindi ito problema. In
enterprise network or real world idol, hindi yan feasible. Bakit kamo? Let me explain first.
Siyempre hindi lang naman isa or dalawa ang network devices mo pati users. Kung ang mga
login credentials mo ay local lahat sa device, ibig sabihin isa-isa mong ico-configure ang mga
credentials na yun sa kanila. Ma-trabaho.
And then kapag kelangan magbura or mag-delete or mag-update ng credentials, iisa-isahin mo
na naman. Hustle idol.
Dito pumapasok ang RADIUS and TACACS+. Ito ang karaniwang AAA protocol na ginagamit in
real world na external feature to centralized the authentication in the network. Let's talk about
the basic of each.
313
RADIUS and TACACS+
What is RADIUS?
RADIUS is an acronym for Remote Authorization Dian-In User Service. Ito ay isang open-
standard that supports AAA protocol.
This solution typically took effect when a user would dial into an access server; that server
would verify the user and then based on that authentication would send out authorization policy
information (addresses to use, duration allowed, and so on).
Here is basic RADIUS process representation.
Sample RADIUS configuration.

Router# conf t
Router(config)#username billy secret cisco
Router(config)#enable secret CISCO
Router(config)#radius-server host 192.168.2.20 auth-port 1645 acct-port 1646
Router(config)#radius-server key MyRadiusKey
Router(config)#service password-encryption
Router(config)#aaa authentication login default group radius local
Router(config)#ip radius source-interface Vlan 10
Let me explain this idol.

314
 We activate or enable the aaa authentication protocol
Router(config)#username billy secret cisco
Router(config)#enable secret CISCO
 On this one idol, nag-create ako ng local username ang password which is billy and
cisco. And then for privileged mode I setup CISCO as the password. And then we
encrypt that gamit ang command na secret.
Router(config)#radius-server host 192.168.2.20 auth-port 1645 acct-port 1646
 On this comman idol, nag-define tayo ng kung ano ang ip address ng ating redius-server
and then kung port ang authentication at port ng accounting.
Router(config)# radius-server key MyRadiusKey
 We used a password or key to authenticate or connect sa ating radius server

Router(config)# service password-encryption
 On this one naman idol, this command is use to encrypt the password we have for the
radius.
Router(config)# aaa authentication login default group radius local
 For this command, we declare that the authentication will default in radius. Kung hindi
available ang radius, magfa-fallback ito sa local kaya tayo gumawa ng local username
and password kanina.
Router(config)# ip radius source-interface Vlan 10
 -nd then on this last command, we just define kung ano ang source ng ating radius
traffic. Kadalasan ito ay interface. For this one, we just used a vlan-interface.
That's it idol! Next to this is to configure the user login and credentials sa RADIUS server side
na which is hindi na natin maipapakita dito. But on the router side, ganito lang ang basic
configuration ng AAA using RADIUS.
I just show this example para magka-idea ka idol. Sabi ko nga, we're after the basic and
fundamentals. Right?
Ok, let's move on naman to TACACS+.
What is TACACS+?
TACACS+ was created by Cisco in response to RADIUS which is an open-standard. Ito ay
acronym din for Terminal Access Controller Access-Control System Plus.
In TACACS+, all data are being encrypted. And gaya din ni RADUIS, meron itong centralized
database ng mga login credentials for users or group of users. Si TACACS+ din ay nagco-
communicate using Transmission Control Protocol (TCP) port 49 between the TACACS+ client
and the TACACS+ server.
315
Ang malaking kaibahan ni TACACS+ is naka-separate ang function niya for authenticaton,
authorization and accounting.
Here's a sample representation of a TACACS+ process.
Sample TACACS+ configuration.

Ok, let also have a basic sample of TACACS+ configuration.
Router(config)#username billy privilege 15 password ccnaph

Router(config)# tacacs-server host 10.1.50.101 key cisco12345
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ local
316
On this sample idol, we use the TACACS+ as our AAA method. Let me explain you the steps.
Router(config)#username billy privilege 15 password ccnaph
 Nag-create ako ng local account para in case hindi available ang TACACS+ server
meron tayong pwedeng magamit
 Ini-enable natin ang AAA

Router(config)# tacacs-server host 10.1.50.101 key cisco12345
 On this code, we just define the tacacs server ip address and the key to authenticate on
that server
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authorization exec default group tacacs+ local
 Dito naman sa 2 lines of code na ito idol, we just define the list kung saan mag-
aauthenticate ang user pati na rin kung saan mag-veverify ng authorization.
So basically ang primary niya is sa tacacs server(group tacacs+) which is ung IP

address na idenefine natin kanina.
And then kung hindi available ang naturang server, it will use the local account na
ginawa natin kanina.
 And then on these commands, ini-apply natin ang TACACS+ authentication na ginawa
natin.
Gaya din nung una kailangan natin itong tawagin kung saang communication lines natin
ito gagamitin. So on this one, we applied to console and vty lines.
That's just it idol! Simple lang naman idol di ba?
Of course the setup on the ACS(TACACS+ server) ay hindi na natin isinama. Pero this is the
basic TACACS+ configuration on a Cisco router.
Dinadagdagan lang ng ibang mga parameters base sa need natin. I just showed you this idol
para magkaroon ka ng idea kung paano isini-setup ang TACACS+ authentication sa Cisco
router.
I hope natulungan ka ng lesson na ito idol. See you on the next lessons, cheers!
317
Lesson 4: Understanding the basic of ACL or access control list
On this lesson idol, we're going to talk about the basic of ACL or access control list.
Ano nga ba ito at kung papaano ito gumagana? We will also have some sample configuration to
show how it works in action. Ready? Game!
The basic of ACL: What is access control list?

In a nutshell idol, ang ACL or access control list ay isang paraan nag pag-fifilter ng traffic at
packets sa ating router, switch or firewalls. Meron itong mga set of rules na sinusundan if a
packet or traffic will be allowed or deny.
When an ACL is configured on an interface, ina-analyze ni router or switch or fireall ang traffic
na dumadaan sa kanyang given interface, and then ico-compare niya ito sa criteria described in
the ACL, and either i-allow or i-deny niya ang naturang packet or traffic.
Nagsisilbi itong another form of security para sa mga unauthorized access on a given network.
Here's a simple example of ACL representation.
As you can see idol, meron tayong 3 networks in 3 different departments. Each computer from
different networks ay allowede to communicate or transac in any of the compupters from other
network.
Meron tayong "permit from any to any" na rules sa ating sample ACL kaya ko nasabi na allowed
sila.
318
Here's another one.
On this one idol, si host B ay hindi allowed to access the Human Resources network. On the
other hand, si host A naman ay allowed. This kind of filtering can be done using ACL.
Here's a sample ACL command.
Router#conf t
Router(config)#access-list 10 permit 192.168.148.0 0.0.1.255
On our sample access list code sa taas, we used number 10 to identify this particular access list
tapos we allow(permit) the ip from 192.168.148.0 to 192.168.149.254. Pero siyempre sabi ko
nga sa taas, ang ACL ay ina-apply sa mga interfaces.
Meaning after natin mag-create ng ACL, hindi pa rin ito gagana until ma-apply natin sa isant
interface.
Kung baga, nag-create lang tayo ng ACL code, and then yung ACL code na yun ay "tinawag" or
ini-apply natin on a given interface.
Kelangan mo rin tandaan na ang ACL ay binabasa ni router from top to bottom. What do I
mean? Ibig sabihin, kung multiple at maraming ACLs ang naka-configure on that router, the
router or network device will read the ACL from the top going to bottom.
Another Note: All ACL has a explicit "deny" at the end of it. Ibig sabihin, lahat ng hindi mo ini-
allowed ay automatic na ma-dedeny pagdating sa dulo dahil nga meron laging explicit deny si
ACL.
Gets mo idol? I hope it make sense.
319
3 Different types of popular ACL
1. Standard IP Access Control List
Sa standard access list idol, we can only use number 1-99 at ito ay nagche-check lamang nag
source of packets or traffic. So hindi na niya pinapakelaman ang destination of traffic.
Some key points about Standard ACL
 Standard access lists are numbered either 1-99 inclusive, or 1300-1999 inclusive
 Only the source address is evaluated
 If applying a standard ACL to an interface for security, it should be applied as close to
the destination as possible
Standard ACL syntax
Router(config)#access-list <access-list-number> {permit|deny} {host|source source-
wildcard|any}
On standard access list, meron tayong 3 important elements at ito ang mga sumusunod.
A. ACL number
Si standard access list ay ginagamitan ng number have it identified. As I mentioned above,
numbers from 1-99 or the expanded using 1300 to 1999. In some cases, pwede rin naman na
name ang gamitin. Pero we will discuss that separately.
B. Action
Action means kung ano ang gagawin when the ACL criteria match on the router. Basically it's
either deny or allow the traffic.
C. Source
As the word implies, ito siyempre ay ang source of packet or traffic natin. Pwedeng kahit alin
using the word "any", or a single device or IP using the word "host" or pwede rin naman ng
group of IP or device using wild card mask.
Example of Standard ACL.
access-list 50 deny 192.168.1.0 0.0.0.255
access-list 50 deny 192.168.2.3
access-list 50 permit any
Sa ating simpleng example ng standard access list sa taas idol, we used the #50 to identify this
particular access-list. Since lahat sila is using #50, it is considered as one access list.
So on this example, sa ating unang entry, we deny the ip range from 192.168.1.1 -
192.168.1.254 base sa ating wild card mask. Then on the second line, we deny a sinle host or
IP and for the last one, we permit all others.
320
Again, we always have explicit deny sa dulo sa kaya mahalaga na i-allow or i-permit natin ang
mga dapat pang maka-access maliban sa mga naka-deny. Kung hindi natin ilalagay ang line
3(access-list 50 permit any), all traffic will be deny. Bakit? Kasi nga meron tayong
explicit(hidden) deny sa bottom. Gets idol?
Siyempre hindi diyan nagtatapos, sabi ko nga, gumawa lang tayo ng ACL, kelangan natin itong
i-apply sa interface para mag-take effect.
We can have this one as an example.
Router#conf t
Router(config)#interface fa0/1
Router(config-int)#ip access-group 50 in
On this one idol, tinawag or ini-apply natin si access list 50 for incoming traffic sa interface fa0/1
ni router. Ibig sabihin, ang mga devices na 192.168.1.1 - 192.168.1.254 at 192.168.2.3 ay
mada-drop pagpasok sa naturang router.
Gets mo na idol? Standard access list pa lang yan.
Let's move on to the second one which is extended access control list.
2. Extended IP Access Control List

Si Extended IP lists naman ay gumagamit ng numbers from 100 to 199 or the expanded range
na 2000 - 2699, then it will check both source and destination addresses, specific UDP/TCP/IP
protocols, and destination ports.
So hindi katulad ni standard access list na purely source lang ang tinitignan, on extended
access list, sinisilip ang source at destination, then kung anong UDP/TCP/IP and finally pati ang
destination port.
Ito naman ang configuration Syntax ni extended ip access list
Router(config)#access-list <access-list-number> {permit|deny} <protocol> <source> <source-
wildcard> <port-operator> <source-port> <destination> <destination-wildcard> <port-operator>
<destination-port>
Important elements of Extended IP Access List
A. Source and destination
As the name implies, ito ang pang-gagalingan and then pupuntahan ng traffic. To make it easy,
you can just remember "source {source-mask} destination {destination-mask}" instead of
remember the whole command.
B. Protocol
The protocol can be any individual protocol such as TCP or UDP, but if set to IP will mean all
protocols so you don't need need to specify the port or port-operators in the command.
C. Any keyword
321
Kung gusto or kelangan natin i-match ang buong source or destination, pwede natin gamitin ang
word na "any". That way hindi na natin kelangan isa-isahin pa sila.
Here are some examples of Port operators na karaniwang gingamit sa extended ip access list.
Port operators
An extended access list allows you to do much more than match a single port; it allows you to
match entire port ranges depending on the port operator you use.
 eq: (Equal). Will match the exact port number listed.

 gt: (Greater than). Will match all ports greater than the one listed
 lt: (Less than). Will match all ports less than the one listed
 neq: (Not equal to). Will match all ports not equal to the one listed
 range: (Range). Will match all ports in the range specified. Note that this command
accepts two port numbers, separated by a space.
Example of Exteded IP access list

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.254 eq http
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 100 deny tcp 192.168.1.1 0.0.0.0 host 10.1.1.254 eq 23
access-list 100 deny tcp host 192.168.1.1 host 10.1.1.254 eq 80
access-list 100 permit ip any any
Sa ating simpleng example sa taas, ginamit natin ang extended access list number na 100. So
lahat ng entries na ito is isang access list lamang.
Here's the explanation for each of the sample line by line.
access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 10.1.1.254 eq http
 Permit TCP traffic from the 192.168.1.0/24 network, to port 80 on the host 10.1.1.254
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
 Permit IP traffic from the 192.168.1.0/24 network, to the network 10.1.1.0/24
access-list 100 deny tcp 192.168.1.1 0.0.0.0 host 10.1.1.254 eq 23
 Deny TCP traffic from the host 192.168.1.1, to port 23 on the host 10.1.1.254
access-list 100 deny tcp host 192.168.1.1 host 10.1.1.254 eq 80
 Deny TCP traffic from the host 192.168.1.1, to port 80 on the host 10.1.1.254
access-list 100 permit ip any any
 Permit IP traffic from any source, to any destination. Why? Kasi nga every ACL ay may
implicit deny sa dulo so kelangan natin i-allowed yung ibang traffic. Kung hindi, tanging
ang mga may “allowed” lang ang makaka-connect.
And of course, we need to apply this again to an interface. Hindi ko na isasama, same lang din
nag pag-apply gaya ng standard access list.
322
Simple lang din naman ang extended ip access list idol. Kelangan mo lang ulit-ulitin para
pumasok at mag-register sa utak mo.
Again focus on the concept. Focus on the principle and fundamentals. Once na ginawa at
nakabisado mo yun, kahit paulit-ulit, paiba-iba ng values or iba iba ng situation, makukuha at
makukuha mo pa rin yan kasi naiintindihan mo. Gets idol?
Let's move on to the next.
3. Named IP Access Control List

As the name implies idol, instead na number ang gamitin natin for access list, pina-pangalanan
natin ito literally. That makes a named ip access list.
It is very basic. Halos katulad lang din ng standard or extended ip access list, yun nga lang, it is
being reference or called via its name.
Here's the simple syntax.
Router(config)#ip access-list {standard | extended} {name | number}
Ibig sabihin lang idol, we can use either standard or extended ip access list then instead na
number ang gagawin nating reference eh mag-crecreate tayo ng name para dun sa naturang
access list.
Example of Named IP access list (using extended ip access list)
Router(config)# ip access-list extended acl1
Router(config-ext-nacl)# remark protect server by denying sales access to the acl1 network
Router(config-ext-nacl)# deny ip 192.0.2.0 0.0.255.255 host 192.0.2.10 log
Router(config-ext-nacl)# remark allow TCP from any source to any destination
Router(config-ext-nacl)# permit tcp any any
And again, kelangan itong i-apply sa internface.

Here’s an example.
Router(config)# interface fastethernet 0/0/0
Router(config-if)# ip access-group acl1 in
So on this one idol, nag-create lang tayo ng extended ip access list pero this time pinangalanan
natin itong acl1. Then nung tinawag or ini-apply na natin sa interface “going inbound or
papasok”, siyempre yung name ang gagamitin natin. That's it!
323
Example of Named IP access list (using standard ip access list)
Router(config)#ip access-list standard acl2
Router(config-std-nacl)#deny 192.168.0.0 0.0.0.255
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#exit
Again, kelangan natin itong i-apply sa interface.

Router(config)# interface fastethernet 0/0/0
Router(config-if)# no shutdown
Router(config-if)# ip access-group acl2 in
Same thing lang din idol, this time we used standard ip access list pero pinangalanan natin itong
acl2. Then same format with a standard ip access list. And of course, ini-apply natin ito sa
interface “going inbouncd” gamit ang name na acl2.
Alright idol, I hope by this time, naiintindihan mo na at alam mo na ang concept ng basic fo ACL.
Hindi naman mahirap, kelangan mo lang ng practice at konting aral at sure ako, makakabisado
mo rin to.
Until next lesson. Maraming salamat idol. Cheers!
324
CHAPTER VIII: INFRASTRUCTURE MANAGEMENT
Lesson 1: Basic parts and components of a Cisco device
On this lesson idol, dadaanan naman natin ang basic parts and components of a Cisco device.
Mahalaga na makita at maintindihan din natin ito para familiar na tayo sa mga karaniwang Cisco
device na maka-kasalamuha at ico-configure natin sa ating Cisco career. Let's go!
Basic parts and components of a Cisco router
Silipin natin ang basic parts and components of a cisco router para mas maging aware tayo sa
mga device na makakasama natin sa ating CCNA career. Let's see some sample para mas
madagdagan pa ang ating kaalaman about CCNA.
Ang image na nakikita n'yo sa baba ay isang Cisco 3900 series ISR router. Depende sa laki at
capacity, ito ay isa sa karaniwang ginagamit na EDGE router sa mga multi-branches company
or organization.
Ito rin ay isang modular Cisco router, ibig sabihin meron itong available slot para mag-dagdag
ng mga modules or external modules para ma-enchance ang performance at capacity kung
kinakailangan.
Let's take a closer look sa isang model ng Cisco 3900 series para mas maging familiar tayo.
Ang image natin sa baba ay ang Cisco 3945 router taken from router-switch. Ito ay isa sa mga
model sa Cisco 3900 series. Makikita n'yo rin sa sample image natin ang mga basic parts and
components ng ating Cisco 3945 router.
325
At para mas maging aware pa tayo, ito ang ilan sa mga basic knowledge na makakadagdag sa
ating kaalaman tungkol sa role and functions ng parts and components of a Cisco router.
SPE/EHWIC and other module
Ang mga ito ay kasama sa mga modules na binanggit natin kanina. Ito ang pinaka-engine at
nagbibigay ng maayos na performance sa ating router or iba pang Cisco device. Kasama na
dito ang additional capabilities at better performance.
326
Ethernet ports
Ang mga ethernet ports naman na available sa router ay ginagamit natin para mag-connect ng
ibang mga devices. Let say papunta sa ating internal network or palabas sa internet via our ISP.
Kasama rin ito sa mga kelangan natin i-configure initially.
Console and Auxillary port
Karaniwan natin itong ginagamit sa initial configuration ng isang router or any Cisco device.
By default, IOS lang ang kasama at tumatakbo kay router kaya kailangan natin itong i-configure
base sa ating pangangailangan.
Gamit ang console cable, pwede tayong maka-connect directly sa router gamit ang ating laptop
or PC para ma-iconfigure natin ito.
Compact Flash and USB ports
Ang compact flash ay ginagamit naman ito para sa additional storage ng ating Cisco device.
Ang USB ports naman ay nagpro-provide ng secure token at port to additional external storage.
That's the back panel and basic parts and components of a Cisco router specifically a 3945
model. Sa front panel naman natin makikita ang power supply(usually dual power supply) at
mga light indicators.
Please take note na maraming model at series ang mga Cisco routers. Ang example natin ay
isa lamang sa mga karaniwang ginagamit. Depende sa size at needs ng company or
organization, merong mga recommended routers si Cisco.
For complete list of Cisco router models and capabilities, check here. That's it pansit! :)
327
Basic parts and components of a Cisco switch
Ang sample image naman natin sa taas ay isang 3560 switch. Ito ay ang karaniwang ACCESS
switch na ginagamit sa mga small to medium enterprise or organization.
Gaya ng napag-aralan natin before sa network topology na recommended ni Cisco, ang mga
access switches ang nasa access layer or mga switch na pinagkakabitan ng mga PC or other
end devices. Sa isang small enterprise, dito karaniwang naka-connect ang mga PC, server, IP
Phones at iba pa.
Para naman sa mga basic parts and components ng isang switch(Cisco 3560) sa ating sample ,
see the sample image below from Cisco.
Cisco 3560 back panel
328
Makikita n'yo sa ating sample image sa taas ang back panel ng isang Cisco 3650E switch.
Meron itong dual power supply na hot swappable (can swap without turning off the switch), at
fan (hot swappable din).
Sa front panel naman natin makikita ang bilang ng mga ports (kung saan natin ikino-connect
ang mga end devices), mga lights at LED indicator kasama na rin ang management port or SFP
module kung available.
Ang sfp module/interface ay ginagamit para sa mga high speed na uplink ng ating access
switch (example going to CORE switch).
Gumagamit tayo ng Cisco TwinGig Adapter para ma-connvert 10 Gigabit Ethernet X2 Interface
into Two Gigabit Ethernet SFP Interfaces. Tingnan ang sample image natin sa baba para sa
karagdagang kaalaman.
Please take note na ang 3560E access switch ay isa lamang sa karaniwang Cisco access
switches na ginagamit sa industry ngayon. Marami pang Cisco model ang nabibilang sa mga
switches depende sa model at capabilities.
Meron ding mga malalaki at mga modular switches na available na ginagamit ng mga large
enterprises at malalaking company. Meron ding mga layer 3 switches na may capabilities na
mag-handle ng layer 3 functions or routing.
Depende sa size at kailangan ng isang company or organization, meron si Cisco na

recommended na kanya-kanyang model. Para sa complete model at capabilities ng mga Cisco
switches, please check here.
Alright! That's it for now idol. I hope kahit papaano ay may natutunan at naging valuable ang
lesson na ito para sa inyo. Naniniwala ako na malaki ang maitutulong nito lalo na sa mga
beginners.
Ganun din sa mga mag-eenroll ng training or bootcamp na wala pa masyadong idea or

knowledge sa Cisco. I remember nung first day ko sa CCNA bootcamp before, nagulat ako sa
mga malalaking Cisco switches at routers. Haha! See you on next lesson, cheers!
329
Lesson 2: Understanding the basic and fundamentals of Cisco IOS
Today, start na tayo ng basics and fundamentals about Cisco devices. At ang idi-discuss at
pag-uusapan natin today is about the basic and fundamentals of Cisco IOS. Malaking tulong ito
para sa mga beginners at magsisimula pa lamang sa kanilang Cisco career. Lagi kong sinasabi
na importanteng maintindihan at maunawaan natin ang mga basic at fundamentals kasi dito
masisimula ang foundation ng ating knowledge sa networking.
Kung kabisado mo na ang topic na ito, maari mo na muna itong lampasan for now. Sabi ko nga,
dadaanan natin lahat muna ng basics para sa mga aspiring CCNA beginners. Ready? Let's go!
Basic and fundamentals of Cisco IOS
Kagaya nga ng nabanggit ko sa lesson 1, ang IOS or Internetwork Operating System ay ang
mga operating system ng karaniwang cisco swtiches and routers. Ito ang nagpapa-takbo at
nag-papagana ng mga parts nito including the softwares and hardwares. Kung baga sa PC, ito
ay katulad ng Windows XP, Windows 7 at iba. Meron din ito iba-ibang versions at iba-ibang
releases para sa mga updates.
Para makita n'yo ang full information about the IOS running on your Cisco device, you can type
"show version" on the command line. From here makikita n'yo ang kaukulang impormasyon
about sa inyong Cisco device. See example from what I have in my GNS3.
330
From there, makikita n'yo ang mga mahahalagang impormasyon about sa IOS na nagru-run sa
inyong Cisco device. At para mas maintindihan pa natin ang basic and fundamentals of Cisco
IOS, let's try to break down some important details from that information.
Ang sample image natin sa itaas ay nagpapakita ng information about sa ating Cisco device.
Makikita n'yo dito ang version ng IOS, release feature and hardware support ng device na ito.
Most of the time kelangan natin ang mga information na ito sa mga upgrades at troubleshooting
na may kinalaman sa IOS or mga bugs ng IOS.
Dito naman sa sumunod nating sample image ipinapakita ang uptime ng ating device at ang
cause ng kanyang huling reload or restart. Mahala din ito sa mga troubleshooting.
Ang sample image naman natin sa taas ay nagpapakita ng mas complete hardware information
ng ating Cisco device. Makikita natin dito ang CPU capabilities, mga ports information at mga
kaukulang memory information.
Para sa karagdagang kaalaman about sa configuration register.
 0x2102: The default. Router looks for a startup configuration file in NVRAM and for a
valid IOS image in Flash.
 0x2142: NVRAM contents are bypassed, startup configuration is ignored.
 0x2100: Router boots into ROM Monitor mode
Para rin sa karagdagang kaalaman about sa Cisco device types of memory.
 Read-Only Memory(ROM) - Ang ROM ang nag-iistore ng router or switch bootstrap

startup program, operating system software, and power-on diagnostic test programs
(POST).
 Flash Memory - Dito naman sa flash memory na-sasave ang IOS image. Ito ay maari
nating baguhin or i-update depende sa kailangan natin.
 Random-Access Memory (RAM) - RAM naman ang nagho-hold sa mga running-config
at mga protocols natin gaya ng routing information, routing table at iba pa. Gaya ng mga
PC(PC RAM), ang data or information na nasa RAM ay nawawala sa restart or reload ng
device so make sure na na-save natin ang mga ito.
331
 Non-volatile RAM (NVRAM) - Si NVRAM naman ang nag-sasave or nagke-keep ng
mga start-up configuration file gaya nga ng configuration register.
Cisco device boot process
Para mas maintindihan pa natin, I'm sharing the image from the web. Dito makikita natin kung
papaano nag-boot up ang isang Cisco device at kung papaano naglo-load ang mga
configurations.
In short, ganito ang nangyayari.
 Run POST to check hardware

 Look for valid IOS
 Look for the configuration file
Kung titingnan, parang normal boot up process lang din ng mga PC or laptop. Ang kaibahan
nga lang is ung mga hardware at configurations s'yempre.
Importante na maunawaan at makabisado n'yo ito dahil kasama ito sa CCNA exam at s'yempre
para na rin sa real networking scenario na ma-eecounter n'yo.
332
That's it! Simple and easy. That's the basic of fundamentals of Cisco IOS at kasama na rin ang
boot up process ng Cisco devices.
Hanggang sa susunod, salamat.
Lesson 3: Understanding basic Cisco IOS command modes
Welcome back idol! Last time, pinag-usapan natin ang basic parts at familiarization ng
karaniwang Cisco devices.
Today, pag-uusapan naman natin ang mga basic Cisco IOS command modes. Makakatulong
ito para maintindihan natin ang pag-gamit at basic ng IOS command sa mga Cisco devices.
Gaya nga ng napag-aralan natin nung una, ang IOS ang nagsisilbing operating system ng mga
Cisco devices.
Gamit ang mga IOS commands, pwede natin ma-verify ang mga configurations sa Cisco device
at s'yempre ang mga command din na ito ang ginagamit natin upang mag-configure ng Cisco
router or switches.
Different Cisco IOS command modes
1. User EXEC Mode
Sa ating initial or unang login sa Cisco router or switch, tayo ay nasa tinatawag nating user exec
mode. Ito ang pinaka-una at basic sa mga Cisco IOS command modes na meron ang mga
karaniwang Cisco devices.
Ang greater than sign (>) or angle bracket after ng name or hostname ng ating Cisco device ay
ang indikasyon na tayo ay nasa User EXEC mode gaya nito.
Router>
Ang hostname ng sample device natin ay Router at tayo ay nasa User EXEC mode nito kagaya
ng nabanggit ko sa taas dahil nakikita natin ang greater than or angle bracket sign (>).
Sa User EXEC mode, limited lamang ang mga commands na pwede natin i-execute or i-run sa
ating Cisco device.
Sa level na ito karaniwang ginagawa ang basic troubleshooting and verification.
Pwede tayong mag-type ng ?(help) sa User EXEC mode para makita natin ang mga available
na command sa mode na ito(Router> ?).
At ito ang ilan sa mga command na pwede nating makita at gamitin sa User EXEC mode.
333
2. Privileged EXEC Mode
Ang sumunod sa ating Cisco IOS command modes ay ang Privileged EXEC mode. Ito ang next
level of Cisco IOS command mode after ng user exec mode na nabanggit natin kanina.
Ang indication or tanda na tayo ay nasa Privileged EXEC mode ay ang pound sign or hashtag
sign(#) after ng hostname ng ating Cisco device gaya ng nakikita n'yo.
Router#
Depende sa configuration or setting ng device, maaring deretso or nasa Privileged EXEC Mode
na agad tayo pag-login natin sa ating Cisco device pero sa basic or default setting or
configuration, kailangan muna nating dumaan sa User EXEC mode bago tayo maka-punta sa
Privileged EXEC mode.
At ang command na kailangan natin ay ang command na 'enable'.
334
Router> enable
Password: ********
Router#
Gaya ng inyong nakikita sa itaas, from User EXEC mode, nakarating tayo sa Privileged EXEC
mode by typing or issuing the command 'enable'.
Most of the time, meron or nilalagyan ng password bago ka maka-pasok sa Privileged EXEC
mode gaya ng nakikita n'yo sa larawan(pag-uusapan natin ito sa future). Ito ay para sa security
at mabigyan lamang ng access ang mga user na nararapat maka-access sa Privileged EXEC
mode.
Para maka-balik ka sa User EXEC mode galing sa Privileged Mode, we can type or run 'disable'
gaya nito.
Router#disable
Router>
Gaya ng User EXEC mode, limited din lang ang mga command na pwede nating magamit sa
Privileged EXEC mode. Although mas marami siya compared sa unang Cisco IOS mode, ang
mga ito ay mga basic at ginagamit lamang sa verification at basic troubleshooting.
Hindi pa rin tayo makakagawa ng changes or makakapag-set ng configurations kapag tayo ay

nasa Priveleged EXEC mode lang. You can type or issue ?(help) (example: Router# ?) again
para makita n'yo ang mga command na pwede natin gamitin sa Privileged EXEC mode.
3. Global Configuration Mode
Ang sumunod sa ating Cisco IOS command modes ay ang Global Configuration Mode. Sa
mode na ito ginagawa at ini-rurun ang mga configurations na gusto natin i-set sa ating mga
Cisco devices.
Ang changes or configuration na naka-set sa global configuration mode ay nakaka-apekto sa

buong operation ng device. Kaya rin ito tinawag na 'global'.
Galing sa Privileged EXEC mode, maari tayong maka-punta sa Global Configuration Mode sa
pamamagitan ng pag-issue or pag-run ng command na 'configure terminal' or 'conf t' for
shortcut.
Router(config)#
Kagaya ng nakikita n'yo sa taas, galing sa Privileged EXEC Mode, nakarating ako sa Global
Configuration Mode by typing 'configure terminal'.
335
Ang indikasyon na tayo ay nasa Global Configuration Mode ay ang sign na '(config)#'.
Dito maaari na natin baguhin ang mga settings at 'running configurations' ng router or any Cisco
device. Mag-set ng IP address, hostname, routing protocol at lahat ng global configurations na
kailangan sa ating Cisco device. At s'yempre kailangan natin itong i-save para ma-save ito sa
start-up configuration ng ating device. Pag-uusapan natin ito sa susunod.
Pwede rin natin i-type or i-run ang ?(help) (example: Router(config)# ?) para makita rin natin
ang mga available command na pwede natin gamitin sa global configuration mode. At para
makabalik naman tayo sa Priviledge EXEC mode, pwede natin i-run or i-type ang 'end' or 'exit'
(Router(config)#exit or Router(config)#end).
Sa global configuration mode, maari na natin mapasok or ma-configure ang iba't ibang sub-
configuration modes. Maaari natin pasukin ang mga sub-configurations gaya ng routing
protocols(RIP,EIGRP,OSPF and BGP), interface configurations and then sub-interface
configurations, mga access-lists, QOS settings, route-map at marami pang mga sub-
configurations. Hindi na muna natin ito isasama sa ngayon.
Ang 3 Cisco IOS command modes na nabanggit natin ay ang pinaka-basic at karaniwang
ginagamit na IOS command modes. Mahalaga na maintindihan at maunawaan muna natin ito
bago tayo pumunta sa mga advance topics.
Please take note na ang ang mga IOS command ay may kanya-kanyang IOS command modes
na compatibility.
Ibig sabihin, ang mga command na pwedeng i-run sa User EXEC mode ay maaring hindi
compatible or gumana sa Privileged EXEC mode at lalo na sa Global Configuration Mode at
vice versa.
Laging tandaan na pwedeng tayong gumamit ng help(?) sa bawat level or IOS command modes
para makita natin ang mga available na command na pwede nating magamit.
Para sa full details at additional information about Cisco IOS command modes, pwede n'yo
itong icheck sa Cisco website. Cheers!
Lesson 4: Different types of router memory

On this short lessons idol, daanan natin ang different types of router memory. This will help you
understand more about the hardware parts of a router na makakatulong sayo sa exam at lalong
lalo na sa real world networking.
4 Types of Router Memory

1. ROM
ROM is read-only memory available on a router's processor board. Kagaya din ng mga PC
merong ROM ang mga router na usually ginagamit for bootstrap instructions ng mga routers.
336
Additionally, the instructions for POST or power on self-test ay dito rin naka-save sa ROM.
2. Flash Memory
Flash memory is an Electronically Erasable and Re-Programmable memory chip. The Flash
memory contains the full Operating System Image (IOS, Internetwork Operating System).
Ang mga data or configuration na naka-save sa Flash idol ay hindi mabubura kahit nag-power
off or nag-restart tayo ng device.
3. RAM
On a router, RAM is used to hold running Cisco IOS Operating System, IOS system tables and
buffers RAM is also used to store routing tables, keep ARP cache, Performs packet buffering
(shared RAM). Dito rin temporary tumatakbo ang running-configuration ng isang router.
Like a normal PC idol, ang RAM ng mga router ay gingagmit lang to hold temporary data or
information while the device is running.
Kapag hindi ka nag-save at nag-restart or nag-reboot ang rourter, all UNSAVED configuration
will be lost. Parang PC, right?
To save the running config to the start-up configuration kelangan mong i-run ang alin man sa
mga sumusunod na command.
Router#write memory or Router#copy running-config startup-config

This way all information will be saved to NVRAM.
4. NVRAM
NVRAM is used to store the Startup Configuration File. This is the configuration file that IOS
reads when the router boots up.
Kumbaga hard drive ito ni router. Dito niya sina-save ang mga configuration kapag naka-off ang
device and then iniloload sa RAM once it is turned on.
Sabi ko nga like a normal PC.
You can check all these information idol by using the command "show version" sa ating router.
Here's a good example of this information.See below.
337
I hope naka-dagdag ito sa kaalaman mo idol. Until next lessons, cheers!
Lesson 5: How to upgrade IOS of a router from a TFTP Server

On this lesson idol, we will see how to upgrade IOS of a router from a TFTP server. Ito ang
karaniwang ginagamit na paraan kapag kelangan ng mag-upgrade ng IOS ng isang router or
even switch.
Bakit ina-upgrade ang IOS ng router or switch? Maraming pwedeng dahilan pero ang karaniwan
ay mga bugs or errors. In a real networking world, kapag naka-encounter ng bug or error ang
isang device, ini-rereport ito sa vendor(Cisco).
And most of the time, they recommend IOS upgrade to fix bugs or errors.
Si Cisco ay continually nagre-release ng different versions ng IOS. Para ma-improve ang
performance at yun nga to fix bugs and errors.
Let say for example, si ASR 100x router ay merong default IOS na 15.xx. Since continous ang
study at testing ni Cisco, they will probably release latest versions of that IOS for that specific
model.
Let say version 15.2 release 5 etc. and etc. I hope you get the point idol.
Alright, let see how to upgrade IOS of a router now.
Note: Make sure you backup the configurations bago ka mag-upgrade or mag-install ng IOS.
Laging backup muna! Yan ang rule of thumb. :)
338
For Upgrade
Things you need:
 new version of the IOS image(can be downloaded to Cisco website)

 TFTP server

Steps to upgrade IOS of a router
Step 1: Select a Cisco IOS Software Image
 Memory requirement: The router should have sufficient disk or flash memory to store the
Cisco IOS. The router should also have sufficient memory (DRAM) to run the -Cisco
IOS. If the router does not have sufficient memory (DRAM), the router will have boot
problems when it boots through the new Cisco IOS.
 Interfaces and modules support: You must ensure that the new Cisco IOS supports all
the interfaces and modules in the router.
In most cases idol, lalo na kapag Cisco ang nag-recommend ng IOS version, most likely that is
compatible and best for that device. Or to fix a certain errors or bugs.
Step 2: Download the Cisco IOS Software Image to the TFTP Server
Kung meron ka nang Cisco account, you can get the IOS version there tapos saved mo sa
TFTP server folder.
Step 3: Prepare for the Upgrade

Check free amount of memory para sure tayo na hindi magkaka-error. We can use the
commands:
 show file system

 show version
 dir
 dir flash:
Step 4: Copy IOS Image to the Router

*Make sure na there is a connectivity between the router and sa ating TFTP server idol.
TFTP server can be a normal PC with a TFTP application running. TFTP software naman ay
pwedeng ma-download sa internet ng libre.
Router>enable
Password:xxxxx
Router#copy tftp: flash:
Address or name of remote host []? 10.10.10.2
339
!--- 10.10.10.2 is the IP address of the TFTP server
Source filename []? c2600-adventerprisek9-mz.124-12.bin

Destination filename [c2600-adventerprisek9-mz.124-12.bin]?
Accessing tftp://10.10.10.2/c2600-adventerprisek9-mz.124-12.bin...
Erase flash: before copying? [confirm]y
!--- If there is not enough memory available, erase the Flash.
!--- If you have sufficient memory you can type n and press enter
Erasing the flash filesystem will remove all files! Continue? [confirm]y
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeee ...erased
Erase of flash: complete
Loading c2600-adventerprisek9-mz.124-12.bin from 10.10.10.2 (via Ethernet0/0): !!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 29654656/49807356 bytes]
Verifying checksum... OK (0xAC8A)

29654656 bytes copied in 56.88 secs (80383 bytes/sec)
So sa ating command sa taas, nag-instruct tayo sa router na mag-copy from a TFTP server to
its flash memory(copy tftp: flash:). And then we specify the IP address of the TFTP
server(10.10.10.2).
After that tinanong tayo kung anong source file name, so kung anong eksaktong filename ng
IOS image mo sa TFTP folder, yun dapat. In this case c2600-adventerprisek9-mz.124-12.bin.
Then we also need to confirm kung same file name lang ba ang gagamitin natin. Just use the
same to make it easy.
Then the setup will ask us kung gusto daw ba natin i-erase ang laman ng flash memory natin.
Kung wala ng enough space, automatic itong ma-eerase. Pero kung meron pa, just select or
type N.
Kaya importante na mag-verify muna tayo before the installation. At siyempre lalo na ang mag-
backup.
So on our sample, we selected yes sa setup at sabi ko nga it will erase the flash memory. After
that, it will copy the IOS on that location.
It will take a while. Pwede ka muna humigop ng kape. :)
Kapag tapos na, it will indicate that's the setup is finish. Pwede na natin i-verify.
340
Step 5: Verify the Cisco IOS Image in the File System
Sa verification idol, we can use the following command.
 dir flash:
 verify flash:[c2600-adventerprisek9-mz.124-12.bin] (file name of your IOS image)
Here's an example.
Router#dir flash:
Directory of flash:/
1 -rw- 29654656 <no date> c2600-adventerprisek9-mz.1

24-12.bin
49807356 bytes total (20152636 bytes free)
Router#verify flash:c2600-adventerprisek9-mz.124-12.bin
Verifying file integrity of flash:c2600-adventerprisek9-mz.124-12.bin...........
.............................Done!
Embedded Hash MD5 : 1988B2EC9AFAF1EBD0631D4F6807C295
Computed Hash MD5 : 1988B2EC9AFAF1EBD0631D4F6807C295
CCO Hash MD5 : 141A677E6E172145245CCAC94674095A
Signature Verified
Verified flash:c2600-adventerprisek9-mz.124-12.bin
As you can see idol, we have the new IOS version copied on our router.
We also verify the signature or authentication of the IOS image at ok naman. So this time, we're
good.
Step 6: Verify the Configuration Register

It should be set to 0x2102. We can use the "show version" command para makita natin 'to and
usually nasa dulo ito ng output or information displayed. So kung hindi 0x2102, we need to
change it by using the following command.
Router(config)#config-register 0x2102
Router(config)#end
Step 7: Verify the Boot Variable

Ang boot variable idol ay ang mga boot files or image na ibo-boot ni router after reboot. Ito ay
ayon sa paag-kakasunod sunod. Pero pwede natin i-configure kung aling IOS image ang una or
primary niyang ibo-boot.
341
In our case dapat yung newly installed IOS image natin.
Router(config)#no boot system
Router(config)#boot system flash:c2600-adventerprisek9-mz.124-12.bin
Router(config)#end
On this one mga idol, una inalis muna natin ang boot configuration. Then nag-initiate tayo ulit ng
boot sequence using the "boot system" command. So ang ating command na "boot system
flash:c2600-adventerprisek9-mz.124-12.bin" will boot the IOS image from the flash.
Note: In real world, most of the time na ginagawa is upgrade ng IOS without deleting or
removing the old version. Ibig sabihin dalawang IOS pa rin ang nasa router. Kelangan lang natin
i-configure na mag-boot sa new version of IOS para yun ang gamitin ni router.
In case mag-fail, the router will use the old IOS version. So safe pa rin tayo.
Then kapag successful ang lahat, saka natin pwedeng i-remove or alisin yung old IOS version.
Gets idol? I hope that make sense.
Step 8: Save the Configuration and Reload the Router

Para mag-take effect ang new IOS version natin, we need to reload the router. At siyempre,
wag kalimutang mag-save!
We can use the following command.
Router# write memory
Router# reload
Proceed with reload? [confirm]
Jan 24 20:17:07.787: %SYS-5-RELOAD: Reload requested by console. Reload Reason:
Reload Command.
Step 9. Verify the Cisco IOS Upgrade

Last on our step is to verify the IOS running on our router. We can use the command "show
version" again.
Router#show version
00:22:25: %SYS-5-CONFIG_I: Configured from console by console
Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(12),
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 11:18 by prod_rel_team
ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
342
Router uptime is 22 minutes
System returned to ROM by reload
System image file is "flash:c2600-adventerprisek9-mz.124-12.bin"
From the output idol, we should now see the new version of the IOS. Take a look at "System
image file is "flash:c2600-adventerprisek9-mz.124-12.bin"" on the last line. That's the new IOS
version na ini-install natin.
Owki, that's it! This is easy idol pero kapag production router or device ang ini-uupgrade natin,
kelangan natin i-check ng maayos. Kelangan na prepared na ang lahat ng kailangan mo, naka-
pag backup ka and then tested working bago mo ibalik sa production.
I hope this has been informative. Until next lesson, cheers!
Lesson 6: How to backup and restore router's configuration

On this lesson idol, we will check how to backup and restore router's configuration. Mahalaga
na kahit papano ay malaman mo ito para maging aware ka na sa mga process at mga
technique na pwede mong magamit when you work in real world at kapag naging CCNA ka na.
Let's start!
How to backup router configuration

Maraming paraan para makapag-back up tayo ng router configuration. Lalo na kung nasa
corporate network ka idol. In most cases, meron na diyan mga backup at monitoring tools na
automatically nagba-backup ng mga configuration ng isang device.
On this one, I'll just show you some tips para in case na kailanganin mo, meron kang ibang way
to backup router configuration. Here it is.
1. How to backup running configuration of a router

Gaya nga ng nabanggit ko, ang running-configuration ang configuration na tumatakbo sa isang
router (running. Hehe). Ibig sabihin, while the router is on or working it is all configuration are
being pulled in the running-config.
In case, mag-reboot or mag-power off ang router or device lahat ng hindi na-save na running
config ay mabubura. Bakit? Running-config runs on RAM idol so meaning temporary lang siya
when the router is on or working.
Ito ang paraan kung paano mo siya masa-save.
A. Router#write memory
This command will write or save the running-config into the start-up config. Ibig sabihin idol,
lahat ng configuration ay masa-save sa NVRAM ni router. Once na na-save mo na ito, kahit
mag-off or mag-reboot si router, once it turned on, andun pa rin ang ating configuration.
343
B. Router#copy running-config startup-config
This is the same with letter A idol. Isa-save niya rin ang running-config into the start-up config
para permanently itong ma-save mismo sa router. Minsan kasi may mga IOS versions na hindi
tumatanggap ng ibang command kaya dapat alam natin ang ibang options. Gotcha?
C. Router#show running-config and then copy on notepad
You can also display the running configuration of a router idol and then manually copy-paste it
into a notepad or any text editor.
For example in GNS3, I use show run para i-display ang running-configuration and then I can
copy and paste this into a notepad para meron na akong backup ng configuration ko. Gets mo
idol?
In some cases, may times na masyadong marami or mahaba ang running configuration at hindi
ito fit or kasya sa screen. You can use the command "term length 0" and then saka mo i-run
yung "show running-config" para i-display niya lahat ito sa screen.
D. Router#copy running-config tftp
Ito namang commang na ito will copy the running config into a TFTP server. So make sure lang
na ok ang setup ng ating TFTP server and then it will create a text file on that TFTP server
containing the running config ng ating router.
Make sense idol?
Those are the basic and simple ways on how to backup running configuration of a router. Sabi
ko nga, kadalasan sa real world meron ng mga application na ginagamit for backup.
344
Ok, so ngayon alam na natin mag-backup. Meron na tayong copy ng ating running
configuration, paano naman natin ito ire-restore sa ating router? Let's talk about this.
2. How to restore router configuration

In case of any problem or talagang kailangan na, we can definitely restore the configuration of a
router.
Again, meron na rin mga tools or application na pwedeng magamit dito. Just to show you some
simple ways, here they are.
A. Router# write erase

This command will erase the running configuration on a router. Once you issue this command,
you need to reload or reboot the device. So the default configuration of that router will be
loaded.
B. Import from a text file
In case meron tayong ginagamit na certain application idol, we can import a configuration from a
text file. Sabi ko nga, in real world merong mga application na dedicated sa backup/restore ng
configuration.
C. Copy-Paste from text file
This one naman is we will manually copy the configuration text file from a notepad or textpad.
Let say ang ginamit natin to backup the configuration is to copy from the router and then paste it
into a notepad or any text editor. When restoring the configuration, pwede din natin itong gawin.
Pabalik nga lang. So copy from notepad and then paste into the router's cli or comman line
interface.
That's basically it idol. These are the simple ways to backup the configuration of a router and
also to restore it. I hope naka-dagdag ito sa iyong kaalaman. Until next lesson, cheers!
Lesson 7: How to configure banner on a Cisco device

On this short lesson idol, let see how to configure banner on a Cisco device. Mahalaga ito in
your real world networking journey at siyempre para na rin sa iyong CCNA exam preparation.
Game? Tara!
What is login banner on a Cisco device?

Basically idol, ang login banner on a Cisco device is parang welcome information lang for the
users. It provides basic information about the company and a security reminders na tungkol sa
network rules and policies ng company.
345
Here's sample image of a login banner on a Cisco device.
As you can see, it is just a group of text that provides information and reminders na tungkol sa
company.
NOTE: Hindi dahil pwede tayong mag-lagay ng kahit ano sa login banner ay ilalagay na natin
ang kung ano-ano. Dapat professional at siyempre informative.
Sample configuration of banner on a Cisco device
As we do the configuration idol, let see also kung ano-anong type ng banner ang pwede natin i-
configure sa ating network device.
1. MOTD banner
MOTD means “message of the day” banner is presented to everyone that connects to the
router. Ibig sabihin, ito yung pinaka-banner talaga sa lahat ng maglo-login sa ating device.
Here is the steps to configure MOTD banner.
Router(config)#banner motd #
Enter TEXT message. End with the character '#'.
Authorized users only, unauthorized access not allowed and will be reprimanded! #
Yung # symbol idol ang start and stop character, pero pwede ka rin naman gumamit ng ibang
character.
Basta make sure na same ang start at stop character natin.
346
Sa ating sample MOTD, ito ang magiging output.
Router#exit
Router con0 is now available
Press RETURN to get started.
Authorized users only, unauthorized access not allowed and will be reprimanded!
Make sense idol? Simple lang di ba? Let's move on to the next.
2. Login banner
Dito naman sa login banner, ito yung lumalabas before the authentication prompt and usually
after siya ni MOTD. Here's a simple example.
Router(config)#banner login $ Authenticate yourself! $
So again we use the command "banner login" and then start character tapos yung message and
then our stop character. Gotcha idol?
Let’s try it out:
R1#telnet 1.1.1.1
Trying 1.1.1.1 ... Open
Authorized users only, unauthorized access not allowed and will be reprimanded! Authenticate
yourself!
As you can see idol, the login banner came up after out MOTD na ginawa natin kanina.
3. Exec banner
On this one idol, it will display before the user sees the exec prompt.
Here's a simple example.
Router(config)# banner exec %
Enter TEXT message. End with the character '%'.
Session activated on line $(line), $(line-desc). Enter commands at the prompt.
%
When a user logs on to the system, the following output is displayed:
User Access Verification

Username: billy
Password: <password>
Session activated on line 50, vty default line. Enter commands at the prompt.
347
Router>
As you can see idol, we just used the command banner exec and the same pa rin our start
character tapos yung message with some variables. Ang mga variables or mga ibang
parameters na yan ay hindi na natin idi-discuss. Self-explanatory na idol.
4. Incoming banner
Last sa ating banner is the incomeing banner. Ito naman ay ginagamit para sa mga users na
nagco-connect through reverse telnet or initiated from the network side of the router.
Router(config)# banner incoming %
Enter TEXT message. End with the character '%'.
You have entered $(hostname).$(domain) on line $(line) ($(line-desc)) %
When the incoming connection banner is executed, the user will see the following banner.
Notice that the $(token) syntax is replaced by the corresponding configuration variable. “You
have entered Router.ourdomain.com on line 5 (Dialin Modem)”
Halos same lang din ito sa ibang mga nauna idol. Again ito ay ginagamit kapag re-reverse telnet
sa ating router.
Ito ang mga karaniwang tokens or parameters na ginagamit sa mga banners na nabanggit natin
sa taas idol.
I hope this has ben informative idol. Until next lesson, cheers!
Lesson 8: Understanding CDP and LLDP

On this article mga idol, we're going to discuss the CDP and LLDP topic. Kasama ito sa exam at
sure ako na malaki rin ang maitutulong nito sa inyo pagdating sa real world.
Maiksi lang topic na ito so umpisahan na natin!
348
What is CDP and LLDP?
CDP stands for cisco discovery protocol. Ito ay ang protocol na ginagamit ng mga Cisco devices
para makita or ma-discover ang mga information ng ibang Cisco devices na directly connected
sa kanila.
Ibig sabihin, I can only see other device information kung directly connected or naka-connect
talaga sila sa isang Cisco device.
This can be very helpful sa mga troubleshooting lalo na't walang network diagram or hindi ka pa
masyadong pamilyar sa environment.
Through CDP, pwede mong makita or i-check kung anong Cisco device ang connected sa isang
Cisco device kasama ang kanilang mga information.
Ito ang ilan sa mga information na pwede mong makita from a connected device using CDP
commands:
 Cisco IOS XE version running on a Cisco device

 Duplex setting
 Hardware platform of the device
 Hostname
 IP addresses of the interfaces on devices
 Interfaces active on a Cisco device, including encapsulation type
 Locally connected devices advertising Cisco Discovery Protocol
 Native VLAN
 VTP domain
Again ang CDP ay Cisco proprietary or gumagana lamang sa mga Cisco devices. For other
devices, LLDP naman ang ginagamit. We'll talk about that later.
Ito naman ang mga karaniwang CDP commands na ginagamit sa exam and sa real world.
Router(config)#cdp run
 This will enable cdp in case ito ay disabled, pero by default enabled na ito sa mga Cisco
devices.
Router(config)#no cdp enable
 Ito naman ang command to disable the CDP on the device

Router(config)#interface GigabitEthernet0/1
Router(config-if)#no cdp enable
 Ginagamit ang command sa taas kung gusto nating ma-disable ang CDP for certain or
specific interfaces lamang.
#show CDP neighbors
 This will show the summary of directly connected Cisco devices sa ating device
349
#show CDP neighbors detail
 Dito naman natin makikita ang complete details ng bawat device na connected sa
device kung saan tayo naka-login. Information like hostname, IOS version, IP address,
platform at iba pa gaya ng sinabi ko sa taas.
Let me show you in action.
Meron akong simpleng topology sa taas. So meron tayong 4 routers at connected sila kay R1.
And then makikita niyo naman kung saang ports sila magkaka-connect.
Let’s use CDP to get information from each of the device.
R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

R2 Fas 0/0 145 RSI 3640 Eth 0/0
R3 Fas 0/1 172 RSI 3725 Fas 0/0
Gaya ng nabanggit ko sa taas, using show cdp neighbors, nakikita ko kung anong mga Cisco
device ang connected sa akin(R1). Makikita rin natin sa output ang ilang mahahalagang
impormasyon gaya ng local port(port ni R1), platform ng neighbor device at port ID kung anong
port sila naka-connect katapat ng kay R1.
Let's try another one.
350
R1#show cdp neighbors detail
-------------------------
Device ID: R2
Entry address(es):
IP address: 192.168.1.2
Platform: Cisco 3640, Capabilities: Router Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port): Ethernet0/0
Holdtime : 127 sec
Version :
Cisco IOS Software, 3600 Software (C3640-A3JS-M), Version 12.4(25d), RELEASE
SOFTWARE (fc1)
Compiled Wed 18-Aug-10 06:58 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: half
-------------------------
Device ID: R3
Entry address(es):
IP address: 192.168.2.2
Platform: Cisco 3725, Capabilities: Router Switch IGMP
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0
Holdtime : 150 sec
Version :
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(25d),
RELEASE SOFTWARE (fc1)
Compiled Wed 18-Aug-10 07:55 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: half
As you can see mga idol, using the show cdp neighbors detail command, I was able to pull up
all related information sa aking neighboring devices. Information like IP address, IOS version,
platform, VTP, duplex etc. In short, mas detailed.
Again, this comes very handy in the exam kasi may mga tanong na kelangan mong hanapin
yung sagot pero wala sa mismong device kaya kelangan mong mag-CDP or meron din times na
hindi mo alam kung pano mo i-aaccess yung other device.
With CDP, you can use all these information in any way na kelangan mo.
351
In real world mga idol ganun din. Sabi ko nga kung walang network diagram or hindi ka
masyadong pamilyar sa environment, si CDP and magiging mata at gabay mo para makita kung
anong mga Cisco devices ang magkaka-connect.
I hope this make sense mga idol. If you have questions and reaction, comment or email lang.
Let's move on to LLDP.
What is LLDP?
LLDP means Link Layer Discovery Protocol. Ito ay isang open-standard protocol na ginagamit
for discovery ng connected device.
Since si CDP ay proprietary at pang-Cisco devices lang, we have LLDP para naman sa mga
other vendors or non-Cisco devices. The function is the same, ito ay para makita at makuha
natin ang mga information ng directly connected devices sa device kung saan tayo naka-login.
Here are the information na pwede natin makita using LLDP command or protocol:
 System name and description

 Port name and description
 VLAN name
 IP management address
 System capabilities (switching, routing, etc.)
 MAC/PHY information
 MDI power
 Link aggregation

Ito naman yung mga common LLDP commands na ginagamit.
352
Here is an example of checking information using LLDP in a HP Comware switch.
Since sabi ko nga na ang function ni CDP at LLDP is almost the same, no need to go too deep
with this one.
By just knowing what it is and how it supposed to work, alam ko na na-gets mo naman na idol.
Note: CDP and LLDP operates in layer 2. This might be included on the exam.
I hope this has been another informative article, cheers!
353
Lesson 9: Understanding the basic of SNMP
Alright idol, on this lesson we are going to talk about the basic of SNMP or Simple Network
Management Protocol. Ready ka na idol? Tara, let's do this!
Basic of SNMP: What is SNMP or Simple Network Management Protocol?

In a nutshell idol, ang SNMP ay isang application layer protocol. It defines a method of
communication between various networking devices and a central manager for use with the
monitoring and management of these devices.
3 Components of SNMP
Meron tayong 3 components na bumubuo sa ating SNMP. Ito ang mga sumusunod.
1. SNMP manager
Ang SNMP manager ang pinaka-centralized system na ginagamit to monitor the traffic na
nakikita or namomonitor naman ni SNMP agent. Ang SNMP manager din ang ang nagpo-
provide ng mechanism for the control of these agents.
2. SNMP agents
The SNMP agent is a software component that exists within a network element; this component
is used to maintain real-time information about the elements operations.
Ang SNMP agents din ang ginagamit to communicate back the information sa ating centralized
system or yun ngang SNMP manager.
3. Management Information Base (MIB)
The MIB is a virtual information storage location where network management information is
held. Ibig sabihin idol, dito nagre-reside ang mga variables or objects na ginagamit naman ni
SNMP agent or SNMP manager.
Here's a sample image that represents these components.
354
Let's continue idol.
Bukod sa components, meron din tayong different versions ng SNMP. Here they are.
3 Different versions of SNMP

1. SNMPv1
This was the original version of SNMP; SNMPv1 utilizes a community based security
mechanism. Medyo kaunti na lang ang gumagamit nito in real world idol. Dahil limited ang
security features at isa pa, luma na nga.
2. SNMPv2c
This was created to update a number of little things within SNMPv1; SNMPv2c utilizes a
community based security mechanism.
3. SNMPv3
This was developed to provide a much higher level of security then was provided by either
previous version. A couple different security features are implemented within the SNMPv3
standard; these include:
 Message integrity
 Authentication
 Encryption
And then ito naman ang SNMP security models for each versions.
355
SNMP Operations
Meron din tayong mga operations na nangyayari or ginagamit kapag ini-activate na natin ang
SNMP sa ating network. Ang mga ito ang ginagamit to obtain and process information para sa
mga network monitoring tools na naka-enable sa ating mga devices. Here they are.
A. Get - The Get operation is used by the SNMP manager to retrieve one or more object
instances from the SNMP agent.
B. GetNext — The GetNext operation is used by the SNMP manager to retrieve the next object
instance from the SNMP agent.
C. Set — The Set operation is used by the SNMP manager to set the value of an object
instance on the SNMP agent.
Self-explanatory naman na ang mga ito idol. Napaka-basic. Later, we will have some
configuration para mas maintindihan pa natin.
And all these operations are available sa lahat ng versions ng SNMP. Then meron pa tayong
additional for version 2c.
D. GetBulk — The GetBulk operation is used by the SNMP manager to efficiently retrieve large
amounts (multiple rows) of data from the SNMP agent.
E. Inform — The Inform notification operation is used to send an acknowledged message from
the SNMP agent to the SNMP manager.
Para sa SNMP 1 or old version, meron tayong available operation na sa kanya lang gumagana.
F. Trap — The Trap notification operation is used to send an unacknowledged message from
the SNMP agent to the SNMP manager.
SNMP Configuration
Let's have the syntax of SNMP configuration idol para mas ma-gets pa natin kung saan ito at
pano ito ginagamit.
Here's a general SNMP configuration syntax.
See below.
356
Cisco already provided the explanation idol so I hope it make sense na.
Syntax for SNMP v1/v2c configuration
357
Syntax for SNMP v3 configuration
Syntax for SNMP with Traps
358
Basic SNMP configuration sample
Before we end this lesson idol, let’s have a basic sample of SNMP configuration para Makita
natin kung papaano ito ginagamit. Here you go.
Router(config)#snmp-server community ccnaph_readers ro
Router(config)#snmp-server community ccnph rw
Router(config)#snmp-server host 10.10.10.10 ccnph_com
Router(config)#snmp-server enable traps
Router(config)#snmp-server enable traps envmon temperature
Router(config)#snmp-server enable traps bgp
Ok, let me explain each command para mas maintidihan pa natin idol.
Router(config)#snmp-server community ccnaph_readers ro
Router(config)#snmp-server community ccnph rw
 On these commands idol, nag-create or nag-declare tayo ng communit which are

ccnph_readers na meron lamang read only access and then ccnaph with read and write
access. Ang mga community na ito ay naka-define din dapat sa ating SNMP manager or
server.
Router(config)#snmp-server host 10.10.10.10 ccnph_com
 On this code naman idol, nag-define tayong ip ng snmp server natin kasama ang ating
community string na ccnaph_com.
Router(config)#snmp-server enable traps
 On this one idol, ine-enable lang natin ang traps. Ibig sabihin, lahat ng activity na
isasama natin sa traps ay ise-send ni SNMP agent sa SNMP manager. Usually this is
needed para yung mga activity or alarm ng isang network device is mag-displya sa ating
monitoring tools.
Router(config)#snmp-server enable traps envmon temperature
Router(config)#snmp-server enable traps bgp
 On this code idol, gaya nga ng sinabi ko, we enable the traps option at this time ginamit
natin siya para mag-send ng information about sa environment and
temperature(envvmon temperature) ng device. And then bgp alarms or information(bgp).
So basically if these are connected or naka-link sa ating mga monitoring tools, mag-aalam or
mano-notify tayo with these traps. Like nag-down si BGP or biglang high temperature yung
device. Ito ang pinaka-usage at gamit nitong SNMP.
Meron pang ilang mga parameters at configuration ang isinasama pero ito ay case to case
basis naman so hindi na natin isinama dito. Owki idol? I hope it all make sense.
Alright idol, that it! We finished the basic of SNMP topic at sana ay may natutunan ka on this
lesson. See you on next lessons, cheers!
359
Lesson 10: Understanding the basic of syslog
Another network monitoring na kasama sa CCNA idol ay ang tinatawag natin na syslog. On this
lesson, pag-uusapan natin ang basic of syslog. Let's go!
Basic of syslog: What is syslog?

Ang syslog is another type of network protocol na ginagamit for alarm monitoring or notification.
Basically idol, it shows information on the terminal or on the screen or kung saan natin isinetup
ang logging ng ating mga devices.
Meron tayong iba't ibang places kung saan pwede natin i-display or ii-store ang syslog. Ito ang
mga sumusunod.
By default, ang mga Cisco devices ay sine-send ang syslogs sa console. Pero for better
management lalo na sa real world, mas advisable na gumamit tayo ng syslog server para doon
isend at ii-store ang mga logs ng ating devices.
Syslog sytax
Ang syntax ng syslog ay ganito idol,
seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text
Let me explain each of them.
Seq no:
 a sequence number only if the service sequence-numbers global configuration

command is configured. Kumbaga ito ay nagsisilbing reference number for a certain
logs.
Timestamp
 Date and time of the message or event. Of course, ito ay para makita natin ang date and
time of that specific event or notifications
FACILITY
 This tells the protocol, module, or process that generated the message. Some examples
are SYS for the operating system, IF for an interface…
360
SEVERITY
 A number from 0 to 7 designating the importance of the action reported. The levels are:
Sa ating syslog severity level table sa taas idol, we can see na ang highest level is 0(which is
for emergencies) and then lowest is 7.
Pwede natin yan baguhin in using the "logging trap level" configuration command. And then
kapag nag-specify na tayo ng level, all higher levels doon sa isi-net natin is automatically
kasama na.
For example nag-set tayo ng level 5, it will include the levels 4 to 0. Gets idol?
MNEMONIC
 A code that identifies the action reported.

message text
 A plain-text description of the event that triggered the syslog message.
Ok, let's have an example para mas ma-gets pa natin idol.
Sample syslog message

24734: *Jan 24 11:28:30.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0, changed state to down
From our syntax sa taas ealier, ito ang mga information na meron tayo on that sample syslog
message.
 seq no: 24734

 Timestamp: Jan 24 11:28:30.407
361
 FACILTY: LINEPROTO
 SEVERITY level: 5 (notification)
 MNEMONIC: UPDOWN
 message text: Line protocol on Interface GigabitEthernet0/0, changed state to down
Simpleng simple lang idol di ba? Hindi naman mahirap intindihin? I hope it make sense.
Syslog configuration
Alright, daanan din natin kung papaano nagco-configure ng syslog sa ating mga network
devices.
Here's sample syslog configuration.

Router(config)#logging 10.10.10.150
Router(config)#logging trap 4
That just it! Basically we tell the router to store syslog messages to a server on 10.10.10.150
and limit the messages for levels 4 and higher (0 through 4).
Sabi ko nga kanina, kapag nag-enable tayo ng severity trap, automatic na masasama ang mga
higher level severity starting doon sa isinet natin. So since we used level 4, it will include 4 up to
0.
And siyempre kelangan meron tayong naka-install na syslog software or monitoring tools doon
sa server na 10.10.10.150 para ma-display or ma-catch niya yung mga syslog information na
ipinapasa ng ating router.
Gets na idol? That's just how basic of syslog works. Hindi siya mahirap intindihin at isa pa, hindi
naman siya gaaanong technical. Sabi ko nga, ito ay ginagamit lang for monitoring and logging
purposes.
I hope this has been informative idol. Until next lessons, cheers!
Lesson 11: Understanding the basic of ICMP echo-based IP SLA

On this lesson idol, daanan din natin ang isa sa mga newly introduced na topic sa CCNA v3.0
which is the ICMP echo-based IP SLA.
Since ito ay bago lang sa CCNA curriculum, I'm sure hindi naman ganon karami ang questions
sa exam about dito.
Again para maintindihan natin ang basic at fundamentals.
So let start!
362
What is IP SLA?
Bago ang lahat, alamin muna natin kung ano at para saan nga ba ang IP SLA(Service Level
Agreement). In a nutshell idol, ito ay feature ng mga Cisco IOS or Cisco devices para ma-
measure natin ang network performance.
From the word SLA or Service Level Agreement, meron tayong naka-define na acceptance
kung ok at tama pa ang performance ng isang device sa ating network.
For example, a ping kung saan pwede natin ma-set ang acceptable roundtrip ng isang ping and
then ma-monitor kung pasok lage sa acceptance level(or SLA) ang mga ping natin sa ating
network.
For complex scenario pwede rin itong mga voice packets sa ating network at iba pa. Or pwede
rin naman na connection natin papuntang ISP or connection natin to our branch offices from our
main office.
Let's have more example.
Sa ating sample image sa taas, we can use the IP SLA to monitor the reliability of our ISPs.
Basically on this sample image, meron tayong IP SLA sa ping natin on an external
server(8.8.8.8) na dumadaan on our both ISPs.
If the IP SLA was breached or let say our ping encountered packet drops and unreliability sa
ating primary ISP, we can set to automatically shift our traffic on our backup or secondary ISP.
Ibig sabihin, pag hindi name-meet ang SLA doon sa ping natin from our network going to an
external server pwede natin i-set na automatic malipat ang traffic sa backup or secondary ISP.
Maybe meron issue or problema sa ating ISP 1 or primary ISP.
That's one of the simple use the IP SLA.
Let's have another sample.
363
On this one naman idol, we are measuring the SLA from our head quarters going to our
branches. Pwede natin i-monitor ang certain delay, jitter and calculate a MOS score from our
connection na dumadaan sa ISP natin papunta sa ating branch.
And then same sa nauna nating example, pwede natin ma-shift ang traffic in case na hindi ok
ang SLA response ng ating connection thru any of the ISP going to our branch.
Malinaw idol? I hope you're getting my point.
Kumbaga sa real world, SLA(service level agreement) ito ayung pinag-usapan natin na level.
Dito tayo nagka-sundo so dapat ito yung ngyayari or mangyayari, hindi pwedeng lumagpas. Or
else breached ang SLA natin or usapan natin. Right?
Sa network ganun din. When we set a given IP SLA, dapat yung measurement or operation is
based din doon sa SLA na naka-set. Once it was breached, pwede tayong gumagawa or mag-
set ng certain actions. Gaya nga ng ating sample sa taas, we can shift traffic from ISP.
Ok, let see naman kung papaano mag-configure ng IP SLA.
ICMP Echo Operation
Since ang topic na IP SLA ay sa CCNP naman talaga, tanging ang ICMP echo-based IP SLA
lang ang kasama sa CCNA v3.0 as per Cisco's website. So hindi naman lahat kasama and
since this is just an new topic, I'm sure introduction lang at hindi naman ganun karami ang mga
tanong dito sa exam.
Ok, let's talk about the ICMP echo-based IP SLA.
Kapag sinabin natin na ICMP Echo Operations, ito ay ginagamit to monitor the end-to-end
response time between a Cisco router and devices using IPv4 or IPv6.
Useful ito sa troubleshooting kasi nga nakikita at namo-monitor natin ang performance ng ating
network.
364
Ang response time natin is computed by measuring the time taken between sending an ICMP
Echo request message to the destination and receiving an ICMP Echo reply. So kung baga,
yung round trip ng ping natin.
Sa ating sample image sa taas, makikita natin na ginamit ang ping in the ICMP echo-based
operation para ma-measure ang response time between the source IP SLAs device and the
destination IP device.
How to Configure ICMP echo-based IP SLA

Ito ang basic steps idol kung paano mag-configure ng basic ICMP Echo Operation on the
Source Device
SUMMARY STEPS
1. enable
2. configure terminal
3. ip sla operation-number
4. icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname}
| source-interface interface-name]
5. frequency seconds
6. end
Hindi naman mahirap intindihin ang syntax idol di ba? Let me just explain it briefly.
ip sla operation-number
 on this command idol ibig sabihin it begins configuration for an IP SLAs operation and
enters IP SLA configuration mode.
icmp-echo {destination-ip-address | destination-hostname} [source-ip {ip-address | hostname} |
source-interface interface-name]
 Ito naman is to define an ICMP Echo operation and enters IP SLA ICMP Echo
configuration mode.
365
frequency seconds
 (optional) Sets the rate at which a specified IP SLAs operation repeats.
Here's a sample application of the steps we have idol.

Router> enable
Router(config)# ip sla 6
Router(config-ip-sla)# icmp-echo 172.29.139.134
Router(config-ip-sla-echo)# frequency 300
Router(config-ip-sla-echo)#end
Router#
That's it idol. On this one we already configured an icmp echo-based IP SLA.

Kadalasan, naka-connect din ang mga ito sa mga monitoring tools para ma-monitor ang mga
SLA in a given network. At siyempre based sa needs at goals ng company, iba't iba ang mga
configuration. This is just the basic.
I hope nadagdagan na naman ang kaalaman mo idol. Until next lesson, cheers!
Lesson 12: Understanding the basic of SDN or Software Defined Networking

Idol, welcome once again sa another newly introduce topic in CCNA v3.0 at ito ang SDN or
Software Defined Networking. On this lesson, we will go with the introduction and basic of SDN.
Basic of SDN: What is SDN?

In a nutshell idol, ang SDN or Software Defined Networking idol is a term for virtualizing the
management of the network infrastructure. Gaya ng other new technologies today, VMWare and
other virtualization technologies, ang mga networking companies at vendors ay nag-aadapt na
rin into virtualization.
Bakit? To cope with the demand and of course para makatipid at for better management na rin.
In SDN, there will be basically a single or main controller in the network which is software-
based.
What do I mean? Ibig sabihin, in the future, ang mga pag-create ng VLANs, pag-create ng mga
routes, at iba pang tasks sa pag-manage ng mga switches, routers at iba pang network devices
ay software-based na or application-based.
Sa SDN idol, magkakaroon na lamang ng central controller for the control plane. Meaning, there
will be a certain centralized-program or application to manage the network infrastructure.
366
Traditional Networking vs. Software Defined Networking
Traditional Networking
On traditional network idol meron tayong mga separate devices gaya routers, switches, and
firewalls that are used for specific tasks. Kadalasan, ang mga ito ay kino-configure natin thru
CLI or command line interface. Gaya sa mga sample natin sa mga naunang lessons.
And then each of the device, for example a router, ay meron sariling functions to perform in the
network. Right?
Nandiyan ang pag-check ng destination IP address, and then mga routing protocols like EIGRP,
OSPF and BGP basta lahat ng layer 3 related.
In traditional networking or karamihan pa rin sa ginagamit natin ngayon, ang mga task or
function ng mga devices na ito, let say a router ay divided into planes. Ang mga ito ay ang
control plane, data plane, and management plane.
Let see what they are first.
Control Plane
The control plane is responsible for exchanging routing information, building the ARP table, etc.
Ito ang ilan sa mga tasks ng ginagawa ni control plane:
 Learning MAC addresses to build a switch MAC address table.

 Running STP to create a loop-free topology.
 Building ARP tables.
 Running routing protocols like OSPF, EIGRP, and BGP and building the routing table.
Data Plane
The data plane is responsible for forwarding traffic. It relies on the information that the control
plane supplies. Here are some tasks that the data plane takes care of:
 Encapsulate and de-encapsulate packets.

 Adding or removing headers like the 802.1Q header.
 Matching MAC addresses for forwarding.
 Matching IP destinations in the routing table.
 Change source and destination addresses when using NAT.
 Dropping traffic because of access-lists.
Ang mga tasks ng data plane ay kinakailangan magawa ng mabilis or ASAP kaya ito ay
ginagawa in a specific hardware ng mga network device like ASICs and TCAM tables.
Management Plane
The management plane is used for access and management of our network devices. For
example, accessing our device through telnet, SSH or the console port.
367
Here is a good representation of these 3 functions.
Wala naman mali or problema sa ating traditional networking or pag-manage ng ating network
infrastructure. Pero siyempre dahil nag-eevolve and technology kasabay ng mga businesses,
kelangan din sumabay or mag-innovate pagdating sa networking.
Ang ilan sa mga hindrances or mga reasons kung bakit kelangan mag-evolve from traditional
networking is the manual and tedious process.
Example nito ay ang pag-create ng mga VLANS, pag-configure ng mga interfaces, mga routing
protocols, nga STP related information and more. Ang mga ito ay manually or isa-isa natin ikino-
configure sa mga devices in a traditional network.
Kung meron man mga software na ginagamit hindi pa rin ito sapat sa demand at needs ng
business today. Sa ibang side ng technology, hot na hot at gamit na gamit na ang virtualization.
Ang mga malalaking business at enterprises ay halos karamihan ay naka-virtual technology na.
In this case, kapag ang network-side is traditional pa rin while the other side of technology is
virtualized na, somehow, it affects the progress of the business. At siyempre sabi ko nga,
kelangan masabayan masabayan din on the network side. Kaya dito pumapasoka ang SDN or
Software Defined Networking.
Software Defined Networking

Sa software defined networking idol, sabi ko nga kanina gagamitan na ito ng central controller
for the control plane. In a nutshell, network devices will be manage via software na. Ang mga
changes at configurations ay pwede nang i-deploy from a software application down to all the
network devices in an infrastructure.
Unlike sa traditional networking na meron pa tayong data plance, control plane at management
plane sa SDN ay controller na ang magta-take over the control plane 100% or that it only has
insight in the control plane of all network devices in the network.
368
The SDN controller could be a physical hardware device or a virtual machine.
Here's a simple example representation of SDN.
As you can see idol, the SDN controller is now the responsible for the controller plane. Ang
sample switches natin ay meron na lamang "data plane" and all control are being done on the
SDN controller. So bale ang SDN controller na ang nagfe-feed sa data plane galing mismo sa
controller plane na nasa SDN controller.
Sa SDN meron tayong dalawang major interfaces na ginagamit. Ito ay ang Northbound
Interface(NBI) and the Southbound Interface(SBI).
Southbound Interface
Sabinga natin kanina, and ating SDN controller ay kelangang makipag-communicate sa ating
mga network devices para ma-program or ma-control ang data plane.
This is done through the southbound interface. This is not a physical interface but a software
interface, often an API (Application Programming Interface).
Ang API ay gaya din ng mga API sa ibang technology. Ito ang gingamit para makapag-deploy
tayo ng program or code from a certain application going to our network devices.
Ito ang ilan sa mga common SDN API na ginagamit ngayon in real world.
A. OpenFlow
Ito ang isa sa pinaka-common at sikat na Southbound Interface na ginagamit ngayon sa
industry. Ito ay open source protocol from the Open Networking Foundation. Ibig sabihin
pwedeng gamitin kahit anong vendor ng mga network devices mo.
Here's a sample concept of OpenFlow in used with SDN.
369
Ang problema with OpenFlow, halos mga new devices lang ang nagsu-spport nito. Ang mga
luma or legacy devices ay hindi supported ni OpenFlow. Meaning, you cannot use this on your
network kung meron kang unsupportted devices. Or else kelangan mong magpalit ng mga
devices na supported ni OpenFlow kung talagang ito ang gusto mong gamitin.
B. Cisco OpFlex
This is Cisco’s answer to OpenFlow. Ito ay isang ring open source protocol which has been
submitted to the IETF for standardization. Ibig sabihin, kahit gawa ni Cisco pwede rin gamitin sa
ibang devices.
Ito naman ang sample concept ng OpenFlow taken from Cisco's website.
370
C. CLI or APIC-EM
Cisco offers APIC-EM which is an SDN solution for the current generation of routers and
switches. It uses protocols that are available on current generation hardware like telnet, SSH,
and SNMP.
Ibig sabihin idol, kahit mga lumang Cisco network devices ay pwede nating isakay sa SDN
gamit ng APIC-EM. Ito ang kagandahan kaysa OpenFlow na kakaunti or limited devices pa
lamang ang supported.
Here's a sample concept ng APIC-EM ni Cisco.
Eto pa ang isang concept together with the application program na pwedeng gamitin e.g
Phyton.
371
Ok, so we're done with the SBI or Southbound interface ng SDN. Let's move to Northbound
Interface.
Northbound Interface
Ang Northbound Interface or NBI ay ang mismong ginagamit to access the SDN controller itself.
So basically, tayo as network administrator ang uma-access dito para mag-configure at mag-
retrieve ng mga information.
Pwede itong via GUI pero meron din mga API(Application Program Interface) na talagang para
sa NBI. Dito natin gagawin ang mga scripts or mga code na kelangan natin to make changes
and configuration on the network.
Ang ilan sa mga karaniwan na pwede nating gawin sa NBI ay ang mga sumusunod:
 add new VLANs sa entire network

 show status of interfaces
 show topology of the network
 configure IP address and more
Ang karaniwang API na ginagamit for now is ang programming language na Phyton and Java.
So kung familiar ka sa mga ito, advantage mo ito idol.
Bakit programming eh nasa networking tayo? Idol sabi ko nga kanina, SDN refers to
virtualization and programability ng network kaya more likely kelangan natin matutong umintindi
at mag-aral kahit papaano ng mga programming na ito.
Here's a sample representation of the Northbound Interface.
372
As you can see idol, through API, pwede nang ma-access ang SDN controller. And thru API,
dun na pwedeng mag-communicate ang mga programming language gaya nga ng phyton at
java.
To see kung paano naman sila gumagana as a whole, here is a simple representation.
Wheew! That's just it. We already cover the basic actually more than basic of the SDN or
Software Defined Networking.
Honestly idol, hindi ko pa na-experience gamitin tong SDN. Halos kakaunti pa lang din naman
ang nag-aadopt nito in the real networking world. Pero this might be in the future kaya
importante na meron tayong alam.
All this resources ay ni-research at kinuha ko lang din sa internet to help you understand the
basic and I hope it will add to your knowledge.
Sa networking gaya din ng ibang career sa I.T, nag-eevolve based sa needs at demand ng mga
busineesses. So to cope up at para maka-sabay tayo, dapat tayo mismo ay nag-eevolve at nag-
uupgrade din ng ating knowledge.
Sabi nga sa isang quote, "investing in knowledge pays the best interest".
I hope this has been informative idol. Until next lessons, cheers!
373
Lesson 13: Understanding the basic of APIC-EM
On this lesson idol, daanan din natin ang basic of APIC-EM. Kagaya nga ng na-discuss natin sa
SDN lesson, isa din ito sa mga newly introduced topic sa CCNA V3.0.
This will also be our last topic on this ebook. As you can see, na-cover na natin lahat ng topics
na related sa CCNA v3.0 exam. By knowing the basic and fundamentals, I know, marami kang
natutunan. Practice at ulit-ulit lang idol, in time, lahat ‘to ay magiging madali na lang para sayo.
Ok, let’s talk about the APIC-EM now. Let's go!
Basic of APIC-EM: What is APIC-EM?

Pinag-usapan natin sa basic of SDN ang mga protocols na ginagamit para makapag-
communicate ang mga network devices sa isang SDN controller.
We talked about the OpenFlow which is the open source at kadalasan ginagamit so far. Ang
example application ng ginagamit for OpenFlow ay ang OpenDaylight.
Maganda sana ang OpenFlow at OpenDaylight na gamitin para to communicate with our SDN
controller. Open-source at available i-download sa internet.
Ang problema nga dito is compatibility. Bakit? Kasi nga hindi niya supported ang mga old
network devices.
Sabi nga natin sa SDN topic, ang OpenFlow ay nag-susupport lamang ng mga new devices.
Halos lahat ng old at legacy devices ay hindi compatible sa OpenFlow SDN controller.
So basically kung ang isang network infrastructure na nasa production at gumagana na at gusto
natin i-automate thru SDN, hindi natin pwedeng gamitin ang OpenFlow. Dito pumapasok ang
APIC-EM or Application Policy Infrastructure Controller – Enterprise Module.
APIC-EM is an SDN controller that was created for Enterprise hardware. It uses a REST API for
the northbound API with a decent GUI. For the southbound interface, it uses common protocols
like Telnet, SSH and SNMP to communicate with your hardware.
Since alam ni Cisco na maraming enterprise at organizations ang gumagamit ng old devices at
naka-deploy sa productions nila, ginawa nila ang APIC-EM.
Ang APIC-EM ay isang SDN solution for the current generation of routers and switches. It uses
protocols that are available on current generation hardware like telnet, SSH, and SNMP.
Ibig sabihin, kahit mga luma at old devices pwede natin ma-access or ma-communicate with
SDN gamit ang APIC-EM.
At siyempre with APIC-EM, we can now communicate with SDN controller and automate the
processes and other related tasks sa ating network. Yun naman talaga ang goal nitong SDN,
automation at virtualization.
Ilan sa mga pwede natin gawin with APIC-EM:
 collects information about the network like VLANs, routing protocols etc.
374
 build topology
 deploy configuration to the devices and more
Isipin mo idol para ka na lang nag-dedeploy ng updates sa mga PC. Or kung familiar ka sa
windows server, para ka na lang nagde-deploy ng mga patches sa mga work station.
Pero of course, yung mga code at script is ginagawa nga thru a programming language like
Phyton etc. That's the beauty of APIC-EM and Software Defined Networking.
Here is a simple representation of APIC-EM concept.
Pwede kang mag-download ng APIC-EM image sa Cisco website na pwede mong gamitin or
pag-praktisan sa pc or laptop mo gamit ang VMWare or Virtualbox.
Ang kaso napaka-taas ng hardware requirements nito. It needs 6 CPU cores with 2.4Ghz at
least, 64GB of RAM and a 500GB hard disk for a production install. Kamusta naman yun?
Haha.
Meron din mga basic programming tutorials sa website ni Cisco kung pano gamitin at i-connect
itong mga APIC-EM with Phyton and others.
For now idol, hindi na natin isasama yan. Sabi ko nga we're after the basic and fundamentals
muna. I hope this make sense.
375
That is the basic of APIC-EM idol. I hope kahit papaano ay nabigyan kita ng idea kung ano ito at
para saan ito ginagamit. Since bagong topic pa lang ito sa CCNA, I'm sure kaunti palang ang
questions na related dito sa exam.
Again idol, this is the end of all the lessons. I hope by reaching this far, I helped you understand
the basic and fundamentals of CCNA and Cisco networking. Lalo na ang mga CCNA v3.0
topics.
I hope this has been informative, cheers!
The End
376
You’re done! Congrats!
Idol, you reached the end of CCNA v3.0 Basic and Fundamentals ebook. I would like to
congratulate you for finishing all the chapters and lessons. I’m sure, marami kang natutunan.
Pwedeng sa unang basa or unang try mo sa bawat topics eh medyo naguluhan or nalito ka idol,
you can always read and go back. That’s the purpose of this ebook.
Practice makes perfect ika nga kaya ulit-ulitin mo lang idol at sure ako makukuha at
maiintindihan mo rin lahat yan.
Again idol, maraming salamat and wish you all the luck.
Here’s an inspiration to your success ahead idol. Cheers!
377
Last Word
Again idol, I would like to thank you for having this ebook. From the bottom my heart, maraming
salamat.
I’m sure by the time you reached this page, maraming ka ng natutunan at mas na-inspire ka pa
to have your CCNA.
I would like to congratulate you for taking the first step. Marami ang gustong matuto at magsimula
pero iilan lang ang kagaya mong nag-take ng action. That separate you from the rest. Again,
congrats!
Ituloy mo lang idol at sure ako maaabot at makukuha mo ang pangarap mong maging CCNA at
maging isang mahusay na network engineer.
P.S By the time na nakapasa ka na or isa ka ng network engineer, balitaan or i-update mo ako
idol, isa ako sa pinaka-matutuwang tao kapag nangyari nay un.
And don’t stop there. Patuloy kang mangarap at magtake ng actions para abutin ang mga
pangarap mo sa buhay. Either sa career or even in other areas of your life.
I hope by providing you this simple ebook, maging isa ako at ang ccnaphilippines blog sa parte
ng success sa iyong career journey.
God bless and I wish you all the best. Cheers!
Billy Ramirez
Author/Founder www.ccnaphilippines.com
378
1

CCNA Basic Fundamentals PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA Basic Fundamentals PDF

Uploaded by

Copyright:

Available Formats

___________________________

CHAPTER I. ALL ABOUT CCNA

CHAPTER II. NETWORK FUNDAMENTALS

CHAPTER III. LAN SWITCHING

CHAPTER IV. ROUTING TECHNOLOGIES

CHAPTER V. WAN TECHNOLOGIES

CHAPTER VI. INFRASTRUCTURE SERVICES

CHAPTER VII. INFRASTRUCTURE SECURITY

CHAPTER VIII. INFRASTRUCTURE MANAGEMENT

Last Word …………………………………………………………………………… 378

Working as Technical Support

Thanks to God for all these blessings.

Yay! I passed the CCNP Switch exam! The journey continues.

My CCNP Switch self-study

I passed CCNP Switch exam. Now what?

All the best in your career,

Lesson 1: What is CCNA?

Ang CCNA certification din ay pwedeng magsilbing katibayan at batayan na nakaka-intindi at

Dito mo matututunan ang mga basic at fundamentals ng networking at ng Cisco technology.

Si Cisco or ang Cisco Systems Inc. ay ang pinaka-malaking company na nagbebenta or

2 Ways to obtain CCNA certification

Sa ngayon, meron 2 paraan para ikaw ay maging CCNA certifed.

1. Maipasa mo yung ICND1 and ICND2 exam ni Cisco.

2. Pangalawa, maipasa mo yung CCNA composite exam.

1. CCNA Routing and Switching

4. CCNA Service Provider

Prerequisites: Cisco Industrial Networking Specialist or CCENT or CCNA R&S

6. CCNA Data Center

9. CCDA (Cisco Certified Design Associate)

10. CCNA Cyber Ops

Lesson 3: Why aim for CCNA or any I.T certification?

So, this achievement of yours deserves a back-patting.

I know there's a lot and there can be additional on the list.

1. Paano maging CCNA certified?

2. Magkano ang CCNA exam?

CCNA Composite 200-125(v.30): $295

3. Gaano katagal ang CCNA exam?

Meron kang 90 minutes.

4. Gaano kadami ang questions sa CCNA exam?

5. Ilang points ang kailangan para makapasa sa CCNA exam?

6. Kelan ma-eexpire ang CCNA certification?

7. Saan pwede mag-training ng CCNA in the Philippines?

Para sa complete list ng CCNA exam centers, check this link.

Hanggang sa susunod mga idol, cheers!

Lesson 1: What is a network and how it works?

In technology world, ang network ay combination or grupo ng mga computers at devices

Nagkikita-kita at nagkakapag-usap sila sa pamamagitan ng mga "network standards and

For example, two computers connected to each other is considered a network.

Ito ay simpleng example pa lamang ng isang maliit na network. Sa mga businesses at

Network ang nagsisilbing tulay para makapag-communicate at makapag-process ng information

Lesson 2: OSI model explained.

The 7 layers of OSI model

Ang 7 layers of the OSI model ay ang mga sumusunod.

Ang session layer naman ang concern sa pag-eestablish at pagte-terminate ng connection

2. Data Link layer

Ang Data Link layer ay nahahati sa dalawang sub-layers:

Lesson 3: TCP/IP model explained.

How the TCP/IP model works?

The 4 layers of TCP/IP model

1. Network access or Link layer

Alright so hanggang dito na lang muna. Kita-kits sa susunod. :)

Lesson 4: Understanding Ethernet technology

2 Ethernet Technology Network Elements