Professional Documents
Culture Documents
Chapter-1-LAN Basics
Chapter-1-LAN Basics
Chapter 1
LAN Basics
1. Ethernet Cabling
Type of Cable Key Pins Connected
Straight through 1–1 ; 2–2 ; 3–3 ; 6–6
Crossover 1–3 ; 2–6 ; 3–1 ; 6–2
2. ARP Types
Term Description
- A protocol used on LANs so that an IP host can discover the
ARP MAC address of another device that is using a particular IP
address.
- Default time-out value of an ARP entry in Cisco IOS Software is
240 seconds.
- A router feature used when a router sees an ARP request
searching for an IP host’s MAC, when the router believes that
Proxy ARP the IP host could not be on that LAN because the host is in
(P-ARP) another subnet. If the router has a route to reach the subnet
where the ARP determined host resides, the router replies to the
ARP request with the router’s MAC address
Reverse ARP - A standard protocol by which a LAN-attached host can
(R-ARP) dynamically broadcast a request for a server to assign it an IP
address.
- A Gratuitous ARP is an ARP Response that was not
Gratuitous ARP prompted by an ARP Request. The Gratuitous ARP is sent as
(G-ARP) a broadcast, as a way for a node to announce or update its IP to
MAC mapping to the entire network.
Inverse ARP - Maps a known DLCI to an IP Address.
(I-ARP) - Used in Frame-relay networks.
3. Networking Devices
A. Hub
-Works at layer 1 of OSI model.
-When frame is received, it is forwarded to all ports.
-Half duplex devices––uses Collision Sense Multiple Access/Collision Detection
(CSMA/CD) for detecting collision.
-Hub shares Bandwidth.
-Typically unmanaged (accepts no user defined configuration) and unintelligent (doesn’t
inspect frames at all before forwarding) device.
-Hub is a half-duplex device.
-Hub offers one broadcast domain and one collision domain.
-Hub network ∝ 1 / Bandwidth
`
Note:
A set of devices that can send frames that collide with frames sent by another device in
that same set of devices is called collision domain.
A set of devices that receive broadcast sent by anyone of the devices in the same set is
called broadcast domain.
B. Switch
-Works at layer 2 of OSI model.
-Layer 2 header and trailer along with data encapsulated by them is called Frame.
-Frames are forwarded on the basis of destination of MAC addresses.
-Switch is also known as transparent bridge because Layer 2 switches do not rewrite
anything in layer 2 frame when forwarding that is why switches are faster than routers who
rewrite the layer 2 frame before forwarding.
-Switch is full duplex device.
-Typically, last port of switch is used for uplink (trunking).
-By default, Switch offers 1 broadcast domain and multiple collision domains.
Number of ports Number of collision domains
Number of VLANs Number of broadcast domains
-By default, Switch can have 16(0-15) telnet sessions.
-Layer 2 Limitations:
i. CAM Table size
-CAM table cannot be summarized unlike routing table.
-50,000 hosts = 50,000 MAC addresses.
-When CAM table is full, switch acts like a hub- floods all the frames
-MACOF An attack in which switch is flooded with random MAC addresses.
D. Router:
-Works at layer 3 of OSI model.
-Layer 3 header and trailer along with data encapsulated by them is called Packet.
-Offer multiple collision and broadcast domains.
-Normally, routers do not modify layer 3 packet heard ––exceptions such as NAT.
-By default, router can have 5(0-4) telnet sessions.
4. Ethernet Types
-Types of Ethernet:
Ethernet IEEE 802.3 Fast-Ethernet IEEE 802.3u
Gigabit-Ethernet IEEE 802.3ab 10 Gigabit-Ethernet IEEE 802.3ae
EtherChannel IEEE 802.3ad
5. MAC Address
A. Ethernet Address Formats
-12 bit hex (or 48 bit binary) address.
-Permanently encoded into ROM chip on NIC. Sometimes it’s also referred as Burned in
Address (BIA).
MAC Address division of bits
Organizational Unique Identifier (OUI)
MAC-Address First 3 Bytes - Assigned by IEEE to the vendor.
(48 bits - Identifies the manufacturer of the NICE card.
or Vendor Assigned Part
6 Bytes) Last 3 Bytes - Assigned by the vendor.
- Identifies Ethernet Hardware.
7. Network Latency
-Network-Latency = NIC-delay + Propagation-delay + Intermediary-device-latency
-NIC-Delay Time taken by source NIC to place voltage pulses on wire and time taken by
recipient NIC to interpret those results.
-Propagation-delaytime taken by signal to travel through cable.
-Intermediary-devices-latencyLatency based on network devices placed between two
devices.
B. Performance
a. Port Density:
- Port density is number of ports per switch.
- Fixed configuration switches typically have up to 48ports with option for up to 4
additional ports for small form factor pluggable device (SFFP).
- A single 48port switch is better than two 24port switches.
One 48 port switch – 1 power port and 47 usable ports.
Two 24 port switches – 2 power ports, 2 interconnecting cables and 44 usable
ports.
b.Forwarding rates:
- Defines the processing capabilities of a switch by routing how much data the
switch can process per second.
- Wire Speed is the data rate that each port on switch is capable of attaining.
- Wire speed describes theoretical maximum data-transmission rate of
connection.
c. Link Aggregation:
- As a part of bandwidth aggregation, you should determine if there are enough
ports on a switch to aggregate to support the required bandwidth.
e. Layer3 Functionality:
- L3 switches over advanced functionality.
- L3 switches are also known as Multilayer Switch.
12. Commands
Description Commands
User Mode Switch>
Privilege Mode Switch#
Modes Global Config Mode Switch(config)#
Interface Mode Switch(config-if)#
Line Mode Switch(config-line)#
Sub Interface Mode Switch(config-sub-if)#
Setting Clock Switch# Clock set hr:min:sec day month year
Interface Switch(config)# interface range interface-type module/first-number –
Range last-number
-Used to bundle interfaces, interface ranges or both of them.
-Defining:
Macros Switch(config)# define interface-range macro-name interface-id
/interface-range
-Invoking:
Switch(config)# interface-range macro macro-name
-Used to bundle commands.
-Defining:
Switch(config)# macro name macro-name
Smart Macro @
-Applying on interface:
Switch(config-if)# macro apply macro-name
Note:
Smart macros are only available on catalysts.
Macros and Interface-range feature are available on both routers
and catalysts.
-Mostly a router that connects to the distant network
Switch(config)# ip default-gateway ip-address-of-gateway
Default
Gateway
CDP Configuration
Commands Description
Router(config)#cdp run Enables cdp on a cisco device
Router(config-if)#cdp enable Enables cdp on an interface
Router(config)#cdp timer seconds Adjusting CDP timers
Router(config)#cdp holdtime seconds
show cdp To display global CDP information, including
timer and hold-time information
show cdp interface [interface-id] Displays information about the interfaces on
which CDP is enabled
show cdp neighbors [detail] Displays detailed information about
neighboring devices discovered using CDP
show cdp traffic Displays traffic information from the CDP
table
show cdp entry [device-id] Displays information about a specific
`
LLDP Configuration
Commands Description
Router(config)#lldp run Enables lldp on a device
Router(config-if)#lldp Enable packet transmission/reception the `on
{transmit | receive } supported interface
show lldp To display global LLDP information, including timer
and hold-time information
show lldp interface Displays information about the interfaces on which
{receive | transmit} LLDP is enabled
show lldp neighbors Displays detailed information about neighboring
[detail] devices discovered using LLDP
show lldp traffic Displays traffic information from the LLDP table
Show lldp entry [device-id] Displays information about a specific neighbor device
listed in the LLDP table
-A Generic Routing Encapsulation (GRE) is created for all the captured traffic and
allows it to be extended across Layer3 domains.
B. Characteristics
a. Characteristics of Source Port:
i. It can be any port type such as Routed port, Switch port, Access port, Trunk port or
EtherChannel port (either one physical port or entire port-channel interface)
ii. It can be monitored in multiple SPAN sessions.
iii. Each source port can be configured with a direction (ingress, egress, or both) to
monitor. For EtherChannel sources, the monitored direction applies to all physical
ports in the group.
iv. Source ports can be in the same or different VLANs.
v. For VLAN SPAN sources, all active ports in the source VLAN are included as
source ports.
vi. If source of SPAN/RSPAN/ERSPAN is a VLAN, then all ports in that VLAN are
monitored. As you add/remove ports from VLAN, the sources are dynamically
updated to include/exclude ports.
vii. A source port cannot be a destination port and vice versa.
viii. Traffic from a non-source VLAN is discarded when it arrives on a source VLAN.
b. VLAN filtering:
i. It’s also possible to configure a trunk port as the source of a SPAN or RSPAN
session. In this case, all VLANs on the trunk are monitored by default; the filter
vlan command option can be configured to limit the VLANs being monitored in this
situation.
ii. VLAN filtering applies only to trunk ports or to voice VLAN ports.
iii. VLAN filtering affects only traffic forwarded to the destination SPAN port and does
not affect the switching of normal traffic.
iv. You cannot mix source VLANs and filter VLANs within a session. You can have
source VLANs or filter VLANs, but not both at the same time.
`
SPAN, RSPAN, and ERSPAN require compliance with a number of specific conditions to
work. For SPAN, the key restrictions include the following:
i. The source can be either one or more ports or a VLAN, but not a mix of these.
ii. Up to 64 SPAN destination ports can be configured on a switch.
iii. Switched or routed ports can be configured as SPAN source ports or SPAN destination
ports.
iv. Be careful to avoid overloading the SPAN destination port. A 100-Mbps source port can
easily overload a 10-Mbps destination port; it’s even easier to overload a 100Mbps
destination port when the source is a VLAN.
v. Within a single SPAN session, you cannot deliver traffic to a destination port when it is
sourced by a mix of SPAN, RSPAN, or ERSPAN source ports or VLANs. This restriction
comes into play when you want to mirror traffic to both a local port on a switch (in
SPAN) and a remote port on another switch (in RSPAN or ERSPAN mode).
vi. Only one SPAN/RSPAN/ERSPAN session can send traffic to a single destination port.
vii. A SPAN destination port ceases to act as a normal switch port. That is, it passes only
SPAN-related traffic.
viii. Traffic that is routed from another VLAN to a source VLAN cannot be monitored with
SPAN. An easy way to understand this concept is that only traffic that enters or exits the
switch in a source port or VLAN is forwarded in a SPAN session. In other words, if the
traffic comes from another source within the switch (by routing from another VLAN, for
example), that traffic isn’t forwarded through SPAN.
`
D. Configurations
a. SPAN Configuration:
Note:
The only limitation on session numbering is that the session number must be 1 –
64.
There can be only one destination port.
Always specify destination port after the SPAN source.
-Configuration:
Step 1: Configure the source port/ports/VLAN.
Switch(config)# monitor session session-number source {interface |Vlan}
{interface-id [or interface-range] | vlan-id } [Rx |Tx| Both]
Step 2(Optional): If source is a trunk port, you can also filter the vlans coming out of
the trunk.
Switch(config)# monitor session session-number filter vlan {vlan-id | vlan-
list}
b. RSPAN Configuration:
Note:
The only limitation on session numbering is that the session number must be
1– 64.
It is permissible to use different session numbers on different switches in RSPAN.
-Configuration:
On Source Switch:
Step 1: In order to configure RSPAN, you need to have RSPAN VLAN. Those VLANS
have special properties and cannot be assigned to any access ports.
Configuring RSPAN VLAN : Switch(config)# vlan vlan-id
Switch(config-vlan)# remote span
Verifying RSPAN VLAN: show vlan remote-span
Step 3(Optional): If source is a trunk port, you can also filter the vlans coming out of
the trunk.
Switch(config)# monitor session session-number filter vlan {vlan-id | vlan-
list}
On Destination Switch:
Step 1: Configure the RSPAN VLAN with same id as on source switches.
Configuring RSPAN VLAN : Switch(config)# vlan vlan-id
Switch(config-vlan)# remote span
Verifying RSPAN VLAN: show vlan remote-span
Step 3:
`
-Example of RSPAN:
Configure 2 switches IDF-SYR1 and IDF-SYR2, to send traffic to RSPAN VLAN 199,
which is delivered to port fa0/24 on switch MDF-SYR9 as follows.
From IDF-SYR1, all traffic received on VLANs 66-68
From IDF-SYR2, all traffic received on VLAN 9
From IDF-SYR2, all traffic sent and received on VLAN 11
IDF-SYR1(config)#vlan 199
IDF-SYR1(config-vlan)#remote span
IDF-SYR1(config-vlan)#exit
IDF-SYR1(config)#monitor session 1 source vlan 66-68 Rx
IDF-SYR1(config)#monitor session 1 destination remote vlan 199
IDF-SYR2(config)#vlan 199
IDF-SYR2(config-vlan)#remote span
IDF-SYR2(config-vlan)#exit
IDF-SYR2(config)#monitor session 2 source vlan 9 Rx
IDF-SYR2(config)#monitor session 2 source vlan 11
IDF-SYR2(config)#monitor session 2 destination remote vlan 199 encapsulation
replicate
MDF-SYR9(config)#vlan 199
MDF-SYR9(config-vlan)#remote span
MDF-SYR9(config-vlan)#exit
MDF-SYR9(config)#monitor session 3 source remote vlan 199
MDF-SYR9(config)#monitor session 3 destination interface fa0/24
`