CCNA_TRAINING_DOCUMENT

CCNA Training Document Mohan’s Networking Institute

CCNA TRAINING DOCUMENT

Schedule

I week – Basics of Networking

IP AddressSubnet MaskBroadcast IP AddressOSI ModelRouting FundamentalsSub-netting

II week and after -- CISCO

Command Line Interface(CLI)Routing Static and Dynamic (RIP, IGRP, OSPF, EIGRP)Remote Management Telnet + CDPAccess-ListNATWANprotocols (PPP, HDLC, FR)Technologies ISDN, FRSwitchingBooting – BackupConfig, IOS

1


1. NETWORKING-BASICS

Network – Connection of Computers

Ethernet

Ethernet uses only one cable that is used to connect all over the world – RJ45/CAT 5/CAT 6/10 baset. Earlier Token ring was used in Ethernet.

Types1. Broadcast Multi-Access: All systems are connected to the network and

only the addressed system receives the packets. First messages are broadcasted, addresses are received and then the packets are unicasted.

2. Point-to-point: Only two computers are connected. Address is not mandatory (But is present).It is not broadcasted.

Routers: Router is an intelligent device that receives data (packet) and checks from where it comes and where it goes (in the best route).Router is a CISCO product.

RJ45 RJ11 RJ11 RJ45

Router Telecom Ethernet (Fibre Optics)

Data in a network is packed such that it travels in a any media such as RJ45,fibre optics etc.,

2

R R ServerFOO


Note: CCNA tells about How to connect computers? How hosts systems talks to each other, when and why? How it interacts with the router and how router talks to the outer world?

Networks are divided as the private (illegal, reserved, non-routable) and public (Legal) networks. The private networks are secured leased lines that are over a particular area-used internally only. The public networks are world wide.

Router RouterEthernet

Computers will have two addresses:1. Logical Address – IP Address2. Physical Address – Hardware address -- MAC address -- Ethernet address

-- Permanent address

MAC Address – Media Access Control Address. No two network cards will have the same MAC addresses.

E.g.: 0010ab 1234cd Vendor Card No. Code

Operating System: OS interfaces between the hardware and the software. The software program that binds itself to the machine components

We need a protocol to transfer data between two systems else your system will be a stand-alone system. In order for two systems to communicate NOS (Network Operating Systems) is needed.

TCP/IP is used to transfer data between systems. It is not a single protocol instead it is a stack of protocols.

3

TCP UDP

IP ARP RARP ICMP IGMP

R RPrivate secured leased line

Public network

Server


TCP – Transmission Control Protocol UDP – User Datagram Protocol IP – Internet Protocol ARP – Address Resolution Protocol RARP – Reverse Address Resolution Protocol ICMP – Internet Control Messaging Protocol IGMP - Internet Group Messaging Protocol

2. IP ADDRESS

Quality of IP Address (Borrowed from the Human & Telecom networks)1. Identification and Location2. Same length3. Network is divided based on the size

IP Address – 32 bit address

Divided into 4 octets

0-255 0-255 0-255 0-255

Each octet is of,

This ranges from 00000000 ………. 11111111 i.e. from 0 to 255.

IP Address has two parts.1. Location (NID – Network ID)2. Identification (HID - Host ID)

4

27 26 25 24 23 22 21 20 222222222222222222222 22128 64 32 16 8 4 2 1


Network Classifications

Class A

NID HID (Network ID) (Host ID)

NID – 8 bits.HID – 24 bits.

Network ID

There 8 bits and so - 28 networks are possible = 256 networks. These 0-255 values in first octet are shared among other classes also. We have values ranging in 0-127 for Class A.

I octet

MSB LSB

128 64 32 16 8 4 2 1

MSB – Most Significant BitLSB – Least Significant Bit

128(MSB) is reserved for Class A as ‘0’ always. 0.0.0.0 – Reserved for representing any network. 127.0.0.0 – Loop Back Address..

Thus Class A can have 1-126 networks.

E.g. 10.0.0.0 is a Class A Network

Host ID

If the hosts IDs are ‘0’ then it represents the Network and not the host. If the hosts IDs are ‘1’ then it represents the Broadcast address for the particular network.

E.g.

10.0.0.0 ----------- Network Address(All HID ‘0’)

5

0 0 0 0 0 0 0 0 1 1 1 1 1 1 1


10.0.0.1 ----------- First Host IP Address(All HID ‘0’except the least)

10.255.255.254 ----------- Last Host IP Address(All HID ‘1’except the least)

10.255.255.255 ----------- Broadcast IP Address(All HID ‘1’)

Class B



Network ID:

I octet

MSB LSB

128 64 32 16 8 4 2 1

Two bits are reserved for Class B. The other bits can be from 000000 to 111111.

NID has 2 octets out of which two 2 bits are reserved. 216 - 2 = 214 = 16384 networks for Class B. E.g. 172.16.0.0 is a Class B network.

Host ID


E.g. 170.27.0.0 ----------- Network Address 170.27.0.1 ----------- First Host IP Address 170.27.255.254 ----------- Last Host IP Address 170.27.255.255 ----------- Broadcast IP Address

6

1 0 0 0 0 0 0 0 1 1 1 1 1 1


Class C



Network ID

I octet

MSB LSB

128 64 32 16 8 4 2 1

The last three bits are reserved for Class C. The others can be from 00000 to 11111.

NID has 3 octets out of which two 3 bits are reserved. 224 – 3 = 221 = 2097152 networks for Class C.

E.g. 202.14.0.0 is a Class C network.

Host ID


E.g. 194.21.16.0 ----------- Network Address 194.21.16.1 ----------- First Host IP Address 194.21.16.254 ----------- Last Host IP Address 194.21.16.255 ----------- Broadcast IP Address

Class D: Class D can have 224 – 239 networks. They are used for Multicasting.Class E: Class E can have 240 – 255 networks. They are used for Research purposes.

Note: From the above given addresses some addresses are reserved for the private networks. They are,

10.0.0.0 --------- A172.16.0.0 to 172.31.0.0 --------- B192.168.0.0 to 192.168.255.0 --------- C

Broadcasting:7

1 1 0 0 0 0 0 0 1 1 1 1 1


Broadcast involves delivering a message from one sender to many recipients. This broadcast is 'limited' in that it does not reach every node on the Internet, only nodes on the LAN.

Broadcast address is found by ORing the IP address and the bit complement of the subnet mask.

E.g. : Let 190.16.4.9 be the IP address(Class B network).The subnet mask for class B network is 255.255.0.0

---bit complement is 0.0.255.255

190.16.4.9 ---- 101111100001000000000100000010010.0.255.255 ---- 00000000000000001111111111111111

190.16.255.255 ---- 10111110000100001111111111111111

SUMMARY

Class N/w Bits

Host bits

Range- I octet

MSB fixed

No of n/ws

No of hosts

FHID LHID

BC Addr

Subnet mask

A 8 24 1-126 0 120 224-2 X.0.0.1 X.255.255.254

X.255.255.255

255.0.0.0

B 16 16 128-191 10 216-2=214 216-2 X.Y.0.1 X.Y.255.254

X.Y.255.255

255. 255.0.0

C 24 8 192-223 110 224-3=221 28-2 X.Y.Z.1 X.Y.Z.254

X.Y.Z.255

255. 255. 255.0

D 224-239E 240-255

All HIDs 1

NID-‘1’HID-‘0’

4. OSI REFERENCE MODEL

OSI – Open Systems Interconnection.This is designed by the ISO(International Standard Organisations).This model is developed from the TCP/IP Model given by the DoD,Department of Defence,US.

Open Systems: Irrespective of the plaltform ,open to any platform.

8


The OSI Model comprises of 7 layers.

OSI Model

(International Standard Organisation) TCP/IP Model (Department of Defence,US)

PHYSICAL LAYER

Physical layer is about the physical connections/media between the networks. Connections may be bound or unbound.

Bound – UTP, STP, Coaxial, Fibre optics..Unbound – Infrared rays, Blue tooth, Radio waves, Micro waves…

UTP – Unsheilded Twisted Pair.10 base T10 base 10100 base 10

Bandwidth Signal Length of the Frequency cable

87.5 m (accurately)100m cable

9

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

4

3

2

1

AMP


Ethernet Cross over and Straight Through CablesThere are 8 pins in the cables and or of different colours to identfy.

PIN N0 WIRE COLOR CROSSED-OVER STRAIGHT-THROUGH1 Orange/White 3 12 Orange 6 23 Green/White 1 34 Blue 4 45 Blue/White 5 56 Green 2 67 Brown/White 7 78 Brown 8 8

If there are more then two systems,connecting them to each and every systems are not possible.In such cases we use Hub or Switches to connect the systems.

Hub(Concentrator):Hubs operate on the physical layer.Hubs are nothing but a repeater, that sends copy to all the systems during communicaton.A hub can contain multiple ports.

HUB

1 3 4 5

HUB

2 4 6 8

10


In a hub with 8 ports, each connected to a system.If system-1 has to send data to system-8 it sends data to system-8 and also to all other systems that are connected to the hub. If the data transfer rate is 10 mbps that is shared to send data to all the systems.

Full DuplexIf transmission takes place in one line and data is received in another line, it is said to be in Full Duplex.

Half DuplexIf transmission and received in same line, it is said to be in Half Duplex.

DATA LINK LAYER All the systems in the network are identified and are ready to send the data. This layer concentrates on

How the data look like? – Format. To whom the data is being sent and from where it is coming? It checks for any collision or error? – Error Detection.Error Detection is

done by CSMA/CD(Carrier Sense Multilpe Access/Collision Detection) that continuously senses the line to check if there is any error or collision.

Network Interface Card(NIC) contains the MAC(Media Access Control) Address.

Sub Layers of Data Link Layer: LLC – Logical Link Control:It is concerned with managing the

traffic over the networkWhile carrying the packet from the Data link layer to the network layer it should also carry data saying that it is a IP packet logical link between Datalink layer and the Network layer.

10.0.0.0Router

11

IP

AT

IPX


MAC – Media Access Control: It is concerned with sharing the physical connection to the network among several computers. Each computer has its own MAC address.

Frame in the Data link layer consists the To and From MAC address. Most popular layer-2 component is the Switch.

Switch: A network switch is a small hardware device that joins multiple computers together within one LAN Technically, network switches operate at layer 2 i.e Data Link Layer.

A switch unlike hub sends data only to the specific system that requested the data.

Switch maintains the MAT (MAC Address Table) to look up the MAC address of the hosts to which it needs to send the data. First time it broadcasts and there after it maintains the addresses.

Port Number MAC address

NETWORK LAYER This layer concentrates on routing the packet to the destination in the best route.

Packtes in the network layer contains the To and From IP address.

In the following figure there are 4 data links between the the two networks.

10.0.0.0 20.0.0.0 40.0.0.0 60.0.0.0

Router1 Router2 Router3

TRANSPORT LAYER

This layer is a software layer(A transport layer product is introduced now.)

12

Router


The role of the transport layer is to provide a reliable, end-to-end data transport between source and destination machines.

This layer concentrates on,

Segments: The exchanged between the communicating hosts are called the segments. This layer packetizes(i.e. turns into segments). The size of the segment ranges to less than or equal to the MTU(Maximum Transmission Unit=1500 bytes).

Sequence numbers Check sum Acknowledgement Error checking Windowing 3-way handshake Port numbers

HTTP-80 FTP-21- CONTROL,20 - DATA SMTP-25 TELNET-23 POP3-110

The connection may be connection oriented or connectionless. Connection oriented

Establishes a connection Transmits data Ends connectionTCP/IP provides a reliable and connection-oriented service.

Connectionless: Data delivery Error checkingUDP provides an unreliable and connection-less service.

SESSION LAYER The session layer allows users on different machines to establish sessions between

them. A session management takes place whenever a session opens and ends. If the port is inactive for a particular period of time the port is reset (the session is

closed). Source Quench: It is a message from one host to another host saying that to

reduce the speed of data transfer. It is one way to control data flow over the network.

PRESENTATION LAYER This layer is concerned with the presentation of data that is transferred between

two application processes. It ensures that the date exchanged between them has a common meaning – Shared

semantics.(common presentation style) Data are transferred in Binary or ASCII format .

13


If any compression or encryption are needed they are also agreed upon.

APPLICAION LAYER This layer ensures that it provides service for an application program to

communicate with other application program in the network. This layer concentrates on,

Communication partners Quality of service User authentication Constraints on data.

NOTE:

1.Encapsulation-Give the right information to the right user.

2.Disdavantage of TCP/IP communication? Acknowledgement3. Which takes part in all layers of OSI model?

a. Routerb. Amplifierc. Bridged. Network Management statione. Network hostf. Web Server

Ans : d,e and f takes part in all layer activities.They are all hosts.

5. ROUTING FUNDAMENTALS

Concepts

14

PLDL

NLTL

SL

PLAL


Routing Table Default Gateway

Windows DOS Commands Ipconfig Ipconfig /all Route Print Route Add Route Delete Ping arp –a tracert

Protocols ICMP ARP

ROUTING TABLEA routing table is a database in which a routing protocol stores information about

the network layer topology of the intranet work (The IP Addresses are looked up here before the packets are being routed).

Routing table can be built in two ways:1. Manual

Route add <destn> MASK <destn SM> <Next Hop>(Forwarding Router)

E.g. Route add 30.0.0.0 MASK 255.0.0.0 10.0.0.12. Default Gateway

PING command: Sends a packet through the internet to grope the destination host. Echo Request and Reply are the two pairs in ICMP message. The ICMP checks whether there is an error during communication.

Echo Request

Echo Reply

50.0.0.2 70.0.0.1 90.0.0.1

50.0.0.0 70.0.0.0

30.0.0.0 R1 R2 R3 90.0.0.0 30.0.0.1 50.0.0.1 70.0.0.2

15

http://www.tech-faq.com/network-layer.shtml

http://www.tech-faq.com/routing-protocols.shtml


While pinging a host from the source,If the host/network is not configured with the router and if it does not identify the destination system in the routing table,then the following ICMP message is generated,

Destination Host Unreachable

While pinging a host from the source,If the host is connected and configured to the router, the host sends all its messages to the router and then forwarded to the destination. Now if the router is enable to identify the destination IP Address in the routing table,then the following ICMP message isgenerated,

Reply from <destn> ; bytes=32 time=10ms TTL=128

While pinging a host from the source,If the destination host is not connected to the network or if the cable is loosely connected or if the destination host does not respond to the source request then the

following ICMP error message isgenerated,

Request timed out

arp –a This command is used to obtain the MAC address of the destination host.

C:\>arp -a

Interface: 9.184.45.180 --- 0x2 Internet Address Physical Address Type

9.184.45.1 00-00-0c-07-ac-2d dynamic 9.184.45.15 00-0d-60-8c-9d-93 dynamic 9.184.45.100 00-0d-60-fb-e4-ed dynamic

9.184.45.184 00-11-25-48-14-22 dynamic

C:\>arp –d 10.0.0.1 Deletes the MAC address of the particular host.

tracertThe tracert command is used to visually see a network packet being sent and

received and the amount of hops required for that packet to get to its destination.

C:\>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options: -d Do not resolve addresses to hostnames.

16


-h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply.

C:\>tracert 9.184.45.148

Tracing route to 9.184.45.148 over a maximum of 30 hops 1 * <1 ms <1 ms 9.184.45.148Trace complete.

Find the FHID, LHID, Broadcast and SubnetMask

CLASS NETWORK FHID LHID BroadCast SubnetMaskA 1.0.0.0 1.0.0.1 1.255.255.254 1.255.255.255 255.0.0.0A 39.0.0.0 39.0.0.1 39.255.255.254 3.255.255.255 255.0.0.0B 147.0.0.0 147.0.0.1 147.0.255.254 147.0.255.255 255.255.0.0C 211.0.0.0 211.0.0.1 211.0.0.254 211.0.0.255 255.255.255.0

6. SUBNETTING

Subnetting is the process of subdividing your networks into subnets that are meaningful, for the effective management of IP Address.With the help of mathematical functions we divide network itno subnets. Due to this congestion is controlled.

a. If 9.0.0.5 sends a packet to 9.0.0.3 hub copies and sends the packet to all the other hosts also(Broadcasts).Once it broadcasts it receives the MAC address, it unicasts to every hosts.Here packet is received by only the destination that matches the To address(MAC address).

9.0.0.2 9.0.0.3

9.0.0.5 9.0.0.4

HUB

17


b. In case if a hub is replaced by the switch, intially it broadcasts and receives the MAC address.After that the switch sends the packet only to the particular destination host and doesnot send copies to other systems.

c. In case if a router is replaced with the switch/hub, broadcasting and unicasting takes place.But it ensures that the MAC address doesnot cross the particular network/LAN.

Divide the following network consisting of 2 subnets

CLASS NETWORK FHID LHID BroadCast SubnetMaskA 10.0.0.0 10.0.0.1 10.255.255.254 10.255.255.255 255.0.0.0

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.

Hence to get two subnets, we need to borrow 2 bits from the host id.

128 64

NID HID

Therefore the subnets are,10.64.0.0 and 10.128.0.0

Class Subnet FHID LHID BroadCast SubnetMaskA 10.64.0.0 10.64.0.1 10.127.255.254 10.127.255.255 255.192.0.0A 10.128.0.0 10.128.0.1 10.191.255.254 10.191.255.255 255.192.0.0 64+(32+16+8+4+2+1)=64+63=127 128+64=192 128+63=191

Total no of host id bits=24 -2(borrowed)=22.So, The no of hosts possible in each subnet = 222-2 = 4194304-2 = 4194302 hosts



To get 6 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets

18

2n-2>=no of subnets

2n-2>=no of subnets


Hence to get 6 subnets, we need to borrow 3 bits from the host id.

128 64 32

NID HID

Therefore the subnets are, 10.32.0.010.64.0.010.96.0.010.128.0.010.160.0.010.192.0.0

Class Subnet FHID LHID BroadCast SubnetMaskA 10.32.0.0 10.32.0.1 10.63.255.254 10.63.255.255 255.224.0.0A 10.64.0.0 10.64.0.1 10.95.255.254 10.95.255.255 255.224.0.0A 10.96.0.0 10.96.0.1 10.127.255.254 10.127.255.255 255.224.0.0A 10.128.0.0 10.128.0.1 10.159.255.254 10.159.255.255 255.224.0.0A 10.160.0.0 10.160.0.1 10.191.255.254 10.191.255.255 255.224.0.0A 10.192.0.0 10.192.0.1 10.223.255.254 10.223.255.255 255.224.0.0 32+(16+8+4+2+1)=32+31=63 128+64+32=224

Total no of host id bits=24 -3(borrowed)=21.So, The no of hosts possible in each subnet = 221-2 = 2097152-2 = 2097150 hosts.



To get 14 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets


128 64 32 16

NID HID

Therefore the subnets are,

19

2n-2>=no of subnets


10.16.0.010.32.0.010.48.0.0 |10.224.0.0

Class Subnet FHID LHID BroadCast SubnetMaskA 10.16.0.0 10.16.0.1 10.31.255.254 10.31.255.255 255.240.0.0A 10.32.0.0 10.32.0.1 10.47.255.254 10.47.255.255 255.240.0.0A 10.48.0.0 10.48.0.1 10.63.255.254 10.63.255.255 255.240.0.0….. ................ ……… ………………. …………….. …………..A 10.208.0.0 10.208.0.1 10.223.255.254 10.223.255.255 255.240.0.0A 10.224.0.0 10.224.0.1 10.239.255.254 10.239.255.255 255.240.0.0 16+(8+4+2+1)=16+15=31 128+64+32+16=240

Total no of host id bits=24 -4(borrowed)=20.

So, The no of hosts possible in each subnet = 220-2 = 1048576-2 = 1048574 hosts.

How many bits you need to borrow to get 23 subnets.

To get 23 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets25-2=32-2=30 subnets


128 64 32 16 8

NID HID

Therefore the subnets are,10.8.0.010.16.0.010.24.0.0 |

20

2n-2>=no of subnets


10.184.0.0 |10.240.0.0

Class Subnet FHID LHID BroadCast SubnetMaskA 10.8.0.0 10.8.0.1 10.15.255.254 10.15.255.255 255.248.0.0A 10.16.0.0 10.16.0.1 10.23.255.254 10.23.255.255 255.248.0.0A 10.24.0.0 10.24.0.1 10.31.255.254 10.31.255.255 255.248.0.0….. ................ ……… ………………. …………….. …………..A 10.184.0.0 10.184.0.1 10.191.255.254 10.191.255.255 255.248.0.0…… ……… …………. …………… …………… …………..A 10.240.0.0 10.240.0.1 10.247.255.254 10.247.255.255 255.248.0.0 8+(4+2+1)=8+7=15 128+64+32+16+8=248



How many bits you need to borrow to get 45 subnets.

To get 45 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets25-2=32-2=30 subnets26-2=64-2=62 subnets


128 64 32 16 8 4

NID HID

Therefore the subnets are,10.4.0.010.8.0.010.12.0.0 |10.180.0.0

21

2n-2>=no of subnets


|10.248.0.0

Class Subnet FHID LHID BroadCast SubnetMaskA 10.4.0.0 10.4.0.1 10.7.255.254 10.7.255.255 255.252.0.0A 10.8.0.0 10.8.0.1 10.11.255.254 10.11.255.255 255.252.0.0A 10.12.0.0 10.12.0.1 10.15.255.254 10.15.255.255 255.252.0.0….. ................ ……… ………………. …………….. …………..A 10.180.0.0 10.180.0.1 10..183.254 10.183.255.255 255.252.0.0…… ……… …………. …………… …………… …………..A 10.248.0.0 10.248.0.1 10.251.255.254 10.252.255.255 255.252.0.0 4+(2+1)=4+3=7 128+64+32+16+8+4=252



Divide the following network consisting of 75 and 150 subnets


To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets.25-2=32-2=30 subnets26-2=64-2=62 subnets.27-2=128-2=126 subnets28-2=256-2=254 subnets

Hence to get 75 subnets, we need to borrow 7 bits from the host id.And to get 150 subnets, we need to borrow 8 bits from the host id.

128 64 32 16 8 4 2

NID HID

128 64 32 16 8 4 2 1

NID HIDTherefore the subnets are,

22

2n-2>=no of subnets


75 subnet 150 subnet10.2.0.0 10.1.0.010.4.0.0 10.2.0.010.6.0.0 10.3.0.0 | |10.150.0.0 10.150.0.075 subnetsClass Subnet FHID LHID BroadCast SubnetMaskA 10.2.0.0 10.2.0.1 10.3.255.254 10.3.255.255 255.254.0.0A 10.4.0.0 10.4.0.1 10.3.255.254 10.3.255.255 255.254.0.0

A 10.150.0.0 10.150.0.1 10.151.255.254 10.151.255.255 255.254.0.0

A 10.254.0.0 10.254.0.1 10.255.255.254 10.255.255.255 255.254.0.0 2+(1)=2+1 128+64+32+16+8+4+2=254


150 subnetsClass Subnet FHID LHID BroadCast SubnetMaskA 10.1.0.0 10.1.0.1 10.1.255.254 10.1.255.255 255.255.0.0A 10.2.0.0 10.2.0.1 10.2.255.254 10.2.255.255 255.255.0.0……. ………. ……….. …………….. …………….. …………A 10.150.0.0 10.150.0.1 10.150.255.254 10.150.255.255 255.255.0.0 1+(0)=1 128+64+32+16+8+4+2+1=255


------------------------------------------------------------------------------------------------------------


CLASS NETWORK FHID LHID BroadCast SubnetMaskB 170.0.0.0 170.0.0.1 170.0.255.254 170.0.255.255 255.255.0.0

To get 9 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets

23

2n-2>=no of subnets



128 64 32 16

NID HID

Therefore the subnets are, 170.0.16.0170.0.32.0170.0.48.0

|170.0.128.0170.0.144.0

Class Subnet FHID LHID BroadCast SubnetMaskB 170.0.16.0 170.0.16.1 170.0.31.254 170.0.31.255 255.255.240.0B 170.0.32.0 170.0.32.1 170.0.47.254 170.0.47.255 255.255.240.0B 170.0.48.0 170.0.48.1 170.0.79.254 170.0.79.255 255.255.240.0B ………. ………. ………. ………. …………..B 170.0.128.0 170.0.128.1 170.0.143.254 170.0.143.255 255.255.240.0B 170.0.144.0 170.0.144.1 170.0.175.254 170.0.175.255 255.255.240.0 16+(8+4+2+1)=16+15=31 128+64+32+16=240

Total no of host id bits=16 -4(borrowed)=14So, The no of hosts possible in each subnet = 214-2 = 16384-2 = 16382 hosts.


CLASS NETWORK FHID LHID BroadCast SubnetMaskB 170.0.0.0 170.0.0.1 170.0.255.254 170.0.255.255 255.255.0.0

To get 99 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.23-2=8-2=6 subnets24-2=16-2=14 subnets25-2=32-2=30 subnets26-2=64-2=60 subnets27-2=128-2=126 subnets


24

2n-2>=no of subnets


128 64 32 16 8 4 2

NID HID


|170.0.250.0170.0.252.0

Class Subnet FHID LHID BroadCast SubnetMaskB 170.0.2.0 170.0.2.1 170.0.3.254 170.0.3.255 255.255.240.0B 170.0.4.0 170.0.4.1 170.0.5.254 170.0.5.255 255.255.240.0B 170.0.6.0 170.0.6.1 170.0.7.254 170.0.7.255 255.255.240.0B ………. ………. ………. ………. …………..B 170.0.250.0 170.0.250.1 170.0.251.254 170.0.251.255 255.255.240.0B 170.0.252.0 170.0.252.1 170.0.253.254 170.0.253.255 255.255.240.0 2+(1)=2+1=3 128+64+32+16+8+4+2=254

Total no of host id bits=16 -7(borrowed)=9So, The no of hosts possible in each subnet = 29-2 =512-2 = 510 hosts.------------------------------------------------------------------------------------------------------------


CLASS NETWORK FHID LHID BroadCast SubnetMaskC 200.0.0.0 200.0.0.1 200.0.0.254 200.0.0.255 255.255.255.0

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.


128 64

NID HID

Therefore the subnets are, 200.0.0.64

25

2n-2>=no of subnets


200.0.0.128

Class Subnet FHID LHID BroadCast SubnetMaskC 200.0.0.64 200.0.0.65 200.0.0.126 200.0.0.127 255.255.255.192C 200.0.0.128 200.0.0.129 200.0.0.190 200.0.0.191 255.255.255.192 64+(32+16+8+4+2+1)=64+63=127 128+64=192Note:127 is the Broadcast id.

Total no of host id bits=8 -2(borrowed)=6So, The no of hosts possible in each subnet = 26-2 =64-2 =62 hosts.

Divide the following network consisting of 23 hosts.

To get 2 subnets,

28-2=256-2=254 hosts27-2=128-2=126 hosts26-2=64-2=62 hosts25-2=-32-2=30 hosts-----------------23-2=-8-2=6 subnets24-2=16-2=14 hosts

Hence to get 23 hosts, we need to borrow 3 bits from the host id so that 5 bits will be left.

128 64 32

NID HID


|192.168.1.192(we borrow 3 bits and so 32*6 =192)

Class Subnet FHID LHID BroadCast SubnetMaskC 192.168.1.32 192.168.1.33 192.168.1.62 192.168.1.63 255.255.255.224C 192.168.1.64 192.168.1.65 192.168.1.94 192.168.1.95 255.255.255.224

26

2no of bits left-2>=no of hosts

2No of bits left -2 >= No of hosts2No of bits borrowed – 2 >= No of subnets


C 192.168.1.192 192.168.1.193 192.168.1.222 192.168.1.223 255.255.255.224 32+(16+8+4+2+1)=32+31=63 128+64+32=192

Total no of host id bits= 8-3(borrowed)=5So, The no of hosts possible in each subnet = 25-2 =32-2 =30 hosts in each subnet.

Divide the following network consisting of 11 hosts.

To get 2 subnets,

28-2=256-2=254 hosts27-2=128-2=126 hosts26-2=64-2=62 hosts25-2=-32-2=30 hosts24-2=16-2=14 hosts---------------------24-2=-16-2=1423-2=8-2=6 hosts

Hence to get 11 hosts, we need to borrow 4 bits from the host id so that 4 bits will be left.

128 64 32 16

NID HID


|192.168.224.(we borrow 3 bits and so 16*14=224)

Class Subnet FHID LHID BroadCast SubnetMaskC 192.168.1.16 192.168.1.17 192.168.1.30 192.168.1.31 255.255.255.240C 192.168.1.32 192.168.1.33 192.168.1.46 192.168.1.47 255.255.255.240C ……………. ……………. ……………... …………….. ………………….C 192.168.1.224 192.168.1.225 192.168.1.254 192.168.1.255 255.255.255.240

16+(8+4+2+1)=16+15=31 128+64+32+16=240


27

2no of bits left-2>=no of hosts


Divide the following network consisting of 17 subnets.

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets23-2=8-2=6 subnets24-2=16-2=14 subnets25-2=32-2=30 subnets


128 64 32 16 8

NID HID


|192.168.1.136(we borrow 5 bits and so 8*17=136)


Class Subnet FHID LHID BroadCast SubnetMaskC 192.168.1.8 192.168.1.9 192.168.1.14 192.168.1.15 255.255.255.248C 192.168.1.16 192.168.1.17 192.168.1.22 192.168.1.23 255.255.255.248C ……………. ……………. ……………... …………….. ………………..C 192.168.1.240 192.168.1.241 192.168.1.246 192.168.1.247 255.255.255.248

8+(4+2+1)=8+7=15 128+64+32+16+8=248


Divide the following network consisting of 50 subnets.

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets23-2=8-2=6 subnets

28

2no of bits borrowed-2>=no of subnets

2no of bits borrowed-2>=no of subnets


24-2=16-2=14 subnets25-2=32-2=30 subnets26-2=64-2=62 subnets


128 64 32 16 8 4

NID HID




Class Subnet FHID LHID BroadCast SubnetMaskC 192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7 255.255.255.252C 192.168.1.8 192.168.1.9 192.168.1.10 192.168.1.11 255.255.255.252C ……………. ……………. ……………... …………….. ………………..C 192.168.1.248 192.168.1.249 192.168.1.250 192.168.1.251 255.255.255.252

4+(2+1)=4+3=7 128+64+32+16+8+4=252


NOTE : Subnetting Principle Donot change your NID Borrow HID bits to Nid Octet structure and bit values will not changes Rules for FHID, LHID, BC and SNM will not change.

29


CISCO ROUTERS

1. COMMAND LINE INTERFACE

CISCO ROUTER, doesn’t have the monitor so every router needs to be connected to the console.

Console is to manage/administor/monitor the router.For the console to be connected the router needs the console port.To connect the router a cable(RJ45) is provided with 9 pins.

For a router there should be atleast 2 ports.

Router

Serial port/ WAN port

Power point

To enter the hyperterminalPrograms Acessories Communication Hyperterminal(Hypetterminal window opens)-prompts for the screen name(not the router name)-connect to window select com1 ok-com1 properties window select restore default ok-save and exit

Once you switch on the router (if new router that is not configured / brand new router) it will prompt as ,

Would u like to enter initial configuretion dialog[yes/no]: (if pressed – no )press return to get started(enter)Router>

30

Ethernet Serial console powerpointPort port port Aux

Console

Hub Switch


(this is the first prompt in the router.This is called the user mode or the user execution mode)Router> enable (enter)Router#(this is called the priviliged mode/enabled mode /priviliged executable mode –not every one can enter – restrictions provided)

cisco commands are not case sensitive The user and the priviliged mode are not configurable mode , they are executable

only . we can see all the configurations that exists and no new configurations added or no troubleshooting.

U can find the errors in these two modes but cannot be rectified.Router#show running-config(enter)(this command displays the currently running configuration)Router#debug xxxRouter#copy xxxRouter#configure terminal(enter)Router(config)#(this is the global configuration mode-where u can make new configurations)

To change the hostname Router(config)#hostname abc(enter)abc(config)#

Specific configuration mode

Router(config)#interface ethernet 0/fastethernet 0/serial 0/serial 1(enter)Router(config-if)#

Router(config)#Line console 0(enter)Router(config-line)#

To configure from console through port 0 To configure from telnet(virtual terminal-VTY) through port 0 to port 4 To configure from auxillary through port 0

To set username and password to the router(for the user and priviliged mode)(For console)

To set password for the user mode,Router(config-line)#password xxxxRouter(config-line)#login

-enter the pasword-specify that in the line console mode.

press return to get startedu will be prompted for the password

password: (once u enter the password and press enter)Router>

To set username & password for the user mode,Router(config)#username xxxx password xxxxRouter(config-line)#login local

-enter the username and password in the global confifuration mode

31


-specify that in the line console as login local

-By default the password would be displyed in the above.For to display the encrypted password

Router(config)#service password-encryption

To set password for the privileged mode,Router(config)#enable password/secret xxxx

-enter the username and password in the global confifuration mode-specify that in the line console as login(Optional)

To remove the password/username or any other changes made,abc(config)#no hostname(enter)Router(config)#

Router(config-line)#no loginRouter(config-line)#no password

Router(config-line)#no login localRouter(config)#no username xxxx(removes the username & password)

Router(config)#no enable password/secret

To exit from each mode we can use exit or (ctrl + z)Press Return to get started

User mode Disable Exit

Enable mode Exit

Global configuration mode ----------- ctrl z

ExitSpecific configuration mode

2. STATIC ROUTING (L eased Line )

32


V.35Router Router

Network Telecom Network companyFig-a

Two networks that are geographically apart are connected with the help of the telecom company.

The network cable given by the telecom company to the LAN is the RJ11 cable.But the cable to the router is the RJ45 cable.Hene there should be a mediator to synchronize the flow. So, Modem is used for that process.

RJ11 RJ45Telecom Company

Fig-a can be represented as,

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0E0 S0 S0 E0

HOR BOR

How to give IP address to the Router and configure it?

Router(config)interface e 0Router(config-if)ip address 10.0.0.1 255.0.0.0Router(config-if)no shutdownRouter(config-if)exit

Administratively by default all the interfaces are shutdown,when is router is on. So it is important to give “no shutdown”.Unless interfaces are not shutdown it is

not possible to ping a system(from any mode-user or privileged).

Router(config)interface s 0Router(config-if)ip address 20.0.0.1 255.0.0.0

33

R R

RModem

R2

R1


Router(config-if)no shutdownRouter(config-if)exit

Router(config)interface e 0Router(config-if)ip address 30.0.0.1 255.0.0.0Router(config-if)no shutdownRouter(config-if)exit

Router(config)interface s 0Router(config-if)ip address 20.0.0.2 255.0.0.0Router(config-if)no shutdownRouter(config-if)exit

To check the IP address

Router#sh runRouter#sh interface Router#sh interface e 0Router#sh interface s 0Router#sh ip interface brief

To check the routing table

Router#sh ip route

Note: By default router is DTE(Data terminal Euipment).It is mandatory to give the clock rate for the DCE end,inorder to synchronize the data flow.

To check whether a router is DTE or DCE.

Router#sh controllers s 0

To set the clock rate

Router(config)#interface s 0Router(config-if)#clock rate 64000

To add an entry in the routing tableRouter(config)#ip route <dest N/W> <SNM> <Next Hop>Router(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2

This specifies that if any packet is to sent to 30.0.0.0 network from 10.0.0.0 network ,then the path is through 20.0.0.2.

To debug IP packet

Router#debug ip packet

34


To stop debugging the IP packet

Router#no debug ip packet

To stop all debuggings

Router#undebug all (u all)

3. DYNAMIC ROUTING

40.0.0.0 50.0.0.0

80.0.0.020.0.0.0 30.0.0.0

10.0.0.0 70.0.0.0

60.0.0.0

In the above figure there are 3 different paths to travel from 10.0.0.0 network to 70.0.0.0 network.

Based on the parameters like distance, bandwidth, no. of hops etc., the best path is chosen.This work is done by the router based on the routing table.

The routing protocols helps the router to find the best path.

Dynamic routing

35

R R

R

R R


Distance Link StateVector ProtocolsProrocols

RIP OSPF IGRP IS-IS

BGP

EIGRP(Hybrid)

RIP Routing Information ProtocolIGRP Interior Gateway Routing Protocol

EIGRP Enhanced Interior Gateway Routing Protocol

IGRP & EIGRP works on the cisco Router only(Cisco proprietary). Routing Protocols build the routing table automatically.

Distance Vector protcols: RIP decide upon the best route based on the distance and direction(of flow of

packet in terms of E0 and S0) and IGRP decide upon the best route based on the distance,bandwidth and delay.

Routing table is broacasted after a particular time.RIP – every 30 secIGRP – every 90 sec.Every time whether or not the table is changed it is broacasted. This unneccessarily occupies the bandwidth.

Each router knew only the adjacent routers. Link state protocols:

Complex protocols They decide upon the best route based on the bandwidth, delay, load, MTU,

and reliability. For the first time it broadcasts the table and there after only the state in

send.When there is a change in the table it is broadcasted. Each router knew the whole topology of the network.

36


RIP – Routing Information Protocols

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.2 40.0.0.110.0.0.0 40.0.0.0

E0 S0 S0 S1 S0 E0

Ipaddress int hops Ipaddress int hops Ipaddress int hops

During Routing Table broadcasts RIP of R1says to the adjacent router R2 that it is 1 hop for R2.

Assume that there is a problem in cable between R3 and 40.0.0.0 network.Now the 40.0.0.0 entry in R3 will be removed.R2 broadcasts its known addresses to R3. With all the addresses R2 sends 40.0.0.0 also with the hop count as 2 though S1.Again R3 will send its addresses to R2.Now 40.0.0.0 network with hop count 2 in R3 will be sent to R2 with hop count 3. This repeats as non stop process and results in Routing Loops .

To avoid this a maximum hop was set,RIP – 16IGRP – 100

But when the network is down it was unneccessary for 16 hop counts. So to overcome that it was decided that router should not broadcast a network in the same direction from where it was received.This is called Split horizon.

40(3) 10(1) 40(2) 10(2) 40(1) 10(3)

C 10.0.0.0 E0 0C 20.0.0.0 S0 0

C 20.0.0.0 S0 0C 30.0.0.0 S1 0

C 30.0.0.0 S0 0C 40.0.0.0 E0 0

R 30.0.0.0 S0 1R 40.0.0.0 S0 2

R 10.0.0.0 S0 1R 40.0.0.0 S1 1

R 20.0.0.0 S0 1R 10.0.0.0 S0 2

37

R2

R1

R3

R2

R1

R3


10.0.0.0 40.0.0.0 20.0.0.0 30.0.0.0

20(1) 20(2) 30(1) 20(1)

30(2) 30(1)

R1 will not advertise its route for R3 back to R2. On the surface, this seems redundant since R2 will never use R1's route because it costs more than R2's route to R3. However, if R2's route to R3 goes down, R2 could end up using R1's route, which goes through R2; R1 would send the packet right back to R2, creating a loop. With split horizon, this particular routing loop cannot happen.

This logic did not suit the network with mesh topology. To overcome this ,1. Route poisoning-Route poisoning is a method of preventing a network

from sending packets through a route that has become invalid. When the path between two routers in a network goes bad, all the routers in the network are informed immediately. However, it is possible for this information to be lost, causing some routers to once again attempt to send packets over the bad route. This requires that they be informed again that the route is invalid, and again, this information can be lost.(Routing Loop)Route poisoning and reverse poisoning are routing loop preventiontechniques used by distance vector routing protocols. Route poisoning is setting a route's metric to infinity (i.e. max hops+1).

2. Poison reverse allows routers to break the split horizon rule byadvertising information learned from an interface out the sameinterface. However, it can advertise routes learned from an interfaceout the same interface with a 16 hop count, which indicates adestination unreachable, "poisoning" the route. Routers with a routewith a better metric (hop count) to the network ignore the destinationunreachable update.Poison reverse is the process of breaking the split horizon rule andsending a poisoned route back over the same interface from which it waslearned

Hold-down time: A function that prevents a router from being updated for a specified period in order to give other nodes some time to reconfigure and prevent a routing loop. When a router is notified of a route failure, it starts the hold-down timer. In the meantime, if a notification of a route is received from its neighbor with equal or better metrics than the route that failed, the router stops the timer and updates its routing table. If the new route metrics are inferior, it keeps the timer running and does not update (possibly down).

Note: No of hops doesnot represent the no of routers a packet has to cross.

38


4.CONFIGURING RIP AND IGRP

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 20.0.0.0 30.0.0.0

RIPR1(config)#router RIPR1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0

R2(config)#router RIPR2(config-router)#network 20.0.0.0R2(config-router)#network 30.0.0.0

IGRPR1(config)#router IGRP 123R1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0

R2(config)#router IGRP 123R2(config-router)#network 20.0.0.0R2(config-router)#network 30.0.0.0

Note: 123 is the autonomous systems number.It may range from 1 to 65535.A very large network is difficult to manage.Hence the network is divivded into autonomous systems and are numbered. It is also done to manage the network and for administration convenience. Routers with the same autonomous systems will only communicate.

RIP considered only the distance and direction for routing.Since it was not efficient IGRP came up that considerd bandwidth,distance,load,delay and other factors into consideration.

Router chooses the best administrative distance if two routing protocols are giving the route to a network.Lesser the administrative distance better the path.

RIP and IGRP also have the following differences.

RIP IGRPUpdate Interval 30 60

Hold-down timer 180 280Invalid after 180 270Flushed after 240 630

Commands Continued..

39

R2

R1


To check the dynamic routing protocols

Router#sh ip protocols

To display the dynamic changes made in the routing table.

Router#debug ip routingRouter#debug ip ripRouter#debug ip igrp transactionsRouter#clear ip route *

5. TELNET (CISCO MANGEMENT PROTOCOLS)

Telnet is the generic service that comes with the TCP/IP to manage the routers automatically from anywhere.

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0 20.0.0.0

To configure Telnet and set password,

R1(config)#line vty 0 4R1(config-line)#password xxx

If password is not configured in R2 and if tried to telnet R2(20.0.0.2)User mode

R1#telnet 20.0.0.2

Router will show information as,Password required,but none set

Connection to 20.0.0.2 is closed

If password is configured in R2 and if u try to telnet R2(20.0.0.2)

R1>telnet 20.0.0.2User access verificationPassword:

If secret not enabled for the privileged mode.

R2>enable

40

R2

R1


No password set

If the secret password is set

R2>enable Password:R2#

If there are more than 2 sessions opened.Migration can be done within sesssions by,

Disconnecting the sessions R2>exitR1#

Suspend a sessionR2>(Press) ctrl + shift + 6 and xR1#

To display the sessions opened by a particular user.

R1#sh sessions

To move to the last session

R1#(enter)(enter)

To move to a particular session

R1#session no.(enter)(enter)

To display the users logged on.

R1#sh usersLine no Console IP Address0 Console2 Vty 0 20.0.0.13 Vty 2 20.0.0.2

To disconnect a user

R1#clear line 3[confirm]

R1#Note: Each time to open a session we give,

R2#Telnet 20.0.0.1R2#Telnet 20.0.0.2…..

This can be altered byR1(config)#ip host us 20.0.0.2

Then thereafter we can use as,R2#us

41


CDP-Cisco Delivery Protocol:This is a layer-2 protocol. It is used to get information regarding the directly connected cisco devices(neighboring)

R1#sh cdpR1#sh cdp neighborsR1#sh cdp neighbors detail(device IP address is obtained by this command)

CDP runs every 60 sec. Hold time – 180 sec. To check CDP dynamically

R1(config)#cdp run To stop CDP running dynamically

R1(config)#no cdp run To change timer and hold timer To check CDP dynamically

R1(config)#cdp time <60>R1(config)#cdp holdtime <180>

Note: Telnet allows only 5 sessions(vty 0 4).If the 6th session is tried to opened an error message is displayed.

R1#telnet 20.0.0.2Trying Telnet 20.0.0.2% connection refused by remote host.

6.ACCESS CONTROL LISTS(ACL)

Firewall: A firewall is a hardware/software designed to prevent unauthorised acces from or to private networks.

Types of firewall techniques, Packet filter-Looks at each packet entering or leaving the network

and accepts or rejects it based on user-defined rules. Application gateway-Applies security mechanisms to specific

applications, such as FTP and Telnet servers. Circuit-level gateways-Applies security mechanisms when a TCP

or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

42

http://www.webopedia.com/TERM/f/UDP.html

http://www.webopedia.com/TERM/f/TCP.html

http://www.webopedia.com/TERM/f/firewall.html#%23

http://www.webopedia.com/TERM/f/Telnet.html

http://www.webopedia.com/TERM/f/FTP.html

http://www.webopedia.com/TERM/f/packet.html


Proxy-server-Checks all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

When there are only two networks telecom network provides a dedicated line and there is no need of a firewall here.But when the networks are connected to the internet we need a firewall.

LAN1 Internet LAN2

Hackers Partners Other Users

There are multiple users accessing the internet and there are hackers who try to access the secured data.To overcome this firewall is used and is made to sit at the gateway(Router).

VPN-Virtual Private NetworkIt is a private communications network used within a company, or by several

companies or organizations, to communicate confidentially over a publicly accessible network.

Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee.

Destination

VPN

Source Internet

43

R1

R2

R1

R2

http://computer.howstuffworks.com/router.htm

http://en.wikipedia.org/wiki/Communications_network

http://www.webopedia.com/TERM/f/proxy_server.html


Hackers Partners Other Users

IDS-Intrusion Detection System-An Intrusion Detection System is used to detect all types of malicious network traffic and computer usage.It is used to provide security inside the network.

Essentials for security, Clearly defined entity Given in timeAdmin decides upon the entity and security implements it.

A good router will have two gateways.An access control lists has the follwing format.

Action SIP SWCM SPNO DIP DWCM DPNO Protocol Interface Direction*Deny 10.0.0.0 0.255.255.255 >1023 30.0.0.10 0.0.0.0 80 TCP E0 inDeny 10.0.0.10 0.0.0.0 >1023 30.0.0.10 0.0.0.0 80 TCP E0 inPermit 20.0.0.25 0.0.0.0 >1023 30.0.0.10 0.0.0.0 80 TCP E0 in

*- This field is the definition field that is specified for the network. The following are the original entries that should be matched to the defined entry. By default all the IPs are denied once a list is created, ermission should be

specified explicitly. This is called as the implicit deny(for both incoming and outgoing packets.)

WCM-Wild Card Mask: This represents the bits to be compared with the IP address.Only if the IP address matches with the defined data is forwarded.

If to be Checked – 0If to be ignored – 1

Consider the following example,

In out

E0 S0 S0 E0

LAN1 LAN2 Out in

30.0.0.0 10.0.0.0

44

R1

R2


Assume a packet moves from LAN1 to LAN2. For R1 binding can be done at E0 or at S0.If the packet is binded at E0, it is called as in-bound and if it binded at S0, it is called the out-bound.Similarly if packet moves from LAN2 to LAN1.For R1, the binding may be at S0(in-bound) or at E0(out-bound).

How do ACLs work in Cisco Routers?

ACLs

Standard Extended (1 – 99) (100 – 199)

Standard ACL – Action ,ACL number,Source IP, SWCM(Source Wild Card Mask) are the parameters considered. To configure standard ACL,

R1(config)#Access-list <A.l No> <Action> <SIP> <SWCM>R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0

Once u specify the list binding should be done at the interface required.

R1(config)#int e 0R1(config-if)#ip Access-group 5 in

Redefining the action for an IP is not possible in standard ACL.

Extended ACL – Action ,ACL number,Source IP, SWCM(Source Wild Card Mask), Destination IP, DWCM, Protocol, interface and the destination port number are the parameters considered. To configure extended ACL,

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23R1(config)#Access-list 101 deny ICMP any anyR1(config)#Access-list 101 permit ICMP any any----------to ping any host

Once u specify the list binding should be done at the interface required.

R1(config)#int s 0R1(config-if)#ip Access-group 101 in

To display the ACL

45


R1#sh Access-listR1#sh ip Access-list

In Extended ACL

R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log

Port no. can be replaced by the port names.Log – gives information about the port no of source, number of packets send, number of matches made etc.,

Note-1: The above given ACLs were numbered Extended ACLs.There is also named ACLs, were u can access the ACL with the names

R1(config)#ip access-list extended R1ACLR1(config)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq wwwR1(config)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnetR1(config)#deny ICMP any any

Note-2: For an interface at any time there are minimum of two binds(in and out).Hence for 10 interfaces there will be a minimum of 20 binds.

7.NETWORK ADDRESS TRANSLATION(NAT)

T The process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address.

Consider,

Original NAT in Source

Translated NAT in Router

Source – 10.0.0.10

From To10.0.0.10 30.0.0.2030.0.0.20 10.0.0.10

To From30.0.0.20 20.0.0.2320.0.0.23 30.0.0.20

46

http://en.wikipedia.org/wiki/Internet

http://en.wikipedia.org/wiki/Private_network

http://en.wikipedia.org/wiki/Node_(networking)

http://en.wikipedia.org/wiki/Firewall_(networking)

http://en.wikipedia.org/wiki/Router

http://en.wikipedia.org/wiki/Packet

http://en.wikipedia.org/wiki/Internet_Protocol

http://en.wikipedia.org/wiki/IP_address


Destination – 30.0.0.20 When packet comes from the source to the router,it tranlates the original address

to 20.0.0.3(any IP that is public-should be purchased) and sends to the destination.Now the destintion knew the source as 20.0.0.3 and replies to that address. The router when it receives the packet it directs to the 10.0.0.10 by checking to the NAT table.Port number is kept track.This process is called Natting.

But if there are multiple sytems requesting from the same port there is a problem.In this process the port number is translated into a random number and packet is routed to the destination. This process is called the Patting.

NAT

Dynamic Static

-Many to one -one to one -IP pool NAT

NAT table has the following format,

Original TranslatedFrom To From port Router To port To From 10.0.0.1030.0.0.20

30.0.0.2010.0.0.10

1045 R1 10001 30.0.0.2020.0.0.23

20.0.0.2330.0.0.20

10.0.0.2530.0.0.20

30.0.0.2010.0.0.25

1045 R1 12678 30.0.0.2020.0.0.23

20.0.0.2330.0.0.20

NAT table is maintained by the router in the RAM. Without configuring RIP router should be able identify all the websites(using NAT table).

Default networkR1(config)#Ip route 0.0.0.0 0 0.0.0.0 S0

R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255R1(config)#int e 0R1(config-if)#ip NAT insideR1(config)#int s 0R1(config-if)#ip NAT outside

Consider the following figure

47

R1

IR


20.0.0.2

Private10.0.0.10 Public

30.0.0.20Inside local Inside global

1. Dyanmic NAT configuring

R1(config)#IP NAT inside source list 15 int S0 overload

When a packet comes through (in)E0, check the source list 5(ACL) which gives the source and SWCM, then forward with S0 interface address and overload for all systems.

2. Pool NAT

R1(config)#IP NAT pool R1ACL 20.0.0.23 20.0.0.30 netmask 255.0.0.0 R1(config)#IP NAT inside source list 5 pool R1ACL overload

When a packet comes through (in)E0,check the source list 5(ACL) , got to the pool R1ACL,check the address to be translated(20.0.0.23-20.0.0.30,any address can be assigned to the source IP) and overload for all systems.

3. Static NAT

R1(config)#IP NAT inside source list static 10.0.0.10 20.0.0.23

When a packet comes from 10.0.0.10 through E0(in), then source is translated to only one address always(20.0.0.23)

Once if u try to ping the Internet the output will be as,

NAT : S = 10.0.0.10 20.0.0.23, D = 30.0.0.20[47892]S = 30.0.0.20, D = 20.0.0.23 10.0.0.10[47892]

47892 is the translated port.

To debug NAT

R1#debug ip NAT

48


To display translations

R1#sh ip nat translations

To clear translations

R1#clear ip NAT translations *

8.OSPF & EIGRP

OSPF- Open Shortest Path FirstEIGRP-Enhanced Interior Gateway Protocol

Distane Vector Protocols Link State ProtocolDistance is considered BW,delay, load, MTURouting Table Broadcasted State of the Link is sentAdjacent Routers are studied Entire topology is studied

SNO OSPF EIGRP1 Link state Hybrid(DV + LS)2 Open protocol

(Works on any routers)Works only on the Cisco Routers

3 Supports only IP protocol Supports multiple protocols likeIP,IPX,Apple Talk etc.,

4 Cost = 108 / Bandwidth Cost calculated based on the Bandwidth,Delay etc.,

5 Link State Advertisement(LSA) is made.(State Link is broadcasted)

Routing Table is broacasted

6 Uses Shortest Path First algorithm-Dijsktra’s algorithm to find the best path(Shortest path)

Uses DUAL(Diffusing Update Algorithm) is used to find the best path.

7 For every 10 sec a Hello packet is send For every 5 sec a Hello packet is send8 For every 30 min LSA is made(BC) Whenerver there is a change in the

Routing table it is broacasted.9 When the Link goes down OSPF needs

to run the SPF algorithm againWhen the link goes down EIGRP proceeds with the Next Best Path.

10 Area is used for administrative convinience of a large network

Autonomous System is used for administrative convinience of a large network

In router when RIP is configured, it sends the hop count to its adjacent routers.

49


But when OSPF is configured in a router,1. A Hello signal is send to all the neighbors of a router in all possible

connections.They can talk if other routers configures with the same protocol. With the received information a Neighbors Table is constructed.

RB S0 – 20.0.0.1RC S1 – 30.0.0.1

At the end each router will knew about their neighbors.2. Once the neighbors are found they are added in a topology table.Now the

link state is calculated and entered in the table.Link State is calculated as

After the table is fully constructed, a Link State Advertisement(LSA) is made i.e the link state is advertised to all the routers in the network.Finalliy all the routers will knew the entire topology of the network.(all neighbor routers will have identical information).

Note: If two routers are said to have identical information, they are said to maintain adjacency.

Based on this topology table a topology is being developed. Each router keeps itself as the root and structures the tree(paths).

3. Based on the topology tree a Routing table is developed which has the best path calculated from the Shortest Path First (SPF) algorithm.

In OSPF,if the link goes down, router tries to calculate the alternative path and if it is not able to find,says to the neighbor that the link is down. The best path is calculated again with the SPF algorithm.

In EIGRP, there three distances maintained

Reported Distance(Received Distance)

Distance got from neighbors

Feasible Distance First best pathFeasible Successor Next best path(In the topology table)

When the link goes down, the router proceeds with the feasible successor(i.e.the next best path).

Interface CostEthernet Cost = 108/10*106 10

FastEthernet Cost = 108/100*106 1Serial Cost = 108/1.544*106 64

50

Cost =108/Bandwidth


Broadcast MultiaccessConsider the following figure,

40.0.0.1 30.0.0.1

10.0.0.1 10.0.0.2

50.0.0.1 20.0.0.1

10.0.0.6 10.0.0.3

10.0.0.05 10.0.0.4

60.0.0.1 70.0.0.1

In the above figure, if the router sends its link state to its neighbor and the samis done with all the routers.Finally all will receive multiple copies of the link and results in a LSA Flooding.

To overcome this flooding election is being conducted among the routers and Designated Router-DR Back up Designated Router-BDR Other BDRs.

But there are some issues in this election1. Who will be the DR?

51

HUB/SWITCH

R1

R2

R3

R4

R5

R6


2. How to be elected and managed? DR is elected based on the Priority and Router-ID.

For OSPF the priority is 1. If the priority is same, the next criteria is the router-

id. The router that has the highest IP address will be elected the router-id.

In some case if the router with the lowest IP address wants to be the DR. Here we can’t change the IP address but we can assign a dummy IP address by Loopback.

R1(config)#int loopback 0R1(config-if)#IP address 75.0.0.1 255.0.0.0

R1 is reassigned with the dummy address 75.0.0.1 which is the router-id. Now the election is between the router-ids and R1 is elected the DR and (the next highest router-id 70.0.0.1)R4 is elected the BDR.

Once when the election is over all the links are sent to DR/BDR and from there are forwareded to the other BDRs.

Even when DR and BDR are elected there is and issue that how the link is received by DR/BDR.

Multicast addressFor OSPF – 224.0.0.6 – DR

224.0.0.5 – BDRFor EIGRP – 224.0.0.10

Even in point-to-point flooding takes place.

To solve this the network is divided into autonomous systems in EIGRP and areas in the case of OSPF.

52

R0

R0


R0 – Backnone Area. There should be one Backbone in a network.

Routers connected to the backbone area Area Border Router.

When the is broadcasted it is filtered and forwarded in the hierarchial structure. Only routers in the same area will communicate.

Note: When two similar networks are seperated contiguous network.Because when routing table is broadcasted subnetmask is not sent.So RIP can’t differentiate between the 10.6.0.0/16 and 10.5.0.0/15, since it is a classfull protocol.

10.6.0.0/16 20.0.0.1 20.0.0.2 10.5.0.0/15

Here a classless protocol(OSPF,EIGRP,RIP V2) should be used,where the subnetmask is sent along with the IP address.

Variable Length SubnetMask(VLSM):In a network if there arise situation where large number of subnets and host are

wasted, the concept of VLSM is used where different subnet mask is used.

How to configure OSPF and EIGRP?

When there is a choice os OSPF and EIGRP, EIGRP is chosen considering the administrative distance.Lower the distance better the performance.

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0

53

R2

R1

R2

R1


OSPF

R1(config)#router OSPF <process-id>[Process-id 1 to 65535]R1(config-router)#network <NID> <WCM>area <areano>

R1(config)#router OSPF 15R1(config-router)#network 10.0.0.0 0.255.255.255 area 0R1(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config)#router OSPF 12R2(config-router)#network 10.0.0.0 0.255.255.255 area 0R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

There can be more than one processess in a OSPF protocol. Between two OSPF routers the process-ids need not be the same. The area numbers should be the same.

EIGRP

R1(config)#router EIGRP <autonomous-no>[Process-id 1 to 65535]R1(config-router)#network <NID>

R1(config)#router EIGRP 123R1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0

R2(config)#router EIGRP 123R2(config-router)#network 10.0.0.0R2(config-router)#network 20.0.0.0

54


The autonomous system numbers should be the same while communicating between the EIGRPs.

For OSPF Hello time – 10 sec Dead time – 40 sec Wait time – 40 sec Retransmit time – 5 sec

sh ip ospf interface e 0 sh ip ospf int f 0 sh ip ospf int s 0 sh ip ospf neighbor shows neighbor router-id. sh ip protocols

For OSPF sh ip eigrp neighbors sh ip eigrp topology

P – Passive A – Active U – Update R – Reply r – Reply-state

Note: The advantage of EIGRP over OSPF is the feasible successor in the topology table.

Routing Information Protocol Version 2 (RIP V2).

The basic functionality of the protocol is very much similar to the RIP V1 protocol. The RIP V2 protocol has some additional features that are not supported by RIP V1 protocol.

They are as listed below :

i. The RIP V2 is a Classless Protocol.

ii. Uses Multicast address instead of Broadcast address.

iii. Supports VLSM.

iv. Performs Auto-summarization.

v. Every routing table update can be authenticated.

1. RIP V2 is a classless protocol; RIP V1 is a classful protocol.

a. Classful Protocol :- Supports networks with default Subnet Mask.

55


b. Classless Protocol :- Supports subnetted networks, It carries the information of subnet mask i.e, the no. of bits for network id.

2. RIP V2 uses Multicast Address; RIPV1 uses Broadcast Address. In RIPV1 Universal Broadcast(255.255.255.255) is used to send routing table updates for every 30 secs, whereas RIPV2 uses Multicast (224.0.0.9).

3. RIPV2 allows Authentication, it authenticates the source from which the routing updates are originated, so that flooding of routing update can be avoided.

4. RIPV2 supports VLSM - it can be abbreviated as Variable Length Subnet Mask. VLSM is used to conserve ip addresses and helps proper summarization. RIPV1 does not support this.

9.WAN PROTOCOLS

In a LAN all the systems are connected by the same cable and technology. The datalink layer prepares data accorcing to the physical layer.(when there is a change in the physical layer, preparation os data in the datalink layer also changes).

WAN operates at the datalink layer. WAN technology operates at the physical layer and WAN software operates at the

datalink layer. At the datalink layer data preparation is done by some protocols and some of them

are HDLC – High level DataLink Control PPP – Point-to-Point Protocol Frame-Relay

PPP HDLCOpen to all network devices Works only on the Cisco devicesSupports multiple protocols Supports multiple protocols

User authentication is possibleTwo protocols:1.PAP-Password Authentication Protocol2.CHAP-Challenge Handshake Authentication Protocol.

User authentication is not possible

NOTE: SLIP – Serial Link Interface Protocol. Open to all devices Supports only to IP protocol Not used anywhere at present

PAP:

56

HOR

BOR

My name is BOR.My password is XXX.I want to talk


When the username and pwd are matched in the HOR Database,BOR is allowed.It is Authentication Request.

Three-way Handshake:

I want to talk to u(SYN)

S,u can(SYN/ACK)

Ok(ACK)

CHAP

I want to talk to u

Give me password(Challenge)

Response(Password sent as Message Digest-MD)

Message Digest(Message Integrity) is one of the forms of Encryption Eg: if packet sent is 1000.It is performed with Hash function(HF).

1000(pkt) + HF =Message Digest Quality of MD:

1. MD I an one-way process.2. It is always constant.3. A small change will result in a big change in MD.

Once MD reaches the destination, HF is applied over the MD to get the original message.

How to configure to PPP?

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

57

Client Server

BOR HOR

R2

R1


10.0.0.0 30.0.0.0

HOR(config)#int s 0HOR(config-if)#encapsulation PPPHOR(config-if)#exit

When encapsulation is done only in one router link state goes up and down ie R1--- PPP, R2---HDLC.

BOR(config)#int s 0BOR(config-if)#encapsulation PPPBOR(config-if)#exit

Username HOR(config)#username BOR password 123

BOR(config)#username HOR password 123

CHAP HOR(config)#int s 0HOR(config-if)#PPP authentication CHAP

BOR(config)#int s 0BOR(config-if)#PPP authentication CHAP

Username HOR(config)#username BOR password 123

BOR(config)#username HOR password 321

PPP HOR(config)#int s 0HOR(config-if)#PPP authentication PAPHOR(config-if)#PPP PAP sent-username HOR password 321

BOR(config)#int s 0BOR(config-if)#PPP authentication PAPBOR(config-if)#PPP PAP sent-username BOR password 123

To check the encapsulation in the serial interface

HOR#sh int s 0

To debug PPP athentication

HOR#debug PPP authentication

10.ISDN(Integrated Services Digital Network)

ISDN is an example for Circuit switching Network.Here the circuit doesn’t exists physically but get connected when required.When needed to transmit data the user can dial-up, get connected ,finish the work and get disconnected.

58


Data and voice are integrated into one services digital network. So the user can access the network and telephone at the same time.

LAN 1 LAN 2

Data

SystemOR/AND

Service Provoiders

Voice

Digital Phone

Basic Rate Access(BRI):

Data For signall –link purposesBarer To telephone/SystemBarer To telephone/System

Total bandwidth = 144For voice/data = 128

16 For link purposes

Primary Access Data(PRI):

Data For link purposes

59

X Y

Z

A

Modem


Barer For voice/data

Data - 1*64 = 64Barer - 23*64 = 1472

NOTE:In Dedicated line there is a G703 switch in the telecom service provider.In ISDN there is ISDN switch.

TE-1: Terminal Equipment type-1

4 pair 2 pairRouter

BRI0 S/T UNetwork TerminalAdapter-1

Service Proivder

Digital Phone TE1 Isdn Switch

TE-2(Terminal Equipment type-2)

Router R S/T U

RR

Digital Service Provider Phone

System ISDN Switch TE2

60

NT1R

TAR NT1


U User ModeS/T Switch and TransferR RateTA Terminal Adapter

Demarcation Point: It is the point at which the adminstrative control of the service provider stops and the administrative control of the user starts.

How to configure ISDN?

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 E0 BRI0 BRI0

10.0.0.0 Service Provider 30.0.0.0

The link is up only if the ISDN switch is specified. Dynamic routing is not used only static routing is used.

HOR(config)#ISDN switch-type basic-net3HOR(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 (sends pkt to BRI)HOR(config)#Dialer-list <DLno> protocol <protocol> <Action> (if ip pkt comes what action to do)HOR(config)#Dialer-list 5 protocol ip permitHOR(config)#int BRI 0HOR(config-if)#Dialer-group <DLno>HOR(config-if)#Dialer-group 5HOR(config-if)#Dialer-String 08747389234HOR(config-if)#Dialer idle-timeout 30

Dialer-list need not be same between two host. Default idle-timeout is 120sec.(1 to 2147483). int e0/0 Modular Router In a network all the packets are IP packets and so all can’t be receive

them. So the area of interest is limited to a certain area using Access-lists.

HOR(config)#Dialer-list 5 protocol ip list 123HOR(config)#access-lists 123 permit tcp 10.0.0.0 0.0.0.0 30.0.0.0 0.0.0.0 eq ftpHOR(config)#int BRI 0HOR(config-if)#Dialer-group 5

For multiple phone calls single Dialer-list can’t be used.In that case Dialer mapping should be done by adding multiple routers.

HOR(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2

61

HOR BOR


HOR(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.3HOR(config)#Dialer-list 5 protocol ip list 123HOR(config)#access-lists 123 permit tcp 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftpHOR(config)#access-lists 123 permit tcp 10.0.0.10 0.0.0.0 40.0.0.10 0.0.0.0 eq ftpHOR(config)#int BRI 0HOR(config-if)#Dialer-group 5HOR(config-if)#Dialer map <protocol> <address> <phone-no>HOR(config-if)#Dialer map ip 20.0.0.2 04230847389HOR(config-if)#Dialer map ip 20.0.0.3 073648790834

To show ISDN status

HOR#sh ISDN status

To check whether ISDN call is active or not

HOR#sh ISDN active

To check ISDN call history

HOR#sh ISDN history

To use both the channels from the start

HOR(config-if)#Dialer load-threshold 1

Here both the links BRI 1 and BRI 2 are up.

11. FRAME-RELAY

Frame-relay is an example of a Packet Switched Network. This network enables end-stations to dynamically share the connection and the available bandwidth.

Here bandwidth is concentrated and not the connectivity. The Frame Relay frame is transmitted to its destination by way of virtual

circuits (logical paths from an originating point in the network) to a destination point.

TDM-Time Division Multiplexing-In this process user’s doesn’t knew whether others are sending data or not.Each user is allotted with a time slot and are to transmit only in that time slot.

STDM-Statistical TDM-In this process all the users knew whether others are sending information or idle.If they are idle that particular user in turn can use the full bandwidth and transmit data.

CIR-Frame relay connections are often given a Committed Information Rate (CIR) and an allowance of burstable bandwidth known as the

62

HUB

http://en.wikipedia.org/wiki/Burstable


Extended Information Rate (EIR). The provider guarantees that the connection will always support the CIR rate, and sometimes the EIR rate should there be adequate bandwidth. Frames that are sent in excess of the CIR are marked as "discard eligible" (DE) which means they can be dropped should congestion occur within the frame relay network. Frames sent in excess of the EIR are dropped immediately.

Broadcast Multiaccess Point-to-point

Non-Broadcast Multiaccess

Congestions in the network are reported by1. FECN=Forward Explicit Congestion notification bit 2. BECN=Backward Explicit Congestion Notification bit 3. DE=Discard Eligibility bit- When there is congestion on the line, the

network must decide which frames to discard in order to free the line. Discard Eligibility provides the network with a signal to determine which frames to discard. The network will discard frames with a DE value of 1 before discarding other frames

DLCI-Data Link Connections Identifier.The DLCI serves to identify the virtual connection so that the receiving end knows which information connection a frame belongs to.(Range=16 to 1007)

20.0.0.2

200 300

100

DLCI PVC-Permanent Virtual Circuit

63HOR

BOR


20.0.0.1

In the above figure,data is sent from 20.0.0.1 to 20.0.0.2 through DLCI 100 and data is sent from 20.0.0.2 to 20.0.0.1 through DLCI 300.

Inverse ARP carries the IP address between the devices with the help of DLCI. The link between the frame-relay and the router is managed by LMI-Local

management Interface or Link management Interface. How to configure Frame-relay?

BOR(config)#int s 0BOR(config)#encapsulation frame-relay

If there is router that are two routers, one with S 0 and S 1 connected to the frame-relay swtich.

20.0.0.2200

S0 20.0.0.1

300 20.0.0.3 100 S0

S1

Frame-relay Switch

In the above figure R1 connected through S1 and R2 through S 0 interfaces to the Frame relay switch.Since R1 has only S 1 interface, it requests to the frame-relay switch to provide DLCI from through the same line that has been used to the R1 router. The above figure represents a Spoke & Hub(PartiallyMesh structure). Connecting R1 and R2 is not possible(Fullr-meshed structure).

To solve this we go for Frame-relay mapping. This is another way of configuring Frame-relay network.

R1(config)#int S 0R1(config-if)#frame-relay map ip 20.0.0.3 200 broadcastR1(config-if)#frame-relay map ip 20.0.0.2 200 broadcast

(If RIP, broadcast is optional )

Point-to-point is another way of configuring frame-relay. Logically making serial interface into two point-point interface(dedicated).

R3(config)#int S 0 R3(config-if)#no ip address R3(config-if)#exit R3(config)#int S 0.5 point-to-point R3(config-subif)#ip address 20.0.0.1 255.0.0.0 R3(config-subif)#frame-relay interface-DLCI 100

64

R1

R2 R

3


R3-----Identified as Multi-point if in same network

R1 R2(S0.x) (S0.y)

point-point point-point

In case of sub-interfaces DLCI no is mandatory to be specified. In case of normal serial interfaces it finds automatically. How to configure Frame-Relay Switch?

R1(config)#Frame-relay switchingR1(config)#int S 0R1(config-if)#encapsulation frame-relayR1(config-if)#frame-relay intf-type DCER1(config-if)#frame-relay route 100 int S 1 200R1(config-if)#clock rate 64000R1(config-if)#no shutdown

R1(config)#int S 1R1(config-if)#encapsulation frame-relayR1(config-if)#frame-relay route 200 int S 0 100R1(config-if)#clock rate 64000R1(config-if)#no shutdown

To show frame-relay LMI type

R1#sh frame-relay LMI

To show frame-relay PVC

R1#sh frame-relay PVC

To show frame-relay mapping

R1#sh frame-relay map

To stop auto mapping

65


R1(config-if)#no frame-relay inverse-arp

To clear frame-relay

R1#clear frame-relay-inarp

12. SWITCHING

Switch is a layer-2 component. Hub is a layer-1 component.Hub and Repeater reduces the bandwidth.Hub doesn’t

learn MAC address.But switch understands MAC addressa and maintains MAC-ADD-TABLE.

In switch each port is an ethernet port. So for each port there are separate collision domain(Area where collision is possible).

Router breaks up both collision and broadcast domains. Switch-DL layer frame

This frame contains all the headers and trailers from the application layer and DataLink Layer adds its own header & trailer(MAC from & toAddress).

Switching uses 3 forwarding trends:1. Store & forward-stores the full frame and at the end forwards if it is

correct.2. Cut-through-Destination address is attached at the start of the

frame. So the frame is forwarded as soon it enters.3. Fragment free(modified cut-through)-In this process the frame is

stored for 64 bytes and after that it is forwarded.(the first 64 bytes

MAC Address Port-No0010abcd1234 0/10030abcd1237 0/2

66

Data


consists of the headers and trailers and those are verified and forwareded).

Most of the switch will come with store & forward trend.

Consider the following network,

Trunk Port

Trunk Link

Access-list Here unneccessarily broadcast is done. To avoid this VLANs are created. Modifiying the configured LAN setup is not possible.VLANs are created

without altering the physical setup.

VLAN(Virtual LAN): VLANs are created by making some modifications in the configurations of

the actual LAN setup. The ports in the swtiches are configured so that they come under different

VLANs.For eg consider the following figure,

VLAN1 VLAN2

Inter-VLAN communication is not possible. If required routers or layer-3 switches are used.

The default VLAN is VLAN1 and the whole VLAN setup is controlled by VTP(VLAN Trunk Protocol). By default all the switches will have VTP.

Switches in the VLAN are accessed through1. Console.2. Telnet – vty.3. http(VSM-Visual Switch Manager).

How to configure switch?

Would you like to start intial configuration[yes/no]:noPress return to get startedSwitch>enable

67


Switch#configure terminalSwitch(config)#int vlan 1Switch(config-if)#ip address 10.0.0.5 255.0.0.0Switch(config-if)#no shutdownSwitch(config-if)#exitSwitch(config)#ip default gateway 10.0.0.1

Each component should be managed by the IP address. By default all ports in the VLAN Routers should be als configured. To configure different VLANs,

Switch(config)#vlan <vlan-no>Switch(config)#name < xxx>

VLAN-no ranges from 2 to 1001(Mandatory). VLAN name(xxx) is optional.

Switch(config)#vlan 2Switch(config-vlan)#name financeSwitch(config-vlan)#exit

Switch(config)#vlan 3Switch(config-vlan)#name productionSwitch(config-vlan)#exit

Switch(config)#vlan 5Switch(config-vlan)#name markettingSwitch(config-vlan)#exit

To determine the ports to the VLAN, switch ports are to be configured.

Switch(config)#int f 0/1Switch(config-if)#switchport access vlan <vlan-no>Switch(config-if)#switchport access vlan 3Switch(config-if)#exit

Switch(config)#int f 0/2Switch(config-if)#switchport access vlan 2Switch(config-if)#exit

It is not necessary for the ports to be allocated in the sequential order to the VLANs.

As the ports, trunk port of the switch is also in VLAN1 by default. Hence this trunk port is also needed to be configured so that it receives all the other VLAN information and forwards it to the other.

Switch(config)#int f 0/24

68


Switch(config-if)#switchport mode trunkSwitch(config-if)#exit

If there are more than one swtich in the VLAN and if need them to communciate routers should be used.

All the switches should be in the same domain.

Switch(config)#VTP domain <domain name>Switch(config-if)#VTP domain IBM

Switches in the VLAN operate at 3 modes, Server mode-By default all the switches are in server mode. Client mode Transparent mode

NOTE: There can be two servers but the configuration should be same on both the switches.If two servers send the configuration details to other clients,now the decision is made depending on the configuration revision number.

Switch can be configured to different mode as,

Switch(config)#VTP server/client/transparent

If a frame from aVLAN comes from a sytem to the switch,encapsulation is done based indicating that the frame belongs to that particular VLAN. For a switch to deliver that frame to the VLAN,there are two protocols,

1. ISL-InterSwitch Link Works only on cisco devices Overhead is more.

2. Frame tagging-IEEE 802.1Q Works on all devices. Overhead is less than ISL.

Bridge and Switch

BRIDGE SWITCH

69

Data V3

Data V3


Has less number of ports Has more number of portsSlow Fast It’s a software It’s a hardware

When u connect two bridges using switches then there is a possibility of Broadcast loop or MAC address table loops

In this case one switch can be made to act as Root bridge and the other to be the normal bridge. An election is conducted between the switches based on the value obtained by adding the MAC address of the switch and hexadecimal value of default priority- 32768. This value is called the BPDU(Bridge Protocol Data Unit). Lesser the BPDU, is elected as the root bridge.

To show the MAC address table

Switch#sh MAC-address-table

To show the VLAN

Switch#sh VLAN

To show VTP status

Switch#sh VTP status

To show spanning tree

Switch#sh spanning-tree

To clear vlan

Switch(conf)#no vlan <vlan-no>

13. BOOTING

Booting is the process of intializing the components. The hardwares associated with the router are:

Processor Memory Interfaces – E0,F0,S0 etc.,

Memory: Flash – IOS ,image(loaded) RAM – Running-config volatile NVRAM – Non-volatile RAM – Startup-config Secondary

70


ROM – Microcodes are present POST – Power On Self Test – Makes sure that all components

are available and are properly working. BOOTSTRAP-In this there is a configuration register number

which is 16-bit(hexadecimal,default value-0x2102). The last field is called the boot field(2 to F).Once there is a 0 in the third octet ,the booting process continues with the startup-config where there is a bootsystem xxx. In case if there is a dual OS this command is checked else the default OS is loaded(by flash).

if the router is newly configured

Would you like to start intial configuration[yes/no]:

if the router is a already configured

Press enter to get started

ROMMONITOR-similar to BIOS(0) RxBOOT-Partial IOS(1)

If there is a problem in the booting process, the above two booting takes place.

In case if the flash is corrupted, and when the router is not able to find the flash of the image, it tries to find it in the network with the help of TFTP(Trivial File Transfer Protocol). Router checks for the TFTP for 5 minutes. If it doesn’t finds it checks the 13th bit of the configuration revision number for if it is 1(default it is 0). If 1, boots from RxBOOT else if 0 boots from ROMMONITOR.

Copy commands:

To copy from router to system

R#copy run tftp

To copy from system to router

R#copy tftp run

To copy from flash to system

R#copy flash tftp

71

ROMMONITOR> or >

ROUTER(boot)>


To copy from system to flash

R#copy tftp flash

For all the above copy commands to work TFTP server should be running and the router should be able to ping that system.

To change the password,1) Switch off and restart the router.2) In the first 60 sec press (ctrl+pause).3) Routers CMOS setup is ROMMON> or >

Routers>confreg 0x2142 or >0x2142

Here 4 represents skip the NVRAM boot(Because configuration is saved in it).

4) Restart the router

ROMMON>reset

5) Would you like to start intial configuration[ues/no]: Press enter to get started

Router>enable Router#copy start run IBM#configure terminal IBM(config)#enable secret xxx IBM(config)#config-register 0x2102 IBM(config)#copy run start

NOTE: 1. All passwords are set during the configuration except the console

and auxillary password.2. When running-config is copied from start-config, interface is

shutdown.

To show running and start configurations

R1#sh running-configR1#sh start-config

To show versions

R1#sh version

72


To restart

R1#reload

73

CCNA_TRAINING_DOCUMENT

Documents

Transcript of CCNA_TRAINING_DOCUMENT