Ccna Notes

1
Cisco Certified Network Associate (CCNA)

Exam Code No: 640 802
Chapters
Roti!" #asics $$$$$$$$$$$$$$$$$$$%%$%4
Roti!" &'pes$$$$$$$$$$$$$$$$$$$$%%% (
i% )tatic Roti!"
ii% *efa+t Roti!"
iii% *'!amic Roti!"
i,% Roti!" -oops
,% Roti!" -oop A,oida!ce
Roter .odes$$$$$$$$$$$$$$$$$$$$$%/0
0asswords$$%%$$$$$$$$$$$$$$$$$$$$%%//
i%0assword )etti!"
ii%0assword #reaki!"
Roti!" 0rotoco+
)tatic Roti!"$$$$$$$$$$$$$$$$$%%$$%$%%/2
*efa+t Roti!"$$$$$$$$$$$$$$$$%%$$$%%%%/4
*'!amic Roti!"
R10$$$$$$$$$$$$$$$$%%$$$%/2
R10,2$$$$$$$$$$$$$$$$$%$%20
13R0$$$$$$$$$$$$$$$$$$%%26
E13R0$$$$$$$$$$$$$$$$$$$24
5)06$$$$$$$$$$$$$$$$$$$%%%4/
#30$$$$$$$$$$$$$$$$$$$$%(2
6rame7Re+a'$$$$$$$$$$$$$$$$$$$$$$%%%(8
.a!a"i!" &raffic with Access7+ist$$$$$$$$$$$$$$24
NA&%$$$$$$$$$$$$$$$$$$$$$$$$$$%84
)tatic NA&$$$$$$$$$$$$$$$$$$%86
*'!amic NA&$$$$$$$$$$$$$$$$$88
0A&$$$$$$$$$$$$$$$$$$$$$%44
9*-C$$$$$$$$$$$$$$$$$$$$$$$$$$%4(
000$$$$$$$$$$$$$$$$$$$$$$$$$$$%46
0A0
C9A0
Redistri:tio!
E13R0 ; 5)06$$$$$$$$$$$$$$$$$$$/0(
R10 ; E13R0$$$$$$$$$$$$$$$$$$$%%%%/02
R10 ; 5)06$$$$$$$$$$$$$$$$$$$$%%%/04
2

)witchi!"$$$$$$$$$$$$$$$$$$$$$$$$$%//2
-a'er 2 )witchi!"
Address -ear!i!"
#roadcast a!d .+ticast 6rames
)&0
<-AN
<&0
1!ter7<-AN
<0N$$$$$$$$$$$$$$$$$$$$$$$$$$$$%%/88
C1)C5 15)$$$$$$$$$$$$$$$$$$$$$$$$$%%/((
15) #ack7p a!d Restore Co!fi"ratio!$$$$$$$$$$$$$%%/(4
)ecre )he++$$$$$$$$$$$$$$$$$$$$$$$%$$%/62
)=)-53 )er,er Co!fi"ratio!$$$$$$$$$$$$$$$$$%%/64
10<6 Roti!" Co!fi"ratio!$$$$$$$$$$$$$$$$$$%%/6(
*9C0$$$$$$$$$$$$$$$$$$$$$$$$$$$$/68
-a'ers
10 Addresses
>ire+ess
Rate7-imit Comma!d
)how tech7spport comma!d
3
Roti!" #asics
>hat is Roti!" ?
o The term routing is used for taking a packet from one device and sending it through the
network to another device on a different network.
o Routers dont really care about hoststhey only care about networks and the best path to each
network.
Routers route traffic to all the networks in your internetwork. To be able to route packets! a router
must know! at a minimum! the following"
#estination address
$eighbor routers from which it can learn about remote networks
%ossible routes to all remote networks
The best route to each remote network
&ow to maintain and verify routing information
Roti!" Examp+e :
Routing is taking place from &ost'( to &ost') through the *ab'( Router.
To be able to route! the router must know how to get into the network 1+2.1,.2-.-.
R5@&1N3 &=0E)
1. .tatic Routing
2. #efault Routing
3. #ynamic Routing
/% )tatic Roti!"%
.tatic routing occurs when you manually add routes in each routers routing table.
)y default! .tatic routes have an (dministrative #istance /(#0 of 1
1eatures
There is no overhead on the router 2%3
There is no bandwidth usage between routers
4t adds security! because the administrator can choose to allow routing access to certain networks
only.
5
2onfiguration .tatic Routing
Router/config06ip route Destination_network Mask Next-Hop_Address /or0
Router/config06ip route Destination_network Mask Exit interface
ip rote : The command used to create the static route.
desti!atio!A!etwork : The network youre placing in the routing table.
mask : The subnet mask being used on the network.
!ext7hopAaddress : The address of the ne7t8hop router
Exiti!terface : 9ou can use it in place of the ne7t8hop address
admi!istrati,eAdista!ce : )y default! static routes have an administrative distance of 1
2% *efa+t Roti!"%
#efault routing is used to send packets with a remote destination network not
in the routing table to the ne7t8hop router.
:e can only use default routing on stp !etworks. Those with only one e7it
%ath out of the network.
2onfiguration #efault Routing
Router/config06ip route -.-.-.- -.-.-.- Next-Hop_Address
Router/config06ip route -.-.-.- -.-.-.- Exit interface
Router/config06ip default8network ;
8% *'!amic Roti!"%
#ynamic routing is when protocols are used to find networks and update routing table on
routers.
( routing protocol defines the set of rules used by router when it communicates routing
information between neighbor routers
There are two type of routing protocols used in internetwors"
4nterior <ateway %rotocols /4<%s0
4<%s are used to e7change routing information with routers in the same (utonomous
.ystem/(.0 number.
=7terior <ateway %rotocols /=<%s0
=<%s are used to communicate between different (utonomous .ystem.
Ato!omos )'stem%
(n autonomous system is a collection of networks under a common administrative domain!
which basically means that all routers sharing the same routing table information are in the same (..
Roti!" 0rotoco+ #asics%
>
(dministrative #istances
Routing protocol
Routing *oops
Admi!istrati,e *ista!ces%
The (dministrative #istance /(#0 is used to rate the trustworthiness of routing information
received on a router from a neighbor router. (n (dministrative #istance is an integer from - to 2>>!
where - is the most trusted and 2>> means no traffic will be passed via this route.
4f a router receives two updates listing he sane remote network! the first thing the router checks
is the (#. 4f one of the advertised routes has lower (# than the other! then the route with the lowest
(# will be placed in the routing table.
4f both advertised routes to the same network have the same (#! then routing protocol metrics
/such as hop count or bandwidth of the lines0 will be used to find the best path to the remote network.
The advertised route with the lowest metric will be placed in the routing table.
)ut if both advertised routes have the same (# as well as the same metrics! then the routing
protocol will load8balance in the remote network
*efa+t Admi!istrati,e *ista!ces
Roti!" 0rotoco+s%
There are three classes of Routing %rotocol
#istance vector protocol
*ink state protocol
&ybrid protocol
*ista!ce ,ector protoco+%
The #istance8vector protocols find the best path to remote network by ?udging distance. =ach
time a packet goes through a router! thats called a hop. The route with the least number of hops to the
network is determined to be the best route. The vector indicates the direction to the remote network.
They send the entire routing table to directly connected neighbors.
=7" R10B 13R0%
-i!k state protoco+%
(lso called shortest8path8first protocols! the routers each create three separate tables. @ne
keeps track of directly attached neighbors! one determines the topology of the entire internet work! and
one is used as the routing tables. *ink state routers know more about the internet work than any
,
Rote )orce *efa+t A*
2onnected interface -
.tatic Route 1
=4<R% A-
4<R% 1--
@.%1 11-
R4% 12-
=7ternal =4<R% 1+-
3nknown 2>> This route will never be used
distance8vector routing protocol. *ink state protocols send updates containing the state of their own
links to all other routers on the network
=7" 5)06
9':rid protoco+
&ybrid protocol use aspects of both distance8vector and link state protocol.
=7" E13R0
*ista!ce7,ector Roti!" 0rotoco+s
The distance8vector routing algorithm passes complete routing table contents to neighboring
routers.
( router receiving an update from a neighbor router believes the information about remote
networks without actually finding out for itself.
4ts possible to have network that has multiple links to the same remote network! and if thats
the case! the administrative distance is checked first. 4f the (# is the same! the protocol will
have to use other metrics to determine the best path to use to that remote network.
Co!,er"ed Network
Roti!" -oops
+
#istance8vector routing protocols keep track of any changes to the internet work by
broadcasting periodic routing updates out all active interfaces. This broadcast includes the complete
routing table.
Routing loops can occur because a every router isnt updated simultaneously.
Roti!" -oops Examp+e

The interface to $etwork > fails. (ll routers know about $etwork > from Router =. Router(!
in its tables! has a path to $etwork > through Router ).
:hen $etwork > fails! Router = tells Router 2. This causes Router 2 to stop routing to
$etwork > through Router =. )ut Routers (! )! and # dont know about $etwork > yet! so they keep
sending out update information. Router 2 will eventually send out its update and cause ) to stop
routing to $etwork >! but Routers ( and # are still not updated. To them! it appears that $etwork > is
still available through Router ) with a metric of 3.The problem occurs when Router ( sends out its
regular 3-8second &ello! 4m still herethese are the links 4 know aboutB message! which includes
the ability to reach $etwork > and now Routers ) and # receive the wonderful news that $etwork >
can be reached from Router (! so Routers ) and # then send out the information that $etwork > is
available. (nypacket destined for $etwork > will go to Router (! to Router )! and then back to Router
(.This is a routing loop.
-oop A,oida!ce
.aximm 9op co!t
R4% permits a hop count of up to 1>! so anything that reCuires 1, hops is deemed unreachable.
Thus! the ma7imum hop count will control how long it takes for a routing table entry to become
invalid.
)p+it 9oriCo!
This reduces incorrect routing information and routing overhead in a distance8vector network
by enforcing the rule that routing information cannot be sent back in the direction from which it was
received
Rote 0oiso!i!"
when $etwork > goes down! Router = initiates route poisoning by
advertising $etwork > as 1,! or unreachable. :hen Router 2 receives a route poisoning from Router
=! it sends an update! called a poison reverse! back to Router =. This ensures all routes on the segment
have received the poisoned route information.
Roter Co!fi"ratio! .odes
D
1. 3ser mode /or0 2onsole mode 8 RouterEenable
2. %rivilege mode 8 Router6config t
2.1 <lobal 2onfiguration mode 8 Router/config06interface name and no
2.1.1 4nterface 2onfiguration mode 8 Router/config8if06
2.1.2 *ine 2onfiguration Fode 8Router/config8line06line
au7!vty!console!au7
0assword set to Co!so+e mode Co!fi"re 10 address to -AN port
RouterEenable
RouterEenable Router6config t
Router6configuration terminal Router/config06 interface ethernet -
Router/config06line console - Router/config8if06ip address GG.ubnet mask
Router/config8line06password HHHHH Router/config8if06no shutdown
Router/config8line06login
0assword set to 0ri,i+e"e mode
Te7t %assword
RouterEenable
Router6configuration terminal
Router/config06enable password HHHHH
.ecret %assword
RouterEenable
Router/config06enable secret HHHHH
0assword set to Axi+iar' port
RouterEenable
Router/config06line au7 -
Router/config8line06password HHHHH
0assword set to <t' (<irta+ &e+et'pe7&E-NE&)
RouterEenable
Router/config06line vty - 5 /4n Router -81>0
Router/config8line06password HHHHH
A
%assword .etting
There are 2 types of passwords
1. =$()*= %(..:@R#
2. .=2R=T %(..:@R#
1.=$()*= %(..:@R#
RouterEenable
Router/config06enable password GGGGGGGG
&his e!a:+e password ca! :e see! as a c+ear text :' "i,i!" a comma!d Dshow r!!i!" co!fi"E
2. .=2R=T %(..:@R#
RouterEenable
Router/config06enable secret GGGGGGGG
&his secret password ca!!ot :e show! as a c+ear text %1t wi++ :e show! i! e!cr'pted format o!+'%
D6irst time 'o ha,e "i,e! e!a:+e password as cisco% A"ai! 'o are "i,i!" this secret password
as cc!a mea!s secret password (cc!a) wi++ rep+ace the (cisco) e!a:+e password%E
%assword )reaking
%assword breaking can be done only by reloading the router
1. 1or that you have to enter into 6 previlage Fode for that you will need the enable password or
secret password or
2. =lse you have to reload the router physically by pressing the on off switchB
4f you break the password means all the previously stored configurations will be erased
After re+oadi!" the roter the roter wi++ +oad whi+e press ctr+Fpass:reak ke' this wi++ i!terrpts
the roters :ootp seGe!ce a!d it wi++ e!ter i!to rommom i%e Rom .o!itor .ode e!ter the
fo++owi!" two comma!ds
/%co!fre" 0x2/42 D E!ter x !ot H E
&his comma!d is sed to cha!"e the co!fi"ratio! re"istr' ,a+e to skip the startp
co!fi"ratio! fi+e stored i! N<RA. a!d to :oot the ios i! f+ash%
2%reset &his comma!d wi++ re+oads the roter%
1-
)tatic Roti!" Co!fi"ratio!

/200A
RouterEenable
Router/config06hostname /200A
1+--(/config06interface 6ast Ether!et 0I0
1+--(/config8if06ip address /0%0%0%/ 2((%0%0%0
1+--(/config8if06no shutdown
1+--(/config06interface )eria+ 0I0
1+--(/config8if06ip address 20%0%0%/% 2((%0%0%0
1+--(/config8if06control I
1+--(6show ip route
1+--(6show ip interface brief
1+--(/config06ip route 80%0%0%0 2((%0%0%0 20%0%0%2 or )0I0 exit i!terface
1+--(/config06ip route 40%0%0%0 2((%0%0%0 20%0%0%2 or )0I0 (exit i!terface)
1+--(/config06ip route (0%0%0%0 2((%0%0%0 20%0%0%2 or )0I0 (exit i!terface)
1+--(/config06e7it
1+--(6 show ip protocol
8600A
RouterEenable
Router/config06hostname 8600A
3,--(/config06interface )8I0
3,--(/config8if06ip address 20%0%0%2 2((%0%0%0
3,--(/config8if06no shutdown
3,--(6show controllers )8I0 /to see a #2= end or #T= end0
3,--(/config8if06clock rate 64000
3,--(/config06interface )eria+ 8I/
3,--(/config8if06ip address 80%0%0%/% 2((%0%0%0
3,--(/config8if06control I
3,--(6show ip route
3,--(6show ip interface brief
3,--(/config06ip route /0%0%0%0 2((%0%0%0 20%0%0%/ or 20%0%0%2
3,--(/config06ip route (0%0%0%0 2((%0%0%0 40%0%0%2 or 40%0%0%/
11
3,--(/config06e7it
3,--(6 show ip protocol
/200#
RouterEenable
Router/config06hostname /200#
1+--)/config06interface 6ast Ether!et 0I0
1+--)/config8if06ip address 40%0%0%/ 2((%0%0%0
1+--)/config8if06no shutdown
1+--)/config06interface )eria+ 0I0
1+--)/config8if06ip address 80%0%0%2 2((%0%0%0
1+--)/config8if06control I
1+--)6show ip route
1+--)6show ip interface brief
1+--)/config06ip route /0%0%0%0 2((%0%0%0 40%0%0%/ or 40%0%0%2
1+--)/config06ip route 20%0%0%0 2((%0%0%0 40%0%0%/ or 40%0%0%2
1+--)/config06ip route 80%0%0%0 2((%0%0%0 40%0%0%/ or 40%0%0%2(exit i!terface) )0I0
1+--)/config06e7it
1+--)6show ip route
1+--)6show ip protocol
1+--)6ping /0%0%0%/
*efa+t Roti!" Co!fi"ratio!

/200A
RouterEenable
1+--(6show ip route
1+--(/config06ip route 0%0%0%0 0%0%0%0 20%0%0%2
or
12
1+--(/config06ip route 0%0%0%0 0%0%0%0 )0I0
or
1+--(/config06ip default8network 0%0%0%0 0%0%0%0 20%0%0%0
1+--(/config06e7it
1+--(6show ip protocol
8600A
RouterEenable
3,--(6show controllers )8I0 /to see a #2= or #T= 0
3,--(6show ip route
3,--(/config06ip route 0%0%0%0 0%0%0%0 80%0%0%2
or
3,--(/config06ip route 0%0%0%0 0%0%0%0 )8I/
or
3,--(/config06ip default8network 80%0%0%0
3,--(/config06ip route /0%0%0%0 2((%0%0%0 20%0%0%/ or )8I0(static roti!")
3,--(/config06e7it
3,--(6show ip protocol
/200#
RouterEenable
1+--)6show ip route
1+--)/config06ip route 0%0%0%0 0%0%0%0 80%0%0%/
or
1+--)/config06ip route 0%0%0%0 0%0%0%0 )0I0
or
1+--)/config06ip default8network 80%0%0%0
1+--)/config06e7it
13
1+--)6show ip route
1+--)6ping /0%0%0%/
Roti!" 1!formatio! 0rotoco+ (R10)
Routing 4nformation %rotocol is a true distance8vector routing protocol.
4t sends the complete routing table out to all active interfaces every 3- seconds.
R4% only uses hop count to determine the best way to remote network! but it has a ma7imum
allowable hop count of -81> by default! meaning that 1, is deemed unreachable.
R4% version 1 uses only class full routing! which means that all devices in the network must
use the same subnet mask.
R4% version 2 provides something called prefi7 routing! and does send subnet mask
information with the route updates. This is called classless routing.
R10 &imers
R10 ses three differe!t ki!ds of timers to re"+ate its performa!ce%
Rote pdate timer
Router update timer sets the interval 80 seco!ds between periodic routing updates! in which
the router sends a complete copy of its routing table out to all neighbors.
Roter i!,a+id timers
( router invalid timer determines the length of time that must elapse /80 seco!ds before a
router determines that a route has become invalid. 4t will come to this conclusion if it hasnt heard any
updates about a particular route for that period. :hen that happens! thee router will send out updates
to all its neighbors letting them know that the route is invalid.
9o+d7dow! timer
This sets the amount of time during which routing information is suppressed. Routers will
enter into the hold8down state when an update packet is received that indicated the route is
unreachable. This continues until entire an update packet is received with a better metric or until the
hold8down timer e7pires. The default is /80 seco!ds
Rote f+sh timer
Route flush timers sets the time between a route becoming invalid and its interval from the
routing table 240 seco!ds. )efore its removed from the table! the router notifies its neighbors of that
routes impending demise. The value of the route invalid timer must be less than that of the route flush
timers
15
R10 (Roti!" 1!formatio! 0rotoco+) Co!fi"ratio!

/200A
RouterEenable
1+--(/config06interface )eria+ 0I/
1+--(/config06interface )eria+ /I0
1+--(6show ip route
1+--(6configuration terminal
1+--(/config06router rip
1+--(/config8router06network /0%0%0%0
1+--(/config8router06network 20%0%0%0
1>
1+--(/config8router06control I
1+--(6show ip route
8600A
RouterEenable
3,--(/config8if06ip address (0%0%0%/% 2((%0%0%0
3,--(/config8if06e7it
3,--(/config06router rip
3,--(/config8router06network 20%0%0%0
3,--(/config8router06network (0%0%0%0
3,--(/config8router06control I
3,--(6show ip route
8600#
RouterEenable
Router/config06hostname 8600#
3,--)/config06interface )/I0
3,--)/config8if06ip address 80%0%0%2 2((%0%0%0
3,--)/config8if06no shutdown
3,--)/config8if06clock rate 64000
3,--)/config06interface )eria+ /I/
3,--)/config8if06ip address 60%0%0%/% 2((%0%0%0
3,--)/config8if06e7it
3,--)/config06router rip
3,--)/config8router06network 80%0%0%0
3,--(/config8router06control I
3,--)6show ip route
3,--)6show ip interface brief
3,--)6 show ip protocol
8600C
RouterEenable
Router/config06hostname 8600C
3,--2/config06interface )0I0
1,
3,--2/config8if06ip address 40%0%0%2 2((%0%0%0
3,--2/config8if06no shutdown
3,--2/config8if06clock rate 64000
3,--2/config06interface )eria+ 0I/
3,--2/config8if06ip address 20%0%0%/% 2((%0%0%0
3,--2/config8if06e7it
3,--2/config06router rip
3,--2/config8router06network 40%0%0%0
3,--2/config8router06control I
3,--26show ip route
3,--26show ip interface brief
/200#
RouterEenable
1+--)/config8if06ip address (0%0%0%2 2((%0%0%0
1+--)/config06interface )eria+ /I0
1+--)/config06interface )eria+ /I/
1+--)6show ip route
1+--)6configuration terminal
1+--)/config06router rip
1+--)/config8router06network (0%0%0%0
1+--)/config8router06network 60%0%0%0
1+--)/config8router06control I
Roti!" 1!formatio! 0rotoco+ ,ersio! 2
)oth R4%v1 and R4%v2 are distance8vector protocols! which means that each router running R4%
sends its complete routing tables out all active interfaces at periodic time intervals.
The timers and loop8avoidance schemes are the same in both R4% versions.
1+
)oth R4%v1 and R4%v2 are configured as classful addressing! /but R4%v2 is considered classless
because subnet information is sent with each route update0
)oth have the same administrative distance /12-0
R4% is an open standard! you can use R4% with any brand of router.
(logrithm J )ellman 1ord
Fulticast addresse 225.-.-.A
R4% Kersion 1 R4% Kersion 2
#istance Kector #istance Kector
Fa7imum hop count of 1> Fa7imum hop count of 1>
2lassful 2lassless
$o support for K*.F .upports K*.F networks
$o support for discontiguous .upport discontiguous networks
R10 <ersio! 2 (Roti!" 1!formatio! 0rotoco+) Co!fi"ratio!
R4%K2 .upports 2lassless 4% (ddresses
Luestion"
4% (ddress 1A2.1,D.1.-M25
1+--( 8 1-M- 8 $eed J , 4% (ddresses
:($ .erial 2onnection $eed J 2 4% (ddresses /.-M- N .3M-0
:($ .erial 2onnection $eed J 2 4% (ddresses /.3M1 N .-M-0
1+--) J 1-M- $eed J 15 4% (ddresses
(nswer"
4% (ddresses 1A2.1,D.1.-M25
$eed 2 4% (ddresses 2
2
O 5 J 2O 2
1A2.1,D.1.
)orrowing 2 bits
$etwork 4# 1irst &ost 4# *ast &ost 4# )roadcast 4#
1A2.1,D.1.5 1A2.1,D.1.> 1A2.1,D.1., 1A2.1,D.1.+
1A2.1,D.1.D 1A2.1,D.1.A 1A2.1,D.1.1- 1A2.1,D.1.11
1D
12
D
,
5
3
2
1
,
D 5 2 1
$eed , 4% (ddresses 2
3
O D J 2 O ,
1A2..1,D.1.

)orrowing 3 bits
The following 4% already use
1A2.1,D.1.D 1A2.1,D.1.A 1A2.1,D.1.15 1A2.1,D.1.1>
.o we are use following 4% (ddresses
1A2.1,D.1.1, 1A2.1,D.1.1+ 1A2.1,D.1.22 1A2.1,D.1.23
$eed 15 4% (ddresses 2
5
O 1, J 2 O 15
)orrowing 5 bits
1A2.1,D.1.
The following 4% already use
1A2.1,D.1.1, 1A2.1,D.1.1+ 1A2.1,D.1.3- 1A2.1,D.1.31
.o we are use following 4% (ddresses
1A2.1,D.1.32 1A2.1,D.1.33 1A2.1,D.1.5, 1A2.1,D.1.5+
/200A
RouterEenable
1+--(/config8if06ip address /42%/68%/%/2 2((%2((%2((%248
1+--(/config8if06ip address /42%/68%/%( 2((%2((%2((%2(2
1+--(/config8if06control J
1+--(6show ip route
1+--(/config06roter rip
1+--(/config8router06,ersio! 2
1+--(/config8router06network /42%/68%/%4
1+--(/config8router06network /42%/68%/%/6
1+--(/config06e7it
8600A
RouterEenable
1A
12
D
,
5
3
2
1
,
D 5 2 1
12
D
,
5
3
2
1
,
D 5 2 1
3,--(/config8if06ip address /42%/68%/%6 2((%2((%2((%2(2
3,--(/config8if06ip address /42%/68%/%4 2((%2((%2((%2(2
3,--(/config8if06control J
3,--(6show ip route
3,--(/config8router06roter rip
3,--(/config8router06,ersio! 2
3,--(/config8router06network /42%/68%/%4
3,--(/config8router06network /42%/68%/%8
3,--(/config06e7it
/200#
RouterEenable
1+--)/config8if06ip address /42%/68%/%88 2((%2((%2((%240
1+--)/config8if06interface )eria+ 0I0
1+--)/config8if06ip address /42%/68%/%/0 2((%2((%2((%2(2
1+--)/config8if06control J
1+--)6show ip route
1+--)/config06roter rip
1+--)/config8if06,ersio! 2
1+--)/config8router06network /42%/68%/%8
1+--)/config8router06network /42%/68%/%82
1+--)/config8router06control J
1+--)6show ip route
1+--)6ping /42%/68%/%/2
To change 3pdate time! 4nvalid time! &old downtime N 1lush out time by default to customiPe
use following command
RouterEen
Router/config06router R10
Router/config8router06time basic HH/update0 HH/invalid0 HH/hold down0 HH/flush time0
2-
R10 </ ; R10 <2 Co!fi"ratio!
(Roter 1!formatio! 0rotoco+ <ersio! / ; Roter 1!formatio! 0rotoco+ <ersio! 2)

/200A
RouterEenable
1+--(6show ip route
1+--(/config06roter rip
1+--(/config06e7it
8600A
RouterEenable
3,--(/config8if06control J
3,--(6show ip route
3,--(/config06roter rip
3,--(/config8router06roter rip
21
3,--(/config8router06,ersio! 2
3,--(/config06e7it
/200#
RouterEenable
1+--)/config8if06control J
1+--)6show ip route
1+--)/config06roter rip
1+--)/config8if06,ersio! 2
1+--)6show ip route
1+--)6ping /0%0%0%/
(nother type to configure R4%K2 in this 1+--( Router .erial .-M- interface configuration
command
1+--)/config8if06ip received ,ersio! /
22
1!terior 3atewa' Roti!" 0rotoco+ (13R0)
4nterior <ateway Routing %rotocol /4<R%0 is a 2isco8proprietary distance8vector routing protocol.
To use 4<R%! all your routers must be 2isco routers.
4<R% has a ma7imum hop count of 2>> with a default of 1--.
4<R% uses bandwidth and delay of the line by default as a metric for determining the best route to
an internetwork.
Reliability! load! and ma7imum transmission unit /FT30 can also be used! although they are not
used by default.
Note:
The main difference between R4% and 4<R% configuration is that when you configure 4<R%! you
supply the autonomous system number. (ll routers must use the same number in order to share routing
table information.
13R0 R10
2an be used in large internetworks :orks best in smaller networks
3ses an autonomous system number for
activation
#oes not yse aytibiniys system numbers
<ives a full route table update every A-
seconds
<ives full route table update every 3-
seconds
&as an administrative distance of 1-- &as an administrative distance of 12-
3ses bandwidth and delay of the line as
metric /lowest composite metric0!with a
ma7imum hop count of 2>>
3ses only hop count to determine the best
path to a remote network! with 1> hops
being the ma7imum
13R0 &imers
&o co!tro+ performa!ceB 13R0 i!c+des the fo++owi!" timers with defa+t setti!"s:
@pdate timers :
These specify how freCuently routing8update messages should be sent. The default is A-
seconds.
1!,a+id timers :
These specify how long a router should wait before declaring a route invalid if it doesnt
receive a specific update about it. The default is three times the update period.
9o+ddow! timers :
These specify the holddown period. The default is three times the update timer period plus 1-
seconds.
6+sh timers :
These indicate how much time should pass before a route should be flushed from the routing
table. The default is seven times the routing update period. 4f the update timer is A- seconds by
default! then + Q A- O ,3- seconds elapse before a route will be flushed from the route table.
23
13R0 (1!terior 3atewa' Roti!" 0rotoco+) Co!fi"ratio!

/200A
RouterEenable
1+--(/config8if06e7it
1+--(/config06roter i"rp /00 (ato!omos s'stem !m:er)
1+--(/config8router06control J
8600A
RouterEenable
3,--(/config8if06interface )eria+ 8I/
3,--(/config06 roter i"rp /00 (ato!omos s'stem !m:er)
3,--(/config8router06control J
25
/200#
RouterEenable
1+--)/config8if06e7it
1+--)/config06roter i"rp /00 (ato!omos s'stem !m:er)
1+--)/config8router06network /0%0%0%0
1+--)6show ip route
1+--)6ping /0%0%0%/
E13R0 (E!ha!ced 1!terior 3atewa' Roti!" 0rotoco+)
o =nhanced 4<R% /=4<R%0 is a classless! enhanced distance8vector protocol that gives us a real
edge over 4<R%.
o *ike 4<R%! =4<R% uses the concept of an autonomous system to describe the set of contiguous
routers that run the same routing protocol and share routing information.
o )ut unlike 4<R%! =4<R% includes the subnet mask in its route updates
o The advertisement of subnet information allows us to use K*.F and
summariPation when designing our networks.
o =4<R% is sometimes referred to as a hybrid routing protocol because ithas characteristics of
both distance8vector and link8state protocols.
o 4t sends traditional distance8vector updates containing information about networks plus the cost
of reaching them from the perspective of the adverting router
o =4<R% has a ma7imum hop count of 2>>.
0owerf+ featres that make E13R0 a rea+ sta!dot from 13R0
.upport for 4%! 4%R! and (ppleTalk via protocol8dependent modules 2onsidered classless /same
as R4%v2 and @.%
.upport for K*.FM24#R
.upport for summaries and discontiguous networks
=fficient neighbor discovery
2ommunication via Reliable Transport %rotocol /RT%0
)est path selection via #iffusing 3pdate (lgorithm /#3(*0
$ote"
2isco calls =4<R% a distance vector routing protocol! or sometimes an
advanced distance vector or even a hybrid routing protocol.
2>
=4<R% supports different $etwork layer protocols through the use of protocol8dependent
modules /%#Fs0.
=ach =4<R% %#F will maintain a separate series of tables containing the routing information
that applies to a specific protocol.
4t means that there will be 4%M=4<R% tables! 4%RM=4<R% tables! and (ppleTalkM=4<R% tables.
Nei"h:or *isco,er'
)efore =4<R% routers are willing to e7change routes with each other! they must become
neighbors.There are three conditions that must be met for neighborship establishment"
&ello or (2S received
(. numbers match
4dentical metrics /S values0
To maintain the neighborship relationship! =4<R% routers must also continue receiving &ellos
from their neighbors.
=4<R% routers that belong to different autonomous systems /(.es0 dont automatically share
routing information and they dont become neighbors.
The only time =4<R% advertises its entire routing table is when it discovers a new neighbor
and forms an ad?acency with it through the e7change of &ello packets. :hen this happens! both
neighbors advertise their entire routing tables to one another. (fter each has learned its neighbors
routes! only changes to the routing table are propagated from then on.
E13R0 mai!tai!s three ta:+es co!tai!i!" i!formatio! a:ot the i!ter!etworks%
Nei"h:or &a:+e
Records information about routers with whom neighborship relationships have been formed.
&opo+o"' &a:+e
.tores the route advertisements about every route in the internetwork received from each
neighbor.
Roti!" &a:+e
.tores the routes that are currently used to make routing decisions.
E13R0 10 Roti!" &a:+e
*ist of directly connected routers
running =4<R% with which this router has an
ad?acency
*ist of all routers learned from =ach
=4<R% neighbors
2,
4% 4<R% $eighbors Table
$e7t8&op Router 4nterface
4% =4<R% Topology Table
#estination 1 1# and (# via each neighbors
*ist of all best routes from
=4<R% topology table and other
routing processes
6easi:+e dista!ce
This is the best metric along all paths to a remote network! including the metric
to the neighbor that is advertising that remote network. This is the route that you will find in the
routing table! because it is considered the best path. The metric of a feasible distance is the metric
reported by the neighbor /called reported distance0! plus the metric to the neighbor reporting the route.
Reported dista!ce ( Ad,ertised *ista!ce )
This is the metric of a remote network! as reported by a neighbor. 4t is also
the routing table metric of the neighbor.
Nei"h:or ta:+e
=ach router keeps state information about ad?acent neighbors. :hen a newly
discovered neighbor is learned! the address and interface of the neighbor are recorded! and this
information is held in the neighbor table! stored i! RA.. There is one neighbor table for each
protocol8dependent module
.
&opo+o"' ta:+e
The topology table is populated by the %#Fs and acted upon by the *iffsi!" @pdate
A+"orithm (*@A-). 4t contains all destinations advertised by neighboring routers! holding each
destination address and a list of neighbors that have advertised the destination. 1or each neighbor! the
advertised metric is recorded! which comes only from the neighbors routing table. 4f the neighbor is
advertising this destination! it must be using the route to forward packets.
6easi:+e sccessor
( destination entry is moved from the topology table to the routing table when there is a
feasible successor. ( feasible successor is a path whose reported distance is less than the feasible
distance! and it is considered a backup route. =4<R% will keep up to si7 feasible successors in the
topology table. @nly the one with the best metric
/the successor0.is placed in the routing table.
)ccessor
( successor route is the best route to a remote network. ( successor route is used by =4<R% to
forward traffic to a destination and is stored in the routing table. 4t is backed up by a feasible successor
route that is stored in the topology tableif one is available.
( feasible successor is a backup route and is stored in the topology table.
( successor route is stored in the topology table and also placed in the routing table.
Re+ia:+e &ra!sport 0rotoco+ (R&0)
o =4<R% uses a proprietary protocol! called Reliable Transport Protocol (RTP)! to manage the
communication of messages between =4<R%8speaking routers.
o =4<R% sends updates via multicast traffic! it uses the 2lass # address 224%0%0%/0%
2+
&he 10 Roti!" &a:+e
#estination )est Route
o 4f =4<R% doesnt get a reply from a neighbor! it will switch to using unicasts to resend the same
data.
o 4f it still doesnt get a reply after 1, unicast attempts! the neighbor is declared dead.
o This process is reffered to as reliable multicast
*iffsi!" @pdate A+"orithm (*@A-)
=4<R% uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best path
to each remote network. This algorithm allows for the following"
o )ackup route determination if one is available
o .upport of Kariable8*ength .ubnet Fasks /K*.Fs0
o #ynamic route recoveries
o Lueries for an alternate route if no route can be found
#3(* provides =4<R% with possibly the fastest route convergence time among all protocols.
E13R0 .etrics
(nother really sweet thing about =4<R% is that unlike many other protocols that use a single
factor to compare routes and select the best possible path! =4<R% can use a combination of four"
)andwidth
#elay
*oad
Reliability
FT3
*ike 4<R%! =4<R% uses only bandwidth and delay of the line to determine the best path to a
remote network by default.
.aximm 0aths a!d 9op Co!t
)y default! =4<R% /and 4<R%0 can provide uneCual cost load balancing of up to four links.
&owever! you can have =4<R% actually load balance across up to si7 links.
=4<R% /and 4<R%0 has a ma7imum hop count of 1--! but can be set up to 2>>.
4f you need to stop =4<R% from working on a specific interface! such as =thernet interface or a
serial connection to the 4nternet. 2onfigure with passive8interface interface command.
)y using the no auto-summary command! =4<R% will advertise all the subnets between the
two routers. 4f the networks were larger! you could then provide manual summariPation on these same
boundaries.
2D
E13R0 (E!ha!ced 1!terior 3atewa' Roti!" 0rotoco+) Co!fi"ratio!

/200A
RouterEenable
1+--(/config06interface )0I0
1+--(/config8if06:a!dwidth (/2
1+--(/config06interface )eria+ 0I/
1+--(/config8if06:a!dwidth 2(6
1+--(/config06interface )/I0
1+--(/config8if06:a!dwidth /28
1+--(/config06roter E13R0 (00 (ato!omos !o: 0 6((6()
2A
1+--(6show ip route
1+--(6show ip E13R0 topology
1+--(6show ip E13R0 neighbors
4f we want to stop 1ast =thernet %ort to advertiseB type following command"
1+--(/config06roter E13R0 (00
1+--(/config8router06passi,e7i!terface 60I0 /enable command)
1+--(/config8router06!o passi,e7i!terface 60I0 /disable command0
8600A
RouterEenable
3,--(/config8if06:a!dwidth (/2
3,--(/config8if06interface )8I/
3,--(/config8if06ip address (0%0%0%/% 2((%0%0%0
3,--(/config8if06:a!dwidth /28
3,--(/config06roter E13R0 (00
3,--(6show ip route
3,--(6show ip E13R0 topology
3,--(6show ip E13R0 neighbors
8600#
RouterEenable
3,--)/config8if06:a!dwidth 2(6
3,--)/config06interface )/I/
3,--)/config8if06ip address 60%0%0%/% 2((%0%0%0
3,--)/config8if06:a!dwidth 2(6
3,--)/config06roter E13R0 (00
3-
3,--)/config8router06control I
3,--)6show ip route
3,--)6show ip interface brief
3,--)6show ip E13R0 topology
3,--)6show ip E13R0 neighbor
8600C
RouterEenable
3,--2/config if06:a!dwidth /28
3,--2/config06interface )0I/
3,--2/config8if06ip address 20%0%0%/% 2((%0%0%0
3,--2/config if06:a!dwidth (/2
3,--2/config06roter E13R0 (00
3,--26show ip route
3,--26show ip interface brief
3,--26show ip E13R0 topology
3,--26show ip E13R0 neighbor
/200#
RouterEenable
1+--)/config06interface )0I0
1+--)/config8if06:a!dwidth /28
1+--)/config06interface )/I0
1+--)/config8if06:a!dwidth 2(6
1+--)/config06interface )/I/
1+--)/config8if06:a!dwidth (/2
1+--)/config06roter E13R0 (00
31
1+--)/config8router06network (0%0%0%0
1+--)6show ip E13R0 topology
1+--)6show ip E13R0 neighbor
E13R0 )mmariCatio! Co!fi"ratio!

/200A
RouterEen
1+--(/config06interface fast Ether!et 0I0
1+--(/config8if06ip address /0%0%0/ 2((%0%0%0
1+--(/config8if06interface )0I0
1+--(/config8if06ip address 20%0%0%/ 2((%0%0%0
1+--(6show ip route
1+--(6show ip E13R0 neighbors
/200#
RouterEen
1+--)/config06interface fast Ether!et 0I0
1+--)/config8if06interface )0I/
32
1+--)/config8if06 interface -oop :ack 0
1+--)/config8if06 ip address /22%/68%4%/ 2((%2((%0%0
1+--)/config8if06 interface -oop :ack /
1+--)/config8if06 ip address /22%/68%(%/ 2((%2((%0%0
1+--)/config8if06 interface -oop :ack (
1+--)/config8if06 ip address /22%/68%/0%/ 2((%2((%0%0
1+--)/config8if06 ip address /22%/68%//%/ 2((%2((%0%0
1+--)/config8if06 ip address /22%/68%/2%/ 2((%2((%0%0
1+--)/config06roter E13R0 (00
1+--)/config8router06network /22%/68%4%/
1+--)/config8router06network /22%/68%(%/
1+--)/config8router06network /22%/68%/0%/
1+--)/config8router06network /22%/68%//%/
1+--)/config8router06network /22%/68%/2%/
1+--)6show ip route
1+--)6show ip E13R0 topology
1+--)6show ip E13R0 neighbors
.a!a++' assi"! )mmariCatio!
1+--)/config8router06!o ato smmariCatio!
To manually summariPation configure this command./each and every network summariPed0.To
minimiPe the routing table configure below command.
1+--)/config06interface s-M-
1+--)/config8if06ip summary8address eigrp >-- 1+2.1,D.5.- 2>>.2>>.2>2.-
33
E13R0 -oad #a+a!ci!" Co!fi"ratio!
@!eGa+ Cost 0ath
#a!dwith defa+t de+a' 20000
/200A
RouterEen
1+--(/config8if06ip address /0%0%0/ 2((%0%0%0
1+--(/config8if06:a!dwidth 268
1+--(/config8if06interface )0I/
1+--(/config8if06 :a!dwidth (/2
1+--(/config8if06interface )/I0
1+--(/config8if06 :a!dwidth 2(6
8600A
RouterEenable
35
3,--(/config8if06c+ock rate 64000
3,--(/config8if06:a!dwidth 268
3,--(/config8if06:a!dwidth (/2
3,--(/config8if06interface )8I2
3,--(/config8if06:a!dwidth 2(6
3,--(/config06roter E13R0 (00
-oad #a+a!ci!" Comma!d
1ollowing 2ommand used to bandwidth balance command.
2alculate *oad balancing O 1easible #istance multiply to different between 1easible #istance /=g.!
1#H30
1+--(/config8router06variance HHH TH 8 number to multiplyU /=nable0
1+--(/config8router06no variance /#isable0
1+--(6show ip route
1+--(6show ip E13R0 neighbors.
5)06 (5pe! )hortest 0ath 6irst)
@pen .hortest %ath 1irst /@.%10 is an open standards routing protocol thats been
implemented by a wide variety of network vendors! including 2isco.
This works by using the *iKkstra a+"orithm. 1irst! a shortest path tree is constructed! and then
the routing table is populated with the resulting best paths. @.%1 converges Cuickly! although perhaps
not as Cuickly as =4<R%! and it supports multiple! eCual8cost routes to the same destination. )ut
unlike =4<R%! it only supports 4% routing.
5)06 pro,ides the fo++owi!" featres:
2onsists of areas and autonomous systems
FinimiPes routing update traffic
(llows scalability
.upports K*.FM24#R
&as unlimited hop count
(llows multi8vendor deployment /open standard0
3>
Note:
@.%1 is the first link8state routing protocol that most people are introduced to.
5)06 a!d R10 compariso!
Chracteristic 5)06 R10,2 R10,/
Type of protocol *ink8state #istance8vector #istance8vector
2lassless support 9es 9es $o
K*.F support 9es 9es $o
(uto summariPation $o 9es 9es
Fanual summariPation 9es $o $o
#iscontiguous 9es 9es $o
Route propagation Fulticast on
change
%eriodic multicast %eriodic
multicast
%ath metric )andwidth &ops &ops
&op count limit $one 1> 1>
2onvergence 1ast .low .low
%eer authentication 9es 9es $o
&ierarchical network 9es /using areas0 9es $o
3pdates =vent Triggered Routetable
updates
Routable
updates
Route computation #i?kstra )ellman81ord )ell81ord
@.%1 is supposed to be designed in a hierarchical fashion! which basically means that you can
separate the larger internetwork into smaller internetworks called areas. This is the best design for
@.%1.
The reasons for creating @.%1 in a hierarchical design include"
To decrease routing overhead
To speed up convergence
To confine network instability to single areas of the network
=ach router in the network connects to the backbone called area 0B or the :ack:o!e
area.@.%1 must have an area 0! and all routers should connect to this area if at all possible.)ut
routers that connect other areas to the backbone within an (. are called Area #order Roters
(A#Rs)% .till! at least one interface must be in area -.
@.%1 runs inside an autonomous system! but can also connect multiple autonomous systems
together. The router that connects these A)es together is called an Ato!omos )'stem #o!dar'
Roter (A)#R)%
5)06 &ermi!o+o"'
-i!k
( link is a network or router interface assigned to any given network. :hen an interface is
added to the @.%1 process! its considered by @.%1 to be a link.
Roter 1*
3,
The Router D (RD) is an 4% address used to identify the router. 2isco chooses the Router 4#
by using the highest 4% address of all configured loopback interfaces. 4f no loopback interfaces are
configured with addresses! @.%1 will choose the highest 4% address of all active physical interfaces.
Nei"h:ors
!eighbors are two or more routers that have an interface on a common network!such as two
routers connected on a point8to8point serial link.
AdKace!c'
(n ad"acency is a relationship between two @.%1 routers that permits the direct e7change of
route updates. @.%1 is really picky about sharing routing informationunlike =4<R%! which directly
shares routes with all of its neighbors. 4nstead! @.%1 directly shares routes only with neighbors that
have also established ad?acencies. (nd not all neighbors will become ad?acentthis depends upon
both the type of network and the configuration of the routers.
9e++o protoco+
The @.%1 &ello protocol provides dynamic neighbor discovery and maintains neighbor
relationships. &ello packets and *ink .tate (dvertisements /*.(s0 build and maintain the topological
database. &ello packets are addressed to 225.-.-.>.
Nei"h:orship data:ase
The neighborship database is a list of all @.%1 routers for which &ello packets have been
seen. ( variety of details! including the Router 4# and state! are maintained on each router in the
neighborship database.
&opo+o"' data:ase
The topology database contains information from all of the *ink .tate (dvertisement packets
that have been received for an area. The router uses the information from the topology database as
input into the #i?kstra algorithm that computes the shortest path to every network. *.( packets are
used to update and maintain the topology database.
-i!k )tate Ad,ertiseme!t
( Link #tate Advertisement (L#A) is an @.%1 data packet containing link8state and routing
information thats shared among @.%1 routers. There are different types of *.( packets. (n @.%1
router will e7change *.( packets only with routers to which it has established ad?acencies.
*esi"!ated roter
( designated router (DR) is elected whenever @.%1 routers are connected to the same multi8
access network. ( prime e7ample is an =thernet *($.
#ackp desi"!ated roter
( backup designated router ($DR) is a hot standby for the #R on multi8access links The
)#R receives all routing updates from @.%1 ad?acent routers! but doesnt flood *.( updates.
5)06 areas
(n !"# area is a grouping of contiguous networks and routers. (ll routers in the same area
share a common (rea 4#.
#roadcast (m+ti7access)
$roadcast (multi%access) net&orks such as =thernet allow multiple devices to connect to /or
access0 the same network! as well as provide a broadcast ability in which a single packet is delivered
to all nodes on the network. 4n @.%1! a #R and a )#R must be elected for each broadcast multi8
access network.
3+
No!7:roadcast m+ti7access
!on%$roadcast 'ulti%Access (!$'A) networks are types such as 1rame Relay! R.2>! and
(synchronous Transfer Fode /(TF0. These networks allow for multi8access! but have no broadcast
ability like =thernet. .o! $)F( networks reCuire special @.%1 configuration to function properly
and neighbor relationships must be defined.
0oi!t7to7poi!t
Point%to%point refers to a type of network topology consisting of a direct connection between
two routers that provides a single communication path. The point8to8point connection can be physical!
as in a serial cable directly connecting two routers! or it can be logical.
0oi!t7to7m+tipoi!t
Point%to%multipoint refers to a type of network topology consisting of a series of connections
between a single interface on one router and multiple destination routers.(ll of the interfaces on all of
the routers sharing the point8to8multipoint connection belong to the same network. (s with point8to8
point! no #Rs or )#Rs are needed.
)06 &ree Ca+c+atio!
:ithin an area! each router calculates the bestMshortest path to every network in that same
area.This calculation is based upon the information collected in the topology database and an
algorithm called shortest path first (#P()
@.%1 uses a metric referred to as cost. ( cost is associated with every outgoing interface
included in an .%1 tree. The cost of the entire path is the sum of costs of the outgoing interfaces along
the path.
2isco uses a simple eCuation of /0
8
I :a!dwidth.The bandwidth is the configured bandwidth
for the interface. 3sing this rule! a 1--Fbps 1ast =thernet interface would have a default @.%1 cost
of 1 and a 1-Fbps =thernet interface would have a cost of 1-. (n interface set with a bandwidth of
,5!--- would have a default cost of 1>,3.
5)06 (5pe! )hortest 0ath 6irst) )i!"+e Area Co!fi"ratio!
/200A
RouterEen
3D
1+--(/config06roter 5)06 / /%rocess 4# 1 8 ,>>3>0
1+--(/config8router06network /0%0%0%0 0%2((%2((%2(( area 0
1+--(/config8router06network 20%0%0%0 0%2((%2((%2(( area 0
1+--(6show ip route
1+--(6show ip 5)06 interface
1+--(6show ip 5)06 neighbors
1+--(6show ip 5)06 database
8600A
RouterEen
3,--(/config8if06ip address 80%0%0%/ 2((%0%0%0
3,--(/config06roter 5)06 2 /%rocess 4# 1 8 ,>>3>0
3,--(/config8router06network 20%0%0%0 0%2((%2((%2(( area 0
3,--(6show ip route
3,--(6show ip 5)06 interface
3,--(6show ip 5)06 neighbors
3,--(6show ip 5)06 database
/200#
RouterEen
1+--)/config06interface fast Ether!et 0I0
1+--)/config8if06interface )0I0
1+--)/config06roter 5)06 / /%rocess 4# 1 8 ,>>3>0
1+--)/config8router06network 80%0%0%0 0%2((%2((%2(( area 0
1+--)6show ip route
1+--)6show ip 5)06 interface
1+--)6show ip 5)06 neighbors
1+--)6show ip 5)06 database
3A
5)06 (5pe! )hortest 0ath 6irst) #roadcast Area Co!fi"ratio!
-A#

:hile configure in @.%1 broadcast! following few steps.
.tep 1" .witch off our .witch
.tep 2" 2onfigure router
.tep 3" .witch on our .witch
:hy we want to switch off the .witch;
(fter we have finished router configuration switch on our .witch. The .witch will running
election process and finished to select then assigned the priority one and two. The first priority goes to
#esignated Router /#R0 and .econd priority goes to )ackup #esignated Router /)#R0.
4f we have change default priority use following command /%riority - 8 2>>0
RouterEen
Router/config06interface
Router/config8if06ip ospf priority 1
or
or
9e++o 1!ter,a+ Co!fi"ratio!
RouterEen
Router/config06interface .-M-
Router/config8if06ip ospf hello8interval
Router/config8if06ip ospf dead8interval multiply 5
/200A
5-
RouterEen
1+--(/config8if06interface +oop :ack 0
1+--(/config8router06network 20%0%0%/ 0%2((%2((%2(( area 0
1+--(6show ip route
/200#
RouterEen
1+--)/config8if06ip address /0%0%0%2 2((%0%0%0
1+--)/config8if06interface +oop :ack 0
1+--)/config8router06network /0%0%0%0 0%2((%2((%2(( area 0
1+--)/config8router06network 80%0%0%/ 0%2((%2((%2(( area 0
1+--)6show ip route
/200C
RouterEen
Router/config06hostname /200C
1+--2/config06interface 6ast Ether!et 0I0
1+--2/config8if06ip address /0%0%0%8 2((%0%0%0
1+--2/config8if06no shutdown
1+--2/config8if06interface +oop :ack
1+--2/config8if06ip address 40%0%0%/ 2((%0%0%0
1+--2/config8if06e7it
1+--2/config06roter 5)06 / /%rocess 4# 1 8 ,>>3>0
1+--2/config8router06network /0%0%0%0 0%2((%2((%2(( area 0
1+--2/config8router06network 40%0%0%/ 0%2((%2((%2(( area 0
1+--2/config8router06control J
1+--26show ip route
51
1+--26show ip 5)06 interface
1+--26show ip 5)06 neighbors
1+--26show ip 5)06 database
5)06 (5pe! )hortest 0ath 6irst) .+ti Area Co!fi"ratio!
-A#

/200A
RouterEen
1+--(/config8if06interface +oop :ack 0
1+--(/config8if06ip address /%/%/%/ 2((%2((%2((%2((
1+--(6 show ip interface brief
1+--(/config06router 5)06 /
1+--(/config8router06network 20%0%0%0 0%2((%2((%2(( area 0
1+--(/config8router06network /%/%/%/ 0%0%0%0 area 0
1+--(6show ip route
52
8600A
RouterEen
3,--(/config8if06ip address 80%0%0%/ 2((%0%0%0
3,--(/config8if06interface +oop :ack
3,--(/config8if06ip address 2%2%2%2 2((%2((%2((%2((
3,--(/config06router 5)06 2
3,--(/config8router06network 2%2%2%2 0%0%0%0 area 0
3,--(6show ip route
3,--(6show ip 5)06 interface
3,--(6show ip 5)06 neighbors
3,--(6show ip 5)06 database
8600#
RouterEen
3,--)/config8if06interface )/I/
3,--)/config8if06ip address 40%0%0%/ 2((%0%0%0
3,--)/config8if06interface +oop :ack
3,--)/config8if06ip address 8%8%8%8 2((%2((%2((%2((
3,--)/config06router 5)06 8
3,--)/config8router06network 80%0%0%0 0%2((%2((%2(( area 0
3,--)/config8router06network 40%0%0%0 0%2((%2((%2(( area /
3,--)/config8router06network 8%8%8%8 0%0%0%0 area /
3,--)/config8router06control J
3,--)6show ip route
3,--)6show ip 5)06 interface
3,--)6show ip 5)06 neighbors
3,--)6show ip 5)06 database
To create Kirtual link collect update information between all routers on different areas network
to type following command
3,--)/config06router 5)06 8
3,--)/config8router06area virtual8link
53
3,--)/config8router06loopback 5.5.5.5
8600C
RouterEen
3,--2/config8if06interface )/I0
3,--2/config8if06ip address (0%0%0%/ 2((%0%0%0
3,--2/config8if06interface +oop :ack
3,--2/config8if06ip address 4%4%4%4 2((%2((%2((%2((
3,--2/config06router 5)06 4
3,--2/config8router06network 40%0%0%0 0%2((%2((%2(( area /
3,--2/config8router06network (0%0%0%0 0%2((%2((%2(( area 2
3,--2/config8router06network 4%4%4%4 0%0%0%0 area 2
3,--26show ip route
3,--26show ip 5)06 interface
3,--26show ip 5)06 neighbors
3,--26show ip 5)06 database
/200#
RouterEen
1+--(/config06interface )0I0
1+--)/config8if06interface 6ast Ether!et 0I0
1+--)/config8if06interface +oop :ack
1+--)/config8if06ip address (%(%(%(%( 2((%2((%2((%2((
1+--)/config8if 06e7it
1+--)/config06router 5)06 (
1+--)/config8router06network (0%0%0%0 0%2((%2((%2(( area 2
1+--)/config8router06network (%(%(%( 0%0%0%0 area 2
1+--)6show ip route
55
#30 (#order 3atewa' 0rotoco+)
Co!fi"re i"rp or ei"rp with A) /00B 200B 800 i! R&AB R&#B a!d R&C i! roters
a!d the! se these co!fi"ratio!s
RT(6
router bgp 1--
neighbor 1>-.1-.2-.2 remote8as 3--
network 1>-.1-.-.-
RT)6
router bgp 2--
neighbor 1,-.1-.2-.2 remote8as 3--
network 1,-.1-.-.-
RT26
router bgp 3--
neighbor 1>-.1-.2-.1 remote8as 1--
neighbor 1,-.1-.2-.1 remote8as 2--
network 1+-.1-.-.-
5>
>a! &ech!o+o"ies
6rame7Re+a'
6rame7Re+a' 5,er,iew

J 2onnections made by virtual circuits
J 2onnection8oriented service
6rame7Re+a' )tack
6rame7Re+a'
5)1 Refere!ce .ode+

6rame Re+a' &ermi!o+o"'
5,
(pplication
%resentation
.ession
Transport
$etwork
#ata8link
%hysical
4%M4%RM(pple talk etc.!
1R(F=8R=*(9
=4(MT4(8232! =4(MT4(855A! K.3>! R.21!
=4(MT4(8>3-

)e+ecti!" a 6rame Re+a' &opo+o"'

5+
V 6rame Re+a' defa+t: !o!:roadcastB m+tiaccess (N#.A)
Reacha:i+it' 1sses with Roti!" @pdates
V %roblem"
J )roadcast traffic must be replicated for
each active connection.
J .plit8horiPon rule prevents routing updates received on
one interface from being forwarded out the same interface.
J
Reso+,i!" Reacha:i+it' 1sses
V .plit horiPon can cause problems in $)F( environments.
V .ubinterfaces can resolve split horiPon issues.
V .olution" ( single physical interface simulates multiple logical interfaces.
6rame Re+a' Address .appi!"
5D

J 3se *F4 to get locally significant #*24 from the 1rame Relay switch.
J 3se 4nverse (R% to map the local #*24 to the remote routers network
layer address.
6rame Re+a' )i"!a+i!"

2isco supports three *F4 standards"
V 2isco
V ($.4 T1.,1+ (nne7 #
V 4T38T L.A33 (nne7 (
6rame Re+a' 1!,erse AR0 a!d -.1 )i"!a+i!"
5A
)ta"es of 1!,erse AR0 a!d -.1 5peratio!
9ow )er,ice 0ro,iders .ap 6rame Re+a' *-C1s: E!terprise <iew
>-
1rame Relay is an 4T38T and ($.4 standard that defines the process for sending data over
a public data network.
The core aspects of 1rame Relay function at the lower two layers of the @.4 reference
model.
1rame Relay allows you to interconnect your remote sites in a variety of topologies
including star! full mesh! and partial mesh.
( 1rame Relay $)F( topology may cause routing update reachability issues! which are
solved by using subinterfaces.
( 1rame Relay connection reCuires that! on a K2! the local #*24 be mapped to a
destination network layer address such as an 4% address.
*F4 is a signaling standard between the router and the 1rame Relay switch that is
responsible for managing the connection and maintaining status between the devices.
.ervice providers map 1rame Relay #*24s so that #*24s with local significance appear at
each end of a 1rame Relay connection.
Access rate:
The ma7imum speed at which the 1rame Relay interface can transmit.
Committed 1!formatio! Rate (C1R)
The ma7imum bandwidth of data guaranteed to be delivered.
<irta+ Circits
1rame Relay operates using $irtual circuits!
&here are two t'pes of ,irta+ circits:
0erma!e!t
The telco creates the mappings inside their gear! and as long as you pay the bill! they will
remain in place.
)witched
The virtual circuit is established when data needs to be transmitted! then is taken down when
data transfer is complete.
*ata -i!k Co!!ectio! 1de!tifiers (*-C1s)
>1
1rame Relay %K2s are identified to #T= end devices using Data Link)onnectiondentifiers
(DL)s)%
1!,erse AR0 (1AR0) is used to map a known #*24 to an 4% address.
-oca+ .a!a"eme!t 1!terface (-.1)
o Local 'anagement nterface (L'% is a signaling standard used between your
router and the first 1rame Relay switch.
o Seepalives : These verify that data is flowing.
&hree sta!dard -.1 si"!a+i!" formats :
o 2isco
o ($.4
o 4T38T
6rame Re+a' Co!"estio! Co!tro+
Three types of congestion bits
#iscard =ligibility /#=0
1orward =7plicit 2ongestion $otification /1=2$0
)ackward =7plicit 2ongestion $otification /)=2$0
*iscard E+i"i:i+it' (*E)
when you burst /transmit packets beyond the 24R of a %K20! any packets e7ceeding the 24R
are eligible to be discarded if the providers network is congested at the time. )ecause of this! the
e7cessive bits are marked with a Discard *ligibility
6orward Exp+icit Co!"estio! Notificatio! (6ECN)
:hen the 1rame Relay network recogniPes congestion in the cloud! the switch will set the
(or&ard *+plicit )ongestion !otification ((*)!) bit to 1 in a 1rame Relay packet header. This will
indicate to the destination #T= that the path the frame ?ust traversed is congested.
#ackward Exp+icit Co!"estio! Notificatio! (#ECN)
:hen the switch detects congestion in the 1rame Relay network! itll set the $ack&ard
*+plicit )ongestion !otification ($*)!) bit in a 1rame Relay frame thats destined for the source
router. This notifies the router that congestion is being encountered ahead.
>2
6rame7Re+a' 0oi!t7to70oi!t o,er 5)06 Co!fi"ratio!
-A#
/200A
RouterEenable
1+--(/config06iinterface 1-M-
1+--(/config8if06ip address 1-.-.-.1 2>>.-.-.-
1+--(/config8if06i!terface )0I0
1+--(/config8if06e!caps+atio! frame7re+a'
1+--(/config8if06i!terface )0I0%/00 0oi!t7to70oi!t
1+--(/config8subif06ip address 2-.-.-.1 2>>.-.-.-
1+--(/config8subif06no shutdown
1+--(/config8subif06frame7re+a' i!terface7d+ci /00
1+--(/config8if06i!terface )0I0%200 0oi!t7to70oi!t
1+--(/config8subif06frame7re+a' i!terface7d+ci 200
1+--(/config8if06i!terface )0I0%800 0oi!t7to70oi!t
1+--(/config8subif06frame7re+a' i!terface7d+ci 800
1+--(/config8subif06control I
1+--(/config06roter ospf /
>3
1+--(/config8router06!etwork /0%0%0%0 0%2((%2((%2(( area 0
1+--(/config8router06!etwork 20%0%0%0 0%2((%2((%2(( area 0
1+--(6sh ip route
1+--(6show frame8relay map
-.1 Co!fi"ratio!
1+--(6conf t
1+--(/config06interface .-M-
1+--(/config8if06frame8relay lmi8type cisco
@r
1+--(/config8if06frame8relay lmi8type ansi
@r
1+--(/config8if06frame8relay lmi8type c
1+--(/config8ig06control I
1+--(6sh ip route
1+--(6show frame8relay map
1+--(6show frame8relay pvc
1+--(6show frame8relay lmi
8600#
RouterEenable
3,--)/config06i!terface )/I0
3,--)/config8if06i!terface -oop:ack 0
3,--)/config8if06ip address (0%0%0%/ 2((%0%0%0
3,--)/config8if06i!terface )/I0
3,--)/config8if06e!caps+atio! frame7re+a'
3,--)/config8if06ip ospf !etwork poi!t7to7poi!t
3,--)/config8if06control I
3,--)6sh ip route
3,--)6configuration terminal
3,--)/config06roter ospf /
3,--)/config8router06network 2-.-.-.- -.2>>.2>>.2>> area -
3,--)/config8router06network >-.-.-.- -.2>>.2>>.2>> area -
3,--)6show frame8relay map
3,--)6conf t
3,--)/config06i!terface )/I0
3,--)/config8if06frame7re+a' +mi7t'pe cisco
@r
3,--)/config8if06frame7re+a' +mi7t'pe a!si
@r
3,--)/config8if06frame7re+a' +mi7t'pe c
3,--)/config8ig06control I
3,--)6sh ip route
>5
3,--)6show frame8relay map
3,--)6show frame8relay pvc
3,--)6show frame8relay lmi
8600C
RouterEenable
Router/config06hostname 3,--2
3,--2/config8if06interface *oopback -
3,--2/config8if06ip address ,-.-.-.1 2>>.-.-.-
3,--2/config8if06interface .-M-
3,--2/config8if06encapsulation frame8relay
3,--2/config8if06ip address 3-.-.-.2 2>>.-.-.-
3,--2/config8if06ip ospf network point8to8point
3,--2/config06router ospf 1
3,--2/config8router06network 3-.-.-.- -.2>>.2>>.2>> area -
3,--2/config8router06network ,-.-.-.- -.2>>.2>>.2>> area -
3,--26show frame8relay map
3,--26configuration terminal
3,--2/config06interface .-M-
3,--2/config8if06frame8relay lmi8type cisco
@r
3,--2/config8if06frame8relay lmi8type ansi
@r
3,--2/config8if06frame8relay lmi8type
3,--2/config8ig06control I
3,--26sh ip route
3,--26show frame8relay pvc
3,--26show frame8relay lmi
/200#
RouterEenable
Router/config06hostname 1+--)
1+--)/config06iinterface loopback -
1+--)/config8if06ip address +-.-.-.1 2>>.-.-.-
1+--)/config8if06interface .-M-
1+--)/config8if06encapsulation frame8relay
1+--)/config8if06ip address 5-.-.-.2 2>>.-.-.-
1+--)/config8if06ip ospf network point8to8point
1+--)/config06router ospf 1
1+--)/config8router06network 5-.-.-.- -.2>>.2>>.2>> area -
1+--)/config8router06network +-.-.-.- -.2>>.2>>.2>> area -
1+--)6show frame8relay map
1+--)6configuration terminal
1+--)/config06interface .-M-
>>
1+--)/config8if06frame8relay lmi8type cisco
@r
1+--)/config8if06frame8relay lmi8type ansi
@r
1+--)/config8if06frame8relay lmi8type
1+--)/config8ig06control I
1+--)6sh ip route
1+--)6show frame8relay map
1+--)6show frame8relay pvc
1+--)6show frame8relay lmi
8600A
RouterEenable
Router/config06hostname 3,--(
3,--(/config06frame8relay switching
3,--(/config06 interface .erial3M-
3,--(/config8if06encapsulation frame8relay
3,--(/config8if06frame8relay intf8type dce
8600A(co!fi"7if)L frame7re+a' +mi7t'pe cisco
3,--(/config8if06 frame8relay route 1-- interface .erial3M1 1-1
3,--(/config8if06clock rate ,5---
3,--(/config8if06 interface .erial3M1
3,--(/config8if06frame8relay route 1-1 interface .erial3M- 1--
3,--(/config8if06clockrate ,5---
3,--(/config8if06interface .erial3M2
3,--(/config8if06 interface .erial3M3
3,--(/config8if06clockrate ,5---
3,--(6show frame8relay lmi
3,--(6show frame8relay
3,--(6 show frame8relay pvc
3,--(6show frame8relay map
3,--(6
>,
6rame7Re+a' 0oi!t7to7.+tipoi!t o,er 5)06 Co!fi"ratio!
-A#
/200A
RouterEen
Router/config06ho
Router/config06hostname 1+--(
1+--(/config06interface f-M-
1+--(/config06interface s-M-
1+--(/config8if06encapsulation frame8relay
1+--(/config06interface s-M-
1+--(/config8if06ip ospf network point8to8multipoint
1+--(/config06router ospf 1
1+--(/config8router06network 1-.-.-.- -.2>>.2>>.2>> area -
1+--(/config8router06WI
1+--(6show ip ospf neighbors
1+--(6show ip ospf database
8600#
RouterEen
Router/config06hostname 3,--)
3,--)/config06interface loop back -
3,--)/config8if06ip address 3-.-.-.1 2>>.-.-.-
3,--)/config06interface s1M-
3,--)/config8if06encapsulation frame8relay
3,--)/config8if06ip address 2-.-.-.2 2>>.-.-.-
3,--)/config8if06ip ospf network point8to8multipoint
3,--)/config8if06WI
>+
3,--)/config06router ospf 1
3,--)6 show ip route
3,--)6 show frame8relay map
3,--)6 show frame8relay pvc
8600C
RouterEen
Router/config06hostname 3,--2
3,--2/config06interface loop back -
3,--2/config06interface s1M-
3,--2/config8if06encapsulation frame8relay
3,--2/config8if06ip ospf network point8to8multipoint
3,--2/config8if06WI
3,--2/config06router ospf 1
3,--26 show ip route
3,--26 show frame8relay pvc
8600A
RouterEen
Router/config06hostname 3,--(
3,--(/config06frame8relay switching
3,--(/config06interface s3M-
3,--(/config8if06frame8relay route 1-- interface s3M1 1-1
3,--(/config06interface s3M1
3,--(/config8if06frame8relay route 1-1 interface s3M1 1--
>D
3,--(6show frame8relay map
3,--(6show frame8relay pvc
2onfiguring a 1rame8Relay $etwork
-a: ReGireme!ts: To perform this lab you need at least 3 2isco routers. 4 used 5" three 2>-1Xs for
the endpoints and a 2>2- for the frame8relay switch! but pretty much anything will do. This lab does
not cover how to physically connect the routers and the hosts! but rather assumes you can tell by
looking at the diagram.
1rame relay is a layer 1 and 2 protocol used for :($ connection. 4t is used by many companies to
provide links between branch offices and the company headCuarters.
.et up the routerXs basic configuration /hostname! passwords! telnet access! etc.0 . &ere is our e7ample
network"
2@$14<3R4$< T&= 1R(F= R=*(9 .:4T2&
1irst we will configure the frame relay switch /in my lab the 2>2-0. 4t has links to all of the endpoints
via back8to8back serial cables. 4t will be the #2= for all connections.
.T=%1. 2hange the routerXs name to frame8switch
=nter configuration mode by using the following command"
Router6configure terminal
2hange the host name of the router to frame8switch by using the following command"
Router/config06 hostname frame8switch
frame8switch/config06
>A
.T=% 2. =nable the router to become a frame8relay switch
2onfigure the router to act as a frame relay switch by using the following command"
frame8switch/config06 frame8relay switching
.T=% 3. 2onfigure the frame relay switchXs interfaces
=nter interface configuration mode for the first connected serial interface! e.g. serial -"
frame8switch/config06 interface serial -
Remove the 4% address"
frame8switch/config8if06 no ip address
.et the clock rate to ,5---"
frame8switch/config8if06 clock rate ,5---
.et the encapsulation type to 1rame Relay"
frame8switch/config8if06 encapsulation frame8relay
.et the *F4 type to ($.4"
frame8switch/config8if06 frame8relay lmi8type ansi
.et the 1rame Relay interface type to dce"
frame8switch/config8if06 frame8relay intf8type dce
=nable the interface"
frame8switch/config8if06 no shutdown
Repeat the commands above for the other connected interfaces on the frame relay switch.
.T=% 5. 2onfiguring the end8point routers and their interfaces
2hange the host name of the router to 2>-18(! 2>-18)! or 2>-182! as shown in the network diagram
by using the following command"
Router/config06 hostname 2>-18(
=nter interface configuration mode for the connected serial interface"
2>-18(/config06 interface serial -
(ssign the 4% address as shown in the diagram /ie. for router 2>-18(! use 1-.1-.12.2 with subnet
2>>.2>>.2>>.25-0"
2>-18(/config8if06 ip address 1-.1-.12.2 2>>.2>>.2>>.25-
.et the encapsulation type to 1rame Relay"
2>-18(/config8if06 encapsulation frame8relay
.et the *F4 type to ($.4"
2>-18(/config8if06 frame8relay lmi8type ansi
,-
=nable the interface"
2>-18(/config8if06 no shutdown
Repeat the steps above for the other end8point routers.
.T=% >. Kerify your progress
@n the frame8switch! use the show interface command to verify the operation for all connected
interfaces. The output should be as following"
frame8switch6 show interface serial 1
.erial1 is up! line protocol is up
&ardware is 2#253- in sync mode
FT3 1>-- bytes! ): 11> Sbit! #*9 2---- usec!
reliability 2>>M2>>! t7load 1M2>>! r7load 1M2>>
=ncapsulation 1R(F=8R=*(9! loopback not set
Seepalive set /1- sec0
*F4 enC sent 52! *F4 stat recvd -! *F4 upd recvd -
*F4 enC recvd 55! *F4 stat sent 1! *F4 upd sent -! #2= *F4 up
*F4 #*24 - *F4 type is ($.4 (nne7 # frame relay #2=
1R .K2 disabled! *(%1 state down
)roadcast Cueue -M,5! broadcasts sentMdropped -M-! interface broadcasts -
*ast input --"--"-A! output --"--"-A! output hang never
*ast clearing of Yshow interfaceY counters --"1D"2A
4nput Cueue" -M+>M-M- /siPeMma7MdropsMflushes0Z Total output drops" -
Lueueing strategy" weighted fair
@utput Cueue" -M1---M,5M- /siPeMma7 totalMthresholdMdrops0
2onversations -M1M32 /activeMma7 activeMma7 total0
Reserved 2onversations -M- /allocatedMma7 allocated0
(vailable )andwidth D, kilobitsMsec
> minute input rate - bitsMsec! - packetsMsec
> minute output rate - bitsMsec! - packetsMsec
5> packets input! ,3- bytes! - no buffer
Received - broadcasts! - runts! - giants! - throttles
- input errors! - 2R2! - frame! - overrun! - ignored! - abort
55 packets output! ,1, bytes! - underruns
- output errors! - collisions! 3, interface resets
- output buffer failures! - output buffers swapped out
2A carrier transitions
#2#Oup #.ROup #TROup RT.Oup 2T.Oup
.T=% ,. 2onfigure #*24 mappings
$ow we need to configure the #*24 mappings for each interface by using the frame8relay route
command. The format for this command is"
frame8switch/config8if06 frame8relay route [input dlciE interface [output interfaceE [output dlciE
9ou need to configure the appropriate mappings on all the connected interface on the frame relay
switch. 1ollowing are the commands that need to be configured for our e7ample network.
frame8switch6configure terminal
,1
=nter configuration commands! one per line. =nd with 2$T*MI.
frame8switch/config06 interface serial 1
frame8switch/config8if06 frame8relay route 1-- interface s3 1-1
frame8switch/config8if06 interface serial 2
frame8switch/config8if06 frame8relay route 2-1 interface s3 2--
frame8switch/config8if06 interface serial 3
2TR*8I
.T=% +. Kerify configuration and connection
<o to one of the endpoints and look at the output of some of the Yshow frame8relayY commands. 9ou
can see the #*24 mappings have propagated to the endpoints. 9ou donXt need to set them up on the
endpoints! only on the switch.
#isplay the frame relay #*24 mappings by using the following command"
2>-18(6 show frame8relay map
.erial- /up0" ip 1-.1-.12.3 dlci 2-1/-72A!-73-A-0! dynamic!
broadcast!! status defined! active
.erial- /up0" ip 1-.1-.12.5 dlci 3-1/-712#!-75D#-0! dynamic!
broadcast!! status defined! active
#isplay the frame relay pvc statistics by using the following command"
2>-18(6 show frame8relay pvc
%K2 .tatistics for interface .erial- /1rame Relay #T=0
#*24 O 2-1! #*24 3.(<= O *@2(*! %K2 .T(T3. O (2T4K=! 4$T=R1(2= O .erial-
input pkts + output pkts , in bytes >D-
out bytes >>- dropped pkts 1 in 1=2$ pkts -
in )=2$ pkts - out 1=2$ pkts - out )=2$ pkts -
in #= pkts - out #= pkts -
pvc create time --"->"-3! last time pvc status changed --"-5"13
#*24 O 3-1! #*24 3.(<= O *@2(*! %K2 .T(T3. O (2T4K=! 4$T=R1(2= O .erial-
input pkts 1, output pkts , in bytes 111-
out bytes >>- dropped pkts - in 1=2$ pkts -
in )=2$ pkts - out 1=2$ pkts - out )=2$ pkts -
in #= pkts - out #= pkts -
pvc create time --"-5"5>! last time pvc status changed --"-5"3>
%ing the other two end8point routers from 2>-18("
,2
2>-18(6 ping 1-.1-.12.3
Type escape seCuence to abort.
.ending >! 1--8byte 42F% =choes to 1-.1-.12.3! timeout is 2 seconds" \\\\\
.uccess rate is 1-- percent />M>0! round8trip minMavgMma7 O ,-M,-M,- ms
2>-18(6 ping 1-.1-.12.5
Type escape seCuence to abort.
.ending >! 1--8byte 42F% =choes to 1-.1-.12.5! timeout is 2 seconds" \\\\\
.uccess rate is 1-- percent />M>0! round8trip minMavgMma7 O >,M>AM,- ms
(s you can see /if you configured everything correctly0 the end8point routers can communicate with
each other without a routing protocol or static routes being configured on the frame relay switch.
9ou can display the switc&ing table on the router by using the following command"
frame8switch6 show frame route
4nput 4ntf 4nput #lci @utput 4ntf @utput #lci .tatus
.erial1 1-- .erial3 1-1 active
.erial2 2-1 .erial3 2-- active
.a!a"i!" &raffic with Access -ists
(n access list is essentially a list of conditions that categoriPe packets.
They can be really helpful when you need to control over network traffic.
Fanage 4% traffic as network access grows.
1ilter packets as they pass through the router.
There are a few important rules that a packet follows when its being compared with an access list"
4ts always compared with each line of the access list in seCuential orderi.e.! itll always start
with the first line of the access list! then go to line 2! then line 3! and so on.
4ts compared with lines of the access list only until a match is made. @nce the packet matches
the condition on a line of the access list! the packet is acted upon! and no further comparisons
take place.
There is an implicit denyB at the end of each access listthis means that if a packet doesnt
match the condition on any of the lines in the access list! the packet will be discarded.
&wo mai! t'pes of access +ists
/% )ta!dard access +ists
These use only the source 4% address in an 4% packet as the condition test.
,3
(ll decisions are made based on source 4% address. This means that standard access lists basically
permit or deny an entire suite of protocols.
2% Exte!ded access +ists
=7tended access lists can evaluate many of the other fields in the
*ayer 3 and layer 5 headers of an 4% packet. They can evaluate source and destination 4% addresses!
the protocol field in the $etwork layer header! and port number at the Transport layer header. This
gives e7tended access lists the ability to make much more granular decisions when controlling traffic.
Named access +ists
Technically there really are only two since named access lists are either standard or e7tended and not
actually a new type. Theyre created and referred to differently than standard and e7tended access
lists. )ut theyre functionally the same.
Access -ist Co!fi"ratio! 3ide+i!es
(ccess list numbers indicate which protocol is filtered.
@ne access list per interface! per protocol! per direction is allowed.
The order of access list statements controls testing.
%lace the most restrictive statements at the top of list.
There is an implicit deny any statement as the last access list test. =very list needs at least one
permit statement.
2reate access lists before applying them to interfaces.
(ny time a new entry is added to the access list! it will be placed at the bottom of the list.
(ccess lists filter traffic going through the routerZ they do not apply to traffic originating from the
router.
9ou cannot remove one line from an access list. 4f you try to do this! you will remove the entire
list.
1!:o!d access +ists
:hen an access list is applied to inbound packets on an interface! those packets are processed
through the access list before being routed to the outbound interface. (ny packets that are denied
wont be routed because theyre discarded before the routing process is invoked.
5t:o!d access +ists
:hen an access list is applied to outbound packets on an interface!those packets are routed to
the outbound interface and then processed through the access list
before being Cueued.
Access7+ist t'pes are "e!era++' differe!tiated si!" a !m:er%
18AA 4% standard access list
1--81AA 4% e7tended access list
1---81-AA 4%R .(% access list
,5
11--811AA =7tended 5D8bit F(2 address access list
12--812AA 4%R summary address access list
13--81AAA 4% standard access list /e7panded range0
2--82AA %rotocol type8code access list
2---82,AA 4% e7tended access list /e7panded range0
3--83AA #=2net access list
,--8,AA (ppletalk access list
+--8+AA 5D8bit F(2 address access list
D--8DAA 4%R standard access list
A--8AAA 4%R e7tended access list
:ell8Snown T2% %ort $umbers
4n T2%M4% and 3#% networks! port is an endpoint to a logical connection and the way a client
program specifies a specific server program on a computer in a network. .ome ports have numbers the
are preassigned to them by the 4($( /4nternet (ssigned $umber in (uthority0! and these are known
as well8known prots /specifed R12 1+--0. %ort numbers range from - 8,>>3,.
)eria+
No
0ort
Nm:er
*escriptio!
--1 1 T2% %ort .ervice Fultiple7er /T2%F3R0
--2 > Remote ]ob =ntry
--3 + =2&@ echo
--5 A #4.2(R# discard
--> 13 #(9T4F= daytime
--, 1D F.% /Fessage .end %rotocol0
--+ 1A 2hargen character generator
--D 2- 1T% /1ile Transfer %rotocol0 J #ata
--A 21 1T% /1ile Transfer %rotocol0 J 2ontrol
-1- 23 T=*$=T
-11 2> .FT% /.imple Fail Tranfer %rotocol0
-12 2A F.< 42%
-13 3+ T4F=
-15 52 &ost $ame .erver
-1> 53 :ho4s $ickname
-1, 5A *ogin &ost %rotocol M T(2 (ccess 2ontrol .ystem
-1+ >3 #$. /#omain $ame .erver0
-1D ,A T1T% /Trival 1ile Transfer %rotocol0
-1A +- <opher .ervices
-2- +1 1inger
-21 D- &TT% /&ypher Te7t Transfer %rotocol0
-22 1-1 $42 &ost $ame .erver
-23 1-3 R.5-- .tandard
-25 1-A %@% 2 /%ost @f %rotocol Kersion 20
-2> 11- %@% 3 /%ost @f %rotocol Kersion 30
-2, 111 .un Remote %rocedure 2all sunrpc
-2+ 113 4dent %rotocol ident
-2D 11> .1T% /.imple 1ile Transfer %rotocol0
-2A 11D .L* .ervices
-3- 11A $$T% /$etwork $ews Transport %rotocol0
-31 13+ $et)4@. $ame .ervice
-32 13A $et)4@. #atagram .ervice
-33 153 4F(% /4nterim Fail (ccess %rotocol0
-35 1>- $et)4@. .ession .ervice
,>
-3> 1>, .L* .erver
-3, 1,1 .$F% /.$F%0
-3+ 1+A )<% /)order <ateway %rotocol0
)eria+
No
0ort
Nm:er
*escriptio!
-3D 1A- <(2% /<ateway (ccess 2ontrol %rotocol0
-3A 1A5 4nternet Relay 2hat irc
-5- 1A+ #*. /#irectory *ocation .ervice0
-51 3DA *#(% /*ightweight #irectory (ccess %rotocol0
-52 3A, $ovell $etware @ver 4%
-53 553 &TT%. /&TT%.0
-55 555 .$%% /.imple $etwork %aging %rotocol0
-5> 55> Ficrosoft J #.
-5, 55D (pple Luick Time
-5+ >12 =R=2 e7ec
-5D >13 *@<4$ rlogin
-5A >15 R2F# /Remote 2ommand0
->- >1> 4%# %rinter .ervice
->1 >5- 332% /3ni78to83ni7 2opy %rogram0
->2 >53 S*@<4$ /Serberos *ogin0
->3 >55 S.&=** /Serberos .hell0
->5 >5, #&2% J 2lient
->> >5+ #&2% /#&2%0 J .erver
->, >,3 .$=:.
->+ >,A F.$
->D 1-D- .@2S.
->A
-,-
)ta!dard access +ists Co!fi"ratio!
/200A
RouterEenable
,,
1+--(/config06line vty - 5
1+--(/config8line06password 123
1+--(/config8line06enble secret
1+--(/config8line06login
1+--(/config8line06e7it
1+--(6show ip route
1+--(/config06access8list 1- deny 3-.-.-.3 -.-.-.- /standard access8list range 18AA0
/we want to deny this 4% only .-!wildcard mask -.-.-.- 0
1+--(/config06access8list 1- permit any /access to telnet others 4%0
1+--(/config06line vty - 5 /inform to telnet0
1+--(/config8line06access8class 1- in /enble0
1+--(/config8line06no access8class 1- in /disable0
1+--(/config8line06control I
1+--(6show ip access8list
/200#
RouterEenable
1+--)6show ip route
,+
Exte!ded access +ists Co!fi"ratio!
/200A
RouterEenable
1+--(6show ip route
1+--(/config06access8list 1-- deny tcp 3-.-.-.2 -.-.-.- 1-.-.-.2 -.-.-.- eC 21
3-.-.-.2 8 .ource 4% (ddress
1-.-.-.2 8 #estination 4% (ddress
=L 21 8 =Cual 21 /218 1T% %ort no.!0
1-- 8 =7tended access8list range 1--81AA
1+--(/config06access8list 1-- permit ip any any
(ny 8 without 3-.-.-.2 to access all
(ny 8 with 1-.-.-.2 to access all
1+--(/config06interface 1-M-
1+--(/config8if06ip access8group 1-- out /@utbound interface0
1+--(6show ip access8list
,D
/200#
RouterEenable
1+--)6show ip route
Exte!ded access +ists Co!fi"ratio!
/200A
RouterEenable
,A
1+--(6show ip route
1+--(/config06access8list 1-- deny tcp 3-.-.-.3 -.-.-.- 1-.-.-.- -.2>>.2>>.2>> eC D-
or
1+--(/config06access8list 1-- deny tcp host 3-.-.-.3 1-.-.-.- -.2>>.2>>.2>> eC D-
1+--(/config06access8list 1-- deny tcp host3-.-.-.5 1-.-.-.2 -.-.-.- eC 21
or
1+--(/config06access8list 1-- deny tcp 3-.-.-.5 -.-.-.- 1-.-.-.2 -.-.-.- eC D-
or
1+--(/config06access8list 1-- deny tcp host 3-.-.-.5 1-.-.-.2 -.-.-.- eC D-
1+--(/config06access8list 1-- permit ip any any
1+--(/config8if06ip access8group 1-- out /which interface we want to configure .-M-0
or
1+--(/config8if06interface .-M-
1+--(/config8if06ip access8group 1-- in /which interface we want to configure 1-M-0
1+--(6
/200#
RouterEenable
1+--)6show ip route
1+--)/config06access8list 1AA deny icmp 1-.-.-.2 -.-.-.- 3-.-.-.- -.2>>.2>>.2>> echo
1+--)/config06access8list 1AA permit ip any any
1+--)/config8if06ip access8group 1AA in
+-
1+--)6show ip access8list
Network Address &ra!s+ator (NA&)
This is used when a end userXs network only needs to have a few addresses
available to access the <lobal 4nternet.
( table is created on the router that lists XinsideX local addresses to XinsideXglobal addresses which are
the legal 4% addresses.
This mapping can be done statically or via the use of a dynamic pool of available legal addresses.
1ollowing are a number of different ways to implement $(T"
)tatic Address &ra!s+atio!
This is where one8to8one mapping is carried out between inside
local and outside global addresses.
*'!amic )orce Address &ra!s+atio!
This is where individual addresses within a pool of global addresses are dynamically mapped
to local addresses.
NA& operatio! is i++strated i! the fo++owi!" dia"ram:

6or :oth static a!d d'!amic NA& the process occrs as fo++ows:
(n inside station connects to an outside station.
:hen the first packet arrives from the inside station the router checks the $(T table.
+1
4f no static match has been found the router carries out a translation of the inside address to an
outside address from the available pool of outside addresses by replacing the address. The
resultant mapping is saved as a Xsimple entryX.
The outside station receives the packet and replies to the outside address given by the $(T table.
The router carries out a lookup in its table of inside to outside address mappings and forwards the
packet to the station with the inside address.
The packet is received and the rest of the conversation uses the $(T table.
Address 5,er+oadi!" (0A&)
.ometimes called %ort (ddress Translation /%(T0! this is where each client uses the same 4%
address but uses a different port. ( good e7ample is access to a web server.3sers from a private
address! say in the 1-.-.-.- network! have their individual addresses translated to ?ust one legal 4%
address but separate port numbers between 1-25 and ,>>3>.
They can all have separate conversations with a web server having ?ust one address and
destination port of D- /&TT%0. This applies ?ust as well if one user has several sessions with the same
web server! the different port numbers distinguish the sessions.
&he process operates as fo++ows:
(n inside station connects to an outside station.
:hen the first packet arrives from the inside station the router checks the $(T table.
4f no static match has been found the router carries out a translation
of the inside address to an outside address from the available pool of outside addresses by
replacing the address. The resultant mapping is saved as an Xe7tended entryX. 4f other inside
addresses wants to connect to outside stations then the same 4% address is used but a different
T2% port is utilised to distinguish the conversations.
The outside station receives the packet and replies to the outside address
given by the $(T table.
The router carries out a lookup in its table of inside to outside address and port mappings and
forwards the packet to the station with the inside address.
The packet is received and the rest of the conversation uses the $(T table.
)tatic NA& Co!fi"ratio!
+2
/200A
RouterEenable
1+--(/config06ip route -.-.-.- -.-.-.- 2-.-.-.2
1+--(/config06e7it
1+--(6show ip route
1+--(6config t
1+--(/config06ip nat inside source static 1-.-.-.2 2-.-.-.1
1+--(/config8if06ip nat inside
1+--(/config8if06ip nat outside
1+--(6debug ip nat ;
1+--(6show ip nat translation
/200#
RouterEenable
+3
*'!amic NA& Co!fi"ratio! (o%k)
-A#
Fa?or $etwork 4# in *($ 1-.-.-.- M D
$eed ,2 4%s 2
,
O ,5 J 2 O ,2
Network 6 #its

1-.
$4# 8 1-.-.-.,5
1&4# 8 1-.-.-.,>
*&4# 8 1-.-.-.12,
)24# 8 1-.-.-.12+
.ubnetmask J 2>>.2>>.2>>.1A2
4.% %rovided 4# 2--.2--.2--.- M 25
+5
12D ,5 32 1, D 5 2 1 12D ,5 32 1, D 5 2 1 12D ,5 32 1, D 5 2 1
$eed , 4%s 2
3
O D J 2 O ,
Network 8 #its
2--. 2--. 2--.
$4# 8 2--.2--.2--.D
1&4# 8 2--.2--.2--.A
*&4# 8 2--.2--.2--.15
)24# 8 2--.2--.2--.1>
.ubnetmask J 2>>.2>>.2>>.25D
/200A
RouterEenable
1+--(/config8if06ip address /0%0%0%64 2((%2((%2((%/42
1+--(/config06ip route -.-.-.- -.-.-.- 2-.-.-.2
1+--(/config06e7it
1+--(6show ip route
1+--(6config t
1+--(/config06access8list permit 1 1-.-.-.,5 -.-.-.,3
1+--(/config06ip nat pool 22$( 2--.2--.2--.A 2--.2--.2--.15 netmask 2>>.2>>.2>>.25D
1+--(/config06ip nat inside source list 1 pool 22$(
1+--(6debug ip nat
1+--(6show ip nat translation
/200#
RouterEenable
1+--)/config06ip route 200%200%200%0 2((%2((%2((%0 20%0%0%/
1+--)/config06e7it
1+--)6show ip route
+>
12D ,5 32 1, D 5 2 1
*'!amic Nat
Router1Eenable
Router1/config06interface 1ast =thernet -M-
Router1/config8if06ip address 1-.1--.1.1 2>>.-.-.-
Router1/config8if0 6 $o shut
Router1/config8if06e7it
Router1/config06interface serial -M-
Router1/config8if06ip address 2-.1.1.1 2>>.-.-.-
Router1/config8if0 6 2lock rate ,5---
Router1/config064p route 11.-.-.- 2>>.-.-.- 2-.1.1.2
Router1/config06(ccess8list 1 permit /0%/00%/%/ 0%0%0%2((
Router1/config064p nat pool 22$( 2-.1.1.> 2-.1.1.1- netmask 2>>.-.-.-
Router1/config06 4p nat inside source list 1 pool 22$(
Router1/config8if06 4p nat outside
Router1/config8if06 =7it
F 0/0
10.100.1.1
11.100.1.1
F0/0
20.1.1.1
S0/0
11.100.1.2 10.100.1.2
10.100.1.3
SERVER
Network ID 10.0.0.0/8
20.1.1.2
S0/0
ISP
Network ID 11.0.0.0/8
Pc1 Pc2
+,
Router1/config8if06 4p nat inside
Router1/config8if06 =7it
Router2Eenable
Router2/config8if06ip address 11.1--.1.1 2>>.-.-.-
Router2/config8if06ip address 2-.1.1.2 2>>.-.-.-
Router2/config8if0 6 2lock rate ,5---
Router2/config064p route 1-.-.-.- 2>>.-.-.- 2-.1.1.1
Testing the .tatic $(T! #ynamic $(T N %(T
.erverEping 1-.1--.1.2
Ficrosoft :indows R% TKersion >.1.2,--U
/20 2opyright 1AD>82--1 Ficrosoft 2orp. ^)efore 2onfiguring $(T in Router1_
2"Eping 1-.1--.1.2
%inging 1-.1--.1.2 with 32 bytes of data"
Reply from 1-.1--.1.2" bytesO32 timeO1ms TT*O,5
Reply from 1-.1--.1.2" bytesO32 time[1ms TT*O,5
%ing statistics for 1-.1--.1.2"
%ackets" .ent O 5! Received O 5! *ost O - /-` loss0!
(ppro7imate round trip times in milli8seconds"
Finimum O -ms! Fa7imum O 1ms! (verage O -ms
serverEtracert 1-.1--.1.2
Tracing route to 1-.1--.1.2 over a ma7imum of 3- hops"
1 >2 ms 5- ms 5- ms 11.1--.1.1
2 >, ms D3 ms D- ms 2-.1.1.1
3 1AA ms 1>2 ms 1,5 ms 1-.1--.1.2
^(fter 2onfiguring $(T in Router1_
.erverEping 1-.1--.1.2
Ficrosoft :indows R% TKersion >.1.2,--U
/20 2opyright 1AD>82--1 Ficrosoft 2orp. ^(fter 2onfiguring $(T in Router1_
++
2"Eping 1-.1--.1.2
%inging 1-.1--.1.2 with 32 bytes of data"
Reply from 2-.1.1.>" bytesO32 timeO1ms TT*O,5
Reply from 2-.1.1.>" bytesO32 time[1ms TT*O,5
%ing statistics for 1-.1--.1.2"
%ackets" .ent O 5! Received O 5! *ost O - /-` loss0!
(ppro7imate round trip times in milli8seconds"
Finimum O -ms! Fa7imum O 1ms! (verage O -ms
serverEtracert 1-.1--.1.2
Tracing route to 1-.1--.1.2 over a ma7imum of 3- hops"
1 >2 ms 5- ms 5- ms 11.1--.1.1
2 >, ms D3 ms D- ms 2-.1.1.1
3 1AA ms 1>2 ms 1,5 ms 2-.1.1.>
0A& (0ort Address &ra!s+atio!) Co!fi"ratio!(o%k)
-A#
/200A
RouterEenable
+D
1+--(/config06ip route -.-.-.- -.-.-.- 2-.-.-.2
1+--(/config06access8list 1 permit 1-.-.-.- -.2>>.2>>.2>
1+--(/config06ip nat inside source list 1interface .-M- overload
:hy we configured %(T! private network communicate to public network.)ecause %rivate 4%
is non8routable addresses.
4n remote network to communicate public addresses to configure %ort forwarding following
command.
1+--(/config06ip nat inside source static tcp 1-.-.-.2 21 2-.-.-.1 21 e7tendable
1+--(/config06ip nat inside source static tcp 1-.-.-.2 D- 2-.-.-.1 D- e7tendable
1-.-.-.2 8 which machine communicate to the network
2-.-.-.2 8 which public ip to access
21 8 1T% port number
D- 8 &TT% port number
=7tendable 8 continue
&ow to check;
4n remote machine /whatever network0
ftp"MM2-.-.-.1M /which file we want to download;0
http"MM2-.-.-.1Mshalom.html
/200#
RouterEenable
9i"h7-e,e+ *ata7-i!k Co!tro+ (9*-C)
The &igh8*evel #ata8*ink 2ontrol /&#*20 protocol is a popular 4.@8standard! bit8oriented
#ata *ink layer protocol.
4t specifies an encapsulation method for data on synchronous serial data links using frame
characters and checksums.
&#*2 is a point8to8point protocol used on leased lines. $o authentication can be used with
&#*2.
&#*2 is the default encapsulation used by 2isco routers over synchronous serial links.
+A
2iscos &#*2 is proprietaryit wont communicate with any other vendors &#*2
implementation.
=ach vendor has a different way for the &#*2 protocol to encapsulate multiple $etwork layer
protocols.
Cisco 9*-C frame format
0oi!t7to70oi!t 0rotoco+ (000)
o %oint8to8%oint %rotocol /%%%0 is a #ata *ink layer protocol that can be used over either
asynchronous serial /dial8up0 or synchronous serial /4.#$0 media.
o 4t uses the *2% /*ink 2ontrol %rotocol0 to build and maintain data8link connections.
o $etwork 2ontrol %rotocol /$2%0 is used to allow multiple $etwork layer protocols /routed
protocols0 to be used on a point8to8point connection.
o The basic purpose of %%% is to transport layer 3 packets across a #ata *ink layer point8to8point
link.
000 co!tai!s for mai! compo!e!ts:
E1AI&1A72827CB <%24B <%8(B a!d 1)*N 7 ( %hysical layer international standard for serial
communication.
9*-C 7 ( method for encapsulating datagrams over serial links.
-C0 7 ( method of establishing! configuring! maintaining! and terminating the point8to8point
connection.
NC0 7 ( method of establishing and configuring different $etwork layer protocols. $2% is
designed to allow the simultaneous use of multiple $etwork layer protocols. .ome e7amples of
protocols here are 4%2% /4nternet %rotocol 2ontrol %rotocol0 and 4%R2% /4nternetwork %acket
=7change 2ontrol %rotocol0.
D-
0rotoco+ stack compared to the 5)1 refere!ce mode+
4t is important to understand that the %%% protocol stack is specified at the %hysical and #ata
*ink layers only.
$2% is used to allow communication of multiple $etwork layer protocols by
encapsulating the protocols across a %%% data link.
-i!k Co!tro+ 0rotoco+ (-C0) Co!fi"ratio! optio!s
*ink 2ontrol %rotocol /*2%0 offers different %%% encapsulation options including the following
Athe!ticatio!
This option tells the calling side of the link to send information that can identify the user. The
two methods are %(% and 2&(%.
Compressio!
This is used to increase the throughput of %%% connections by compressing the data or payload
prior to transmission. %%% decompresses the data frame on the receiving end.
Error detectio!
%%% uses Luality and Fagic $umber options to ensure a reliable! loop8free data link.
.+ti+i!k
.tarting in 4@. version 11.1! multilink is supported on %%% links with 2isco routers. This
option allows several separate physical paths to appear to be one logical path at layer 3. 1or e7ample!
two T1s running multilink %%% would appear as a single 3Fbps path to a layer 3 routing protocol.
000 ca++:ack
%%% can be configured to call back after successful authentication. :ith callback enabled! a
calling router /client0will contact a remote router /server0 and authenticate as described in the previous
section. )oth routers must be configured for the callback feature. @nce authentication is completed!
the remote router will terminate the connection and then re8initiate a connection to the calling router
from the remote router.
000 )ssio! Eta:+ishme!t
D1
000 )essio! Esta:+ishme!t
1. *ink establishment %hase
2. (uthentication %hase /optional0
3. $etwork *ayer %rotocol %hase
-i!k7esta:+ishme!t phase
*2% packets are sent by each %%% device to configure and test the link. These packets contain
a field called the 2onfiguration @ption that allows each device to see the siPe of the data! compression!
and authentication. 4f no 2onfiguration @ption field ispresent! then the default configurations are used.
Athe!ticatio! phase
4f reCuired! either 2&(% or %(% can be used to authenticate a link. (uthentication takes place
before $etwork layer protocol information is read. 4t is possible that link8Cuality determination may
occur at this same time.
Network +a'er protoco+ phase
%%% uses the Network 'ontrol "rotocol (N'"% to allow multiple $etwork layer protocols to be
encapsulated and sent over a %%% data link. =ach $etwork layer protocol /e.g.! 4%! 4%R! (ppleTalk!
which are routed protocols0 establishes a service with $2%.
000 Athe!ticatio! .ethods
There are two methods of authentication that can be used with %%% links"
1. %assword (uthentication %rotocol /%(%0
2. 2hallenge &andshake (uthentication %rotocol /2&(%0
0assword Athe!ticatio! 0rotoco+ (0A0)
The "assword Aut&entication "rotocol ("A"% is the less secure of the two methods. %asswords
are sent in clear te7t! and %(% is only performed upon the initial link establishment. :hen the %%%
link is first established! the remote node sends back to the originating router the username and
password until authentication is acknowledged.
Cha++e!"e 9a!dshake Athe!ticatio! 0rotoco+ (C9A0)
The '&allenge Hands&ake Aut&entication "rotocol ('HA"% is used at the initial startup of a
link and at periodic checkups on the link to make sure the router is still communicating with the same
host. (fter %%% finishes its initial link8establishment phase! the local router sends a challenge reCuest
to the remote device. The remote device sends a value calculated using a one8way hash function called
F#>. The local router checks this hash value to make sure it matches. 4f the values dont match! the
link is immediately terminated.
D2
0A0 (0assword Athe!ticatio! 0rotoco+) Co!fi"ratio! (5%M)
/200A
RouterEenable
1+--(/config06username 22$( password 123 /#estination username and %assword0
1+--(/config06interface )eria+ )0I0
1+--(/config8if06enacapsulation %%%
1+--(/config8if06%%% authentication %(%
1+--(/config8if06%%% %(% sent8username 22.% password 123 /.ource user and password0
D3
1+--(/config8router06network 1-.-.-.-
1+--(6show ip route
1+--(6debug %%% authentication
1+--(6config t
1+--(/config8if06shoutdown
1+--(6
HFar > -1"->"-+.,+1" `*4$S8383%#@:$" 4nterface .erial-M-! changed state to up
HFar > -1"->"-+.,+1" .e-M- %%%" 3sing default call direction
HFar > -1"->"-+.,+1" .e-M- %%%" Treating connection as a dedicated line
HFar > -1"->"-+.,+1" .e-M- %%%" .ession handleT31-----,U .ession idT,U
HFar > -1"->"-+.,+1" .e-M- %%%" (uthoriPation reCuired
HFar > -1"->"-+.,+A" .e-M- %(%" 3sing hostname from interface %(%
HFar > -1"->"-+.,+A" .e-M- %(%" 3sing password from interface %(%
H.ar ( 0/:0(:02%624: )e0I0 0A0: 5 A@&97REN id 8 +e! /8 from OccspO
H.ar ( 0/:0(:02%688: )e0I0 0A0: 1 A@&97REN id 8 +e! /8 from Occ!aO
HFar > -1"->"-+.,D3" .e-M- %(%" (uthenticating peer ccna
HFar > -1"->"-+.,D+" .e-M- %%%" .ent %(% *@<4$ ReCuest
HFar > -1"->"-+.,D+" .e-M- %%%" Received *@<4$ Response %(..
HFar > -1"->"-+.,A1" .e-M- %%%" .ent *2% (3T&@R ReCuest
HFar > -1"->"-+.,A1" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar > -1"->"-+.,A1" .e-M- *2%" Received ((( (3T&@R Response %(..
HFar > -1"->"-+.,A1" .e-M- 4%2%" Received ((( (3T&@R Response %(..
H.ar ( 0/:0(:02%64(: )e0I0 0A0: 5 A@&97ACM id 8 +e! (
H.ar ( 0/:0(:02%64(: )e0I0 0A0: 1 A@&97ACM id 8 +e! (
HFar > -1"->"-+.,AA" .e-M- %%%" .ent 2#%2% (3T&@R ReCuest
HFar > -1"->"-+.,AA" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar > -1"->"-+.+-3" .e-M- 2#%2%" Received ((( (3T&@R Response %(..
HFar > -1"->"-+.+5+" `.9.8>82@$14<'4" 2onfigured from console by console
HFar > -1"->"-D.+-1" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
changed state to up
4nterface serial shutdown! to see a state up or down the two authentications displayed in screen
/200#
RouterEenable
1+--)/config06username 22.% password 123 /#estination username and %assword0
1+--)/config8if06encapsulation %%%
D5
1+--)/config8if06%%% authentication %(%
1+--)/config8if06%%% %(% sent8username 22$( password 123 /.ource user and password0
1+--)/config8router06network 2-.-.-.-
1+--)/config8router06WI
1+--)6show ip route
1+--)6debug %%% authentication
1+--)6
changed state to down
HFar 1 13"--"31.3-1" `*4$S8383%#@:$" 4nterface .erial-M-! changed state to up
HFar 1 13"--"31.3-1" .e-M- %%%" 3sing default call direction
HFar 1 13"--"31.3-1" .e-M- %%%" Treating connection as a dedicated line
HFar 1 13"--"31.3-1" .e-M- %%%" .ession handleT((-----5U .ession idT3U
HFar 1 13"--"31.3-1" .e-M- %%%" (uthoriPation reCuired
HFar 1 13"--"31.313" .e-M- %(%" 3sing hostname from interface %(%
HFar 1 13"--"31.313" .e-M- %(%" 3sing password from interface %(%
H.ar / /8:00:8/%8/8: )e0I0 0A0: 5 A@&97REN id 8 +e! /8 from Occ!aO
H.ar / /8:00:8/%8/2: )e0I0 0A0: 1 A@&97REN id 8 +e! /8 from OccspO
HFar 1 13"--"31.31+" .e-M- %(%" (uthenticating peer ccsp
HFar 1 13"--"31.321" .e-M- %%%" .ent %(% *@<4$ ReCuest
HFar 1 13"--"31.321" .e-M- %%%" Received *@<4$ Response %(..
HFar 1 13"--"31.321" .e-M- %%%" .ent *2% (3T&@R ReCuest
HFar 1 13"--"31.32>" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar 1 13"--"31.32>" .e-M- *2%" Received ((( (3T&@R Response %(..
HFar 1 13"--"31.32>" .e-M- 4%2%" Received ((( (3T&@R Response %(..
H.ar / /8:00:8/%824: )e0I0 0A0: 5 A@&97ACM id 8 +e! (
H.ar / /8:00:8/%824: )e0I0 0A0: 1 A@&97ACM id 8 +e! (
HFar 1 13"--"31.32A" .e-M- %%%" .ent 2#%2% (3T&@R ReCuest
HFar 1 13"--"31.333" .e-M- 2#%2%" Received ((( (3T&@R Response %(..
HFar 1 13"--"31.333" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar 1 13"--"32.331" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
changed state to up
C9A0 (Cha++e!"e 9a!dshake Athe!ticatio! 0rotoco+) Co!fi"ratio!
D>
/200A
RouterEenable
1+--(/config06username 1+--) password 123 /#estination username and password0
1+--(/config06interface )eria+ )0I0
1+--(/config8if06enacapsulation %%% /(uthentication %rotocol0
1+--(/config8if06%%% authentication 2&(%
1+--(6show ip route
1+--(6config t
1+--(/config8if06
HFar > 15">3"53.22>" `*4$S8>82&($<=#" 4nterface .erial-M-! changed state to adm
inistratively down
HFar > 15">3"55.22+" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
HFar > 15">3"5,.32," `*4$S8383%#@:$" 4nterface .erial-M-! changed state to up
HFar > 15">3"5,.32," .e-M- %%%" 3sing default call direction
HFar > 15">3"5,.32," .e-M- %%%" Treating connection as a dedicated line
HFar > 15">3"5,.32," .e-M- %%%" .ession handleT#+----3)U .ession idT,1U
HFar > 15">3"5,.32," .e-M- %%%" (uthoriPation reCuired
H.ar ( /4:(8:46%888: )e0I0 C9A0: 5 C9A--EN3E id (2 +e! 26 from O/200AO
H.ar ( /4:(8:46%842: )e0I0 C9A0: 1 C9A--EN3E id (2 +e! 26 from O/200#O
HFar > 15">3"5,.35," .e-M- 2&(%" 3sing hostname from unknown source
HFar > 15">3"5,.35," .e-M- 2&(%" 3sing password from (((
H.ar ( /4:(8:46%846: )e0I0 C9A0: 5 RE)05N)E id (2 +e! 26 from O/200AO
H.ar ( /4:(8:46%8(0: )e0I0 C9A0: 1 RE)05N)E id (2 +e! 26 from O/200#O
HFar > 15">3"5,.3>5" .e-M- %%%" .ent 2&(% *@<4$ ReCuest
HFar > 15">3"5,.3>5" .e-M- %%%" Received *@<4$ Response %(..
HFar > 15">3"5,.3>D" .e-M- %%%" .ent *2% (3T&@R ReCuest
HFar > 15">3"5,.3>D" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar > 15">3"5,.3>D" .e-M- *2%" Received ((( (3T&@R Response %(..
HFar > 15">3"5,.3,2" .e-M- 4%2%" Received ((( (3T&@R Response %(..
H.ar ( /4:(8:46%862: )e0I0 C9A0: 5 )@CCE)) id (2 +e! 4
D,
H.ar ( /4:(8:46%866: )e0I0 C9A0: 1 )@CCE)) id (2 +e! 4
HFar > 15">3"5,.3,," .e-M- %%%" .ent 2#%2% (3T&@R ReCuest
HFar > 15">3"5,.3+-" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar > 15">3"5,.3+-" .e-M- 2#%2%" Received ((( (3T&@R Response %(..
HFar > 15">3"5+.3,D" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
changed state to up
/200#
RouterEenable
1+--)/config06username 1+--( password 123 /#estination username and password0
1+--)/config06interface )eria+ )0I0
1+--)/config8if06enacapsulation %%% /(uthentication %rotocol0
1+--)/config8if06%%% authentication 2&(%
1+--)6show ip route
1+--(6config t
1+--)6
HFar 2 --"23"21.>52" `*4$S8383%#@:$" 4nterface .erial-M-! changed state to down
HFar 2 --"23"22.>55" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
HFar 2 --"23"25.,53" `*4$S8383%#@:$" 4nterface .erial-M-! changed state to up
HFar 2 --"23"25.,53" .e-M- %%%" 3sing default call direction
HFar 2 --"23"25.,53" .e-M- %%%" Treating connection as a dedicated line
HFar 2 --"23"25.,53" .e-M- %%%" .ession handleT,#----3=U .ession idT,1U
HFar 2 --"23"25.,53" .e-M- %%%" (uthoriPation reCuired
H.ar 2 00:28:24%6(/: )e0I0 C9A0: 5 C9A--EN3E id (2 +e! 26 from O/200#O
H.ar 2 00:28:24%6((: )e0I0 C9A0: 1 C9A--EN3E id (2 +e! 26 from O/200AO
HFar 2 --"23"25.,>A" .e-M- 2&(%" 3sing hostname from unknown source
HFar 2 --"23"25.,>A" .e-M- 2&(%" 3sing password from (((
H.ar 2 00:28:24%6(4: )e0I0 C9A0: 5 RE)05N)E id (2 +e! 26 from O/200#O
H.ar 2 00:28:24%662: )e0I0 C9A0: 1 RE)05N)E id (2 +e! 26 from O/200AO
HFar 2 --"23"25.,,+" .e-M- %%%" .ent 2&(% *@<4$ ReCuest
HFar 2 --"23"25.,+1" .e-M- %%%" Received *@<4$ Response %(..
HFar 2 --"23"25.,+1" .e-M- %%%" .ent *2% (3T&@R ReCuest
D+
HFar 2 --"23"25.,+>" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar 2 --"23"25.,+>" .e-M- *2%" Received ((( (3T&@R Response %(..
HFar 2 --"23"25.,+>" .e-M- 4%2%" Received ((( (3T&@R Response %(..
H.ar 2 00:28:24%624: )e0I0 C9A0: 5 )@CCE)) id (2 +e! 4
H.ar 2 00:28:24%624: )e0I0 C9A0: 1 )@CCE)) id (2 +e! 4
HFar 2 --"23"25.,+A" .e-M- %%%" .ent 2#%2% (3T&@R ReCuest
HFar 2 --"23"25.,D3" .e-M- 2#%2%" Received ((( (3T&@R Response %(..
HFar 2 --"23"25.,D3" .e-M- %%%" .ent 4%2% (3T&@R ReCuest
HFar 2 --"23"2>.,D1" `*4$=%R@T@8>83%#@:$" *ine protocol on 4nterface .erial-M-!
changed state to up
Redistri:tio! of E13R0 a!d 5)06 Co!fi"ratio!
/200A
RouterEenable
1+--(/config06router eigrp 1--
1+--(6show ip route
8600A
RouterEenable
DD
3,--(/config06interface .3M-
3,--(/config8if06ip address 2-.-.-.2 2>>.-.-.-
3,--(/config8if06interface .3M1
3,--(/config06router eigrp 1--
3,--(/config8router06network 2-.-.-.-
3,--(/config8router06router ospf 1
3,--(/config8router06network 3-.-.-.- -.2>>.2>>.2>> area -
3,--(/config8router06e7it
3,--(/config06router eigrp 1--
3,--(/config8router06redistribute ospf 1 metric 1 1 - 1 1 /=4<R% have band!loadG.!0
3,--(/config8router06redistribute eigrp 1-- metric 1 subnet /ospf have a wildcard mask0
3,--(/config8router06WI
3,--(6show ip route
/200#
RouterEenable
Redistri:tio! of R10 a!d E13R0 Co!fi"ratio!
/200A
RouterEenable
DA
1+--(6show ip route
8600A
RouterEenable
3,--(/config8router06router eigrp 1--
3,--(/config8router06redistribute eigrp 1-- metric 1/metric 1 have a rip hop count0
3,--(/config8router06router eigrp 1--
3,--(/config8router06redistribute rip metric 1 1 - 1 1 /bandwidth!delay!load!reliability!FT3!0
3,--(6show ip route
/200#
RouterEenable
A-
1+--)/config0router eigrp 1--
Redistri:tio! of R10 a!d 5)06 Co!fi"ratio!
/200A
RouterEenable
1+--(6show ip route
8600A
RouterEenable
A1
3,--(/config8router06network 3-.-.-.- -.2>>.2>>.2>> area -
3,--(/config8router06redistribute ospf 1 metric 1/metric 1 have a rip hop count0
3,--(/config8router06redistribute rip metric 1 subnet /because ospf have a wildcard mask0
3,--(6show ip route
/200#
RouterEenable
A2
6!dame!ta+s of )witchi!"
)>1&C9
-AN )e"me!tatio!
4n a collision domain! a frame sent by a device can cause collision with a frame sent by another
device in the same collision domain. Foreover! a device can hear the frames destined for any device
in the same collision domain.
4n a broadcast domain! a broadcast frame sent by a device can be received by all other devices
in the same broadcast domain.
( *($ segment or an =thernet network segment consists of the devices connected with a
coa7ial cable or a hub. The devices are in the same collision domain.
Ether!et co!"estio! pro:+em
=thernet congestion problem occurs when too many devices are connected to the same
=thernet network segment! such that the high network bandwidth utiliPation increases the possibility
of collision! which causes degradation of network performance.
-AN se"me!tatio!
*($ segmentation solves the congestion problem by breaking the network into separate
segments or collision domains using bridges! switches or routers /but not hub s or repeaters0. *($
segmentation can reduce the number of collisions in the network and increase the total bandwidth of
the network /e.g. 1- Fbps for one segment! 2- Fbps for two segments! 3- Fbps for three segments!
and so on0.
80I20 r+e
The D-M2- rule should be used when designing how to segment a network! i.e. D-` or more
data traffic should be on the local network segment while 2-` or less data traffic should cross
network segments.
A3
-a'er 2 )witchi!"
*ayer J 2 switching is hardware based! which means it uses the F(2 address from the host $42
card to filter the network traffic.
*ayer 2 switch can be considered as multi port bridge.
*ayer 2 switches are fast because they do not look at the network layer header information! instead
it looks at the frames hardware address before deciding to either forward the frame or drop it.
-a'er 2 )witchi!" 0ro,ides the 6o++owi!" :
V &ardware based bridging
V :ire speed
V *ow latency
V *ow cost.
-imitatio!s of -a'er 2 )witchi!"
:ith bridge the connected networks are still one large broadcast domain.
*ayer 2 switch cannot break the broadcast domain! this cause performance issue which limits the siPe
of your network.
1or this one reason the switch cannot completely replace routers in the internetwork.
#rid"i!" ,Is -AN )witchi!"
*ayer 2 switches are ?ust bridges with more ports! however there are some important differences.
)ridges are software based. :hile switches are hardware based because they use (.42 /(pplication
.pecific 4ntegrated 2ircuit0 chip that help make filtering decisions.
-AN )witchi!"
11 Address +ear!i!" J learning the F(2 addresses of the connected devices to build the bridge
table.
11 6orward a!d fi+ter decisio! J forwarding and filtering frames based on the bridge table
entries and the bridge logic.
11 -oop a,oida!ce J avoiding network loop by using .panning Tree %rotocol
( bridge or switch maintains a forwarding table /also known as bridge table or F(2 address table0
which maps destination physical addresses with the interfaces or ports to forward frames to the
addresses.
( bridge or switch builds a bridge table by learning the F(2 addresses of the connected devices.
:hen a bridge is first powered on! the bridge table is empty. The bridge listens to the incoming frames
and e7amines the source F(2 addresses of the frames. 1or e7ample! if there is an incoming frame
with a particular source F(2 address received from a particular interface! and the bridge does not
A5
have an entry in its table for the F(2 address! an entry will be created to associate the F(2 address
with the interface.
The default aging time for an entry in a bridge table is 3-- seconds /> minutes0. 4t means that an entry
will be removed from the bridge table if the bridge has not heard any message from the concerned host
for > minutes.
A**RE)) -EARN1N3
9ow )witches -ear! Addresses

Exami!i!" the 6orwardI6i+ter 0rocess
A>

( bridge or switch forwards or filters a frame based on the following logic"
1. 4f the destination F(2 address of the frame is the broadcast address /i.e.1111.1111.11110 or
a multicast address! the frame is forwarded out all interfaces!e7cept the interface at which the
frame is received.
2. 4f the destination F(2 address is an unicast address and there is no associated entry in the
bridge table! the frame is forwarded out all interfaces! e7cept the interface at which the frame is
received.
3. 4f there is an entry for the destination F(2 address in the bridge table! and the associated
interface is not the interface at which the frame is received! the frame is forwarded out that
interface only.
5. @therwise! drop the frame.
#roadcast a!d .+ticast 6rames
A,
V )roadcast and multicast frames do not have a destination address specified.
V The source address will always be the hardware address of the device transmitting the frame!
and the destination address will either be all 1s which is a broadcast.
V :ith the network or subnet address specified and the host address all 1s are multicast.
eg" 2>>.2>>.2>>.2>> /broadcast0
1+2.1,.2>>.2>> /multicast0
o Fulticast sends the frame to a certain network or subnet and all hosts within that
network or subnet.
o broadcast of all 1s sends the frame to all networks and hosts.

&here are three t'pes of switchi!" method"
)tore7a!d7forward switchi!"
The entire frame is received and the 2R2 is computed and verified before forwarding the
frame.
4f the frame is too short /i.e. less than ,5 bytes including the 2R20! too long /i.e. more than
1>1D bytes including the 2R20! or has 2R2 error! it will be discarded.
4t has the lowest error rate but the longest latency for switching. &owever! for high8speed
network /e.g. 1ast =thernet or <igabit =thernet network0! the latency is not significant.
4t is the most commonly used switching method! and is supported by most switches.
Ct7thro"h switchi!" /also known as 6ast 6orward switchi!" )
( frame is forwarded as soon as the destination F(2 address in the header has been received
/the 1st , bytes following the preamble0.
4t has the highest error rate /because a frame is forwarded without verifying the 2R2 and
confirming there is no collision0 but the shortest latency for switching.
6ra"me!t7free switchi!" / .odified Ct7thro"h switchi!" 0
( frame is forwarded after the first ,5 bytes of the frame have been received. .ince a collision
can be detected within the first ,5 bytes of a frame! fragment8free switching can detect a frame
corrupted by a collision and drop it.Therefore! fragment8free switching provides better error checking
than cut8through switching.
The error rate of fragment8free switching is above store8and8forward switching and below cut8
through switching.
The latency of fragment8free switching is shorter than store8and8 forward switching and longer
than cut8through switching.
N5&E:
A+
)ridges only support store8and8forward switching. Fost new switch models also use store8
and8forward switching.
&owever! it should be noted that 2isco 1A-- switches use fragment8free switching by default.
Red!da!t &opo+o"' 5,er,iew

J Redundant topology eliminates single points of failure.
J Redundant topology causes broadcast storms! multiple frame copies! and F(2 address
table instability problems.
#roadcast )torms

AD
V &ost R sends a broadcast.
V .witches continue to propagate broadcast traffic over and over.
.+tip+e 6rame Copies

&ost R sends a unicast frame to router 9.
F(2 address of router 9 has not been learned by either switch yet.
Router 9 will receive two copies of the same frame.
.AC *ata:ase 1!sta:i+it'

AA
V &ost R sends a unicast frame to router 9.
V F(2 address of router 9 has not been learned by either switch.
V .witches ( and ) learn the F(2 address of host R on port -.
V The frame to router 9 is flooded.
V .witches ( and ) incorrectly learn the F(2 address of host R on port 1.
)pa!!i!"7&ree 0rotoco+ 5,er,iew
)pa!!i!"7&ree 0rotoco+

V %rovides a loop8free redundant network topology by placing certain ports in the blocking state.
.panning Tree %rotocol )asics
.panning Tree %rotocol or .T% /4=== D-2.1d0 is used to solve the looping problem.4t runs on
bridges and switches in a network. 4t implements a .panning Tree (lgorithm /.T(0! which
calculates a loop8free topology for the network.
.T% ensures that there is only one active path between any two network segments by blocking
the redundant paths. ( redundant path is used only when the corresponding active path failed.
4t is not used for load8balancing.
)ecause .T% solves the looping problem by blocking one or more links in a network! the
frames traveling between some source M destination devices may not be able to use the shortest
physical path.
)ridges e7change .T% information using messages called )ridge %rotocol #ata 3nits
/)%#3s0 through *ayer 2 multicast.
1--
A 0ort of #rid"e r!!i!" )&0 ca! :e i! o!e of the fo++owi!":
)tate
9a!d+i!" of #*@s -ear!i!" .AC
addresses
9a!d+i!" of
frames
*isa:+ed
/(dministratively
#own)
#oesnot receive
)%#3s
#oes not learn
(ddresses
#iscards frames
received
#+ocki!"
/default state when a
)ridge is powered on0
Receives )%#3s #oes not learn
addresses
#iscards frames
received
-iste!di!"
/a blocking port goes
Through this state before
entering the learning state0
Receives and
1orwards )%#3s
#oes not learn
addresses
#iscards frames
received
-ear!i!"
/a listening port goes
through this state before
entering the forwarding
state0
Receives and
1orwards )%#3s
*earns addresses #iscards frames
received
6orwardi!"
/all ports in the forwarding
state belong to the current
spanning tree.0
Receives and
1orwards )%#3s
*earn addresses Receives and
forwards frames
)y default! the transition from the blocking state to the listening state takes 2- seconds
/Fa7(ge time0! from the listening state to the learning state takes 1> seconds /1wd#lay time0! and
from the listening state to the forwarding state takes another 1> seconds /1wd#lay time0. The whole
process takes (0 seco!ds
)pa!!i!"7&ree 5peratio!
V @ne root bridge per network
V @ne root port per nonroot bridge
V @ne designated port per segment
V $ondesignated ports

( spanning tree consists of a root bridge! which likes the root of a living tree. There is only one
root bridge in the whole switched network. There is a single path from the root bridge /root0 to each
network segment /leaf0. The paths form the spanning tree of the network. The bridges place the
1-1
interfaces on the spanning tree in the forwarding state! and the interfaces not on the spanning tree in
the blocking state.
=ach bridge has an D8byte )ridge 4#! which is the concatenation of the priority /28byte0and the
F(2 address /, byte0 of the bridge. The default priority of a device is 32!+,D.
The bridge with the lowest bridge 4# is elected as the root bridge.
The root path cost of a bridge /i.e. cost of the path from the bridge to the root bridge0 is the
accumulated cost of the links along the root path. The cost of a link is determined by its bandwidth.
The following default costs are used for different types of links"
-i!k )peed New 1EEE Cost 5ri"i!a+ 1EEE Cost
1-<bps 2 1
1<bps 5 1
1--Fbps 1A 1-
1-Fbps 1-- 1--
4n a spanning tree! the ports of a non8root bridge can be classified as follows"
Root port
The root port of a bridge is the port that is the closest to the root bridge in terms of path cost.
The path cost can be calculated based on the information stored in the )%#3s sent by the root bridge.
*esi"!ated port
1or each physical network segment! the bridge with the lowest cost to the root bridge is
elected as the desi"!ated :rid"e of that segment. 4f two or more bridges have the same cost to the
root bridge! the bridge with the lowest bridge 4# is elected. The designated bridge puts the port
connected to that segment in the forwarding state. This port is known as a desi"!ated port. 1or those
segments that are directly connected to the root bridge! the root bridge is their designated bridge.
)pa!!i!"7&ree 0rotoco+ Root #rid"e )e+ectio!

V )pdu O )ridge %rotocol #ata 3nit
/default O sent every two seconds0
V Root bridge O )ridge with the lowest bridge 4#
1-2
V )ridge 4# O )ridge %riority N F(2 addresses
V 4n the e7ample! which switch has the lowest bridge 4#;
)pa!!i!"7&ree 0ort )tates (Co!t%)
)pa!!i!"7&ree Examp+e

#0*@ ; )&0 -o"ic
There are two types of )%#3s. They are"
2onfiguration )%#3
Topology 2hange $otification /T2$0 )%#3
The root bridge sends a 2onfiguration )%#3 /or &ello )%#30 out each interface periodically /every
2 seconds! by default0. =ach bridge forwards the )%#3 to the other bridges downstream after
updating several fields in the )%#3! including the cost from this bridge to the root bridge. (s long as
1-3
such )%#3s are received periodically! a bridge knows that the path to the root bridge is still working.
@therwise! it needs to update its spanning tree.
( Co!fi"ratio! #0*@ is 3> bytes long and contains the following information"
0rotoco+ 1* /2 bytes0 and <ersio! /1 byte0.
.essa"e t'pe /1 byte0 J 2onfiguration )%#3 or T2$ )%#3.
6+a" /1 byte0 J 4t contains a topology change /T20 bit and a topology
change acknowledgement /T2(0 bit.
Root :rid"e 1* /D bytes0 J )ridge 4# of the root bridge.
Root path cost /5 bytes0 J 2ost of the path from the sender bridge
/the bridge forwarding the )%#30 to the root bridge.
)e!der :rid"e 1* /D bytes0.
0ort 1* /2 bytes0 of the port forwarding the )%#3.
.essa"e A"e /2 bytes0 in 1M2>, second.
The time elapsed since the root bridge sent the original )%#3 that this )%#3 is based on.
.
9e++o time /2 bytes0 in 1M2>, second.
. The time interval between )%#3s is sent from the root bridge.
. The default &ello interval is 2 seconds.
.axA"e time /2 bytes0 in 1M2>, second.4f a new )%#3 is not received before the Fa7(ge timer
e7pires! the )%#3 information is considered invalid and the bridge will try to update the .T%
topology.
4n other words! it is the time interval reCuired for a port /on the alternate path0 to transit from the
blocking state to the listening state.&he defa+t .axA"e is 20 seco!ds%
6orward *e+a' time /fwddlay0 /2 bytes0 in 1M2>, second.The time interval for a port to move
from the listening state to the learning state. 4t is also the time interval for a port to move from the
learning state to the forwarding.&he defa+t forward
de+a' time i!ter,a+ is /( seco!ds%
&CN #0*@ :
( Topology 2hange $otification /T2$0 )%#3 is sent out when a bridge detects that a port in
the forwarding state is going down or a port is moving to the forwarding state /e.g.the port is enabled
by the administrator0. The bridge will send T2$ )%#3s out of its root port towards the root bridge at
every &ello interval until it is acknowledged. ( T2$ )%#3 is only 5 bytes long! which includes
protocol 4#! version field! and message type field. 4t virtually contains no information.
:hen a non8root bridge receives a T2$ )%#3! it will forward the )%#3 upstream towards
the root bridge. 4t will also set the T2( bit in the ne7t 2onfiguration )%#3 going downstream. The
2onfiguration )%#3 notifies the downstream bridge that the T2$ )%#3 has been received so that it
can stop sending out T2$ )%#3s.
:hen the root bridge receives a T2$ )%#3! it will send out a 2onfiguration )%#3 with the
T2( bit set! ?ust like a non8root bridge. 4n addition! the T2 bit of the )%#3 will also be set to notify
all the bridges in the network that there is a topology change. The T2 bit will be set by the root bridge
for a certain period of time
/Fa7(ge a 1wddlay0.
1-5
:hen a bridge receives a )%#3 with the T2 bit set! it will shorten the aging time of its bridge
table entries from the default of 3-- seconds to the 1orward #elay time.
Therefore the entries will be timed out Cuickly and the bridge will learn the topology of
the new spanning tree.
<-AN 5peratio! 5,er,iew
( Kirtual *($ /K*($0 is a broadcast domain created based on the functional! security! or other
reCuirements! instead of the physical locations of the devices! on a switch or across switches. :ith
K*($s! a switch can group different interfaces into different broadcast domains. :ithout K*($s! all
interfaces of a switch are in the same broadcast domainZ switches connected with each other are also in
the same broadcast domain! unless there is a router in between.
#ifferent ports of a switch can be assigned to different K*($s. ( K*($ can also span multiple
switches.
The advantages of implementing K*($ are"
. 4t can group devices based on the reCuirements other than their physical
locations.
. 4t breaks broadcast domains and increases network throughput.
. 4t provides better security by separating devices into different K*($s.
. .ince each K*($ is a separate broadcast domain! devices in different K*($s
cannot listen or respond to the broadcast traffic of each other.
. 4nter8K*($ communication can be controlled by configuring access control
lists on the router or *ayer 3 switch connecting the K*($s.
K*($s can be configured using one of the following two methods"
)tatic <-AN
(ssigning K*($s to switch ports based on the port !m:ers.
4t is easier to set up and manage.
*'!amic <-AN
(ssigning K*($s to switch ports based on the .AC addresses of the
devices connected to the ports.
( K*($ management application is used to set up a database of F(2 addresses! and
configure the switches to assign K*($s to the switch ports dynamically based on the F(2 addresses
of the connected devices. The application used by 2isco switches is called <-AN .a!a"eme!t
0o+ic' )er,er /KF%.0.
2isco switches support a separate instance of spanning tree and a separate bridge table for each
K*($.
1->
A <-AN P A #roadcast *omai! P -o"ica+ Network ():!et)
<-AN 5peratio!
V =ach logical K*($ is like a separate physical bridge.
V K*($s can span across multiple switches.
V Trunks carry traffic for multiple K*($s.
V Trunks use special encapsulation to distinguish between different K*($s.
<-AN .em:ership .odes
1-,

<-AN &r!ki!"
There are two different types of links in a switched network"
Access +i!k
( link that is part of only one K*($. Therefore! a port connecting to an access link can be a
member of only one K*($.
&r!k +i!k
( 1-- Fbps or 1--- Fbps point8to8point link that connects switches or routers! and carries
frames of different K*($s.Therefore! a port connecting to a trunk link can be a member of multiple
K*($s. (ll K*($s are configured on a trunk link by default.
<-AN &r!ki!"! by making use of frame tagging! allows traffic from different K*($s to transmit
through the same =thernet link /trunk link0 across switches.
K*($ Trunking identifies the K*($ from which a frame is sent by tagging the frame with the source
<-AN 1* //27:it +o!"0. This feature is known as frame ta""i!" or frame ide!tificatio!.
:ith frame tagging! a switch knows which ports it should forward a broadcast frame /forward out the
ports which have the same K*($ 4# as the source K*($ 4#0. 4t also knows which bridge table it
should use for forwarding an unicast frame /since a separate bridge table is used for each K*($0.
( frame tag is added when a frame is forwarded out to a trunk link! and is removed when the frame is
forwarded out to an access link. Therefore! any device attached to an access link is unaware of its
K*($ membership%
Cisco switches spport two tr!ki!" protoco+s:
1!ter7switch -i!k (1)-)
. 4t is a 2isco proprietar' K*($ trunking protocol and can only be used between
2isco switches or switches supporting 4.*.
. 4t encapsulates a frame by an 4.* header and trailer.
. (n 1)- header is 2, bytes long and contains the 128bit K*($ 4#! F(2
addresses of the sending and the receiving switch! and some other information.
1-+
. (n 1)- trai+er is 5 bytes long and contains the 2R2 of the frame.
. 4t supports a separate instance of spanning tree for each K*($ by using a 2isco
proprietary feature called 0er7<-AN )pa!!i!" &ree /%K.Ta0. #ifferent
instances of spanning tree allow the .T% parameters of different K*($s to be
configured independently. 1or e7ample! we can break a network loop by
blocking different links for different K*($s instead of blocking the same link for
all K*($s! so that the available bandwidth can be used more efficiently.
1EEE 802%/G
. 4t is the 4=== standard trunking protocol.
. 4t inserts a 47:'te header to the middle of the original =thernet header. The
D-2.1C header contains the 128bit K*($ 4# and some other information.
=thernet frame without D-2.1L header
#estination
(ddresses
/, bytes0
.ource
addresses
/, bytes0
Type
/2 bytes0
#ata
/5,81>--bytes0
12.
/5 bytes0
=thernet frame with D-2.1L header
#estination
(ddresses
/, bytes0
.ource
addresses
/, bytes0
D-2.1L
header
/5 bytes0
Type
/2 bytes0
#ata
/5,81>--bytes0
12.
/5 bytes0
Recalculation of the 12. is reCuired after the insertion of the D-2.1C header as the original
header has been changed.
4t did not support a separate instance of spanning tree for each K*($ originally.
&owever! 2isco switches can use 0<)&F with D-2.1C to support this feature.
4=== has also defined a new specification called 802%/)! which can be used with D-2.1C to support
multiple instances of spanning tree.
4t defines one K*($ as the !ati,e <-AN. 4t does not insert D-2.1C header into
the frames sent from the native K*($ over a trunk link. The default native
*($ is <-AN /.
.ince D-2.1C is defined as a type of =thernet frame! it does not reCuire that every
device on a link understands D-2.1C. )y defining a trunk port as a member of
the native K*($! any =thernet device /even if it does not understand D-2.1C0
connected to the trunk port can read frames for the native K*($.
)oth sides of a trunk link must agree on which K*($ is used as the native
K*($. @therwise! the trunk will not operate properly.
802%/N &r!ki!"
1-D
1mporta!ce of Nati,e <-ANs
802%/N 6rame
1-A
0er7<-AN )pa!!i!" &ree
1)- &a""i!"
11-
1)- E!caps+atio!
<&0 0rotoco+ 6eatres
o ( messaging system that advertises K*($ configuration information
o Faintains K*($ configuration consistency throughout a common administrative domain
o .ends advertisements on trunk ports only
111
<&0 .odes
)er,er
V 2reates K*($s
V Fodifies K*($s
V #eletes K*($s
V .endsMforwards
advertisements
V .ynchroniPes
V .aved in $KR(F
C+ie!t
V 1orwards
advertisements
V .ynchroniPes
V $ot saved in
$KR(F
&ra!spare!t
V 2reates K*($s
V Fodifies K*($s
V #eletes K*($s
V 1orwards
advertisements
V #oes not
synchroniPe
V .aved in $KR(F
<&0 5peratio!
V KT% advertisements are sent as multicast frames.
V KT% servers and clients are synchroniPed to the latest revision number.
V KT% advertisements are sent every > minutes or when there is a change.
112

<&0 0r!i!"
V 4ncreases available bandwidth by reducing unnecessary flooded traffic
V =7ample" .tation ( sends broadcast! and broadcast is flooded only toward any switch with
ports assigned to the red K*($

113
)witch 1!ter <-AN(<irta+ -oca+ Area Network) Co!fi"ratio!
/200A
RouterEenable
1+--(/config8if06no ip addresses
1+--(/config8if06interface 1-M-.1/sub interface creation0
1+--(/config8subif06encapsulation #ot1L 1 /encapsulation type0
1+--(/config8subif06ip address 1A2.1,D.1-.1+ 2>>.2>>.2>>.25-
1+--(/config8subif06interface 1-M-.2
1+--(/config8subif06encapsulation #ot1L 2
1+--(/config8subif06ip address 1A2.1,D.1-.33 2>>.2>>.2>>.25-
1+--(/config8subif06interface 1-M-.3
1+--(/config8subif06encapsulation #ot1L 3
1+--(/config8subif06ip address 1A2.1,D.1-.5A 2>>.2>>.2>>.25-
1+--(/config8subif06WI
1+--(6show ip route
8((0 )witch
.witchEen
.witch6config t
.witch/config06host name 3>>-
3>>-/config06interface vlan 1
3>>-/config8if06ip address 1A2.1,D.1-.1 2>>.2>>.2>>.-
3>>-/config8if06no shutdown
3>>-/config8if06e7it
3>>-/config06ip default gateway 1A2.1,D.1-.1+
115
3>>-/config06interface 1-M1
3>>-/config8if06description connection 1+--(
3>>-/config8if06interface 1-M2
3>>-/config8if06description connection 3>,-
3>>-/config06interface 1-M1 /Through Router0
3>>-/config8if06switch port trunk encapsulation dot1L
3>>-/config8if06switch port mode trunk
3>>-/config06interface 1-M2 /Through .witch0
3>>-/config8if06switch port trunk encapsulation dot1L
3>>-/config8if06switch port mode trunk
3>>-/config06vtp mode server
3>>-/config06vtp domain 22.%
3>>-/config8if06WI
3>>-6show interface trunk
3>>-6config t
3>>-/config06vlan 3
3>>-/config8vlan06name sales
3>>-/config8vlan06WI
3>>-6show vlan
3>>-/config06interface 1-M>
3>>-/config8if06switchport mode access
3>>-/config8if06switch port access vlan 3
3>>-/config06interface 1-M,
3>>-/config8if06switchport mode access
3>>-/config8if06switch port access vlan 3
3>>-/config8if06WI
3>>-6show vlan
3>>-6show interface trunk
8(60 )witch
.witchEen
.witch6config t
.witch/config06hostname 3>,-
3>,-/config06interface 1-M2
3>,-/config8if06description connection to 3>>-
3>,-/config8if06e7it
3>,-/config06inter vlan 1
3>,-/config8if06ip address 1A2.1,D.1-.2 2>>.2>>.2>>.-
3>,-/config8if06no shutdown
3>,-/config8if06e7it
3>,-/config06ip default gateway 1A2.1,D.1-.1+
3>,-/config8if06switch8port trunk encapsulation dot1L
3>,-/config8if06switch8port modetrunk
3>,-/config06vtp mode client
3>,-/config06vtp domain 22.%
3>,-/config8if06WI
3>,-6show interface trunk
3>,-6show vtp status
3>,-6config t
3>,-/config06vlan 2
11>
3>,-/config8vlan06name production
3>,-/config8vlan06WI
3>,-6show vlan
3>,-/config8if0switch8port mode access vlan 2
3>,-/config8if06switch8port access vlan 2
3>,-/config8if0switch8port mode access vlan 2
3>,-/config8if06switch8port access vlan 2
3>,-/config8if06WI
3>,-6show spanning tree
3>,-6show interface trunk
3>,-6show vtp status
3>,-6show vlan
<irta+ 0ri,ate Networks (<0N)
( $irtual pri$ate network ()"N% allows the creation of private networks across the 4nternet!
enabling privacy and tunneling of non8T2%M4% protocols.
K%$s are used to give remote users and dis?ointed networks connectivity over a public
medium like the 4nternet instead of using more e7pensive permanent means.
:hat is a K%$;
K%$ is a generictermthatdescribesanycombinationoftechnologiesthatcanbeusedtosecure
a connection through an otherwise unsecured or untrusted network.
&'pes of <0Ns
Types of K%$s are named based upon the role they play in a business. There are three different
categories of K%$s"
Remote access <0Ns
*emote access )"Ns allow remote users like telecommuters to securely access the corporate
network wherever and whenever they need to.
)ite7to7site <0Ns
!ite-to-site )"Ns! or i!tra!et <0Ns! allow a company to connect its remote sites to the
corporate backbone securely over a public medium like the 4nternet instead of reCuiring more
e7pensive :($ connections like 1rame Relay.
Extra!et <0Ns
Extranet )"Ns allow an organiPations suppliers! partners! and customers to be connected to
the corporate network in a limited way for business8to8business /)2)0 communications.
<0N Compo!e!ts: )ecrit'
Seys
.ecret code that the encryption algorithm uses to create a uniCue version of
cipher8te7t
D8bits keys O 2>, combinations or two to the eighth power
1,8bits keys O ,>!>3, combinations or two to the 1,th power
>,8bits keys O +2!->+!>A5!-3+!A2+!A-- or two to the >,th power
1,D8bits keys G
11,
Remote Access <irta+ 0ri,ate Network
Remote Access <0N 6eatres
o Remote (ccess K%$s provide communications between a corporate network and remote andMor
mobile employees.
o !trong aut&entication is critical to verify remote and mobile users identities as accurately and
efficiently as possible.
o Remote (ccess K%$s reCuire centrali+ed management.
o Remote (ccess K%$s reCuire a high degree of scalability to handle the vast number of remote
users accessing the K%$.
1!tra!et <irta+ 0ri,ate Network
11+
Remote Access <0N 6eatres
o Remote (ccess K%$s provide communications between a corporate network and remote andMor
mobile employees.
o !trong aut&entication is critical to verify remote and mobile users identities as accurately and
efficiently as possible.
o Remote (ccess K%$s reCuire centrali+ed management.
o Remote (ccess K%$s reCuire a high degree of scalability to handle the vast number of remote
users accessing the K%$.
Extra!et <irta+ 0ri,ate Network
Extra!et <0N 6eatres
o =7tranet K%$s are between a company and its strategic partners! customers and suppliers.
o =7tranet K%$s reCuire an open, standards-based solution to ensure interoperability. The
accepted standard for 4nternet8based K%$s is the 4nternet %rotocol .ecurity T4%.ecU standard.
o =7tranet K%$s use traffic control to eliminate bottlenecks at network access points and
guarantee swift delivery of and rapid response times for critical data.
1our of the most common tunneling protocols in use"
-a'er 2 6orwardi!" (-26)
-ayer . #orwarding (-.#% is a Cisco7proprietar' tunneling protocol! and it was their first
tunneling protocol created for virtual private dial8up networks /K%#$s0. K%#$ allows a device to use
a dial8up connection to create a secure connection to a corporate network. *21 was later replaced by
*2T%! which is backward compatible with *21.
0oi!t7to70oi!t &!!e+i!" 0rotoco+ (00&0)
"oint-to-"oint /unneling "rotocol (""/"% was created by Ficrosoft to allow the secure
transfer of data from remote networks to the corporate network
.
11D
-a'er 2 &!!e+i!" 0rotoco+ (-2&0)

-ayer . /unneling "rotocol (-./"% was created by 2isco and Ficrosoft to replace *21 and
%%T%. *2T% merged the capabilities of both *21 and %%T% into one tunneling protocol.
3e!eric Roti!" E!caps+atio! (3RE)

0eneric *outing Encapsulation (0*E% is another 2isco8proprietary tunneling protocol. 4t
forms virtual point8to8point links! allowing for a variety of protocols to be encapsulated in 4% tunnels.
1!trodctio! of C1)C5 15) 10sec
4%.ec is an industry8wide standard suite of protocols and algorithms that allows for secure data
transmission over an 4%8based network that functions at the layer 3 network layer of the @.4
model.
4%.ec cant be used to encrypt non84% traffic. This means that if you run into a situation where
you have to encrypt non84% traffic! youll need to create a <R= tunnel for it and then use 4%.ec
to encrypt that tunnel
10 )ec &ra!sforms
(n 1"!ec transform specifies a single security protocol with its corresponding security
algorithmZ without these transforms! 4%.ec wouldnt be able to give us its glory.
4ts very important to understand the security protocols and the supporting encryption and
hashing algorithms that 4%.ec relies upon.
)ecrit' 0rotoco+s
&he two primar' secrit' protoco+s sed :' 10)ec :
(uthentication &eader /(&0
=ncapsulating .ecurity %ayload /=.%0
Athe!ticatio! 9eader (A9)
The (& protocol provides authentication for the data and the 4% header of a packet using a
one8way hash for packet authentication.
>orki!" mecha!ism "
The sender generates a one8way hashZ then the receiver generates the same one8way hash. 4f
the packet has changed in any way! it wont be authenticated and will be dropped. .o basically! 4%.ec
relies upon (& to guarantee authenticity. (& checks the entire packet! but it doesnt offer any
encryption services.
E!caps+ati!" )ecrit' 0a'+oad (E)0)
=.% will provide confidentiality! data origin authentication! connectionless integrity! anti8replay
service! and limited traffic8flow confidentiality by defeating traffic flow analysis.
6or compo!e!ts of E)0:
11A
Co!fide!tia+it' :
2onfidentiality is provided through the use of symmetric encryption algorithms like #=. or
3#=.. 2onfidentiality can be selected separately from all other services! but the confidentiality
selected must be the same on all endpoints of your K%$.
*ata ori"i! athe!ticatio! a!d co!!ectio!+ess i!te"rit' :
#ata origin authentication and connectionless integrity are ?oint services offered as an option in
con?unction with the likewise optional confidentiality.
A!ti7rep+a' ser,ice :
9ou can only use the anti8replay service if data origin authentication is selected. (nti8replay
election is based upon the receiver! meaning the service is effective only if the receiver checks the
seCuence number. 4n case you were wondering! a replay attack is when a hacker nicks a copy of an
authenticated packet and later transmits it to the intended destination. :hen the duplicate!
authenticated 4% packet gets to the destination! it can disrupt services and other ugly stuff. The
!e2uence Number field is designed to foil this type of attack.
&raffic f+ow :
1or traffic flow confidentiality to work! you have to have tunnel mode selected. (nd its most
effective if its implemented at a security gateway where tons of traffic amasses a situation that can
mask the true source8destination patterns of bad guys trying to breach your networks security.
<irta+ 0ri,ate Network (<0N) )ite7to7)ite Co!fi"ratio!
12-
/200A
RouterEen
Router6config t
1+--(/config06crypto isakmp enble
/4nternet security (rchitecture key management protocol0
1+--(/config06crypto isakmp policy 1- /18 1---- %olicy number0
1+--(/config8isakmp06authentication pre8share
1+--(/config8isakmp06encryption 3des
1+--(/config8isakmp06hash sha /authentication for between hacks0
1+--(/config8isakmp06group > /integrity checking0
1+--(/config8isakmp6e7it
1+--(/config06crypto isakmp key 24.2@ address 2-.-.-.2 /#estination address0
1+--(/config06crypto ipsec transform8set 2- esp83des esp8sha8hmac ah8sha8hmac
1+--(/config8crypto8trans06e7it
1+--(/config06access8list 1-- permit ip 1-.-.-.- -.2>>.2>>.2>> 3-.-.-.- -.2>>.2>>.2>>
1+--(/config06crypto map ((( 1- ipsec8isakmp /1- J %olicy number0
1+--(/config8cryptomap06match address 1--
1+--(/config8cryptomap06set peer 2-.-.-.2 /#estinaion address0
1+--(/config8cryptomap06set transform8set 2- /2- J Transform name0
1+--(/config8cryptomap06set pfs group > /%erfect forward security0
1+--(/config8cryptomap06e7it
1+--(/config8if06crypto map ((( /:hich int.! we want to start encryption0
1+--(/config8if06WI
1+--(6show ip route
1+--(6config t
121
1+--(6ping 3-.-.-.1
1+--(6show crypto isakmp sa
1+--(6show crypto ipsec sa

protected vrf" /none0
local ident /addrMmaskMprotMport0" /1-.-.-.-M2>>.-.-.-M-M-0
remote ident /addrMmaskMprotMport0" /3-.-.-.-M2>>.-.-.-M-M-0
current'peer 2-.-.-.2 port >--
%=RF4T! flagsO^origin'is'acl!_
6pkts encaps" 13! 6pkts encrypt" 13! 6pkts digest" 13
6pkts decaps" 13! 6pkts decrypt" 13! 6pkts verify" 13
6pkts compressed" -! 6pkts decompressed" -
6pkts not compressed" -! 6pkts compr. failed" -
6pkts not decompressed" -! 6pkts decompress failed" -
6send errors 2! 6recv errors -
local crypto endpt." 2-.-.-.1! remote crypto endpt." 2-.-.-.2
path mtu 1>--! ip mtu 1>--! ip mtu idb .erial-M-
current outbound spi" -7)1#332+3/321D2A1D2+0
i!:o!d esp sas:
spi: 0x48(2#8(#(242/444(24)
tra!sform: esp78des esp7sha7hmac B
in use settings O^Tunnel! _
conn id" 2--1! flow'id" 1! crypto map" aaa
sa timing" remaining key lifetime /kMsec0" /5>-+,>+M35>50
4K siPe" D bytes
replay detection support" 9
.tatus" (2T4K=
i!:o!d ah sas:
spi: 0x8EEC044*(2842888(44)
tra!sform: ah7sha7hmac B
sa timing" remaining key lifetime /kMsec0" /5>-+,>+M35>-0
)tats: AC&1<E
inbound pcp sas"
ot:o!d esp sas:
spi: 0x#6*88C28(82/824/822)
sa timing" remaining key lifetime /kMsec0" /5>-+,>+M35>-0
4K siPe" D bytes
)tats: AC&1<E
122

ot:o!d ah sas:
spi: 0x2824(864((844//028)
sa timing" remaining key lifetime /kMsec0" /5>-+,>+M355D0
)tats: AC&1<E
outbound pcp sas"
/200#
RouterEen
Router6config t
1+--)/config06interface 1-M-
1+--)/config06crypto isakmp enble
1+--)/config06crypto isakmp policy 1- /18 1---- %olicy number0
1+--)/config8isakmp06authentication pre8share
1+--)/config8isakmp06encryption 3des
1+--)/config8isakmp06hash sha /authentication for between hacks0
1+--)/config8isakmp06group > /integrity checking0
1+--)/config8isakmp6e7it
1+--)/config06crypto isakmp key 24.2@ address 2-.-.-.1 /#estination address0
1+--)/config06crypto ipsec transform8set 2- esp83des esp8sha8hmac ah8sha8hmac
1+--)/config8crypto8trans06e7it
1+--)/config06access8list 1-- permit ip 3-.-.-.- -.2>>.2>>.2>> 1-.-.-.- -.2>>.2>>.2>>
1+--)/config06crypto map ((( 1- ipsec8isakmp /1- J %olicy number0
1+--)/config8cryptomap06match address 1--
1+--)/config8cryptomap06set peer 2-.-.-.1 /#estinaion address0
1+--)/config8cryptomap06set transform8set 2- /2- J Transform name0
1+--)/config8cryptomap06set pfs group > /%erfect forward security0
1+--)/config8cryptomap06e7it
1+--)/config8if06crypto map ((( /:hich int.! we want to start encryption0
1+--)/config8if06WI
1+--)6show ip route
1+--)6config t
1+--)6ping 1-.-.-.1
123
1+--)6show crypto isakmp sa
1+--)6show crypto ipsec sa
1+--)6show crypto 4%sec .(
interface" .erial-M-
2rypto map tag" aaa! local addr 2-.-.-.2
protected vrf" /none0
local ident /addrMmaskMprotMport0" /3-.-.-.-M2>>.-.-.-M-M-0
remote ident /addrMmaskMprotMport0" /1-.-.-.-M2>>.-.-.-M-M-0
current'peer 2-.-.-.1 port >--
%=RF4T! flagsO^origin'is'acl!_
6pkts encaps" 13! 6pkts encrypt" 13! 6pkts digest" 13
6pkts decaps" 13! 6pkts decrypt" 13! 6pkts verify" 13
6pkts compressed" -! 6pkts decompressed" -
6pkts not compressed" -! 6pkts compr. failed" -
6pkts not decompressed" -! 6pkts decompress failed" -
6send errors -! 6recv errors -
local crypto endpt." 2-.-.-.2! remote crypto endpt." 2-.-.-.1
path mtu 1>--! ip mtu 1>--! ip mtu idb .erial-M-
current outbound spi" -7A3>+)D>)/25+1AAA>+A0
i!:o!d esp sas:
spi: 0x#6*88C28(82/824/822)
sa timing" remaining key lifetime /kMsec0" /5533,A,M1A--0
4K siPe" D bytes
)tats: AC&1<E
i!:o!d ah sas:
spi: 0x2824(864((844//028)
sa timing" remaining key lifetime /kMsec0" /5533,A,M1DA+0
)tats: AC&1<E
inbound pcp sas"
ot:o!d esp sas:
spi: 0x48(2#8(#(242/444(24)
sa timing" remaining key lifetime /kMsec0" /5533,A,M1DA+0
4K siPe" D bytes
)tats: AC&1<E
125
ot:o!d ah sas:
spi: 0x8EEC044*(2842888(44)
sa timing" remaining key lifetime /kMsec0" /5533,A,M1DA50
)tats: AC&1<E
outbound pcp sas"
<0N )*. t'pe Co!fi"ratio!
)tep / 7 1!sta++ QA<A R!time E!,iro!me!t ,er ( a!d a:o,e (-oca+ machi!e)%
)tep 2 7 1!sta++ )*. ()ecrit' *e,ice .a!a"er)
/200A
RouterEen
Router6config t
1+--(/config06username 22$( privilege level 1> password 123
1+--(/config8line06privilege level 1>
1+--(/config06ip http authentication local
12>
/200#
RouterEen
Router6config t
1+--)/config06username 22.% privilege level 1> password 123
1+--)/config06line vty - 5
1+--)/config8line06privilege level 1>
1+--)/config8line06e7it
1+--)/config06ip http authentication local
12,
10,6 with 3RE (3e!eric Roti!" E!caps+atio!) &!!e+ Co!fi"ratio!
-A#
/200A
RouterEen
Router6config t
1+--(/config06ipv, unicast8routing
1+--(/config06ipv, cef /2isco =7press 1orwarding0
1+--(/config8if06WI
1+--(6show ip route
1+--(6config t
1+--(/config06router eigrp 1-- /- 8 ,>>3>0
1+--(/config06int tunnel -
1+--(/config8if06ipv, ospf 1 area-
1+--(/config06crypto isakmp enble
1+--(/config06interface tunnel -
1+--(/config8if06tunnel source .-M-
1+--(/config8if06tunnel destination 2-.-.-.2 /%ublic 4%0
1+--(/config8if06ipv, address fec-""1"1M112
1+--(/config06crypto isakmp policy 1- /18 1---- %olicy number0
1+--(/config8isakmp06authentication pre8share
1+--(/config8isakmp06encryption 3des
1+--(/config8isakmp06hash sha /authentication for between hacks0
1+--(/config8isakmp06group > /integrity checking0
1+--(/config8isakmp6e7it
1+--(/config06crypto isakmp key 24.2@ address 2-.-.-.2 /#estination address0
12+
1+--(/config06crypto ipsec transform8set 2- esp83des esp8sha8hmac ah8sha8hmac
1+--(/config8crypto8trans06e7it
1+--(/config06access8list 1-- permit ip 1-.-.-.- -.2>>.2>>.2>> 3-.-.-.- -.2>>.2>>.2>>
1+--(/config06crypto map ((( 1- ipsec8isakmp /1- J %olicy number0
1+--(/config8cryptomap06match address 1--
1+--(/config8cryptomap06set peer 2-.-.-.2 /#estinaion address0
1+--(/config8cryptomap06set transform8set 2- /2- J Transform name0
1+--(/config8cryptomap06set pfs group > /%erfect forward security0/optional0
1+--(/config8cryptomap06e7it
1+--(/config8if06crypto map ((( /:hich int.! we want to start encryption0
1+--(/config8if06WI
1+--(6ping 3-.-.-.1
1+--(6ping fec-""1"1
1+--(6show crypto isakmp sa
1+--(6show crypto ipsec sa
/200#
RouterEen
Router6config t
1+--)/config06ipv, unicast8routing
1+--)/config06ipv, cef /2isco =7press 1orwarding0
1+--)/config8if06WI
1+--)6show ip route
1+--)6config t
1+--)/config06router eigrp 1-- /- 8 ,>>3>0
1+--)/config06int tunnel -
1+--)/config8if06ipv, ospf 1 area -
1+--)/config06crypto isakmp enble
1+--)/config06interface tunnel -
1+--)/config8if06tunnel source .-M-
1+--)/config8if06tunnel destination 2-.-.-.1 /%ublic 4%0
1+--)/config8if06ipv, address fec-""1"2M112
1+--)/config06crypto isakmp policy 1- /18 1---- %olicy number0
1+--)/config8isakmp06authentication pre8share
1+--)/config8isakmp06encryption 3des
1+--)/config8isakmp06hash sha /authentication for between hacks0
1+--)/config8isakmp06group > /integrity checking0
1+--)/config8isakmp6e7it
1+--)/config06crypto isakmp key 24.2@ address 2-.-.-.1 /#estination address0
12D
1+--)/config06crypto ipsec transform8set 2- esp83des esp8sha8hmac ah8sha8hmac
1+--)/config8crypto8trans06e7it
1+--)/config06access8list 1-- permit ip 3-.-.-.- -.2>>.2>>.2>> 1-.-.-.- -.2>>.2>>.2>>
1+--)/config06crypto map ((( 1- ipsec8isakmp /1- J %olicy number0
1+--)/config8cryptomap06match address 1--
1+--)/config8cryptomap06set peer 2-.-.-.1 /#estinaion address0
1+--)/config8cryptomap06set transform8set 2- /2- J Transform name0
1+--)/config8cryptomap06set pfs group > /%erfect forward security0/optional0
1+--)/config8cryptomap06e7it
1+--)/config8if06crypto map ((( /:hich int.! we want to start encryption0
1+--)/config8if06WI
1+--)6show ip route
1+--)6ping 1-.-.-.1
1+--b6ping fec-""1"1
1+--)6show crypto isakmp sa
1+--)6show crypto ipsec sa
1+--)6show crypto 4%sec .(
C1)C5 15) (1!ter!etworki!" 5peratio!" )'stem)
2apacity of 2omponents 1+,- series
$KR(F 8 32kb
#R(F 8 ,5F)
1*(.& 8 32F)
Type of Router mode and 2onfiguration Registry
$ormal mode 8 -R21-2
RR )oot mode 8 -R21-1
R@F Fonitor 8 -R2152
4nitially router boots from the flash memory! if $KR(F is empty.4f the user has already saved
the running8config in startup8config then the router boots with the startup8config with out prompting
the initial auto install facility.
Roter Compo!e!ts
/% .other:oard
2% 0rocessor
8% RA.I*RA.
4% R5.
(% 6-A)9
6% N<RA.
12A
#R(F
$KR(F
1*(.&
2% 1!terfaces
/% Ether!et /0 .:ps speed
2% 6astether!et /00 .:ps D
8% 3i"a:'te Ether!et /000 .:ps D
4% )eria+
6% Co!so+e
2% Axi++ar'
8% 1)*N
/%/% #R1
/%2% 0R1
1. Fotherboard
#oes the same work as in computer
2. %rocessor
#oes the same work as in computer
3. R(FM#R(F
1. Running configurations
2. Routing table
3. Fac address table
(re stored in R(FM#R(F /#ynamic Random (ccess Femory0
5. R@F
%@.T 4nstructions
)ootstrap *oader 4nstructions
4@. is stored
2onfiguration Registry value is -721-1
(re stored in R@F.
>. 1*(.&
4@. is stored in 1*(.&
===%R@F /=lectrically erasable programmable read only memory0
2onfiguration Registry value is -72152 /skipping nvram0
,. $KR(F /$on Kolatile Random (cces Femory0
.tart83p configurations are stored
2onfiguration Registry value is -721-2
+. 4nterfaces
1. =thernet
1- Fbps speed
2onnect to a single pc GGGG2ross8@ver
2onnect to a switch GGGG.traight8Through
2onnect to an other RouterGG.2ross8@ver
2. 1astethernet 1-- Fbps
3. <igabyte =thernet 1--- Fbps
5. .erial
3sed to connect to an other router
,. 2onsole
3sed to configure the router using crimped cableG..Roll8@ver
13-
Ready made console cables are available
+. (u7illary
3sed to configure the router using internet modem should be connected to this
port and an ip shold be given and *ine (u7 should be configured.
D. 4.#$ /4ntegrated .ervices #igital $etwork0 transfer voiceavideoadata through
telephone line
1.1. )R4 /)asic Rate 4nterface0
Fade up of two channels! )8)earer 2hannel a #8#ata 2hannel
)8used to transfer data #8used to create! maintain N terminate the call
2 b channel each ,5 kbps
1 d channel 1, kbps
Total speed of 4.#$ )R4 is 12D kbps
1.2 %R4 /%rimary Rate 4nterface0
Fade up of two channels! )8)earer 2hannel a #8#ata 2hannel
)8used to transfer data #8used to create! maintain N terminate the call
&/ i! North America
2D b channels each can transmit upto ,5 kbps
1 d channel ,5 kbps3
Total speed is 1.>55 mbps
E/ i! Erope
3- b channel
=ach can transmit upto ,5 kbps
1 d channel ,5 kbps3
Total speed is 2.-5D mbps
2onfiguration Registry
Tells the router! from which component the router should boot the ios
1. R@F is -721-1
2. $KR(F is -721-2.
3. .kip $KR(F and boot from 1*(.& -72152

131
This is the way cisco 4@. boots
1.(fter the power is on it loads %@.T instructions from R@F from the %@.T itself it
will verify the status of all the hMw and interfacesG..
2.4t loads ios with the help of bootstrap loader from R@F
3.4t looks for the ios in rom! flash or tftp servers.4f found it loads the ios or else it will
enter into R@FF@$ monitor mode.
5.while loading it checks for the startup8config file it will search in nvram if its founds
it boots the found configurations or else it boots the default configurations
132
15) #ack7p a!d Restore Co!fi"ratio!
15) #ack7p comma!d
4nstall T1T% server /use solarwind.e7e J 3
rd
%arty tool0 in local machine
1+--(6show flash
1+--(6copy flash" tftp"
.ource file name" 7777777777
Remote host" 1-.-.-.3
#estination file name" 7777777777 /same source file name0
Co!fi"ratio! #ack7p comma!d
/200A
RouterEenable
1+--(6show ip route
1+--(6copy running configuration startup configuration
1+--(6copy startup configuration tftp"
1-.-.-.3
1ile name" ((((t
Erase )tarti!" co!fi"ratio! comma!d
1+--(6erase startup configuration
Restore 15) co!fi"ratio! comma!e
133
4f we are already erase the starting configuration. .o router doesnt boot from flash rom
because of to change the RR )oot mode.
RouterEen
Router6config t
Router/config06config8register -R21-1
Router/config06e7it
Router6reload
1ew second to reloadGGGG
Router/config06interface 1-M-
Router/config8if06ip address 1-.-.-.1 2>>.-.-.-
Router/config8if06no shutdown
Router/config8if06WI
Router6ping 1-.-.-.3
Router6copy tftp" flash"
&ost" 1-.-.-.3
.ource file name" 7777777777
.ame name to transfer" 7777777777
erase "yes
Co!fi"ratio! restores comma!d
Router6copy tftp" startup configuration
.ource address" 1-.-.-.3
.ource file name" ((((
Cha!"e Norma+ mode comma!d
Router6reload
0assword Reco,er' Co!fi"ratio!
RouterEen
Router6config t
Router/config06line console -
Router/config8line06password 123
%assword recovery steps
.witch off our Router then on
%ress 2ontrola)reak
Rommon 1 Econfreg -R2152 /to by pass the $KR(F0
Rommon 2 Ereset
:ould u like to default configuration ; $o
Router6show running configuration
Router6show startup configuration
To see a %assword
Router6show ver
Router6config t
Router/config06e7it
Router6reload
$o
135
)ecre )he++
/200A
RouterEen
Router6config t
1+--(/config06ip domain8name 22$(.2@F
1+--(/config06crypto key generate rsa usage8keys modulus 1-25
1+--(/config06user8name 22.% password 123
1+--(/config8line06login local
1+--(/config06enable secret 123
3se this .oftware
%utty.e7e
:ireshake.e7e
13>
Co!fi"ratio! #ack7p
/200A
RouterEen
Router6config t
1+--(/config06ip 1T% username (dministrator
1+--(/config06ip 1T% password 1+--
1+--(/config06archive
1+--(/config8archive06path ftp"MM1-.-.-.3 M2isco backupMrip /any routing protocol0
1+--(/config8archive06path ftp"MM3-.-.-.2 M2isco backupMrip /any routing protocol0
1+--(/config8archive06write memory
4f we want to change any configuration copy running conffg to startingconfig automatically
backup.
1+--(6copy running configuration startconfiguration
13,
)=)-53 )er,er Co!fi"ratio!
/200A
RouterEen
Router6config t
1+--(/config06logging 3-.-.-.2
1+--(/config06logging trap notification
1+--(/config06logging sourch8interface 1-M-
1+--(/config06archive
1+--(/config8archive0log config
1+--(/config8archive8log8cfg06logging enable
1+--(/config8archive8cfg06hidekeys /%assword #oesnot see in syslock server0
1+--(/config8archive8cfg06notify syslog
1+--(/config8archive8cfg06WI
1+--(6show
13+
10<6 Roti!" Co!fi"ratio!

/200A
RouterEen
Router6config t
1+--(/config06ipv, unicast8routing
1+--(/config06ipv, cef /2isco =7press 1orwarding0
1+--(/config8if06ipv, address fec-""1"1
1+--(/config8if06ipv, address fec-""1-"1M112
1+--(/config8if06interface .-M1
1+--(/config8if06ipv, fec-""12"1M112
1+--(/config8if06WI
1+--(6show ip route
1+--(/config8router06e7it
1+--(/config8if06ipv, ospf 1 area -
1+--(/config8if06interface .1M1
1+--(/config8if06WI
1+--(6show ip route
1+--(6show ipv, route
/200#
13D
RouterEen
Router6config t
1+--)/config06ipv, unicast8routing
1+--)/config06ipv, cef /2isco =7press 1orwarding0
1+--)/config8if06ipv, address fec-""2"1M112
1+--)/config8if06ipv, address fec-""1-"2M112
1+--)/config8if06interface .-M1
1+--)/config8if06ipv, fec-""12"1M112
1+--)/config8router06network 2-.-.-.- -.2>>.2>>.2>> area -
1+--)/config8router06e7it
1+--)/config8if06interface .1M1
1+--)/config8if06WI
1+--)6show ip route
1+--)6show ipv, route
/200C
RouterEen
Router6config t
Router/config06hostname /200C
1+--2/config06ipv, unicast8routing
1+--2/config06ipv, cef /2isco =7press 1orwarding0
1+--2/config06interface 1-M-
1+--2/config8if06ip address 3-.-.-.1 2>>.-.-.-
1+--2/config8if06ipv, address fec-""3"1M112
1+--2/config8if06interface .-M-
1+--2/config8if06ipv, address fec-""12"2M112
1+--2/config8if06interface .-M1
1+--2/config8if06ipv, fec-""11"2M112
1+--2/config8if06e7it
1+--2/config06roter 5)06 / /%rocess 4# 1 8 ,>>3>0
1+--2/config8router06network 3-.-.-.- -.2>>.2>>.2>> area -
1+--2/config8router06e7it
1+--2/config06interface 1-M-
1+--2/config8if06ipv, ospf 1 area -
1+--2/config8if6interface .-M-
1+--2/config8if06ipv, ospf 1 area -
13A
1+--2/config8if06interface .1M1
1+--2/config8if06ipv, ospf area -
1+--2/config8if06WI
1+--26show ip route
1+--26show ipv, route
*'!amic 9ost Co!fi"ratio! 0rotoco+ Co!fi"ratio!
Router do not forward the broadcast packet across the network.4ts send a packet to unicast.
/200A
RouterEenable
1+--(6show ip route
1+--(6config t
1+--(/config06service dhcp
1+--(/dhcp8config06ip dhcp pool cc!a /.ome name0
1+--(/dhcp8config06network /0%0%0%0 2((%0%0%0
1+--(/dhcp8config06default8router 1-.-.-.1
1+--(/dhcp8config06dns8server 777.777.777.777
1+--(/dhcp8config06netbios8name8server 777.777.777.777 /4f #$. not available to use0
1+--(/dhcp8config06e7it
1+--(/config06ip dhcp e7cluded8address 1-.-.-.2 1-.-.-.1-
1+--(/config06e7it
15-
1+--(6show ip dhcp database
1+--(6show ip dhcp binding
1+--(/config06service dhcp
1+--(/dhcp8config06ip dhcp pool ccna /.ome name0
1+--(/dhcp8config06network 3-.-.-.- 2>>.-.-.-
1+--(/dhcp8config06default8router 3-.-.-.1
1+--(/dhcp8config06dns8server 777.777.777.777
1+--(/dhcp8config06netbios8name8server 777.777.777.777 /4f #$. not available to use0
1+--(/dhcp8config06e7it
1+--(/config06ip dhcp e7cluded address 3-.-.-.2 3-.-.-.1-
1+--(/config06e7it
1+--(6show ip dhcp database
1+--(6show ip dhcp binding
/200#
RouterEenable
1+--)6show ip route
1+--)6config t
1+--)/config8if06ip helpher8address 2-.-.-.1 /ne7t hop address0
151
C1)C5 *E61NA&15N)
(#.% 8 (ppleTalk #ata .tream %rotocol
(=% 8 (ppleTalk =cho %rotocol
(1% 8 (ppleTalk 1illing %rotocol
(1% 8 (ppleTalk 1illing %rotocol
(%%$ 8 (dvanced %eer8to8%eer $et8working
(R) 8 (rea )order router.
(R4. 8 (ggregate Route8)ased .witching.
(R** 8 (dvanced Run8*ength *imited
(R% 8 (ddress Resolution %rotocol
(.% 8 (ppleTalk .ession %rotocol
(TF 8 (synchronous Transfer Fode
)<% 8 )order <ateway %rotocol
)@@T% 8 )ootable %rotocol
)%#3 8 )ridge %rotocol #ata 3nit
24#R 8 2lasses 4nter8#omain Routing
24R 8 2ommitted 4nformation Rate
2%= 8 2ustomer %ermises =Cuipment
#(R%( 8 #efense (dvanced Research %ro?ects (gency
#=F(R2 8 #emarcation
#&2% 8 #ynamic &ost 2onfiguration %rotocol
#&2% 8 #ynamic &ost 2onfiguration %rotocol
#.(% 8 #estination .ervice (ccess %oint
=4TMT4( 8 =lectronics 4ndustry (ssociation M
Telecommunications 4ndustry (ssociation
=<% 8 =7terior <ateway %rotocol
=)<% 8 =7ternal )order <ateway %rotocol
=4<R% 8 =nhanced 4nterior <ateway Routing %rotocol
12. 8 1rame 2heck .eCuence
1#F 8 1eCuency8 #ivision Fultiple7ing
1T% 8 1ile Transfer %rotocol
<%. 8 <lobal %ositioning .ervices
&#*2 8 &igh8level #ata *ink 2ontrol
&TT% 8 &yperte7t Transfer %rotocol
&TT%. 8 &yperte7t Transfer %rotocol .ecure
42F% 8 4nternet 2ontrol Fessage %rotocol
42. 8 4nternet 2onnection .haring
4<F% 8 4nternet <roup Fanagement %rotocol
4<R% 8 4nterior <ateway Routing %rotocol
4F(%5 8 4nternet Fessage (ccess %rotocol! Kersion 5
4$(R% 8 4nverse (R%
4@. 8 4nternetwork @perating .ystem
4.#$ 8 4ntegrated .ervices #igital $etwork
4% 8 4nternet %rotocol
*2% 8 *ink 2ontrol %rotocol
*#(% 8 *ightweight #irectory (ccess %rotocol
*F4 8 *ocal Fanagement 4nterface
*%# 8 *ine %rinter #aemon
*%R 8 *ine %rinter Remote
FF#. 8 Fultipoint Ficrowave #istribution .ystem
$)% 8 $ame )inding %rotocol
$2% 8 $et:are 2ore %rotocol
152
$#. 8 $et:are #irectory .ervice
$$T% 8 $etwork $ews Transfer %rotocol
$T% 8 $etwork Time %rotocol
$KR(F 8 $onvolatile R(F
@.%1 8 @pen .hortest %ath 1irst
@34 8 @rganiPationally 3niCue 4dentifier
%(% 8 %rinter (ccess %rotocol
%@% 8 %oint @f %resence /%ost @ffice %rotocol0
%%% 8 %oint8to8%oint %rotocol
%%%o( 8 %oint8to8%oint %rotocol over (TF
%%%o= 8 %oint8to8%oint %rotocol =thernet
%%T% 8 %oint8to8%oint Tunneling %rotocol
%K2 8 %ermanent Kirtual 2ircuit
%ro7y (R% 8 %ro7y (ddress Resolution %rotocol
R(4# 8 Redundant (rray of 4ne7pensive /4ndependent0 #isks
R(R% 8 Reverse (ddress Resolution %rotocol
R(. 8 :indows Remote (ccess .ervice
R#% 8 Remote #esktop %rotocol
R4% 8 Routing 4nformation %rotocol
RTF% 8 Routing Table Faintenance %rotocol
.(% 8 .ervice (dvertising %rotocol
.2% 8 .ecure 2opy %rotocol
.1T% 8 .ecure 1ile Transfer %rotocol
.*4% 8 .erial *ine 4nternet %rotocol
.F) 8 .erver Fessage )lock
.T% 8 .panning Tree %rotocol
.FT% 8 .imple Fail Transfer %rotocol
.$(% 8 .ub8$etwork (ccess %rotocol
.$F% 8 .imple $etwork Fanagement %rotocol
..(% 8 .ource .ervice (ccess %oint
..& 8 .ecure .hell
.T% 8 .panning Tree %rotocol
.K2 8 .witched Kirtual 2ircuit
T#F 8 Time #ivision Fultiple7ed
T#F 8 Time8#ivision Fultiple7ing
T=*$=T 8 Terminal =mulation
T1T% 8 Trivial 1ile Transfer %rotocol
3#% 8 3ser #atagram %rotocol
K*($s 8 Kirtual *($s
K*.F 8 Kariable *ength .ubnet Fasking
:*($ 8 :ireless *($
I4% 8 Ione 4nformation %rotocol
4=T1 8 4nternet =ngineering Task 1orce
K%$ 8 Kirtual private networks
$(. 8 $etwork (ccess server
*$. 8 *2T% $etwork .erver
%%% 8 %oint8to8%oint %rotocol
4.(SF% 8 4nternet .ecurity (ssociation and Sey Fanagement %rotocol
%%T% 8 point8to8point tunneling protocol
*2T% 8 *ayer 2 Tunnelling %rotocol
*2T%v3 8 *ayer 2 Tunnelling %rotocol version 3
F%*. 8 Fulti8protocol label switching
*21 8 *ayer 2 1orwarding
153
K%#$ 8 virtual private dial8up network
%%T% 8 %oint8to8%oint Tunneling %rotocol

155

Ccna Notes

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Ccna Notes

Încărcat de

Drepturi de autor:

Formate disponibile

1

Cisco Certified Network Associate (CCNA)

S-ar putea să vă placă și