Documente Academic
Documente Profesional
Documente Cultură
A. OSI Model
B. TCP/IP
i. Telnet, FTP and TFTP
ii. HDLC
C. IP Addressing and Subnetting
D. Cisco IOS
i. CDP
ii. Router commands
E. Routing Protocols
i. EIGRP
ii. OSPF
F. Routed protocol: Frame-Relay
G. Access-Lists
H. NAT
I. Switching
i. STP
ii. VLANs
iii. VTP
J. Security
K. Miscellaneous
i. Network Devices
ii. WAN Devices
iii. Wireless LAN
iv. Others
A. OSI Model
1.The 7 layers of OSI model are:
1. The Application Layer: Application layer is responsible for identifying and establishing the
availability of desired communication partner and verifying sufficient resources exist for
communication. Some of the important application layer protocols are: WWW, SMTP, FTP, etc.
2. The Presentation Layer: This layer is responsible for presenting the data in standard formats.
This layer is responsible for data compression, decompression, encryption, and decryption. Some
Presentation Layer standards are: JPEG, MPEG, MIDI, PICT, Quick Time, TIFF.
3. The Session Layer: Session Layer is responsible for co-ordinating communication between
systems/nodes. The following are some of the session layer protocols and interfaces: a) Network
File System (NFS), SQL, RPC (Remote Procedure Call), X-Windows, ASP, DNA SCP.
4. The Transport Layer: The Transport Layer is responsible for multiplexing upper-layer
applications, session establishment, and tearing-down of virtual circuits. This layer is responsible
for flow control, to maintain data integrity.
5. The Network Layer: There can be several paths to send a packet from a given source to a
destination. The primary responsibility of Network layer is to send packets from the source
network to the destination network using a pre-determined routing methods. Routers work at
Network layer.
6. The Data Link Layer:
Data Link Layer is layer 2 of OSI reference model. This layer is divided into two sub-layers:
A. Logical Link Control (LLC) sub-layer.
B. Media Access Control (MAC) sub-layer.
The LLC sub-layer handles error control, flow control, framing, and MAC sub-layer addressing.
The MAC sub-layer is the lower of the two sub-layers of the Data Link layer. MAC sub-layer
handles access to shared media, such a Token passing or Ethernet.
7. Physical Layer: The actual flow of signals take place through Physical layer. At Physical
layer, the interface between the DTE and DCE is determined. The following are some of the
standard interfaces are defined at Physical layer: EIA/TIA-232, EIA/TIA-
449,V.24,V.35,X.21,G.703,HSSI (High Speed Serial Interface).
2. SONET defines interface standards at the physical layer of the OSI seven-layer model. The
standard defines a hierarchy of interface rates that allow data streams at different rates to be
multiplexed. SONET establishes Optical Carrier (OC) levels from 51.8 Mbps (OC-1) to 9.95
Gbps (OC-192).
B. TCP/IP
1. Port numbers are used by TCP/ UDP to set up sessions with other hosts. The following are the
recommended port numbers:
1. Numbers 0 - 255 are used for public applications.
2. Numbers 255 - 1023 are assigned to companies so that they can use these port numbers in
their applications.
3. Numbers above 1023 are used by upper layers to set up sessions with other hosts and by TCP
to use as source and destination addresses.
2.The term Segments is usually associated with Transport layer
The term Packets is usually associated with Network Layer and
The term Frames is usually associated with Data Link Layer
3. TCP: TCP is a full-duplex, connection-oriented protocol. It incorporates error checking as
well.
UDP (User Datagram Protocol): UDP is a thin protocol. UDP is a connectionless protocol. It
doesn't contact the destination before sending the packet and doesn't care whether the packet is
reached at the destination.
4. SNMP is part of TCP/IP protocol suite. It allows you to monitor and manage a network from a
centralized place by using SNMP Manager software. The systems or devices that provide the
responses are called agents (or MIBs). An SNMP agent is any computer running SNMP agent
software.
MIB stands for Management Information Base. It is part of SNMP agent database. A MIB
records and stores information about the host it is running on. An SNMP manager can request
and collect information from an agent's MIB. Routers are typical MIB agents. SNMP agent
generates "trap" messages that are then sent to an SNMP management console, which is a trap
destination.
i. Telnet, FTP, and TFTP:
1. Telnet is used for terminal emulation that runs programs remotely. Telnet uses TCP/IP
protocol.
2. Telnet requires a username and password to access.
3. FTP (File Transfer Protocol) is a connection oriented protocol. It uses TCP/IP for file transfer.
Compare this with TFTP (Trivial File Transfer Protocol) that uses UDP (Connectionless
protocol). SNMP uses UDP over IP. Tracert, Ping uses ICMP as their base protocol. FTP is used
to transfer files.
Both FTP and Telnet are client-server protocols. Note that TCP/IP is a client server oriented
protocol.
ii. HDLC
1. The High Level Data Link Control protocol (HDLC) is the default encapsulation used on the
synchronous serial interfaces of a Cisco router. HDLC is a Data Link layer protocol used to
encapsulate and transmit packets over point-to-point links.
D. Cisco IOS
1. Cisco router boot configuration commands:
1. boot system - This is a global command that allows you to specify the source of the IOS
software image to load. If you configure more than one source, attempts are made to load the
IOS from the first command in the configuration to the last successively. If the first fails, the
second boot command is used.
2. boot system rom - Loads IOS from ROM.
3. boot system flash - Loads the first file from flash memory.
4. boot system tftp <file name> < tftp_address > - Loads IOS with a filename <file name> from a
TFTP server.
2. To enable the Cisco IOS to forward packets destined for obscure subnets of directly connected
networks onto the best route, you use "ip classless" command.
3. Internal memory components of a Cisco router:
1. ROM (Read Only Memory): Memory containing micro-code for basic functions to start and
maintain the router. ROM is not typically used after the IOS is loaded.
2. RAM/DRAM : stores the running configuration, routing tables, and packet buffers. Some
routers, such as the 2500 series, run IOS from Flash, not RAM.
3. NVRAM (Non-Volatile Ram): Memory that does not lose information when power is lost.
Stores the system’s configuration file and the configuration register. NVRAM uses a battery to
maintain the data when power is turned off.
4. Flash Memory: Stores the compressed IOS (IOS stands for Cisco Internetwork Operating
System) image. Flash memory is either EEPROM or PCMCIA card. Flash memory enables you
to copy multiple versions of IOS software. This allows you to load a new level of the operating
system in every router in your network and then, to upgrade the whole network to that version at
an appropriate time.
4. The Cisco router can be configured from many locations.
1. Console port: During the initial installation, you configure the router from a console terminal
connected to the "Console port" of the router.
2. Virtual Terminals (vty): A virtual terminal (vty) is typically accessed through Telnet. A router
can be accessed through vty after it the initial installation in the network. There are five virtual
terminals, namely, vty0, vty1, vty2, vty3, vty4.
3. Auxiliary Port: you can configure a router through auxiliary port. Typically, a modem is used
to configure the modem through aux port.
4. TFTP Server: Configuration information can be downloaded from a TFTP server over the
network.
5. NMS (Network Management Station): You can also manage router configuration through
NMS such as CiscoWorks or HP OpenView.
5. Router modes of operation:
1. User EXEC mode (Prompt: Router>):- This is the LOWEST level of access. This allows
examination of router status, see routing tables, and do some diagnostics. However, you cannot
change the router configuration, view the configuration files, or control the router in any way.
The prompt in this mode is "Router>".
2. Privileged (enable) EXEC mode (Prompt: Router#):- This mode allows you to have all the
privileges of EXEC (user) mode plus commands that enable you to view configuration files,
change the router configuration, perform troubleshooting that could potentially disrupt traffic.
The default prompt for this mode is "Router#".When you are working in the privileged mode (at
# prompt), you can get back to user mode by typing "disable" at the "#" prompt.
3. Global Configuration mode (Prompt: Router (Config)#):- Global configuration mode allows
you to perform tasks that affect the entire router, such as naming the router, configuration of
banner messages, enabling routed protocols, and generally anything that affects the operation of
the entire router.
When you first switch on a router, you enter Setup mode. Setup mode is different from
configuration mode in that setup mode appears when there is no configuration file present. Upon
entering setup mode, you can supply some basic configuration parameters to Cisco router.
6. There are three ways a router learns how to forward a packet:
1. Static Routes - Configured by the administrator manually. The administrator must also update
the table manually every time a change to the network takes place. Static routes are commonly
used when routing from a network to a stub (a network with a single route) network
The command is
ip route network mask address/interface [distance]
ex: ip route 165.44.34.0 255.255.255.0 165.44.56.5
Here, 165.44.34.0 is the destination network or subnet
255.255.255.0 is the subnet mask
165.44.56.5 is the default gateway
2. Default Routes - The default route (gateway of last resort) is used when a route is not known
or is infeasible. The command is
Show running-config [interface <type> <mod>/<num> | vlan <vlan-id> | module <mod>]: The
command displays the contents of the configuration file.
Show tech-support: The command is primarily used to send switch information to Cisco TAC
support personnel.
Verify flash:<filename> - This command is used to verify whether the Flash contents are intact,
and not corrupted. The checksum of the flashfile specified is verified for correctness.
10. By default, Cisco routers support 5 simultaneous telnet sessions. This number can be
configured using IOS commands.
11. Routers can make alternate route decisions based on ICMP messages, if appropriate. Routers
send an ICMP message if the destination is unreachable.
ICMP (Internet Message Control Protocol) messages are used for basic error reporting between
host to host, or host to gateway. It is not used for error reporting between Gateways. ICMP
messages are encapsulated using the IP protocol. For example, the command “ping” uses ICMP
protocol. In the OSI Reference model, ICMPs are generally considered part of the IP layer.
i. CDP
1. CDP stands for Cisco Discovery Protocol. This protocol is proprietary of Cisco. CDP runs
SNAP (Sub network Access Protocol) at the Data Link Layer. Two Cisco devices running two
different Network layer protocol can still communicate and learn about each other.
2. The following are true about CDP:
1. CDP - Cisco Discovery Protocol is a Cisco proprietary Layer 2 protocol.
2. CDP uses a multicast packet to the common destination address 01-00-0c-cc-cc.
3. CDP packets are sent out with a non zero TTL after an interface is enabled and with a zero
TTL value immediately before and interface is made idle. This enables the neighboring devices
to quickly discover the state of neighbors.
4. CDP packets will never be forwarded beyond the directly connected devices. To find CDP
information on indirectly connected routers, administrators can 'telnet' to the intended destination
device and run CDP command.
The command:
1. Classful routing protocols: RIP v1, IGRP are examples of classful routing protocols. It is
important to know that classful routing protocols do not exchange subnet information during
routing information exchanges. The summarization is always done automatically at major
network boundaries.
Classless routing protocols: RIP v2, EIGRP, OSPF, BGP v4, and IS-IS are examples of classless
routing protocols. In classless routing protocols, subnet information is exchanged during routing
updates. This results in more efficient utilization of IP addresses. The summarization in classless
networks is manually controlled.
Maximum hop count supported by RIP is 15.
2. Routed and Routing Protocols: Routing protocols job is to maintain routing tables and route
packets appropriately. Examples of routing protocols are RIP, IGRP, EIGRP, OSPF. Routers can
support multiple independent routing protocols and can update and maintain routing tables for
each protocol independently.
Routed protocols are used to transport user traffic from source node to destination node.
Examples of routed protocols are IP, IPX, and AppleTalk.
3. There are broadly three types of routing protocols:
1. Distance Vector (Number of hops) - Distance vector routing determines the direction (vector)
and distance to any link in the internetwork. Typically, the smaller the metric, the better the path.
EX: Examples of distance vector protocols are RIP and IGRP. Distance vector routing is useful
for smaller networks. The limitation is that any route which is greater than 15 hops is considered
unreachable. Distance vector protocols listen to second hand information to learn routing tables
whereas, Link state protocols build routing tables from first hand information. Routers with
distance vector protocols send its entire routing table to each of its adjacent neighbors.
2. Link State Routing: Link State algorithms are also known as Shortest Path First (SPF)
algorithms. SPF generates the exact topology of the entire network for route computation, by
listening to the first hand information. Link State protocols take bandwidth into account using a
cost metric. Link State protocols only send updates when a change occurs, which makes them
more efficient for larger networks. Bandwidth and delay are the most widely used metrics when
using Link-State protocols. EX: OSPF and NLSP.
Benefits of Link State protocols:
1. Allows for a larger scalable network
2. Reduces convergence time
3. Allows “supernetting”
The metric limit for link-state protocols is 65,533
3. Balanced Hybrid - Balanced Hybrid combines some aspects of Link State and Distance Vector
routing protocols. Balanced Hybrid uses distance vectors with more accurate metrics to
determine the best paths to destination networks. Ex: EIGRP
4. Distance vector protocol depends only on Hop count to determine the nearest next hop for
forwarding a packet. One obvious disadvantage is that, if you have a destination connected
through two hops via T1 lines, and if the same destination is also connected through a single hop
through a 64KBPS line, RIP assumes that the link through 64KBPS is the best path!
5. RIP (and IGRP) always summarizes routing information by major network numbers. This is
called classful routing.
6. RIP, RIP2, and IGRP use distance vector algorithms.
RIP2 transmits the subnet mask with each route. This feature allows VLSM (Variable Length
Subnet Masks) by passing the mask along with each route so that the subnet is exactly defined.
7. IP RIP based networks send the complete routing table during update. The default update
interval is 30 seconds. IGRP update packet is sent every 90 seconds by default.
8. Default administrative distances some important routing protocols are as below:
Route Source Default Distance
Directly connect Interface 0
Static Route 1
IGRP 100
RIP 120
Unknown 255
An administrative distance of 0 represents highest trustworthiness of the route.
An administrative distance of 255 represents the lowest trustworthiness of the route.
9. The port numbers used by different programs are as below:
I. FTP: Port #21
II. Telnet: Port #23
III. SMTP: Port #25
IV. SNMP: Port #161
It is important to know that FTP, Telnet, SMTP uses TCP; whereas TFTP, SNMP use UDP.
10. Address Resolution Protocol (ARP) is used to resolve or map a known IP address to a MAC
sub layer address to allow communication on a multi-access medium such as Ethernet. Reverse
ARP (RARP) is used to obtain an IP address using an RARP broadcast. RARP can be used to
boot diskless workstations over a network.
i. EIGRP1
Some of the important terms used in Enhanced IGRP are:
1. Successor: A route (or routes) selected as the primary route(s) used to transport packets to
reach destination. Note that successor entries are kept in the routing table of the router.
2. Feasible successor: A route (or routes) selected as backup route(s) used to transport packets to
reach destination. Note that feasible successor entries are kept in the topology table of a router.
There can be up to 6 (six) feasible successors for IOS version 11.0 or later. The default is 4
feasible successors.
3. DUAL (Diffusing Update Algorithm): Enhanced IGRP uses DUAL algorithm to calculate the
best route to a destination.
2. Routing metrics used by IGRP:
Bandwidth, MTU, Reliability, Delay, and Load.
1. Bandwidth: This is represents the maximum throughput of a link.
2. MTU (Maximum Transmission Unit): This is the maximum message length that is acceptable
to all links on the path. The larger MTU means faster transmission of packets.
3. Reliability: This is a measurement of reliability of a network link. It is assigned by the
administrator or can be calculated by using protocol statistics.
4. Delay: This is affected by the band width and queuing delay.
5. Load: Load is based among many things, CPU usage, packets processed per sec.
3. For IGRP routing, you need to provide the AS (Autonomous System) number in the
command. Routers need AS number to exchange routing information. Routers belonging to same
AS exchange routing information. OSPF, and IGRP use AS numbers.
ii. OSPF
1. OSPF is a link state technology that uses Dijkstra algorithm to compute routing information. It
has the following advantages over Distance Vector protocols such as RIP:
1. Faster convergence: OSPF network converges faster because routing changes are flooded
immediately and computer in parallel.
2. Support for VLSM: OSPF supports VLSM. However, please note that RIP version2 also
supports VLSM.
3. Network Reachability: RIP networks are limited to 15 hops. Therefore, networks with more
than 15 hops can not be reached by RIP by normal means. On the other hand, OSPF has
practically no reachability limitation.
4. Metric: RIP uses only hop count for making routing decisions. This may lead to severe
problems in some cases, for example, that a route is nearer but is very slow compared to another
route with plenty of bandwidth available. OSPF uses "cost" metric to choose best path. Cisco
uses "bandwidth" as metric to choose best route.
5. Efficiency: RIP uses routing updates every 30 seconds. OSPF multicasts link-state updates and
sends the updates only when there is a change in the network.
2. An OSPF area is a collection of networks and routers that have the same area
identification.OSPF process identifier is locally significant. Two neighboring router interfaces
can have same or different process ids. It is required to identify a unique instance of OSPF
database.
3. OSPF keeps up to six equal-cost route entries in the routing table for load balancing.Further,
OSPF uses Dijkstra algorithm to calculate lowest cost route. The algorithm adds up the total
costs between the local router and each destination network. The lowest cost route is always
preferred when there are multiple paths to a given destination.
4. OSPF determines the router ID using the following criteria:
1. Use the address configured by the ospf router-id command
2. Use the highest numbered IP address of a loopback interface
3. Use the highest IP address of any physical interface
4. If no interface exists, set the router-ID to 0.0.0.0
If no OSPF router ID is explicitly configured, OSPF computes the router-ID based on the items
2, 3, and 4 and restarts OSPF (if the process is enabled and router-ID has changed).
5. When two or more routers are contending to be a DR (designated Router) on a network
segment, the router with the highest OSPF priority will become the DR for that segment. The
same process is repeated for the BDR. In case of a tie, the router with the highest RID will win.
The default for the interface OSPF priority is one. Remember that the DR and BDR concepts are
per multiaccess segment. Setting the ospf priority on an interface is performed using the ip ospf
priority <value> interface command.A priority value of zero indicates an interface which is not
to be elected as DR or BDR. The state of the interface with priority zero will be DROTHER.
4. When the sub-interfaces on a serial interface are to be configured for Frame Relay, each sub
interface needs to be assigned individual DLCI.
The following command assigns a dlci of 100 to any sub-interface:
R(config-if)#frame-relay interface-dlci 100
Note that prior to issuing the above command; issue the following command to get into proper
sub interface configuration mode:
R(config)#interface serial0.1 point-to-point
6. In Frame Relay NBMA networks, if no sub-interfaces are defined, then the routers will not be
able to communicate routing information due to split horizon rule.
Split horizon is a method of preventing a routing loop in a network. The basic principle is
simple: Information about the routing for a particular packet is never sent back in the direction
from which it was received.
To overcome the split horizon, sub-interfaces can be configured on NBMA networks. A sub
interface is a logical way of defining an interface. The same physical interface can be split into
multiple logical interfaces, with each sub interface being defined as point-to-point.
G. Access-Lists
2. IP access lists are a sequential list of permit and deny conditions that apply to IP addresses or
upper-layer protocols. Access Control Lists are used in routers to identify and control traffic.
1. Place standard access lists as near the destination as possible and extended access lists as close
to the source as possible.
2. Access lists have an implicit deny at the end of them automatically. Because of this, an access
list should have at least one permit statement in it; otherwise the access list will block all
remaining traffic.
3. Access lists applied to interfaces default to outbound if no direction is specified.
Wild card masking is used to permit or deny a group of addresses. For example, if we have a
source address 185.54.13.2 and want all the hosts on the last octet to be considered, we use a
wild card mask, 185.54.13.255.
Special cases:
Host 185.54.13.2 is same as 185.54.13.2 with a wild card mask of 0.0.0.0, considers only
specified IP.
Any is equivalent to saying 0.0.0.0 with a wild card mask of 255.255.255.255. This means none
of the bits really matter. All IP addresses need to be considered for meeting the criteria.
H. NAT
2. 1. NAT allows several hosts be connected to Internet by using fewer globally unique IP
addresses. This in turn results in conserving the scarce public IP addresses. The terms public /
global is used in the sense that the IP addresses are globally unique and officially registered.
2. NAT supports load sharing on inside machines. The inside machines are accessed in a round
robin fashion, thus sharing load.
3. NAT offers some degree of security since IP addresses are not easily traceable. This is
because, the actual host IP that is accessing the Internet is translated into outside IP address and
vice versa. Thus, NAT offers protection against hacking.
4. One disadvantage of NAT is that it increases delay. This is obvious since address translation is
involved.
5. Another disadvantage of NAT is that, when an application uses physical IP address, it may not
function properly. This is because the physical IP address is changed by NAT.
3. When you are configuring NAT, NAT should be enabled on at least one inside and one
outside interface. The command for enabling NAT on inside interface is:
R(config-if)#ip nat inside
The command for enabling NAT on the outside interface is:
R(config-if)#ip nat outside
Remember to enter into appropriate configuration modes before entering the commands.
Usually, the inside NAT will be configured on an Ethernet interface, whereas the outside NAT is
configured on a serial interface.
The command, ip nat inside source static <local ip> <global ip>configures address translation for
static NAT.
The command, ip nat inside source list <access-list-number> pool <name>
is used to map the access-list to the IP NAT pool during the configuration of Dynamic NAT.
4. The following command configures a static NAT translation by mapping inside local address
to the inside global address.
ip nat inside source static 192.168.0.100 88.248.153.137
Here, 192.168.0.100 is the inside local address, and 88.248.153.137 is the inside global address.
A packet’s source address 192.168.0.100 is changed to 88.248.153.137 by the NAT device.
6. The syntax for enabling dynamic NAT to translate many inside hosts to an inside global IP
address is:
ip nat inside source list <access-list-number> pool <pool-name> overload
where <access-list-number> is the standard access list number, and <pool-name> is the pool
name.
Note that the option 'overload' specifies many to one relationship.
This configuration is typically used when many hosts with private IP addresses need to access
Internet through a specified globally unique IP address.
7. The following two statements are true about dynamic NAT translations:
1. The inside IP addresses eligible for address translation are defined in a standard IP access-list.
2. Only packets moving between inside and outside networks will get translated. This is true
even for static NAT. If a packet is destined for another host, but does not require to cross the
NAT boundary, the packet source /destination addresses are not translated. This is
understandable, since the packet is not crossing the inside network boundary.
I. Switching
1. Switches forward packets based on the physical address (such as MAC address) whereas,
routers forward packets based on logical address (such as IP address). A frame’s IP address
doesn’t change when being forwarded through a switch.
2. The MAC address table of a switch would be empty to begin with. However, it builds the
MAC table learning from the frames that arrive at its ports by adding the MAC address and the
corresponding port that it had arrived to the MAC table.
5. Port security enables securing switch ports as required. Typical configuration commands for
enabling port security are given below:
Switch#config t
Switch(config)#int fa0/1
Switch(config-if)#switchport port-security
By default, the port is locked to the first MAC address that it learns via the port. You can also
manually associate a specific MAC address to a given port by issuing the command:
switchport port-security mac-address {MAC address} in the interface configuration mode.
6. Cisco Visual Switch Manager (CVSM) is software that allows access to Cisco switches over
the internet using a web browser, such as Internet Explorer or Netscape Navigator. You can
monitor and configure the CVSM compatible switches over the network (remotely). The
requirement is that the IP address, gateway and CVSM must be configured on the switch, so that
it is accessible over the network using a web browser.
7. The command "no switchport" enables a switch port for layer 3 operation. On the other hand,
the command "switchport" enables a switch port for layer 2 operation.
8. To associate a switch with a management VLAN, you need to assign an IP address to the
switch. The subnet portion of the switch IP address must match the subnet number of the
management VLAN. Note that switches can maintain an IP stack, which enables us to manage
the switches either locally, as well as remotely by Telnet.
1. Switchport port-security maximum {max # of MAC addresses allowed}: You can use this
option to allow more than the default number of MAC addresses, which is one. For example, if
you had a 12-port hub connected to this switch port, you would want to allow 12 MAC
addresses, one for each device.
2. Switchport port-security violation {shutdown | restrict | protect}: This command tells the
switch what to do when the number of MAC addresses on the port has exceeded the maximum.
The default is to shut down the port. However, you can also choose to alert the network
administrator (i.e., restrict) or only allow traffic from the secure port and drop packets from other
MAC addresses (i.e., protect).
3. Switchport port-security mac-address {MAC address}: You can use this option to manually
define the MAC address allowed for this port rather than letting the port dynamically determine
the MAC address.
The following are the typical steps in preparing a switch for telnet access:
Switch(config)#interface vlan <vlan-id>
Switch(config-if)#ip address <ip-address> <subnet-mask>
Switch(config-if)#ip default-gateway <ip-address>
Switch(config-if)#no shutdown
11. The command syntax for assigning a management domain for a switch is:
Switch# vtp domain <domain-name>
For example, if the domain name is newyork, the command is:
Switch# vtp domain newyork
You need to create a domain while configuring the first switch in a switch network. For
subsequent switches, you only need to join the existing domain. The password is required if the
domain need to be secured by a password. The command allows you to create a new domain (in
case the first switch is being configured) or to join an existing domain (one or more switches
have already been assigned a domain).
12. The enable a switch port for layer 2 functionality use the following commands:
1. switch(config)#interface <type> <mod>/<num>
2. switch(config-if)#switchport
The first command enters interface configuration mode for the switch interface <mod>/<num>,
and the second command enables layer 2 functionality on the port.
Use the “no” form of the switchport command to enable layer3 functionality.
13. Switching methods:
1. Store-and-Forward switching: Here the LAN switch copies the entire frame into its buffers
and computes the CRC. The frame is discarded if there are any CRC errors. Giant (more than
1518 bytes0 and Runt (less than 64 bytes) frames are also dropped, if found.
2. Cut-Through (Real-Time) switching: Here, the LAN switch copies only the destination
address into its buffers. It immediately looks up the switching table and starts forwarding the
frame. The latency is very less because, the frame is forwarded as soon as the destination address
is resolved.
3. Fragment-Free switching: Here, the switch waits for the collision window before forwarding
the entire frame. The collision window is 64 bytes long.
i. Spanning Tree Protocol
1. Spanning Tree Protocol (STP) IEEE Specification 802.1d is used to prevent routing loops. In
Cisco Catalyst 5000 series switches, use BDPUs (Bridge Protocol Data Units) to determine the
spanning tree topology. STP uses a Tree Algorithm (STA) to prevent loops, resulting in a stable
network topology.
2. Following are the possible solutions for preventing routing loops.
1. Split Horizon - based on the principle that it is not useful to send the information about a route
back in the direction from which the information originally came.
2. Poison Reverse - A router that discovers an inaccessible route sets a table entry consistent
state (infinite metric) while the network converges.
3. Hold-down Timers - Hold down timers prevent regular update messages from reinstating a
route that has gone bad. Here, if a route fails, the router waits a certain amount of time before
accepting any other routing information about that route.
4. Triggered Updates - Normally, new routing tables are sent to neighboring routers at regular
intervals (IP RIP every 30 sec / and IPX RIP every 60 sec). A triggered update is an update sent
immediately in response to some change in the routing table. Triggered updates along with Hold-
down timers can be used effectively to counter routing loops.
3. Spanning Tree Protocol (STP) is enabled on every port on Cisco switches, by default. It is
preferred to leave it enabled, so that bridging loops don't occur. STP can be disabled selectively
on any specific port by issuing the command:
Switch (enable) set spantree disable <mod-number>/<port-number>.
Ex: Switch (enable) set spantree disable 2/4
The above command disables STP on port 4 of module 2.
4. All switches participating in STP exchange information with other switches in the network
through messages, known as, Bridge Protocol Data Units (BDPUs). BDPUs are sent out at a
frequency of 2 seconds on every port.
5. Internally, STP assigns to each bridge (or switch) port a specific role. The port role defines the
behavior of the port from the STP point of view. Based on the port role, the port either sends or
receives STP BPDUs and forwards or blocks the data traffic. The different port roles are given
below:
1. Designated: One designated port is elected per link (segment). The designated port is the port
closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic
towards the root bridge. In an STP converged network, each designated port is in the STP
forwarding state. The switch with the lowest cost to reach the root, among all switches connected
to a segment, becomes a DP (Designated Port) on that switch. If the cost is tied (that is two or
more switches have the same cost), the switch with the lowest bridge ID will have the DP (the
switch on which DP is elected is called Designated Switch or Designated Bridge). Bridge ID:
Priority + MAC address
2. Root: A bridge can have only one root port. The root port is the port that leads to the root
bridge. In an STP converged network, the root port is in the STP forwarding state. All bridges
except the root bridge will have a root port.
3. Alternate: Alternate ports lead to the root bridge, but are not root ports. The alternate ports
maintain the STP blocking state.
4. Backup: This is a special case when two or more ports of the same bridge (switch) are
connected together, directly or through shared media. In this case, one port is designated, and the
remaining ports block. The role for this port is backup.
7. During the process of Spanning-Tree Protocol execution, Root switch (say, switch A) is
elected first. Next, the switch closest to the root switch is selected. This switch is known as
Designated switch or Parent switch (say switch B). The frames are forwarded to the root
switch(A) through the designated switch(B). Now the lowest cost port on a switch (say switch C)
is selected. This is known as the Root port. A Root Port is the port on a switch that has the lowest
cost path to the Root Bridge. All Non-Root Switches will have one Root Port. Here, switch B is
the designated switch for switch C and switch A is known as the root switch for switch C. Note
that switch C is connected to the root switch (A) through its designated switch (B).
8. During the process of Spanning-Tree Algorithm execution, some redundant ports need to be
blocked. This is required to avoid bridging loops. To choose which port to use for forwarding
frames, and which port to block, the following three components are used by the Spanning-Tree
Protocol:
1. Path Cost: The port with lowest path cost is placed in the forwarding mode. Other ports are
placed in blocking mode.
2. Bridge ID: If the path costs are equal, then the bridge ID is used to determine which port
should forward. The port with the lowest Bridge ID is elected to forward, and all other ports are
blocked.
3. Port ID: If the path cost and bridge ID are equal, the Port ID is used to elect the forwarding
port. The lowest port ID is chosen to forward. This type of situation may arise when there are
parallel links, used for redundancy.
9. When a bridge starts up, the bridge ID is set as root ID. That is, it considers itself as the root
bridge. However, while exchanging BDPUs, if it comes across a BDPU that has a bridge ID
lower than its own, then the bridge corresponding to the BDPU is considered as root bridge, and
this information is propagated. The bridge ID consists of the following:
1. 2-byte priority: The default value on Cisco switches is 0X8000 (32,768), lower the priority,
higher the chances of becoming a root bridge.
2. MAC address: The 6 byte MAC address of the bridge. Lower the MAC address, higher the
chances of becoming a root bridge.
Note that, the bridge (or switch) with lowest value of 2-byte priority will become the root bridge.
If the priority value is same, then the bridge with lowest value of 6-byte MAC address will
become the root bridge.
10. The command "show spantree" includes information about the following:
1. VLAN number
2. Root bridge priority, MAC address
3. Bridge timers (Max Age, Hello Time, Forward Delay)
ii. VLANS
2. VLANs are typically configured on switch ports. However, note that a router is required to
switch traffic between VLANs. A switch identifies the VLAN associated with a given frame and
forwards the frame to associated ports. Separate VLANs for voice and data traffic improves the
privacy and reliability of voice communication.
A single physical port on a router can support one or more VLANs by use of sub-interfaces.
There is no need to have as many physical ports on a router as that of VLANs.
3. Inter-VLAN communication can occur only if the router is configured with appropriate sub-
interfaces. In this case, there are 4 VLANs (VLANs 100,200,300, and 400), in addition to VLAN
1 (management VLAN). Therefore, 5 sub-interfaces have to be configured on the router interface
connecting the switch.
A roll-over cable is required for connecting a terminal to the Console port of a router/switch.
iii. VTP
ISL: ISL (Inter Switch Link) is the VLAN transport protocol used over Fast Ethernet trunked
link.
802.1: 802.1 is the VLAN transport protocol used over FDDI trunked link.
LANE: LAN Emulation (LANE) is the VLAN transport protocol used across an ATM trunked
link.
The default VTP configuration parameters for the Catalyst switch are as follows:
1. VTP domain name: None
2. VTP mode: Server
3. VTP password: None
4. VTP pruning: Disabled
5. VTP trap: Disabled
2. The VTP domain name can be specified manually or learned across a configured trunk line
from a server with a domain name configured. By default, the domain name is not set.
If you configure a VTP password, VTP does not function properly unless you assign the same
password to each switch in the domain.
VTP trap is disabled by default. If you enable this feature, it causes an SNMP message to be
generated every time a new VTP message is sent.
4. Configurations made to a single switch, called VTP server, are propagated across the switch
fabric under a single domain control. Other switches, configured as VTP clients, learn the
configuration information from the server. Cisco switches such as Catalyst 1900, acting as VTP
servers save the VLAN configuration information in their Non volatile memory (NVRAM),
whereas clients keep the information only in running configuration.
From the output of show vtp status, we can observe that the domain name and the VTP version
are different for both the switches. For successfully transferring VLAN information, the version
numbers must be same on both the switches. Similarly, the VTP domain name must also be same
on both the switches.
6. There are two different VTP versions. VTP version 1 and VTP version 2. These versions are
not interoperable. Version 1 is the default version. All switches in a given management domain
should be configured in either version 1 or version 2. Some of the advantages of VTP version 2
are as below:
1. Token Ring support: Supports Token Ring LAN switching and VLANs. If Token Ring is
used, this is the version required.
2. Version number auto propagation: In case that all switches are capable of running Version 2,
only one switch need to be Version 2 enabled, Version number is automatically propagated to
others.
7. By default, there are no passwords in VTP informational updates, and any switch that has no
VTP domain name can join the VTP domain when trunking is enabled. Also any switch that has
the same VTP domain name will join and exchange VTP information. This could enable an
unwanted switch in your network to manage the VLAN database on each of the switches. To
prevent this from occurring, set a VTP password on the switches you want to exchange
information.
8. VTP pruning is a technique that enhances the available network bandwidth by reducing the
broadcast, multicast, and flooded unicast messages. These frames are not forwarded to network
devices that don't have ports associated with a given VLAN. When VTP pruning is enabled, a
switch forwards the flooded traffic across a link to another switch, only if that switch has ports
associated with that VLAN.
J. Security
1. The following are the important characteristics of SDM (Security Device Manager):
1. SDM doesn’t use Telnet/SSH for communicating with the router. Actually, a web server will
be running on the router, and the client software will be running on the host computer.
2. SDM uses web interface on a PC, and the user needs to connect to the router over an IP
network and not through Console.
3. The configuration will be written to the router’s running configuration file only after the
Finish button is pressed on the SDM wizard. Note that the configuration is not written to the
start-up configuration.
4. SDM configuration wizard allows DHCP client services to be configured, with an option to
add PAT services or not.
2. The Internet architecture provides an unregulated network path to attack innocent hosts.
Denial-of-service (DoS) attacks exploit this to target mission-critical services. DoS attacks, are
explicit attempts to block legitimate users system access by reducing system availability. Any
physical or host-based intrusions are generally addressed through hardened security policies and
authentication mechanisms. Although software patching defends against some attacks, it fails to
safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet
packets.
3. An intrusion prevention system is a computer security device that monitors network and/or
system activities for malicious or unwanted behavior and can react, in real-time, to block or
prevent those activities.
Intrusion Detection Systems (IDS) detect unauthorized access attempts. There are basically two
main types of IDS being used today: Network based (a packet monitor), and Host based (looking
for instance at system logs for evidence of malicious or suspicious application activity in real
time).
Both IPS and IDS are closely related, and IPS is considered as an extension of IDS.
K. Miscellaneous
i. Network Devices
1. Repeaters, Bridges, and Routers:
The most frequently used network devices may be categorized as repeaters, hubs, switches, and
routers. These devices let you connect computers, printers, and other devices to communicate
with each other. The medium that is used for communication is usually cable (optical or copper)
and air (Wifi, bluetooth, etc.).
A repeater is a basic device that simply amplifies the input signals and retransmits. It is used to
extend the range of a network segment.
For example, the range of a 10BaseT network segment is 100meters by default. If the end
devices are at a distance more than 100 meters, you will require a repeater so that the transmitted
signals are received at the destination device without losing any information.
A bridge/switch essentially forwards the frames that come from one port to other ports. A switch
is used to connect two or more network segments. A switch learns the physical addresses of
sending devices by reading the MAC address and mapping it to the port number through which
the frame had arrived.
This way, it will quickly learn which MAC address belongs to which switch port, and stores the
information in a table (called MAC table). Then onwards, it will send a frame only to the port
that connects to the destination device (as specified in the frame). MAC addressesare layer-2
addresses. Because a switch works on MAC addresses, we can classify switches as Layer-2
devices.
A router is used to route packets by connecting two or more networks together.They work at
layer-3 of the OSI model.They route packets based on the IP addresses where as a switch
forwards packets based on the MAC addresses. A router needs to disseminate an incoming
packet down to its IP address and route it to destination based on information available in its
routing table.
I. Repeaters work at Physical layer (Layer 1),
II. Bridges and simple switches work at Data Link Layer (Layer 2),
III. Routers work at Network Layer (Layer 3) of ISO Reference Model.
2. CSU / DSU is an acronym for Channel Service Unit / Data Service Unit. CSU/DSU is part of
Customer Premise Equipment (CPE). CSU / DSU connect to a Central Office (CO), a telephone
switching company located nearer to the customer.
3. For using full duplex Ethernet transmission, a switch is required. A Hub cannot support full
duplex transmission. In full duplex mode, there will not be any frame collisions.
ii. WAN Devices
1. WAN (Wide Area Network) devices extend the reach of LAN (Local Area Network)
devices. WANs typically span over a wide area, such over multiple cities / countries. WANs are
connected over serial lines that operate at lower speeds than LANs .
Some of the WAN devices are:
1. Routers: Routers are responsible for routing the packets in an internetwork.
2. Modems: Modems connect to public telephone circuits through dial-up.
3. CSU/DSU: Stands for Channel Service Unit / Data Service Unit. CSU/DSUs are used for
connecting to Central Office of a Telephone switching company and provide serial WAN
connections.
4. Communication Servers: These are used for dial in/out to remote users. Provides RAS Remote
Access Server) functionality.
5. Multiplexers (mux): Multiplexers combine two or more signals before transmitting on a single
channel. Multiplexing can be done by sharing "time" or "frequency".
iii. Wireless LAN
1. WEP uses RC4 stream encryption
WPA uses (as describe above) TKIP/MIC Encryption.
WPA2 uses AES-CCMP Encryption
2. In "ad-hoc" or Independent Basic Service Set (IBSS) configuration there is no backbone
infrastructure. Mobiles can talk to each other without the use of an Access Point (AP). In the
Extended Service Set (ESS) configuration, there will be two or more Access Points (APs), and
users can freely roam between the Access Points without any disconnection or reconfiguration.
iv. Others
1. HTTP is the protocol used for accessing the World Wide Web services. HTTP operates over
TCP/IP. TCP/IP is the protocol, which is used by all internet applications such as WWW, FTP,
Telnet etc. IPX/SPX is proprietary protocol stack of Novell NetWare.
2. Route summarization is calculated as below:
Step 1:
1. Take the first IP: 172.24.54.0/24 : 172.24. 0 0 1 1 0 1 1 0.0
2. Take the second IP: 172.24.53.0/24 : 172.24. 0 0 1 1 0 1 0 1.0
Note that we are not really concerned about the octets that have equal decimal values. This is
because they don’t come into play while calculating summarization route, in this case.
Step 2:
Count the number of bits in the third octet that are aligned (or lined up) with same values. In this
case 6 bits are lined up in the third octet. The summarization route is calculated by adding this
number (6) to the octets preceding the third (first and second octets).
Therefore, the number of bits in the summarized route is 8+8+6 = 22
Step 3:
Calculate the decimal equivalent for third octet with 6 bits as given in the matching binary. That
is 0 0 1 1 0 1 x x. Note x is because it corresponds to non matching binary number. It is equal to
128*0 + 64*0 + 32*1 + 16*1 + 8*0 + 4*1 or 32+16+4 or 52.
4. Ethernet II has a type field to identify the upper-layer protocol. 802.3 has only a length field
and can't identify the upper-layer protocol.
5. Hold down timers prevents regular update messages from reinstating a route that has gone
bad. Here, if a route fails, the router waits a certain amount of time before accepting any other
routing information about that route. Hold downs tell routers to hold any changes that might
affect routes for some period of time. The holddown period is usually calculated to be just
greater than the period of time necessary to update the entire network with a routing change.
6. Congestion avoidance, Windowing, and Buffering are three types of flow control.
7. Convergence is the term used to describe the state at which all the internetworking devices,
running specific routing protocol, are having the same information about the internetwork in
their routing tables. The time it takes to arrive at common view of the internetwork is called
Convergence Time.
8. IP helper addresses forward a client broadcast address (such as a DHCP or BOOTP requests)
to a unicast or directed broadcast address. Helper-address is required due to the fact that routers
do not forward broadcasts. By defining a helper-address, a router will be able to forward a
broadcast from a client to the desired server or network. There can be more than one helper-
address on a network. The helper-address must to be defined on the interface that receives the
original client broadcast.
Note that "ip unnumbered" command is used to enable IP processing on a serial interface without
assigning a specific IP address to the interface.
9. Runts are packets that are smaller than the medium's minimum packet size. For example,
Ethernet has a minimum allowed packet size of 64 bytes. Any packet that is less than 64 bytes in
size is considered a runt in Ethernet.
Giants are packets that bigger than the medium's maximum packet size. Fro example, Ethernet
has a maximum allowed packet size of 1,518 bytes. Any packet that is bigger than 1,518 bytes is
considered a Giant in Ethernet.
CRC error occurs when the check sum calculated at the receiving end of the frame does not
match with the check sum calculated at the source end.
The most probable reasons for runts, giants, and CRC errors is frame collisions while traveling
from source to destination. It is also possible that a network card or device is bad and generating
runts and giants.
10. Standard adopted for Ethernet CSMA/CD by IEEE Committee is 802.3. 100BaseT (Fast
Ethernet) uses IEEE803.2u standard which incorporates CSMA/CD protocol.
11. DOD Model maps to OSI model as below:
DoD Model OSI Model
Process/ Application maps Application, Presentation, Session layers (layers 7, 6, 5).
Host-to-Host ISO's Transport layer (layer 4).
Internet Network layer (layer 3)
Network Access Data Link and Physical Layers (layers 6,7)
12. While a packet travels through an Internetwork, it usually involves multiple hops. Note that
the logical address (IP address) of source (that created the packet) and destination (final intended
destination) remain constant, the hardware (Interface)